Healthcare Website Design & Development | HIPAA‑Ready, SEO‑Friendly

Scope & Who We Are

PhoneixRise Interactive Pvt. Ltd. (“PhoneixRise”, “we”, “us”, “our”) operates websites, applications, and professional services for healthcare-focused design, development, and marketing, available at {{YOUR_DOMAIN}}. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information across India and the United States. For B2B projects where you (our client) collect patient data, you are typically the data controller/business and we act as a processor/service provider (and, for U.S. healthcare PHI, a Business Associate under a BAA).

Information We Collect

Contact & Professional Data: name, email, phone, clinic/hospital, role/job title.
Account & Transaction Data: login credentials, plan details, invoices, limited billing metadata (card data handled by PCI-compliant processors).
Usage & Device Data: pages viewed, actions taken, IP address, approximate location, device identifiers, browser information, referral URLs, cookie IDs.
Support & Communications: messages, call notes, tickets, survey responses, testimonials (with consent).
Content You Provide: site copy, images, files uploaded to receive our services.
Patient/PHI Data (B2B, U.S. only): where our services are configured for PHI, we may process Protected Health Information strictly under a signed Business Associate Agreement (BAA) and client instructions.

How We Use Information

Provide, operate, secure, and maintain our websites, apps, and services.
Deliver projects (design/dev, hosting guidance, SEO, analytics, ad campaigns) and customer support.
Personalize experiences, measure performance, and improve features.
Send service and transactional messages; send marketing communications with proper consent/opt-out controls.
Comply with legal obligations, resolve disputes, and enforce agreements.

Legal Bases (India & USA)

India (DPDP Act, 2023): We rely on consent where required and process for legitimate uses necessary for providing our services, ensuring security, and meeting legal obligations. You may withdraw consent at any time; prior processing remains lawful.

USA: We process to perform a contract, with consent (e.g., marketing), for legitimate interests (product improvement, security), and to meet legal obligations. For California consumers, we act as a “service provider/contractor” for client data and a “business” for our own site data. We do not sell personal information. You can opt out of targeted advertising where applicable.

Sharing & International Transfers

Vendors/Subprocessors: hosting, analytics, email, payment, support, and security providers under appropriate contracts (and BAAs where PHI is in scope).
Affiliates & Advisors: limited access under confidentiality and need-to-know.
Legal/Compliance: to comply with law or protect rights, safety, and property.
Corporate Transactions: in a merger, acquisition, or restructuring, consistent with this Policy.

Data may be transferred internationally. We apply appropriate safeguards and require our vendors to do the same.

Security

We implement administrative, technical, and physical safeguards, including access controls, encryption in transit, least-privilege access, and periodic reviews. No method is 100% secure; protect your credentials and notify us of suspected misuse.

Data Retention

We retain personal information only as long as necessary for the purposes described, to comply with legal obligations, and to resolve disputes. Client project content is retained per contract; backups follow rolling schedules.

Your Rights & Choices

India: access, correction, grievance redressal, and consent withdrawal.
USA: access, deletion, correction (state-specific), and opt-out of targeted advertising where applicable.
How to Submit: use /privacy/data-rights or email privacy@phoneixrise.com. We will verify your request and respond within applicable timelines.
Marketing: opt out via email footer links or at /privacy/opt-out.

Cookies & Tracking

We use necessary cookies and, with consent where required, analytics/advertising cookies. Manage preferences anytime in Cookie Settings. See our Cookie Policy for details.

HIPAA & PHI

For U.S. healthcare customers, we offer HIPAA-aligned configurations and execute BAAs for eligible services. We process PHI only as permitted by the BAA and your documented instructions. Do not submit PHI through non-designated channels (e.g., generic contact forms, standard email) unless explicitly configured and covered.

Children’s Privacy

Our services are not directed to children under 13 (or as defined by local law). We do not knowingly collect personal data from children without appropriate consent/authorization.

Changes to This Policy

We may update this Policy periodically. We will revise the date above and, where appropriate, provide additional notice.

Privacy Policy