The Company under the brand name ‘OncMonk’ provides certain services on a tech- enabled platform through which users undergoing treatment for cancer or users related to such persons can avail of certain consultative and informational services from third party physicians and doctors ("Experts") to obtain information on the treatment options available in the cancer segment specified by the user ("Services"). The Services can be availed through the Company website: www.oncmonk.com and shall be subject to the terms of service available at www.oncmonk.com
This Policy discloses Company’s information and data related practices for this Website and Services provided on the Company and certain third party-based platform used for Services, including the type of information being collected, method of such information collection, use of such information and sharing of such information with third parties. These terms operate in addition and without prejudice to the Terms of Service.
By visiting the Website you expressly consent to our use and disclosure of your personal information in any manner described in this Policy, including authorising us to collect, receive, process and store and use any information that you may enter on our Website or provide to us in some other way. This Policy extends to both visitors to the Website who do not transact business or avail any Services on the Website and to registered users, whether customers or partners, or Experts who transact business or avail the Services on the Website (collectively “Users” for the purposes of this Policy).
If you are not the patient and are registering on the Website on behalf of the patient, you represent that you have obtained the requisite consents from the patient in order to register on and use the Website..
This Policy is meant to apply to the Users based out of India. In the event you are accessing our Website from anywhere outside the territory of India, you do so at your own risk. Company shall not be liable for any claims, losses, liabilities that may arise out of the usage of the Website by Users outside India.
We collect the following Personal Information from you, for the purposes set forth below:
Your Personal Information will be used for the following purposes:
These terms apply to you if you are accessing the DocPulse platform through [insert Sayre’s OncMonk link]:
DocPulse will ensure international and industry standard safeguards to protect all your data. In the event of any breach or loss of the data, Sayre shall be informed forthwith of such occurrence. DocPulse shall ensure that such data protection is made available without any disruptions or interruptions even during any downtime or maintenance. However, users are solely responsible for the confidentiality of any password and other account information that you create to access or use the Services. You agree to notify us immediately of any unauthorized use of your account, username, or password
Docpulse Technologies provides the services through its website - http://www.docpulse.com and http://www.meetmydoctor.in (“DocPulse Websites”). Use of the DocPulse Websites may require you to use software provided by or operated from the DocPulse Website, and on occasion DocPulse may make certain software available to you from the DocPulse Website. To the extent you use such software or download such software from the DocPulse Website, the software, including all files and images contained in or generated by the software, and accompanying data (collectively, "Software") will be deemed to be licensed to you by DocPulse, for providing Services to you and enabling you to use those Services only. DocPulse does not transfer either the title or the intellectual property rights to the Software, and we (or our licensors) retain full and complete title to the Software as well as all intellectual property rights therein. You may not sell, redistribute, or reproduce the Software, nor decompile, reverseengineer, disassemble, or otherwise convert the Software to a human-perceivable form. You may not access the Services if you are DocPulse’s direct competitor, except with DocPulse’s prior written consent. In addition, you may not access the Services for purposes of monitoring their availability, performance or functionality, or for any other benchmarking or competitive purposes.
DocPulse runs on a secure application and data environment which is hosted by Google. More details about Google’s security information are available at: https://developers.google.com/appengine/whyappengine#reliable . All communication between the browser and our server is encrypted with SSL 3.0. The connection is encrypted using RC4_128, with SHA 1 for message authentication and RSA as the key exchange mechanism. All passwords are encrypted and stored in a secure datastore. Industry standard security best practices has been implemented to detect and address security breaches.
DocPulse’s Website may be linked to the website of third parties, affiliates, and business partners. DocPulse have no control over, and not liable or responsible for content, accuracy, validity, reliability, quality for such websites or made available by / through DocPulse Website. Inclusion of any link on the DocPulse Website, does not imply that we endorse the linked site. You use the links and these services at your own risk.
All Users agree to adhere to the below code of conduct. While using the DocPulse Website, software and/or Service, you agree not to:
The Users are solely responsible for compliance with all applicable laws, including patient history, medical records, confidential information, and privacy laws. Docpulse Technologies is a facilitator for clinic management and provides technology platform. Docpulse Technologies is in no way responsible, liable, accountable for patient information available on the software provided by Docpulse Technologies.
