IMA Hub Privacy Policy

Contents

This pack is structured in three parts. Each part is a standalone legal instrument; together they form the complete user-facing legal framework for IMA HUB.

  • Part A — Privacy Policy (DPDP Act compliance)
  • Part B — Terms of Use (the binding contract with Members)
  • Part C — Community Guidelines (behavioural standards)

References to the “Platform”, “IMA HUB”, “Hospigrow”, “we”, “us”, and “our” carry the same meaning across all three parts. Definitions in Part A and Part B are cross-incorporated. Where a conflict exists between the parts on a specific point, Part B (Terms of Use) prevails on contractual matters and Part A (Privacy Policy) prevails on data-handling matters.

 

PART A

Privacy Policy

This Privacy Policy explains how Hospigrow Healthcare Technologies Pvt Ltd (“Hospigrow”, “we”, “us”, “our”) collects, uses, stores, shares, and protects your Personal Data when you use the IMA HUB mobile application, web application, and associated services (the “Platform”). It is published in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, GDPR and DMCA.

  1. About Hospigrow and the Platform

1.1 Hospigrow is a private limited company incorporated under in India under the Companies Act, 2013, bearing CIN U86900KA2026PTC221850, with its registered office at CTS 3957/184, 3rd Floor, SOTC Building, Gandhi Bhavan, Behind Hotel Sanaman, College Road, Belagavi- 590001.

1.2 Data Fiduciary. For the purposes of the DPDP Act, Hospigrow is the Data Fiduciary in relation to all Personal Data processed through the Platform. The Indian Medical Association (“IMA”) and IMA Karnataka are the Platform’s governance partners; they are not joint Data Fiduciaries unless otherwise expressly notified to you.

1.3 Applicable International Laws and Provisions: GDPR and DMCA

1.4 Closed platform. IMA HUB is a closed, professional-only platform. It is not open to the general public. You may use the Platform only if you 

(a) are a verified medical practitioner, junior doctor, or recognised medical student in good standing as a member of the IMA, Doctors from any medical field of Speciality or super Specialty, as may be recognised by the IMA, the Junior Doctors’ Network (“JDN”), or the Medical Students’ Network (“MSN”); 

(b) are at least eighteen (18) years of age; and

 (c) accept this Privacy Policy in Part A, the Terms of Use in Part B and the Community Guidelines in Part C.

1.5 Patient data. IMA HUB is a doctor-to-doctor professional network. It is not designed to receive, store, or transmit patient personal data. Members are contractually prohibited from uploading patient identifiers as mentioned in detail hereinunder.

 

  1. Personal Data we collect

We collect the following categories of Personal Data:

(a) Identity data. Full name, gender, date of birth, professional photograph, and medical-association membership number to establish the identity of the User.

(b) Contact data. Email address, mobile number, postal address (city and state) and GPS Location of the device from which the Platform is accessed.

(c) Professional credentials. Medical registration number, registering State Medical Council, year of registration, qualifications, specialty, primary place of practice, IMA branch, any other Professional Information requested to ensure that the concerned person is eligible to be a User.

As authorised by IMA, we may be entitled to generate Membership/Registration Numbers/QR Codes, for the purpose of providing the users with Unique Identifying Number, in terms of their professional IMA membership.

We may also collect and process the IMA membership/registration Numbers, including but not limiting to QR Codes, as may be defined/recognised by the IMA, from time to time for the purpose of better serving the Users in terms of features available to the same, through the Platform.

(d) Authentication data. OTPs sent via SMS or email (managed through Google Firebase, and any other provider authorised in this regard), encrypted credentials, session tokens, and login timestamps. We hereby confirm and state that we do not store your password in plain text, however wherever required, the application may store the authentication token so generated, and refresh it every “n” number of seconds as defined by the application server, to enable the users to stay logged into the application platform to improve the user experience. 

Further, we will undertake the 2-factor authentication, whenever required, in terms of provisions pertaining to  support and security of the User, Platform and other stakeholders involved. As per the Google policy, the said data related to OTPs and other authentication processes, as set up for the Platform, shall not be used by us for any other purpose except for the said purpose of support and security, including but not limiting to the authentication of the identity of the users.

(e) User Content. Posts, comments, replies, direct messages, images, videos, documents, polls, and other material you upload, create, or transmit through the Platform.

(f) Subscription and payment data. Information related to subscription tier, billing cycle, transaction identifiers, (especially processed by PhonePe and/or Razorpay or any other payment gateway) and payment status for any payment gateway, used to make payment of subscription amount, if any. Entire data pertaining to card (Debit or Credit) and/or other bank details of the User are processed by Razorpay (or any other payment gateway) and are not stored on our servers. We hereby state that we self audit our processes in terms of applicability of the provisions related to Payment Card Industry Data Security Standard(PCI-DSS). In terms of handling the credit or debit card information, we will be responsible only to the point of transmission of the relevant data to the payment gateway, without having to handle/process further the said data.

The Payment gateway shall be responsible for any misuse or any unauthorised use of the said data so transmitted by us.

(g) Device and usage data. Device identifier, model, operating system, IP address, mobile network, application version, screen interactions, crash diagnostics, feature-usage telemetry and any other technical information related to device and the app’s usage, relevant to the operations of the App, subject to Google Developers Play Policy.

(h) Inferred data. Aggregate metrics about your activity (e.g., posts per month, branches you engage with, content categories you view) used for in-platform features and Platform analytics which may include using Google Analytics or Firebase Analytics or any other third party analytics software solutions to employ more detailed and fine-grained methods of analytics, using artificial intelligence and machine learning based methodology and/or any other further developments therein.

(i) Cookies and similar technologies. We may store session cookies for authentication and minimal analytics cookies.

(j) Sensitive Permissions: Disclosure of access to camera, microphone, contacts, or location, etc may be procured from you for better serving you in terms of available features of the Platform. 

  1. How we use your Personal Data and lawful basis

Under the DPDP Act, we process your Personal Data on the basis of your consent or a legitimate use specified in Section 7 of the DPDP Act. The processing purposes and lawful bases are:

Purpose Data Categories Lawful Basis
Verifying your medical credentials and IMA membership Identity, professional credentials Consent + legitimate use (§7, performance of contract)
Operating your account and the Platform features Identity, contact, authentication, User Content Performance of contract
Content moderation (AI pre-screen + Office Bearer review) User Content, identity Legitimate use (legal compliance under IT Act §79)
Subscription billing and tax compliance Identity, contact, subscription data Performance of contract + legal obligation
Security, fraud prevention, abuse detection Authentication, device, usage, User Content Legitimate use (§7(g) — prevention/detection of fraud)
Service improvements and product analytics Aggregated and pseudonymised usage data Consent (separate toggle at signup)
Aggregate research and partner analytics Anonymised, k-anonymised aggregate metrics only (no individual data) Consent (separate toggle, default OFF)
Compliance with law-enforcement, court, and regulatory orders Whatever is lawfully required Legal obligation
  1. Granular consent at signup

At signup we may ask you to provide separate, granular consents. The default toggle with respect to consent is       “OFF,” and you may be required to accept the same when processing is essential on the Application (in which case the corresponding toggle “On” is mandatory and you cannot use the Platform unless the same is switched to “On”). These toggles may include the following:

