Privacy Policy — AmbTrack

Contents

Who we are
Data we collect
Purpose and legal basis
Data sharing
Data retention
Your rights under the DPDP Act
Data security
Analytics and anonymisation
Children's data
Changes to this policy
Contact and grievance redressal

1. Who We Are

AmbTrack ("we", "us", "our") is an emergency ambulance coordination platform operating in India. AmbTrack acts as the Data Fiduciary as defined under the DPDP Act, 2023, responsible for determining the purpose and means of processing personal data collected through the platform.

Our registered contact for privacy matters: privacy@ambtrack.in

2. Data We Collect

We apply the principle of data minimisation — we collect only what is strictly necessary for emergency response coordination.

2.1 Account and identity data

Full name, email address, Indian mobile number
Assigned role (ambulance crew, hospital staff, traffic police, control center operator)
Organisation or hospital affiliation, vehicle registration number (crew only), signal location (traffic police only)
Profile photograph (ambulance crew only, for identity verification)
Account status and verification flags

2.2 Patient data (case records)

Patient data is collected only at the point of dispatch and only to the extent needed for the responding crew and receiving hospital:

Patient name, approximate age, gender (all optional — not collected if unknown)
Pickup address and GPS coordinates
Caller name and mobile number
Triage level, initial presenting condition, and in-transit vitals (blood pressure, heart rate, oxygen saturation, temperature, respiratory rate)

2.3 Location data

Real-time GPS coordinates, speed, heading, and accuracy of ambulances — collected only during active duty hours when the crew member is logged in
Traffic police signal locations (fixed, registered once at setup)

2.4 Device and security data

Browser type, operating system, IP address — used exclusively for session security and brute-force protection
Device fingerprint (anonymous hash) for detecting new-device logins
Failed login attempts (retained 30 days for security purposes)

2.5 Usage and audit data

Structured audit log of platform actions: dispatch, status changes, case completion, login/logout
API response times (no personal identifiers)

3. Purpose and Legal Basis

Purpose	Data used	Legal basis (DPDP Act)
Real-time emergency response coordination	Location, case, identity data	Legitimate use — emergency medical services; consent at registration
Account authentication and session security	Email, phone, device data	Consent at registration; security obligation
Sending operational notifications (OTP, dispatch alerts, push notifications)	Email, phone	Consent at registration
Medical and legal record-keeping	Case records, audit trail	Legal obligation (medical records retention laws)
Aggregated analytics to improve response times	Anonymised pickup grid coordinates and case counts only — no personal identifiers	Legitimate use — public safety improvement
Security monitoring and abuse prevention	IP address, device data, login attempts	Legitimate use — fraud and intrusion prevention

4. Data Sharing

We do not sell, rent, or trade personal data. Data is shared only in the following limited circumstances:

4.1 Within the platform (role-based access)

Hospital staff — see incoming patient name, age, gender, triage level, condition, and vitals for the case assigned to their facility. They do not see caller data or crew identity beyond ambulance vehicle number.
Traffic police — see ambulance GPS position and vehicle number when the ambulance enters their 3 km geofence. They do not see patient data.
Control center operators — see full case data and live ambulance positions for all active cases in their jurisdiction.
Ambulance crew — see only their own assigned cases and their own location history.

4.2 Infrastructure sub-processors

Supabase (database hosting) — PostgreSQL database hosted within compliant cloud infrastructure. Data is not used for any purpose beyond storage and query execution.
Resend (transactional email) — used only to deliver OTP and security alert emails. Email content is minimal and not retained beyond delivery logs.
Fly.io (application hosting) — application runtime and server infrastructure. No direct access to application data beyond infrastructure logs.

All sub-processors operate under data processing agreements with appropriate safeguards.

4.3 Legal requirements

We may disclose personal data if required by a court order, government authority, or applicable Indian law, including under provisions of the DPDP Act, 2023, the Information Technology Act, 2000, or the Code of Criminal Procedure.

5. Data Retention

We retain data for the minimum period necessary for its stated purpose and applicable legal obligations.

