Access control
Limit access to sensitive operational information based on role and business need.
Account safety
Data protection
Responsible reporting
Protection Areas
Security principles built into the program.
Sensitive data minimisation
Avoid collecting or requesting information that is not required for support or compliance.
Safe support communication
Never ask users for OTP, CVV, UPI PIN or passwords over email, phone or chat.
Partner governance
Use onboarding checks and program rules for hospitals, pharmacies, labs and wellness partners.
Incident response
Review suspicious activity and route credible security reports to the appropriate internal owner.
Compliance alignment
Design processes to align with applicable issuer, payment, privacy and Indian regulatory requirements.
Report A Concern
How security reports should be submitted.
Write a summary
Explain what happened, when it happened and which account or page was affected.
Add safe evidence
Share screenshots or logs only after removing OTP, CVV, full card number and passwords.
Email security desk
Send the report to security@healthpocket.in with a clear subject line.
Review and response
HealthPocket reviews the issue and may request additional non-sensitive details.
User Safety Checklist
What HealthPocket will and will not ask for.
| Information | Safe to share? | Guidance |
|---|---|---|
| Transaction reference | Usually yes | Useful for support when shared through official channels. |
| Last 4 digits of card | Sometimes | Only if requested through verified support for identification. |
| OTP / CVV / UPI PIN | No | Never share these with anyone. |
| Full card number | Avoid | Do not send over email or chat unless a verified secure flow exists. |