M

Privacy Policy

Manzil CRM — Effective date: 10 July 2026

Manzil CRM (“we”, “us”, “our”) operates the Doctor’s Teamapp and platform — a Software-as-a-Service (SaaS) solution that provides clinic website infrastructure, lead management, content publishing, and marketing automation tools to independent healthcare professionals across India. We are not a healthcare provider ourselves. This Privacy Policy explains how Doctor’s Team (Manzil CRM) collects, uses, and protects information in connection with our platform at manzilcrm.comand the Doctor’s Team app.

1. Who We Are

Manzil CRM is a technology company headquartered in Gurgaon, Haryana, India. We build and operate a multi-tenant SaaS platform that enables doctors and clinics (“Client Doctors”) to publish branded websites (e.g. drdishakakar.in), collect patient enquiries, manage appointments, and run targeted digital advertising campaigns.

Manzil CRM is not a healthcare provider and does not provide medical advice, diagnosis, or treatment. All clinical decisions remain with the individual Client Doctors.

2. Data We Collect

2a. Doctor / Clinic Account Data

When a doctor signs up for Manzil CRM, we collect:

  • Full name, email address, and mobile number
  • Clinic name, address, specialisation, and registration details
  • Website preferences, branding assets, and content uploaded to the platform

There is no payment or subscription system live on the platform as of this policy’s effective date — no billing information is currently collected. This section will be updated before any payment flow goes live.

2b. Patient Data (Processed on Behalf of Client Doctors)

When patients interact with a doctor’s website powered by Manzil CRM — for example by submitting a contact form, booking an appointment request, or submitting a Facebook / Instagram Lead Ad form — the data entered (name, phone number, email, health query, etc.) is routed into that doctor’s CRM workspace on our platform.

Where an email address is collected at booking, it is stored for two purposes: appointment reminders and general practice communication from the clinic. No automated reminder is sent today— that capability does not exist on the platform yet. This section will be updated, and the doctor’s booking confirmation copy will say so explicitly, before any automated reminder goes live.

We process this patient data on behalf of the Client Doctor, who is the Data Controller for their patients’ information. Manzil CRM acts solely as the Data Processor in this relationship. We do not use patient data for our own marketing, profiling, or sale to third parties.

2c. Platform Usage Analytics

We collect aggregated, non-identifying analytics about how the Manzil CRM dashboard is used (page views, feature clicks, session duration). This helps us improve the product. We do not use fingerprinting or cross-site tracking.

3. Facebook / Instagram Lead Ads

Some Client Doctors run Meta (Facebook / Instagram) Lead Ad campaigns that are connected to their Manzil CRM workspace. When a prospective patient submits a lead form on Meta’s platform, Meta transmits the form data to Manzil CRM via a secure webhook, and we store it in the relevant doctor’s CRM.

In this flow:

  • Meta (Facebook, Inc.) is an independent data controller subject to its own Privacy Policy and Data Policy.
  • The Client Doctor is the data controller for all leads collected via their Meta ad account.
  • Manzil CRMis the data processor — we store and display the lead data within the doctor’s workspace but do not independently control or exploit it.

Patients who wish to exercise rights over data collected via a Meta Lead Ad should contact the respective doctor’s clinic directly.

4. How We Use Doctor / Clinic Data

  • To provision and operate the doctor’s Manzil CRM workspace and clinic website
  • To send product updates, maintenance notices, and support communications
  • To improve platform features based on aggregated usage patterns
  • To comply with applicable Indian law (e.g. IT Act 2000, DPDPA 2023)

We do not sell doctor or clinic data to third parties.

5. Data Controller vs. Data Processor

Key distinction for patients:

If you are a patient and submitted your information through a doctor’s website powered by Manzil CRM (e.g. drdishakakar.in), the doctor / clinic is your Data Controller. Please contact the clinic directly for any requests about your data. You can also write to us at support@manzilcrm.com and we will forward your request to the relevant client.

6. Data Retention

  • Doctor / Clinic account data is retained for as long as the account is active, and for 30 days after an account is closed, after which it is permanently deleted unless required by law.
  • Patient datais retained as configured by the Client Doctor within their Manzil CRM workspace settings. By default we retain patient records for 12 months of inactivity. Doctors may request earlier deletion by contacting support (see Section 12) — there is no self-service deletion control in the dashboard yet.

7. Security

We protect data using industry-standard measures:

  • HTTPS / TLS encryption in transit for all platform traffic
  • Row-Level Security (RLS) enforced at the database layer via Supabase, ensuring each doctor can only access their own workspace data
  • Service accounts with least-privilege permissions— no component has broader database access than it strictly needs
  • Regular security reviews and dependency updates

Despite our efforts, no system is completely secure. If you discover a vulnerability, please disclose it responsibly to support@manzilcrm.com.

8. Third-Party Services

Manzil CRM integrates with the following third-party services:

  • Supabase — database and authentication infrastructure. Patient and doctor data is stored in Supabase’s ap-south-1 (Mumbai, India) region.
  • Anthropic (Claude) — AI model used to draft research summaries, blog posts, and social captions. Content submitted for drafting is processed by Anthropic’s API under its own data-handling terms; we do not send patient-identifying data to this service.
  • Tavily — AI-powered web search used to source specialty news for the daily research feature. Only search queries (specialty/topic terms) are sent, never doctor or patient data.
  • Meta (Facebook / Instagram) — Lead Ads webhook integration (patient-facing, controlled by Client Doctor), and content publishing to a doctor’s connected Page/Instagram account.
  • Meta Marketing API — planned integration for doctor-managed ad campaigns. No live Marketing API call is made and no real campaign is created by the platform as of this policy’s effective date; this section will be updated when that goes live.
  • Google Ads API — a Client Doctor may connect her own Google Ads account via Google’s standard OAuth sign-in. We store the resulting authorization token (never her Google password) to identify her account for a future live integration. No campaign is created and no live Ads API call is made against her account by the platform as of this policy’s effective date.

Each third-party service operates under its own privacy policy. We encourage you to review them where relevant.

9. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and related regulations, individuals have rights over their personal data, including the right to access, correct, and erase their data. All personal data described in this policy — doctor and patient alike — is stored in Supabase’s ap-south-1 (Mumbai, India) region; we do not transfer it to infrastructure outside India as part of routine operation of the platform.

  • If you are a Client Doctor, your dashboard’s Settings tab lets you view and update your practice profile (voice, tone, content preferences). For anything else — correcting your core account details, or deleting your data — contact us at the address below; there is no self-service deletion control yet.
  • If you are a patient, please contact the clinic whose website you used. We will assist in facilitating your request where Manzil CRM holds the data.

We aim to respond to all data requests within 30 days.

10. Cookies

The Manzil CRM dashboard uses strictly necessary session cookies for authentication. We do not use advertising cookies or cross-site tracking cookies on the platform itself. Individual clinic websites built on Manzil CRM may use additional cookies as configured by the Client Doctor.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and notify active Client Doctors via the email address on their account. Continued use of the platform after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

For any privacy-related questions, data requests, or concerns:

Manzil CRM

Gurgaon, Haryana, India

Email: support@manzilcrm.com

© 2026 Doctor’s Team (Manzil CRM). All rights reserved. — Home · Privacy Policy · Terms of Service