  • Signup and Authentication Process: We may require the user to enter details such as email, mobile number, user ID and password, google sign in account details (or any other additional details which may come into use at a future date), so as to authenticate themselves on the Platform.           
  • Notification Authentication: We may require the users to grant access and / or consent to permit the receipt/transmission of notifications, to and from the users and/or server. This may require us to       perpetually store the firebase authentication id as defined under the Google Firebase Communication Messaging (FCM) guidelines which is the device identifier of the user defined under the Google Play Developer Policies.
  • Core service (mandatory) — verification via OTP, account operation, content moderation, security.
  • Subscription billing (mandatory only if you choose a paid tier).
  • The User, at its discretion, may be required to provide consent to receive the Marketing communications pertaining to the Platform, from Hospigrow (optional, default toggle to “OFF”).
  • Product analytics (optional, default toggle to “OFF”).
  • Crash analytics (default toggle to “ON”): We may require to receive the crash analytics from the user to maintain the user experience. The user reserves the right to disable this feature from the settings of the application. The provisions of the Google Firebase Crashlytics guidelines shall be applicable for the purpose of this clause.
  • Aggregate research participation (optional, default toggle to “OFF”). If off, your data may contribute, in fully anonymised, k-anonymised aggregate form (with k ≥ 50), to research outputs.
  • Pharma partnership data (optional, default toggle to “OFF”). If on, similarly aggregated metrics may inform partner analytics. We will publish, in advance, the categories of partners and the metrics shared.

     You may withdraw any optional consent at any time through the tab      Settings → Privacy. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

  1. Sharing and disclosure

We may require to share the Personal Data of the users, to such Parties and as per/in connection with the terms mentioned hereinbelow:          

(a) Service providers (data processors). We may be required to engage third-party processors for the purpose of       operation of the Platform, under written data-processing terms to be executed with the said Data Processor Service Provider. Currently, the identified key processors that may be engaged are: Amazon Web Services India (cloud hosting and storage in the AWS Asia Pacific region); Google Firebase (authentication, push notifications, crash analytics); Razorpay Software Pvt Ltd (subscription payments and refunds); and Gemini / Open AI / Anthropic / AWS Bedrock (AI moderation models, processed in AWS Asia Pacific region) Such Service Providers and engagement thereof may be subject to future situational changes and/or evolution in the operations of the relevant parameters in connection with operation/s of the Platform, for which, engagement of the said Service Providers may be prudent/necessary.

(b) IMA and IMA Karnataka. We may share data (as mentioned in Clause 2 above), pertaining to the User, with IMA, Karnataka and any other recognised branches of  IMA, strictly within the data-access tiers, as set out in our agreement with IMA. The said shared data may include the following but not limiting to:

  • aggregate, anonymised statistics flow regularly; 
  • member-list verification flows on a per-Member basis on authorised request; 
  • identified Member personal data is shared only with your specific consent, to authorised State IMA      Committee or 
  • pursuant to a court or regulatory order; where your private messages and our internal audit logs are shared with IMA only pursuant to a court or regulatory order.

 

(c) Request from Competent authority. We may share Personal Data (only the bare minimum, as requested by the competent Authorities)  with law-enforcement, regulatory bodies, or courts on receipt of a request/order, by a competent authority and the same is passed in the IMA state working committee meeting.      

(d) Successor entity. If Hospigrow is acquired, merged, or undergoes a corporate reorganisation, your Personal Data may be transferred to the successor entity, which will be bound by this Privacy Policy . We will provide the      Users with Notice of minimum 30 days of any such transfer.

(e) With Google Play Console Team: As per the terms of Google, as may be applicable to the Platform, on request thereof, we may be required to share the said Data of the Platform Users.

(e) As per your direction. We share data with third parties where you specifically direct us to do so (for example, exporting your CME records on your request).

  1. Patient data — specific rules

You are expressly prohibited from sharing or uploading any personal data pertaining to any patient either under your care or across whom you may come, in the span of your practice. As a medical professional, you may inadvertently encounter, or be tempted to upload, patient-related data (irrespective of your intentions being noble and/or for the betterment and benefit of the community of doctor/s at large). To protect patient confidentiality and comply with the National Medical Commission Code of Ethics and the Aadhaar Act:

(a) Prohibition. You hereby expressly agree not to upload, post, or transmit any patient identifying data through the Platform, including but not restricting to: name, age, sex, address, contact Number, hospital record number (MRN), Aadhaar number, ABHA ID, email, government-issued identifier, or photograph/video or any other information through which the patient is identifiable. 

(b) Allowed. Discussion of clinical scenarios with non-identifying descriptors and description only important for the purpose of appreciating the general medical case (e.g., “a 50-year-old female with type-2 diabetes and CKD stage 3”) is permitted and encouraged for peer learning. Non-identifying clinical photographs (with face blurred or cropped) are permitted only with the patient’s informed consent on record at your end. In the event the consent is not taken or is found to be incomplete or otherwise unacceptable or challenged by the concerned Patient and/or their legal representatives/heirs, etc, the User will be considered to be in breach of the privacy policy of the Platform as well as breach of other applicable legal provisions applicable to the medical practitioner, for the time being in force and may be liable to initiation of legal actions. For any such breach, we shall not be liable/responsible in any way.

(c) On detection. If we detect a patient identifier, we will block the concerned post in its pre-publication phase, wherever possible, or immediately remove it post-publication phase. We further reserve a right to preserve the content (encrypted) for compliance and law-enforcement purposes, which may be used as evidence against you in any legal proceeding initiated on account of breach of this Privacy Policy and/or any other applicable legal provision/s, for which notification/notice may be sent to you as per the applicable provisions under any law for the time being in force. We further reserve a right to suspend or terminate your account in accordance with Terms of Use     .

  1. International transfers and data localisation

Hospigrow stores your Personal Data on servers located in India (currently the AWS Asia Pacific India region, which may be changed as per the existing situation in the future). We hereby state and confirm that we do not transfer Personal Data to any country in respect of which the Central Government has issued a restriction under Section 16 of the DPDP Act. Some processors (e.g., Anthropic for the Bedrock AI models) may have parent-company personnel access support data on a transient, controlled basis; in all such cases, the support arrangement is governed by a written data-processing agreement and is subject to Indian law and the DPDP Act.

 

Hospigrow stores Personal Data on servers located in India, currently within the AWS Asia Pacific (Mumbai) Region (ap-south-1). Hospigrow may change infrastructure providers or regions in the future, in accordance with applicable law, operational requirements, and security considerations, subject to compliance with the applicable provisions of any law for the time being in force.

 

Hospigrow shall not intentionally/knowingly transfer Personal Data to any country or territory that may be restricted by the provisions of Section 16 of the Digital Personal Data Protection Act, 2023 (“DPDP Act”). Corrective action shall be taken in the event such transfer occurs due to inadvertence, commensurate with the applicable provisions under any law for the time being in force.

 

Certain authorized data processors and subprocessors engaged by Hospigrow, including AI and cloud service providers such as Amazon Web Services, Anthropic, Google Gemini, and Firebase, may process limited data or metadata in connection with infrastructure support, AI inference, diagnostics, security monitoring, authentication, or service reliability functions.

