Legal · Patient & Customer Privacy

Privacy Policy

How Cure For Eyes collects, processes, stores, and protects your personal information — in full compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection (DPDP) Act, 2023.

Effective Date
21 May 2026
Last Updated
21 May 2026
Policy Version
v1.0
Questions?
cureforeyes@gmail.com
Compliant with IT Act, 2000 DPDP Act, 2023 PCI-DSS (via Gateway) SSL / TLS Encryption RBI Guidelines

This Privacy Policy describes how Cure For Eyes (“we”, “our”, “us”) handles personal information collected through cureforeyes.com, our patient portal, in-clinic forms, and online payment flows. By using our website, booking an appointment, or completing a transaction, you consent to the practices described below.

01 Business Identity & Contact Details

Transparency starts with knowing exactly who you’re doing business with. The legal entity responsible for the processing of your personal data is:

Registered Legal Entity Cure For Eyes
Registered Business Address 06, Vijay Park, Main Madanpuri Road,
Gurugram, Haryana – 122001, India
Customer Support Email cureforeyes@gmail.com
Customer Support Phone +91 96508 92979
Support Hours Mon – Sun · 12:00 PM – 7:00 PM IST
Website cureforeyes.com

02 Information We Collect

We collect only the information necessary to deliver care, process transactions, and comply with applicable law. Categories of information collected are listed below.

CategoryWhat it includes
Personal Data Full name, billing & shipping address, email address, mobile number, date of birth (where age verification is needed), and gender.
Clinical Data Symptoms, prescriptions, examination findings, imaging and reports — collected only during clinical consultation, stored under medical confidentiality.
Transaction Data Payment method (UPI / card / netbanking / wallet), order amount, invoice records, billing history, and refund history.
Technical Data IP address, browser type, device identifier, pages visited, and approximate location (city-level) for fraud prevention & analytics.
Communication Data Records of emails, WhatsApp chats, and call logs with our team for support, follow-up, and dispute resolution.
We do not store sensitive payment data on our servers. Full card numbers, CVV, expiry dates, UPI PIN, and netbanking credentials are captured and processed directly by our PCI-DSS certified payment gateway provider. We only receive a transaction reference & success/failure status.

03 Purpose of Data Usage

We use your information strictly for legitimate, disclosed purposes — never sold, never rented, never used for purposes you have not consented to.

  • Service delivery — to schedule appointments, prepare consultation rooms, maintain medical records, and dispense spectacles, contact lenses, or prosthetics.
  • Payment processing — to authorise and complete transactions, generate invoices, and reconcile settlements with banks.
  • Fraud prevention & 2FA — to verify your identity, enforce Two-Factor Authentication on payments, and detect unusual or fraudulent activity.
  • Refunds, chargebacks & disputes — to investigate and resolve transaction disputes, process refunds, and respond to chargeback claims raised with your bank.
  • Customer support — to respond to your queries, follow up on care, and provide post-treatment guidance.
  • Legal & regulatory compliance — to meet obligations under the IT Act, DPDP Act, Income Tax Act, and any RBI / health authority directive.
  • Service improvements — to analyse anonymised usage patterns and improve our website, booking flow, and clinical services.
We will seek your fresh consent before using personal data for any purpose materially different from those listed above.

04 Data Sharing & Third Parties

We share information only with parties who genuinely need it to deliver, process, or regulate the service you have requested.

Payment Processors

Razorpay, CCAvenue, Stripe and other PCI-DSS certified gateways — for capturing, authorising, and settling transactions.

Banks & Card Networks

Acquiring banks, issuing banks, Visa, Mastercard, RuPay, UPI — to clear and settle payments and route refund or chargeback requests.

Logistics & Fulfilment Partners

Courier services for shipping spectacles, contact lenses, prosthetics, and lab reports — receive only name, address, and contact number.

Regulatory & Government Authorities

The Reserve Bank of India, Income Tax Department, courts, and law-enforcement agencies — when required by valid legal request, summons, or statutory mandate.

Cloud Infrastructure

Secure data centres located within or compliant with Indian data-localisation norms — bound by strict confidentiality and processing agreements.

Clinical Referrals

Only when you specifically authorise referral to another specialist or diagnostic centre for your continued care.

We do not sell or rent your personal data to advertisers, marketers, or any other commercial third party.

05 Security Practices

We employ industry-standard administrative, technical, and physical safeguards to protect your information from unauthorised access, alteration, or disclosure.

SSL / TLS Encryption

All data in transit between your browser and our servers is encrypted using TLS 1.2+.

PCI-DSS via Gateway

Card & UPI data is captured directly by certified gateways, never touching our servers.

2-Factor Authentication

OTP-based 2FA is enforced by your bank on every card or netbanking transaction.

Access Controls

Role-based access — only authorised clinical & finance staff can view sensitive records.

Audit Logging

Every access & change to personal data is logged with timestamps for security audits.

Regular Backups

Encrypted, geographically redundant backups with tested disaster-recovery procedures.

While no method of electronic transmission or storage is 100% secure, we use commercially reasonable means to protect your information. The payment gateway you transact with handles sensitive financial data in accordance with its respective security certifications and is independently audited under PCI-DSS standards.

06 Your Rights & Grievance Redressal

Under the Digital Personal Data Protection Act, 2023 and applicable Indian regulations, you have meaningful rights over your personal data.

Right to Access

Request a copy of the personal data we hold about you.

Right to Correct

Ask us to fix any information that is inaccurate or out of date.

Right to Erase

Request deletion of your data, subject to legal & medical retention rules.

Right to Data Portability

Receive your data in a structured, commonly used format.

Right to Withdraw Consent

Withdraw consent for non-essential processing at any time.

Right to Grievance Redressal

Raise a complaint with our designated Grievance Officer (below).

How to Exercise These Rights

To exercise any right, withdraw consent, or raise a privacy concern, email us at cureforeyes@gmail.com with the subject line “Privacy Request — [Your Request Type]”. We will respond within 30 days, as mandated by the DPDP Act.

Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have designated a Grievance Officer for any concerns about your personal data.

CFE

Mr. Sumit

Grievance & Data Protection Officer
Address: 06, Vijay Park, Main Madanpuri Road, Gurugram, Haryana – 122001
Response Time: Acknowledgement within 48 hours · Resolution within 30 days

07 Cookies & Tracking

Our website uses essential cookies to keep your session active during booking and checkout, and limited analytics cookies to understand which pages help patients most. You can disable non-essential cookies from your browser settings without affecting your ability to book appointments.

08 Retention & Policy Updates

We retain personal and transaction data for the period required by law — typically 8 years for tax and financial records, and as long as medically appropriate for clinical records. We may update this Privacy Policy from time to time. Material changes will be notified via our website, with an updated “Last Updated” date at the top of this page.

Last updated 21 May 2026 · Version 1.0 Email a Privacy Request →