Data category	Retention period	Action after period
Active cases (dispatched, in-transit)	1 year from creation	Archived (read-only); purged after 5 years total
Completed / cancelled cases	Archived after 30 days; retained 5 years total	Hard-deleted after 5 years from archival
GPS location history	5 years	Permanently deleted; retained alongside case records because location evidence may be required in legal proceedings relating to the case
User accounts	Until deletion request or 2 years of inactivity	Inactive accounts suspended after 2 years; deleted on request (subject to legal holds)
Login attempts and security logs	30 days	Automatically purged
OTP records	Until used or 10 minutes (whichever comes first)	Automatically purged
Push notification subscriptions	Until logout or subscription revocation	Deleted when session ends

Legal hold: Where a case involves a legal dispute, police investigation, or court proceeding, relevant records will be retained beyond the standard period until the matter is resolved, regardless of any user deletion request, as required by law.

6. Your Rights Under the DPDP Act

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

Right to Access Obtain a copy of all personal data we hold about you, including your account details, cases, active sessions, and recent GPS records.

Right to Correction Request correction of inaccurate personal data such as name, email address, or phone number.

Right to Erasure Request deletion of your account and personal data. Requests are processed within 30 days. Data subject to legal retention obligations cannot be deleted until those obligations are met.

Right to Grievance Redressal File a complaint with our Data Protection Officer. Unresolved complaints can be escalated to the Data Protection Board of India under Section 27 of the DPDP Act.

How to exercise your rights

Authenticated users can exercise their rights directly through the platform API:

Export your data: GET /api/privacy/my-data — returns a structured JSON export of all personal data held about you
Correct your data: PATCH /api/privacy/my-data — update name, email, or phone number
Request deletion: DELETE /api/privacy/my-data — submits a deletion request processed within 30 days

Alternatively, email privacy@ambtrack.in with the subject line "DPDP Rights Request — [your registered email]". We will acknowledge within 3 business days and complete action within 30 days.

7. Data Security

Encryption in transit: All data is transmitted over TLS 1.3. HTTP connections are automatically upgraded.
Encryption at rest: Database storage uses AES-256 encryption at the infrastructure layer.
Password security: Passwords are hashed using bcrypt with 12 salt rounds. Plaintext passwords are never stored or logged.
Session security: JWT-based access tokens with short expiry; refresh tokens are rotated on each use. Token reuse triggers automatic full session revocation.
Brute-force protection: Rate limiting and progressive lockout on all authentication endpoints.
New-device alerts: Email alerts are sent when a login is detected from an unrecognised device.
Role-based access control: Each role can only access data relevant to its function. No cross-role data leakage by design.
Audit trail: All significant actions (login, dispatch, case status change, data export) are logged with timestamp and user identifier.

In the event of a data breach affecting your personal data, we will notify affected users and the Data Protection Board of India as required under the DPDP Act and applicable rules.

8. Analytics and Anonymisation

Platform analytics (heatmap, response time statistics) use aggregated data only:

The heatmap shows case density bucketed into 1 km × 1 km grid cells using pickup coordinates. No patient name, caller name, or any personal identifier is included or derivable from the output.
Response time statistics are computed as averages across all completed cases — individual case data is not exposed in analytics endpoints.
Patient names are never included in any analytics API response.

9. Children's Data

AmbTrack is a professional emergency management platform intended for use by trained personnel (ambulance crew, hospital staff, traffic police, control center operators). We do not knowingly collect personal data from individuals under 18. Registration requires a valid Indian mobile number and professional affiliation, which is verified manually before account activation.

Patient data collected during a case may include a minor's information (name, age, medical details). This data is collected solely for emergency medical purposes and is subject to the same retention and security controls as adult patient data.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in law, regulation, or our data practices. Material changes will be notified to registered users by email at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the most recent version. Continued use of the platform after the effective date constitutes acceptance of the updated policy.

11. Contact and Grievance Redressal

Data Protection Officer (DPO)
Email: privacy@ambtrack.in
Response time: 3 business days for acknowledgement, 30 days for resolution

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India at meity.gov.in as provided under Section 27 of the DPDP Act, 2023.