Where such processing involves potential cross-border access or transient remote access by authorized personnel located outside India:

  1. such access is restricted to authorized purposes only;
  2. appropriate technical and organizational safeguards are implemented;
  3. contractual data-processing obligations are enforced through written agreements;
  4. reasonable security practices are maintained;
  5. and such processing is carried out in compliance with applicable Indian law, including the DPDP Act.
  6. We shall not be responsible for breach of privacy policy and provisions therein, on account of shortcomings of third party vendors/service or support  provider (ISV), not attributable to the negligence or mala fide intention of Hospigrow.

 

Hospigrow implements reasonable measures to minimize the sharing of directly identifiable medical or personal information with third-party AI or analytics providers, including data minimization, access controls, tokenization, pseudonymization, and processing restrictions wherever operationally feasible.

  1. Security measures

We implement reasonable security practices and procedures within the meaning of the IT Act and the Rules thereunder. These include but are not limited to:

  • Encryption in transit (TLS 1.2 or later).
  • Encryption at rest (AES-256, with keys managed by AWS KMS).
  • Strong authentication (OTP-based, with optional MFA).
  • Role-based access controls inside Hospigrow with the principle of least privilege.
  • Comprehensive audit logging for security purposes.
  • Vulnerability scanning and an annual penetration test by an external firm like AWS.
  • Documented incident-response and breach-notification procedures, with annual tabletop simulations.

As per Google Play Policy, we have further incorporated data security requirements. The details for the said are attached hereto under Annexure A.

Despite these measures, no security system is guaranteed to be impregnable. If a Personal Data breach occurs that is likely to cause harm to you, we will notify the Data Protection Board within the timelines mentioned under      the DPDP Act and notify you without undue delay through the contact details on your account.

Where Personal Data may relate to health, medical, diagnostic, or healthcare-related information, Hospigrow applies additional administrative, technical, and organizational safeguards reasonably designed to restrict unauthorized access, misuse, disclosure, or excessive retention.

 

  1. Data retention and the soft-erasure principle

We retain Personal Data only for as long as necessary, with the following baseline schedule:

Category Retention Lawful basis to retain
Account profile, posts, messages While account is active + 30 days after account deletion request       Performance of contract
Subscription / tax records 8 years from transaction Legal obligation (Income-tax Act, GST law)
Content-moderation audit trail 7 years Compliance with legal obligations, establishment or defence of legal claims, platform safety, abuse prevention, and regulatory cooperation as per the applicable laws, for the time being in force.—      e;     
Security and access logs 180 days Legitimate use — fraud and abuse detection
Posts blocked or removed for policy violation 7 years (encrypted, off-Platform) where reasonably necessary for legal compliance, abuse prevention, dispute resolution, platform integrity, or defence of legal claims, defence of rights
Marketing-consent records 3 years from last consent change Demonstration of consent (DPDP Act §5)

 

As per DPDP Provisions: Where retention is no longer necessary for the purpose for which Personal Data was processed, and no legal or regulatory obligation requires continued retention, Hospigrow will take reasonable steps to erase or anonymize such Personal Data in accordance with applicable law.

 

9.1 Soft-erasure with legal hold. When you exercise your Right to Erasure (clause 10), we shall delete your data from active systems and remove your profile from public view subject to the retention required under any law requires pertaining to specific records (for example, tax records under the Income-tax Act, audit logs under IT-Act intermediary obligations, or content under a court-ordered or police-ordered legal hold), in which case  we shall retain the said records in a separately controlled, encrypted archive, accessible only by the Grievance Officer and named Hospigrow personnel. You will be expressly notified in terms of  which categories were soft-deleted versus retained-with-reason.

9.2 Transparency. Where a legal hold or statutory retention applies, you have the right to know that fact and the broad statutory basis. You do not have the right to require deletion of records that the law requires us to keep.

  1. Your rights as a Data Principal

Under the DPDP Act, you have the following rights:

(a) Right to information. You may request a summary of the Personal Data we hold about you, the purposes of processing, and the recipients.

(b) Right to correction and updating. You may correct inaccurate or out-of-date Personal Data through your account settings, or by contacting our Grievance Officer.

(c) Right to erasure. You may request deletion of your Personal Data through your account settings or by writing to our Grievance Officer, subject to the soft-erasure-with-legal-hold principle in clause 9.1.

(d) Right to nominate. You may nominate another individual to exercise your rights in the event of your death or incapacity. The nomination interface is available in Settings → Privacy → Nomination.

(e) Right of grievance redressal. You may file a grievance with our Grievance Officer (clause 12) and, if not resolved, escalate to the Data Protection Board of India.

(f) Right to withdraw consent. You may withdraw any optional consent at any time. Withdrawal of mandatory consents results in account closure.

To exercise any of these rights, please use the in-app controls or contact the Grievance Officer (clause 12). We aim to acknowledge requests within 24 hours and resolve them within 30 days.

  1. Children

IMA HUB is not directed to children. You must be at least eighteen (18) years of age to register. We do not knowingly collect Personal Data from anyone under the age of 18. If you believe a child has provided us with Personal Data, please contact our Grievance Officer; we will delete it and close the account.

  1. Grievance Officer and Data Protection Officer

In compliance with the DPDP Act, the IT Act, and the other applicable Rules, regulations and other laws for the time being in force, we have appointed a Grievance Officer who is responsible for receiving and addressing your concerns and issues pertaining to handling of your Personal Data     .          

 Grievance Officer Name: DR ISHRAT TIGADI 

Email: ima@hospigrow.com 

Postal address: CTS 3957/184, 3rd Floor, SOTC Building, Gandhi Bhavan, Behind Hotel Sanaman, College Road, Belagavi- 590001

Acknowledgement for grievances raised shall be issued within 24 hours and endeavor shall be made for the resolution of the said issue within 30 days.

In the event requisite or satisfactory resolution to the concerns and issues raised with the Grievance officer is not received, you may escalate the said issues to the Working Committee at Local, State and National Working Committee, IMA, post which, recourse may be sought with the Data Protection Board of India,  in accordance with the DPDP Act.

  1. Account deletion

13.1 In-app deletion. You can delete your account at any time at Settings → Privacy → Delete account.

13.2 Web deletion. In the event,  you have deleted/uninstalled or otherwise no longer have access to the Platform     , you can request deletion of the Account through      our grievance form, available on our website. The form would require     you to verify your identity (registered email or mobile + OTP) along with requesting other required details for the purpose of deletion of the said Account.

13.3 Post Deletion Request     Within 30 days of account deletion or request, as mentioned above, we may undertake any of the following action/s:

(a) deactivate your profile and remove it from public view; 

(b) delete or anonymise data covered by clause 9 from active systems; 

(c) retain only data covered by a legal hold or statutory retention requirement; and 

(d) confirm completion of the deletion of the Account to your registered email.

  1. Cookies and similar technologies

On the web Platform we use minimal cookies for authentication and essential analytics. We do not run advertising-network cookies. You can clear cookies through your browser at any time; doing so will require you to re-authenticate. The mobile apps use device storage for similar purposes; clearing storage will sign you out.

  1. Cross-border use of the Platform

IMA HUB is intended for use in India. In the event      the Platform is accessed from a destination outside India (for example, you are an NRI Member or you are travelling), the risk of breach of any legal provision or terms of this policy or any other applicable provisions, will be borne by you and will be responsible for any damage/s (punitive or otherwise) to the Platform and/or the reputation, etc. of the stakeholders involved. You further expressly acknowledge that this Privacy Policy and Indian laws, along with certain international generic laws, applicable to the functioning of this Platform, will be applicable to the access as well as use of the Platform. We further state       that the Platform’s content may or may not be      suitable, accurate, or lawful in any other jurisdiction, outside of India, from where the Platform is accessed and any breach may attract suitable actions against you.      

