PEHLI

Privacy Policy

Last Updated: May 28, 2026

Pehchanly Digital Solutions ("we," "our," or "us") operates the Pehlix platform at pehlix.in and its subdomains. This Privacy Policy details how we collect, process, protect, and disclose information when diagnostic laboratories, healthcare professionals, patients, and administrators access our Software-as-a-Service (SaaS) diagnostic laboratory operating system.

1. Data Processor & Controller Separation

Under the Digital Personal Data Protection (DPDP) Act, 2023 (India):

  • Data Controller: The registered laboratory using Pehlix to manage patients and print diagnostic reports is the Data Controller. The laboratory decides what clinical data is recorded and assumes primary responsibility for obtaining patient consent.
  • Data Processor: Pehlix operates strictly as a Data Processor. We transmit and store personal and health data solely on behalf of the laboratory under their operational instructions.

2. Information We Collect & Process

We process information necessary to maintain lab accounts and deliver diagnostic communication services:

  • Laboratory Account Data: Lab names, addresses, GSTIN numbers, NABL registration numbers, billing details, and staff log credentials.
  • Patient Records (entered by Labs): Names, age, gender, mobile numbers, email addresses, referring doctors, test selections, and diagnostic test outcome values.
  • Doctor Information: Doctor names, registered phone numbers, emails, and commission ledger details.
  • Usage & Device Logging: IP addresses, browser agents, and device fingerprints captured during login to enforce security.

3. Data Protection & Localization

We prioritize medical data security through robust technological safeguards:

  • Data Encryption: All data is encrypted in transit using industry-standard SSL/TLS protocols and encrypted at rest using AES-256 database volumes.
  • Data Localization: All server operations and database records are hosted strictly within the Indian borders, specifically inside the Mumbai region of MongoDB Atlas and Cloudflare R2 nodes.
  • Secure R2 Links: Generated report PDFs stored in Cloudflare R2 are locked from public access. Patient report links sent via WhatsApp are signed URLs that expire automatically after 48 hours.

4. Data Sharing & Third-Party Services

We never sell or rent health data. Data is shared only with verified technical gateways under strict contracts:

  • Meta Cloud API (WhatsApp): For delivering booking confirmations, payment links, and approved report URLs.
  • Resend SMTP: For delivering verification codes and laboratory alerts to owners and admins.
  • Razorpay: To process patient fees. Patient credentials are securely parsed to Razorpay to generate local payment links.

5. Your Rights & Contacts

Labs and patients can request records rectification or deletion. Since Pehlix processes patient data on behalf of labs, patients should contact their diagnostic laboratory directly. Laboratories can direct any data protection requests to our compliance officer at contact@pehchanly.com.