You agree to indemnify and hold harmless the Company, DocPulse, its affiliates, officers, directors, employees, consultants, licensors, agents, and representatives from any and all third party claims, losses, liability, damages, and/or costs (including reasonable attorney fees and costs) arising from your access to or use of the DocPulse Website, your violation of the Policy, or your infringement, or infringement by any other user of your account, of any intellectual property or other right of any person or entity.
DocPulse/ Company will notify you promptly of any such claim, loss, liability, or demand, and in addition to your foregoing obligations, you agree to provide us with reasonable assistance, at your expense, in defending any such claim, loss, liability, damage, or cost.
Your personal information shall be processed by DocPulse in accordance with the terms contained in https://docpulse.com/privacy-policy/.
Shall be in accordance with the terms set forth in this White Paper:
DocPulse - Security White Paper
Security of your data is of immense importance to DocPulse and we take it very seriously. We take multiple measures to ensure data safety. The following sections gives details as to how DocPulse ensures your data is secure from unauthorized access.
All communications from the browser to the server is encrypted with 128 bit encryption
and follows the industry standard SSL protocol. The following diagram shows this.
SSL protects confidential information using cryptography. Sensitive data is encrypted across public networks to achieve a high level of confidentiality. Primarily, PKI utilizes asymmetric cryptography that is considered more secure than symmetric cryptography.
Simply, asymmetric algorithms use one key for encryption of data, and then a separate key for decryption. Asymmetric algorithms are stronger than symmetric algorithms because even if the encryption key is learned in one direction, the third party still needs to know the other key in order to decrypt the message in the other direction.
The primary benefit of asymmetric encryption (also referred to as PKI) is that both sides can spontaneously initiate a transaction without ever having met. This is achieved by the use of a public and private key pair. The public key of the entity is public knowledge and is used for encryption, whereas the private key of the entity remains secret and is used for decryption.
Although PKI is more secure, it also is more expensive in terms of processing speed and encryption/ decryption (in PKI) can take up to 1000 times the processing than symmetric cryptography.
SSL takes advantage of the strengths of both public-key and symmetric-key encryption technologies. Public-key technologies both securely authenticate clients and servers and exchange trade secret symmetric keys used in the encryption sessions. SSL certificates have a public key and a private key – a public key to encrypt information and the private key to decipher it.
When a browser points to a secured domain, a secure sockets layer handshake authenticates the server and the client and establishes an encryption method and a unique session key. They can begin a secure session that guarantees message privacy and message integrity.
SSL Certificates help prevent someone from impersonating the server with a false key
SSL uses digital certificates that act as digital documents that will attest to the binding of a public key to an individual or other entity. They provide verification of the claim that a specific public key does, in fact, belong to the specified entity.
These certificates use X.509 standards to validate identities. X.509 certificates contain information about the entity, including public key and name. The role of the certificate authority then is to validate this certificate.
During account registration (or a change password operation), user will specify a username and a password that he'd like to use. We ‘mangle’ the password so that we can still authenticate users, but without storing the password itself. This act is called hashing.
The basic mathematical principle behind hashing is explained on this wikipedia page. also shown
We use BCrypt. It's a very simple algorithm available for a number of platforms that takes a password and converts it into a string which can be used to ascertain that someone knows the password without actually storing the password. It's specifically written for login authentication and security experts have thoroughly reviewed it.
Users have a responsibility to ensure their data is safe. The following guidelines will be circulated to the users.
Your application will have access to a high replication datastore. This technology ensures that the data is replicated across multiple geographical locations. This provides high availability and reliability to your application. All data stored in the datastore is encrypted.
DocPulse staff do not have physical access to the data center, and it is in a secure place in the Google’s data center. This allows cloud applications to not to get exposed to local security threats or infrastructure impact (electricity, backup etc)
DocPulse provides admin level data access to only authorized personnel and only when there is an issue that the customer authorizes us to check. As an additional measure, if the customer wishes, we can allow data access only after written communication (Email) to the support alias (at the cost of delays in debugging of issues)
Customer has the option to request monthly backup of all data (Nominal charges may apply). This will be sent to the customer’s authorized contact.
DocPulse signs memorandum of understanding with the customer, where we comply with India’s IT act also, we give it in writing about our commitment to secure your data.