  1. Declaration

We hereby declare that in terms of the Google Play Policy, the Platform will include the following genre of information and content:

  • Clinical decision support;
  • Disease Prevention and Public health
  • Medical Reference and Education
  • Others – Facilitating communication and sharing of information amongst a large community being doctors and medical practitioners, who are part of IMA. 

 

  1. Changes to this Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in law, our practices, or the Platform’s features. Material changes will be notified to you in advance through the app, by email, or by a Platform-wide banner. The “status” field at the top of this document records the version. Continued use of the Platform after the effective date of an amendment constitutes acceptance of the amended Policy.

  1. Contact

For privacy-related questions or to exercise your rights, please contact our Grievance Officer (clause 12). For general queries, you may write to ima@hospigrow.com

Annexure A – Data Security

In terms of Google Play Policy, the Platform is required to provide information with respect to the User-information, along with the application of such Information, on the part of Hospigrow. The details of this is as under:

 

Personal Information

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected? Why is the data shared?
1. Name Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
2. Email ID Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
3. User ID Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
4. Address Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
5. Phone Number Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
6. Other Information Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

Financial Information

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Purchase History Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
2. User Payment Info Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
3. Other Financial Info Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

Location

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Precise Location Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

Messages

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Emails Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
2. SMS/MMS Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
3. Other In-app Policy Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

Photos and videos

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Photos Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
2. Videos Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

Audio Files

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Voice/Sound Recordings Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
2. Other Audio Files Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

Contacts

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Contacts Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

Calendar and events

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Calendar Events Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

App Info and performance

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Crash Logs Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
2. Diagnostics Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
3. Other App performance data Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

Files and Docs

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Files and Docs Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

App Activity

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. App Interactions Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
2. In-app Search History Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
3. Other User related content Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
4. Other User Generated Actions Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management
5. Other Actions Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

Device or other IDs

 

S. No. Data  Whether Data is collected? Whether Data is shared? Whether Data is processed User discretion to provide data Why is the Data collected Why is the data shared?
1. Device or other IDs Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

Device Info and IDs

1. Device Info and IDs Yes Yes Yes Yes Mandatory
  • App Functionality
  • Analytics
  • Developer Communications
  • Advertising or Marketing
  • Fraud Prevention, Security and compliance
  • Personalisation
  • Account management

 

PART B

Terms of Use

These Terms of Use (the “Terms”) shall govern your use of the IMA HUB Platform (“hereinafter referred to as “Platform”). These terms form a binding contract between you and Hospigrow Healthcare Technologies Pvt Ltd (“Hospigrow”, “we”, “us”, “our”). By signing up for, accessing, or using the Platform, you are hereby deemed to accept these Terms in its entirety. If these terms or any part thereof   is not accepted, you must refrain from the      use of the Platform.

  1. Eligibility

1.1 The Platform is a closed network for verified medical professionals. You may use the Platform only if you are:

  • a member in good standing of the Indian Medical Association, or its Junior Doctors’ Network or Medical Students’ Network; and
  • at least eighteen (18) years of age; and
  • able to enter into a binding contract under Indian law.

1.2 We may verify your eligibility both at the time of registration as well as      on a continuing basis. By agreeing to these terms, you hereby authorise us to cross-check/verify the authenticity of your medical registration with the relevant State Medical Council or National Medical Commission database, and to verify your IMA membership through State IMA or other authorised IMA branches. If found that qualification or credentials are false, misleading, or are otherwise obtained fraudulently and/or with malafide intentions the said actions shall be grounds for immediate termination.

  1. Account registration and security

2.1 Accuracy. You agree to provide true, accurate, current, relevant and complete information at registration and to keep that information updated, on any change or amendment therein. You are solely responsible for the accuracy of your professional credentials and for promptly notifying us of any change in your registration status (including suspension or revocation or further accreditation etc., by any State Medical Council or by the National Medical Commission).

2.2 Authentication. Authentication shall be via SMS or email OTP (managed through Google Firebase), or any other method as per the discretion of Hospigow and may be supplemented by additional methods of verification  . You are hereby advised to and further shall be solely responsible for keeping your device, OTPs,other authentication/verification  information and/or any other information shared with you in connection with the Platform or use thereof,  confidential. You must promptly inform us of any unauthorised access or unintended use of the Platform or any part thereof.

We hereby undertake to not store and/or further use (without consent) the data collected by us for the purpose of authentication, as mentioned hereinabove.

2.3 One account. We hereby state that each Medical Practicing Individual shall register himself/herself and thereby create only one account. Creation of multiple accounts, sharing of login credential to a third party (either another account holder or non medical practitioner in eligible to be registered for the Platform)  and/or impersonation of any eligible person for the purpose of wrongfully gaining registration on the Platform shall be considered to be a criminal breach of trust which may lead to permanent disability to register on the Platform  and further we, inter-alia reserve a right to legally proceed against you and/or your organisation, as the case may be, along with undertaking any other remedy available to us.     

  1. Acceptable use — what you may do

The Platform is provided for: 

(a) professional networking on a common Platform, among IMA members; 

(b) sharing of clinical and academic updates    

(c) continuous      medical education and skill development for members and users; 

(d) receipt of official IMA communications; and 

(e) such other features as we may introduce from time to time, subject to applicable law for the time being in force along with other applicable google (or any other) policies. 

You hereby agree to use the Platform only for these      purposes and maintain consistency      with the Community Guidelines in Part C.

  1. Prohibited conduct

You agree NOT to do any of the following on or through the Platform. The list below is illustrative, not exhaustive.

4.1 Patient privacy violations

  • Upload, post, or transmit any patient identifier (like but not limiting to full name, MRN, Aadhaar number, ABHA ID, phone number, identifiable photograph or any other identifying information). We further state that      the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 criminally penalises Aadhaar disclosure.
  • Share patient case-files, prescriptions, ID cards, intake forms, or insurance cards without thoroughly redacting all identifiers.
  • Discuss a patient in any manner that could lead to their identification (small clinic + rare condition + photograph + city = identification).
  • Abide by all the provisions pertaining to the following –
  • – Medical Ethics
  • – Professional Ethics
  • National Medical Commission (NMC)
  • Medical Council of India (MCI)
  • -IMA Bye Laws
  • -Patient Privacy Policy
  • – Professional Policy
  • Any other applicable law or policy put in place for the protection of privacy of Patients, for the time being in force.

 

4.2 Conduct creating criminal exposure

You must not use the Platform to:

  • Solicit or provide advice in furtherance of the destruction or alteration of medical records, EMRs, or any other evidence, required by law for the time being in force to be stored or retained, without compromising the authenticity of the said data/information — carry out activities      that would constitute an offence under the relevant      sections of the Bharatiya Nyaya Sanhita, 2023.
  • Tamper, manipulate, including but not limiting to      backdate, amend the timestamps in any electronic record — conduct that would constitute an offence under Section 65 of the IT Act (tampering with computer source documents).
  • Solicit or provide advice in furtherance of the forgery of degrees, registration certificates, or any other      document considered to be crucial in any aspect.
  • Engage in stalking, criminal intimidation,      harassment or like action in connection with      any person/s, whether or not a “User,” on or through the Platform.

