Privacy Policy

1. Who We Are

This website is operated by Dt. Disha Dey, a Clinical Dietitian and Public Health Nutritionist trading as Dt. Disha Dey E-Nutrition Clinic. Our website is dietitiandisha.com. We offer online nutrition consultations across India and internationally.

For privacy-related queries, contact us at dietitiandisha@gmail.com or +91 73594 90767.

2. What Data We Collect

Information you provide directly

• Booking form: Name, WhatsApp number, health concern, and preferred date — collected when you request a free discovery call.
• Health intake form: Detailed health history, dietary preferences, medical conditions, medications, lab reports — collected after you book a paid consultation.
• Lab reports: PDF documents uploaded for clinical review.
• Progress logs: Weight, measurements, and symptom data you log during your consultation period.
• Payment information: Processed via Razorpay (India) or Stripe (international). We do not store card details — they are handled entirely by the payment processor.

Information collected automatically

• Google Analytics 4 (GA4): Page views, session duration, traffic sources, and device information. Analytics data is anonymised and does not identify you personally.
• Google Tag Manager: Container for managing analytics and conversion tags.
• Microsoft Clarity: Heatmaps and session recordings to improve usability. No personally identifiable information is captured.
• Standard server logs: IP address, browser type, and pages visited — retained for security monitoring only.

3. How We Use Your Data

• To schedule and conduct your nutrition consultation
• To create and deliver your personalised diet plan
• To send consultation reminders via WhatsApp and email
• To monitor your progress and adjust your plan over the consultation period
• To process payments and issue GST invoices
• To improve our website and services (aggregated analytics only)

We do not sell your data to third parties. We do not use your health information for advertising purposes.

4. Who We Share Data With

We share data only with service providers essential to delivering our service:

• WATI (WhatsApp Business API) — appointment communications
• Razorpay / Stripe — payment processing
• Cal.com — appointment scheduling
• Resend — transactional email
• Google (GA4, GTM) — analytics
• Microsoft Clarity — usability analytics
• Amazon S3 / Cloudflare — file storage and website hosting

All processors are bound by data processing agreements. Health data shared with communication providers (WATI, Resend) is limited to the minimum required to deliver your plan and confirmations.

5. Health Data (Sensitive Personal Data)

Health and medical information is sensitive personal data under India's Digital Personal Data Protection Act (DPDPA) 2023. We collect it only with your explicit consent at the time of intake. It is used exclusively for clinical nutrition planning and is not shared beyond the providers listed in Section 4.

Health data is stored on secured servers and accessible only to Dt. Disha Dey. It is retained for the duration of your consultation period plus 5 years (for clinical records purposes), after which it is permanently deleted.

6. Data Retention

• Booking enquiries (not converted): 12 months
• Active client records: Duration of consultation + 5 years
• Payment records: 7 years (GST compliance)
• Analytics data: 14 months (GA4 default), then aggregated only

7. Your Rights

Under applicable Indian data protection law, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Request erasure of your data (subject to legal retention requirements)
• Withdraw consent for data processing (this will end your consultation)
• Lodge a complaint with the Data Protection Board of India

To exercise any of these rights, contact us at dietitiandisha@gmail.com.

8. Cookies

We use cookies for analytics (GA4, Clarity) and session management (client portal only). You can control cookie preferences via your browser settings. Disabling analytics cookies does not affect your ability to use the website or book consultations.

9. Security

We implement appropriate technical and organisational measures to protect your data: HTTPS on all pages, encrypted storage for health data, access controls limiting data access to Dt. Disha Dey, and regular security reviews of third-party processors.

10. Changes to This Policy

We may update this policy when we add new services or processors. Material changes will be notified via WhatsApp to active clients. The "last updated" date at the top of this page reflects the most recent revision.