Data protection programme & sub-processor list
Last updated 19 May 2026. How we secure and process data on behalf of our hospital, clinic and doctor clients.
Our controls
Encryption
TLS 1.3 in transit; AES-256 at rest. Secrets stored in managed vault; rotated every 90 days.
Access control
SSO + MFA mandatory. Role-based access, principle of least privilege, quarterly access reviews, immediate revocation on staff change.
Infrastructure
Tier-IV India + EU data centres. SOC 2 Type II and ISO 27001 certified hosting partners (Google Cloud, Cloudflare, Supabase).
Backups
Daily encrypted backups, 30-day retention, quarterly restore drill, geographically separated.
International transfers
SCCs in place with every sub-processor; transfer impact assessments on file for all non-India processors.
Breach response
72-hour notification SLA; documented incident response runbook; annual tabletop exercise.
Sub-processor list
Updated 19 May 2026. Notice of any new sub-processor is given to clients 30 days in advance.
- Google LLC — Workspace email, Google Ads, Google Analytics 4 (consented)
- Meta Platforms Inc. — Facebook & Instagram Ads, WhatsApp Business API (consented)
- Cloudflare Inc. — CDN, WAF, DDoS protection
- Supabase Inc. — managed Postgres for CRM exports (EU + India)
- HubSpot Inc. / Zoho Corp — CRM (selected by client; DPA in place with both)
- Microsoft Corporation — Clarity heatmaps (consented only)
- LinkedIn Corporation — Lead Gen Forms & Insight Tag (consented only)
Breach response runbook
- 0–1h
Detection
Alerted via SIEM, sub-processor notification or human report. Incident commander assigned.
- 1–24h
Contain & assess
Isolate affected systems, rotate credentials, scope impacted data subjects and data categories.
- 24–72h
Notify
Notify affected client(s) and the Data Protection Board of India where notifiable under DPDP Act s.8(6).
- 72h+
Remediate & report
Root-cause analysis, remediation plan, post-incident review shared with client within 14 days.
Data protection FAQs
A written promise: 50% increase in footfall & revenue — or we work free.
We sign a performance contract before we start. If your practice doesn't see a measurable 50% lift in patient footfall and revenue within 6 months, our team keeps working at zero fee until you do. That's the kind of accountability healthcare deserves.
50% Footfall & Revenue Lift
Written guarantee — measurable patient footfall and practice revenue uplift within 6 months, or we work free until you get there.
Performance Contract
Outcomes locked on paper — KPIs, timelines and review cadence signed before kickoff. No vague retainers, no hidden scope.
Healthcare-Only Specialists
20+ years building patient acquisition for hospitals, clinics & specialist doctors. Every campaign is compliance-safe by design.
Your Data, Your IP
Full ownership of website, ads accounts, CRM, creatives and patient data — always. Zero lock-in, full transparency.
What hospitals & doctors say about us
Real outcomes from hospitals, clinics and specialist doctors across India.
"Healthline Buzz rebuilt our entire patient acquisition funnel. Within 6 months consultations tripled and our cost per lead dropped by nearly half."
"The most healthcare-literate growth team in India. Every creative is compliance-safe and every report ties spend to actual revenue."
"From SEO to WhatsApp to our CRM — one connected system. We finally stopped juggling five agencies and started seeing real growth."
Get a healthcare growth plan built for your speciality.
Share a few details about your hospital, clinic or practice. Our team will audit your current digital presence and send a tailored growth roadmap within 24 hours.
- Speciality-specific patient demand analysis
- Conversion gap audit across web, ads, CRM & WhatsApp
- Compliance-safe creative & campaign blueprint
100% confidential. No spam. Healthcare team replies within 24 hrs.