Posts in any of the      above mentioned manner      will lead to       hard-blocked or, if already published/posted, the same will be immediately removed and the said posts shall be preserved for undertaking legal actions against you or for the support and use of the      law-enforcement authorities. On undertaking the said prohibited activities, your Account termination shall be automatic and we may report you to the relevant State Medical Council and/or to law-enforcement authorities as the case may be.

4.3 Defamation, communal content, sub judice

You are hereby prohibited to – 

  • Defame or disparage any person, hospital, or institution, whether or not the said party is a User of the Platform. The fact that allegations may ultimately prove correct does not protect a Member from defamation liability before adjudication.
  • Publish content that promotes hatred, hostility, or ill-will between person/s, communities, religions, castes, or regions or between any other groups/societies.
  • Make any public commentary on the merits of a matter that is sub judice in any court, the National Medical Commission, or a State Medical Council. “Sub judice” includes any matter under active inquiry, show-cause, or disciplinary review by any relevant and competent regulatory authority.

4.4 Unprofessional advertising and touting

Users are hereby prohibited from advertising your medical services, clinic, and/or products, etc., or otherwise soliciting Patients, in violation of the NMC Code of Ethics (and the predecessor MCI Regulations) or any other guidelines, applicable in this regard.                

4.5 Misinformation and unverified content

  • Post medical claims contradicted by mainstream medical evidence, or known misinformation about treatments, vaccines, or public-health measures, whether or not known to be false, even though expressed as independent opinion.
  • Manufacture, circulate, or republish deepfaked or AI-fabricated medical evidence, registration certificates, or judgements.
  • Pass off AI-generated text as your own clinical or legal analysis without verification.
  • Post any content related to Cryptocurrency trading, mining or solicitation; or any other digital-asset commercial promotion.
  • Post any unauthorised commercial content — any solicitation that is not pre-approved by IMA or Hospigrow under the platform’s advertising framework.
  • Post any content related to online gambling, betting, lottery or any games-of-chance promotion.
  • Post any communications associated, directly or indirectly, with terrorism financing, recruitment, planning or apologia.
  • Content in the nature of Political party propaganda, political solicitation or endorsement of any political party, candidate or campaign.
  • Inappropriate references to narcotic, psychotropic or controlled substances. Naming or commercial reference to substances such as morphine, marijuana / cannabis, fentanyl, ketamine and similar — in a NON-CLINICAL, NON-EDUCATIONAL context — is prohibited. Clinical and educational discussion in a professional context may be permitted, however, in the event of any unintended and unauthorised sharing, copying etc, will not be the responsibility of Hospigrow or IMA.
  • Any content that violates Google Play Developer Programme Policies, Apple App Store Review Guidelines, or any other policy of the platform on which IMA HUB is published.
  • Detection of prohibited content shall trigger immediate hard-block, audit-log preservation, referral to the IMA Grievance Redressal Committee, and may result in suspension or termination of your account in accordance with the Two-Person Rule (Schedule A of the IMA × Hospigrow MOU). Where the NMC Code is implicated, the matter may be referred to your State Medical Council.

 

4.6 Off-platform sharing

Without affecting the following, the Users are strictly prohibited from creating copies of the content posted on the Platform, by any user. Any such creation of copy will be considered to be unauthorised conduct and further a material breach of provision of this terms of use, and Hospigrow, along with the aggrieved Party may proceed legally (including but not limiting to instituting a Criminal Proceeding) against the Deafaulter. 

  • Take screenshots, screen recordings, or other unauthorised exports (whether in its original for or amended)  of any User content. The mobile apps and web app implement screen-capture detection and may      watermark      the content as posted on the Platform; if a screenshot of User -only content surfaces at any space off      the Platform, we may identify the said defaulting User and account thereof with the help of the watermark, already existing on the user interface/screen of the Platform. On becoming aware of such unauthorised sharing, dissemination of the content posted on the Platform, we, along with the aggrieved Party/ies may take legal action against the defaulting Party/ies, and the same may also be called upon to pay penalty for the said breach of terms.
  • Share Member content on third-party platforms (X, WhatsApp, Telegram, LinkedIn, etc.) except where the Platform’s own “share” feature explicitly authorises an outbound share.

 

You shall not, in any external discussion, social media post, conference talk, podcast, blog post, news interview or media engagement, refer to “Hospigrow”, “IMA HUB” or the Platform brand in a manner that connects the brand with: 

(a) patient personal data; 

(b) sensitive medical incidents involving identifiable persons; or

 (c) commentary that suggests, even by implication, that the Platform hosts content of an inappropriate or ethically sensitive nature.

(d) otherwise any other information/content which is connected with “Hospigrow,” “IMA HUB,” or the Platform.

 

Off-platform brand misuse, as mentioned hereinabove is a breach of these Terms of Use, where nexus is established between any information/content and Hospigrow, IMA HUB or the Platform, even where no screenshot, image or actual content from the Platform is shared. 

The Hospigrow Grievance Officer may, in consultation with the IMA Grievance Redressal Committee, require the post or commentary to be taken down within 48 hours or instruct the Users to refrain from establishing any nexus thereof, and may further suspend the offending Member’s account pending investigation.

 

4.7 Technical and security violations

  • Reverse-engineer, decompile, scrape, or attempt to access the Platform other than through the official Application.
  • Bypass authentication, rate limits, or security controls.
  • Upload malware, phishing content, or any code (including but not limiting to virus, trojan, worm, ransomware etc.) that adversely interferes with the Platform’s operation or access and/or use of the Platform by any other User/s.

 

4.8 Sharing of Login ID and password  

The Users hereby acknowledge that the use of the Platform is meant only for the exclusive use and enjoyment of the User registered on the Platform and further the same are prohibited from sharing the User ID/Password to any third Party whether or not a part of his/her Organisation. In the event it is discovered that the login ID password is in fact shared with any unauthorised 3rd Party, who has used the said Platform (instead of or along with the authorised User) we reserve a right to suspend/delete the concerned account and prohibit (temporary/permanent) the concerned user from accessing the Platform.

 

  1. Verified Badge — what it means and what it does NOT mean

5.1 What it means. A “Verified” badge on your profile indicates that, on the date of verification, we have successfully cross-checked your medical registration number against the relevant State Medical Council or NMC database (or an IMA Karnataka membership confirmation), and your registration shall appear active.

5.2 What it does NOT mean. The Verified badge does NOT warrant: 

(a) that you remain in good standing on any later date; 

(b) absence of pending disciplinary or criminal proceedings; 

(c) the veracity, accuracy, or safety of any post you make; or 

(d) your suitability for any specific clinical task. 

Other Members and the public should not treat the badge as a guarantee to authenticity, comprehensiveness of the data posted, and/or the reputation of the User.

5.3 Re-verification. We re-verify credentials at least once every three (3) months, but the timeline of verification status changes outside this cadence is not within our control.

  1. AI Tools — disclaimer

6.1 AI-generated output. The Platform may provide AI-assisted features, including content drafting, summarisation, search, and triage. AI output may be inaccurate, incomplete, fabricated (“*hallucinated” in terms of AI), or out of date. Treat all AI output as a starting point requiring independent verification.

*Hallucinated in terms of AI – hallucination is a confident response that is factually incorrect, ungrounded in real-world data, or entirely fabricated, yet presented as completely true. Because AI systems prioritize natural, plausible-sounding text, these errors can be highly convincing and difficult to spot at a glance. 

  1.     2 No legal use without verification. You must not file, submit, or rely on AI-generated legal citations, statutory references, or precedent citations without independently verifying that the citation exists and is correctly described. AI tools are known to fabricate citations.

6.3      Per-invocation acknowledgement. On each significant invocation of an AI feature, the Platform may surface this disclaimer; your continued use of the AI output is your acknowledgement that you have read it.

6.4      Liability. You bear sole responsibility for any consequences of using AI output, including liability under the Consumer Protection Act, 2019.

  1. Off-platform sharing and screenshot policy

7.1 Default no-share. Member-only content is intended to remain on the Platform. You may not export it through screenshots, screen recordings, file copying, or any other unauthorised means.

7.2 Watermarking. We embed a faint watermark in screens displaying Member-only content. The watermark encodes your account identifier and the timestamp. If a screenshot leaks, we can trace it.

7.3 Consequences. Unauthorised off-platform sharing is a material breach. Consequences include immediate suspension, termination, liquidated damages as set out in clause 4.6, public disclosure of the breach to other affected Members, and referral to the State Medical Council where the disclosed content involves patient identifiers or other ethics-violating material.

  1. Sub judice restraint

8.1 Definition. A matter is “sub judice” if it is the subject of: (a) a pending case before any competent authority, including but not limiting to any court of India having competent jurisdiction; (b) an inquiry, show-cause notice, or disciplinary proceeding pending before the National Medical Commission or any State Medical Council; or (c) a notification by our Grievance Officer or by IMA Karnataka counsel that the matter is currently a “no comment” matter.

8.2 Restraint. While a matter is sub judice, you must not, on the Platform, comment on the merits of the matter, characterise the parties, predict the outcome, or call for any specific action. Factual reporting that the matter exists is permitted; advocacy is not.

8.3 Office Bearer circulars. Official Circulars naming a person, hospital, or active proceeding are routed through our Circular Clearance Protocol and pass through legal review before publication. Personal posts by Office Bearers are tagged as personal opinion and do not benefit from any “official” status.

  1. Patient data — your express warranties

9.1 Each time you upload any image, document, or other content to the Platform, you expressly warrant that:

 (a) the content contains no patient identifier within the meaning of clause 4.1 above; 

(b) you have any consents required from the patient for the upload; and (c) the upload does not breach any duty of confidentiality, the NMC Code of Ethics, the Aadhaar Act, or any other Applicable Law.

9.2 If your upload turns out to breach this warranty, you indemnify Hospigrow against any Losses arising from that breach (clause 16).

  1. Subscription and billing

10.1 Tiers. The Platform offers a Free Module and a Premium Module for which the subscription shall be paid on monthly/Yearly basis (as informed to the users/subscribers from time to time). The current pricing and feature set are as follows:.

Platform use & freemium model

  • The terms/Features for the use of the Platform are:
  1. Closed network: You may not invite, share access with, or transmit Platform content to non-Members or the public or any part thereof, except as expressly permitted by the Platform and/or applicable rules, regulations and law and/or the applicable google policy.
  2. Acceptable use: The use of the Platform by the Subscriber shall be subject to the  Community Guidelines, NMC Code of Ethics, IMA Bye-laws, DPDP Act, IT Act and Applicable Law. Prohibited Content shall be applicable and/or incorporated by reference.
  3. Freemium model: 

Free tier: This model shall be based on the Free tier system whereby every verified Member gets the basic feature set. 

Premium tier: This Tier shall be unlocked by or accessible to Individual Pro subscription, on the basis of consumption-based recharge, or by spending earned credits. There will be no per-Branch wise / State-wise /Wing-wise  licence fee during the Initial Term.

  1. No patient data: The Users are strictly prohibited from sharing/revealing Patient data on or through the Platform, as covered in detail in  the Privacy Policy and the Terms of Use. 
  2. Two-lane content moderation: Following Features shall be applicable:

(a) AI-led lane for non-clinical content; and

(b) human-led lane for clinical content (AI assists, where the final call will be made by the IT team either under the IMA and/or the Platform, as the case may be). 

In the event of breach of any of the terms of the Privacy  Policy/ Terms of User/applicable provisions under any law for the time being in force/google policies as updated from time to time, the users may be liable for Verdicts route to publish, Office-Bearer review, or hard-block. The Users may appeal against the said actions within 15 days to the Grievance Redressal Committee.

  • Free-tier feature set
  1. The users shall be provided with the following features under the Free Tier module:
  2. Branch Member Directory; 
  3. SOS Panic Button; Document Vault (basic);
  4.  Circular Composer with read receipts; Basic Notifications (capped 100 push / 12-hour window); 
  5. CME Event Listing & RSVP; 
  6. Branch Meeting Scheduler; 
  7. Attendance Tracker; 
  8. Member Onboarding Workflow; 
  9. Basic Reports & Dashboards.
  • Individual Pro — ₹1,000 / Member / year (excl. GST)

Under the paid/subscription model, the users shall enjoy the following features:

  1. Unlocks: ad-free experience; 
  2. WhatsApp/Email/SMS broadcast (additional unit charges per B.8A); 
  3. CME certificates; 
  4. payment-gateway integration for the Branch administered (where applicable); 
  5. advanced analytics; 
  6. direct helpdesk support; 
  7. premium profile badge; 
  8. unlimited notifications; 
  9. full discussion forum; 
  10. advanced search & filtering; 
  11. bulk-action workflows; 
  12. plus bonus credits and faster credit earning. Where a Branch subsidises Pro, the Member may pay ₹100 and the Branch the balance ₹900 (optional).

Consumption-based premium features

The prices/rates as applicable to the subscribers opting for the premium features are as follows:

Feature Unit price Channel
Push notification (above 100/12hr cap) ₹0.10 / push FCM
SMS (transactional / promotional) ₹0.50 / SMS Premium channels
WhatsApp Business message ₹1.20 / message WhatsApp Business API
Email broadcast ₹0.50 / email Amazon SES
CME certificate (PDF) ₹10 / certificate Indicative

Credit (token) system & gamification

A gamified credit mechanism. The Subscribers shall be entitled to subscribe to the premium on the basis of the credits available to them. Accordingly, for the payment of each Rupee, the subscriber shall  be entitled to 100 credits where the credits are non-cashable, non-transferable, non convertible to the currency in which initial payment was made to procure the said credits and shall expire on termination. Apart from buying the credits, the subscribers may, inter-alia, earn credits by way of following actions:

500 Credits for on-time IMA fee payment; 

1,000 Credits to  each Member for branch participation milestone to; 

200 credits for CME attendance; 

Where a member is referred and becomes a subscriber: 300 credits to the referring member and 100 credits for new/referred Member on completion of onboarding on the Platform. 

The complete earn/spend catalogue, levels, badges and missions are provided in the Credit System & Gamification workbook.

The scheme for Credit shall be as follows:

 

Action Credits ₹ value
Pay a fee on the platform (cashback, 0.5%) e.g. 1,000 ₹10 on ₹2,000
Finish an assigned task before deadline 500 ₹5
Complete a routine task on time 200 ₹2
Attend a CME session 1,000 ₹10 (+ certificate)
Attend an official meeting 300 ₹3
Publish an article / share knowledge 800 ₹8
Refer a new member (who joins) 2,000 ₹20
Lead an event / growth activity 5,000 ₹50
Perfect monthly punctuality 1,000 ₹10
Branch hits monthly engagement target 10,000 ₹100 (branch wallet)

The subscriber shall be segregated into the following levels on the basis of credits available for disposal:

Levels in terms of Credit

  • Bronze 0 – 5,000 
  • Silver 5,000–20,000 
  • Gold 20,000–50,000 
  • Platinum 50,000+ lifetime credits

 carry 

Following Badges may be awarded to the Subscribers for recognising/awarding behaviour.:

CME Champion, 

Punctual Pro, 

Knowledge Contributor, 

Growth Driver, 

Community Star, 

Perfect Branch Member,

Branch and district leaderboards shall reset on a monthly basis; Based on monthly missions, the subscribers/branch as the case may be, shall receive bonus credits. Rewards shall be given out on the basis of the identified behaviours, as per IMA’s parameters — 

and

 

Billing, payment routing & refunds. 

Pro subscribers shall be billed annually from first payment. The payment may be Routed through  Razorpay (India alternative-billing) or Google Play Billing where Play policy requires Google commission calculated at the rate of 2.5–3.5% additional. 

Following shall be applicable in terms of Billing and payment routing:

  • GST line-itemised. 
  • No general refund; 
  • technical-error exceptions only (double charge, failed activation within 24 h, > 7 days feature non-availability) reported within 7 days. 
  • Auto-renewal unless cancelled ≥ 7 days before next charge;
  •  7-day pre-renewal reminder. Recharge-wallet balances non-refundable except technical error; 
  • consumed FIFO;
  •  unused balance forfeit after 90 days unless lawfully claimed.

6.4  Individual Pro — what ₹1,000/year unlocks

Feature Free Pro (₹1,000/yr)
Earning rate 1.5×
Bonus credits included None 50,000 / yr (₹500)
CME certificates Pay per cert 12 free / yr
Webinar attendance Pay per webinar Free entry
Advertisements Shown None
Compliance dashboard / directory / support Basic Advanced + priority

Tangible value included in Pro ≈ ₹680 (₹500 bonus credits + ₹120 free certificates + ₹60 free webinars), before the ad-free experience, faster earning, advanced search and priority support. Pro revenue is 100% to Hospigrow.

 

10.2 Auto-renewal. If you subscribe to a paid tier, your subscription will auto-renew at the end of the billing cycle through Razorpay e-mandates (cards/UPI) (or any other payment gateway used for the time being by Hospigrow). An advance notice of 07 days will be provided to you before the due date for renewal,      payment thereof or changes, if any.

10.3 Cancellation. You can cancel the auto-renewal option at any time from Settings → Subscription, or via your bank’s mandate-management portal. Such cancellation will      not delete your account and      you will continue to have access until the end of the paid billing cycle, after which your account will downgrade to the Free Module.

10.4 GST and statutory levies. All prices are exclusive of GST and other applicable taxes unless stated otherwise.

 

  1. Refund policy

               Our policy lasts 30 days. If 30 days have gone by since your purchase, unfortunately we can’t offer you a refund or exchange. 

11.1 Once subscribed to any Premium Pack, the Users will be allowed a period of 30 days, during which time the Users may cancel their premium subscription and will be entitled to pro rata refund (post deduction of the amount in terms of days during which the premium features were used along with any Maintenance/Transaction Fees) of the subscription amount. The amount will be refunded in/through the same banking channels of the User, through which the payment for the said subscription was made.

11.2 Technical-error exceptions. Refunds are available where: (a) you are charged more than once for a single billing cycle due to a payment-gateway error; or (b) your payment is captured but the corresponding subscription benefit is not activated within twenty-four (24) hours.

11.3 How to request. Email ima@hospigrow.com within seven (7) days of the transaction with your registered email/mobile, the Razorpay transaction ID, and a screenshot of the bank deduction. Approved refunds are returned to the original payment method via Razorpay within five to seven business days.

  1. User Content — ownership and licence

12.1 Ownership. You retain ownership of your User Content, however, Hospigrow reserves a right to use the said content for the purpose of further publication.

12.2 Licence to operate. You grant Hospigrow a worldwide, non-exclusive, royalty-free, sub-licensable licence to host, display, store, modify (only to the extent necessary for moderation, security, and Platform operation), and transmit your User Content whether or not limited for the purpose of operating the Platform. The licence terminates when you delete the User Content or close your account, except for moderation logs and any content covered by a legal hold.

12.3 Aggregate analytics. We may use anonymised, aggregate metrics derived from User Content for Platform analytics and, with your separate opt-in (Part A clause 4), for partner analytics.

  1. Intellectual property

13.1 Platform IP. The Platform brand (“IMA HUB” as a platform brand, the IMA HUB logo, taglines, and design language), the Platform software, the user interface, and all related intellectual property in terms of the Platform are owned by Hospigrow.

13.2 IMA Marks. The IMA name, logo, and related marks are owned by the Indian Medical Association and are used by Hospigrow within the Platform under licence.

13.3 Limited licence. We grant you a limited, non-transferable, revocable licence to use the Platform for its intended purpose. You may not copy, redistribute, or commercially exploit any part of the Platform.

  1. Suspension and termination

14.1 By you. You may close your account at any time (Part A clause 13).

14.2 By us. We may suspend or terminate your account, with or without prior notice as the circumstances require, where: 

(a) you are in material breach of these Terms or the Community Guidelines; 

(b) we receive a credible legal demand requiring it; 

(c) your medical registration is suspended or revoked; 

(d) your IMA membership lapses; or 

(e) we are required to do so by any Applicable Law for the time being in force.

14.3 Severe Actions. Severe Actions (suspension, termination, verified-badge revocation, public takedown of a named-Member post, referral to a State Medical Council or law-enforcement authority) require concurrence of two authorised signatories under our Two-Person Rule. The audit trail of every such action is preserved.

14.4 Effect. On termination: your access ceases immediately; your User Content is deleted from public view (subject to legal hold); accrued payment obligations survive; and clauses that by their nature survive termination (including IP, indemnity, limitation of liability) survive.

  1. Disclaimers

15.1 Medical disclaimer. Discussion on the Platform is professional peer discussion. It is not a substitute for clinical examination, diagnosis, or treatment of an individual patient. Nothing on the Platform constitutes professional medical advice to any person who is not the posting  own patient.

15.2 Legal disclaimer. Discussion on the Platform may include peer commentary on legal questions. It is not legal advice and is not a substitute for advice from a qualified advocate. Do not rely on peer-suggested legal strategy without independently consulting an advocate.

15.3 No emergency service. The Platform is not an emergency service. Do not use it to seek or provide help in a medical emergency. In an emergency, dial the appropriate emergency number for your location (in India: 112).

15.4 “As is”. The Platform is provided on an “as is” and “as available” basis. To the maximum extent permitted by Applicable Law, we disclaim all warranties not expressly set out in these Terms.

  1. Indemnification

You will indemnify, defend, and hold harmless Hospigrow, its directors, officers, employees, contractors, and the Indian Medical Association against any and all losses, damages, fines, penalties, costs, and expenses (including reasonable legal fees) arising out of: (a) any breach by you of these Terms, the Community Guidelines, or the Privacy Policy; (b) any User Content you upload or transmit; (c) any breach of Applicable Law (including the NMC Code of Ethics) by you in connection with the Platform; or (d) any claim by a third party arising from your use of the Platform.

  1. Limitation of liability

17.1 To the maximum extent permitted by Applicable Law, our total aggregate liability arising out of or in connection with these Terms or your use of the Platform, in any twelve (12) month period, shall not exceed the greater of (a) the subscription fees paid by you to Hospigrow in that period; or (b) INR 10,000.

17.2 We shall not be liable for any indirect, incidental, special, consequential, or punitive damages.

17.3 Carve-outs. Nothing in this clause limits liability that cannot be limited under Applicable Law (for example, liability arising from gross negligence, fraud, or wilful misconduct).

  1. Force majeure

We shall not be liable for delay or failure to perform caused by events beyond our reasonable control, including acts of God, war, civil unrest, pandemic, government action, internet or telecommunications failure, and outages of upstream cloud or payment vendors.

  1. Governing law and jurisdiction

19.1 Governing law. These Terms are governed by the laws of the Republic of India.

19.2 Jurisdiction. Subject to clause 19.3, the courts of competent jurisdiction in Belagavi , Karnataka shall have exclusive jurisdiction over any dispute arising out of or in connection with these Terms.

19.3 Arbitration option. We may, in our discretion, refer any dispute to arbitration under the Arbitration and Conciliation Act, 1996, with seat and venue in Belagavi, Karnataka.

  1. Changes to these Terms

We may amend these Terms from time to time, as per the legal requirement/s or change in policy as may be applicable to us. Material amendments will be notified to you in advance through the app, by email, or by a Platform-wide banner,. Continued use of the Platform after the effective date of an amendment constitutes acceptance of the amended Terms.

  1. Severability and entire agreement

21.1 Severability. If any provision of these Terms is held to be unenforceable, the remaining provisions shall continue in full force, unless this document is rendered unusable due to the said amendment.

21.2 Entire agreement. These Terms (together with the Privacy Policy in Part A and the Community Guidelines in Part C) constitute the entire agreement between you and Hospigrow in relation to the Platform.

21.3 Waiver. No failure or delay by us in exercising any right shall operate as a waiver of that right.

21.4 Assignment. You may not assign or transfer your rights under these Terms. We may assign on a change of control to a successor entity that agrees to be bound by these Terms.

  1. Contact

Hospigrow Healthcare Technologies Pvt Ltd,CTS 3957/184, 3rd Floor, SOTC Building, Gandhi Bhavan, Behind Hotel Sanaman, College Road, Belagavi- 590001. General queries: ima@hospigrow.com. Privacy / grievance: see Part A clause 12.

 

PART C

Community Guidelines

These Community Guidelines describe, in plain language, the behavioural standards we expect on IMA HUB. They are part of the Terms of Use in Part B; if you breach them you are in breach of contract. They are aligned with the National Medical Commission’s Code of Ethics and with the bye-laws of the Indian Medical Association.

  1. The spirit of IMA HUB

IMA HUB is a private, professional space where doctors are connected with other doctors. The standards expected are the standards of a good professional society meeting: candid but courteous, scientific but humble, supportive but honest. Conduct that would be unacceptable at an IMA conference is unacceptable here.

  1. The five risk areas

Our content moderation focuses on five risk areas. These are the areas where a single post can cause real harm — to a patient, a colleague, or your own career.

2.1 Patient privacy

  • Never name a patient. Never post their MRN, Aadhaar, ABHA ID, phone, or email.
  • Never post identifiable photographs without explicit, written, current consent. When in doubt, blur the face and crop the body.
  • Avoid combinations of facts that uniquely identify (small clinic + rare disease + city + age = identification).
  • If you upload a hospital intake form or prescription, redact every identifier before uploading.

2.2 Medical misinformation

  • Stick to mainstream evidence. If you must reference a fringe view, label it clearly.
  • Don’t repeat claims about vaccines, drugs, or public-health measures that you have not personally verified against a primary source.
  • Don’t generate or circulate fabricated case data, deepfaked images, or AI-hallucinated citations.

2.3 Advertising and touting

  • This Platform is not a marketing channel for your clinic. Don’t promote your services, products, or affiliated commercial interests.
  • Don’t run sponsored or affiliate schemes without prior written approval from Hospigrow.
  • The NMC Code of Ethics treats advertising and touting as serious professional misconduct. Posts that cross this line are removed and may be reported to your State Medical Council.

2.4 Defamation, communal, sub judice

  • Don’t disparage individuals, hospitals, or institutions, even if you believe the criticism is justified. Defamation in India can be civil and criminal.
  • Don’t post content that promotes hostility between communities, religions, castes, or regions.
  • Don’t comment on the merits of a sub judice matter (live court case, NMC inquiry, SMC disciplinary proceeding). Stick to factual reporting that the matter exists.

2.5 Professionalism

  • Treat every member with the courtesy you would extend at an IMA event.
  • Don’t harass, bully, or threaten.
  • Don’t impersonate another doctor, an Office Bearer, or any institution.
  • Don’t conduct off-Platform sharing (screenshots, exports). The Platform is a private space. Watermarking is enabled.
  1. The two we always enforce hardest

Two categories produce automatic, immediate consequences regardless of circumstances:

(a) Patient identifier disclosure. Pre-publication block. Account flagged. Repeated breach = termination and referral to State Medical Council.

(b) Solicitation of evidence destruction or forgery. Pre-publication block. Immediate suspension. Posts preserved for possible referral to law-enforcement authorities. Referral to State Medical Council.

  1. NMC Code alignment

These Guidelines incorporate by reference the National Medical Commission’s Code of Ethics. Where there is any apparent conflict, the NMC Code prevails. Posts that breach the NMC Code on advertising, patient confidentiality, professional conduct, or unethical association may be flagged in our content moderation pipeline and surfaced to the IMA Karnataka Ethics Committee for review.

  1. Consequences ladder

Our consequences scale to the severity and pattern of breach:

  • First minor breach: warning posted to your in-app inbox; the post is edited or removed.
  • Repeat minor breach or first material breach: temporary suspension (typically seven days).
  • Serious breach (patient identifier disclosure, criminal solicitation, advertising violation): immediate suspension, content preservation, formal review under the Two-Person Rule.
  • Severe or repeated serious breach: account termination, referral to State Medical Council and / or law-enforcement authorities, public-banner notice on the Platform if a leak has affected other Members.
  1. Reporting and appeals

If you see content that breaches these Guidelines, use the in-app Report button. Reports are routed to the Office Bearer queue at the appropriate level. If you believe a moderation action against you is incorrect, you may appeal to the Grievance Officer (Part A clause 12). Appeals are reviewed by a different Office Bearer than the one who made the original decision.

  1. A short closing word

These guidelines exist because a closed professional space only works if the floor of behaviour is high. The vast majority of Members will never need to think about them. The minority who do are reminded: this is your reputation, your registration, and possibly your liberty at stake. We are here to protect the space — and you — from the worst-case version of the worst-case post.

 

Copyright © 2026 Hospigrow. All Rights Reserved.