Get started
NMC-Aligned · DPDPA 2023 · IT Act 2000

Acceptable Use Policy

Effective date: 12 April 2026·Version 1.0

This Acceptable Use Policy ("AUP") governs how licensed medical practitioners may use the Goalka platform, operated by Goalka Technologies Private Limited. This AUP is incorporated by reference into the Goalka Terms of Service. By using Goalka, you agree to comply with this AUP in addition to the Terms of Service, Privacy Policy, and all applicable Indian law.

1. Who This Policy Applies To

This AUP applies to all registered users of the Goalka platform. Goalka is designed exclusively for licensed medical practitioners registered with the National Medical Commission (NMC), state medical councils, or equivalent regulatory bodies recognised under the National Medical Commission Act, 2019 or the Indian Medical Council Act, 1956.

By registering and using Goalka, you represent and warrant that:

  • You hold a valid MBBS degree or equivalent from an institution recognised under the Indian Medical Council Act or NMC Act
  • Your NMC or state medical council registration is current, valid, and not under suspension or cancellation proceedings
  • You are using Goalka solely for legitimate professional practice management purposes
  • You will promptly notify Goalka at legal@goalka.com if your medical registration is suspended, cancelled, or otherwise restricted

2. Core Principle — Medical Professional Obligations

Goalka is an AI-powered practice management tool. It does not alter, diminish, or replace your obligations as a licensed medical professional under Indian law, NMC regulations, or your ethical duties to patients. Your use of Goalka must at all times be consistent with the standards expected of a responsible medical practitioner.

Goalka's AI tools (Command Center, Content Engine, clinical summaries, briefings) are designed as productivity aids. The following core principles govern their use:

  • Clinical Judgement Primacy: AI outputs from Goalka are informational and advisory. No AI output — whether a drug dosage suggestion, clinical summary, or guideline reference — supersedes your independent professional judgement. You must verify all clinical information before acting on it.
  • Patient Welfare First: All use of Goalka must be consistent with the welfare of your patients. You must not use Goalka to prioritise financial gain, reputational interest, or convenience in ways that compromise patient care.
  • Professional Honesty: Do not use Goalka to misrepresent your qualifications, experience, outcomes, or clinical capabilities on any platform, including LinkedIn, Instagram, WhatsApp, or any publication generated via Goalka's Content Engine.

3. NMC Code of Medical Ethics Compliance

All content generated, published, or shared using Goalka's Content Engine, PR tools, or social publishing features must comply with the National Medical Commission's Registered Medical Practitioner (Professional Conduct) Regulations, 2023, and the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002. The following NMC rules are specifically incorporated into this AUP:

3.1 Advertising & Solicitation (NMC Regulation 6.1)

Prohibited under NMC Regulations
  • Patient testimonials or endorsements of any kind — written, video, or implied
  • Comparative claims implying superiority over other doctors, hospitals, or treatment methods
  • Guaranteed outcome claims (e.g., "100% success rate", "guaranteed cure")
  • Before-and-after patient photographs for promotional purposes without explicit written patient consent
  • Claims that your services are better, cheaper, or more effective than competitors
  • Unsolicited promotion of your services via WhatsApp broadcast, SMS blast, or mass email to non-patients
Permitted under NMC Regulations
  • Educational content about medical conditions, procedures, and health awareness
  • Factual information about your qualifications, specialisation, and hospital affiliations
  • Case studies with full patient de-identification and no identifying photographs
  • Publication of peer-reviewed research, conference presentations, and CME certificates
  • Public health awareness posts and preventive medicine content
  • Opinion pieces and medical commentary where your professional standing is clearly disclosed

3.2 NMC Compliance Checker

Goalka's Content Engine includes an automated NMC compliance checker that flags potential violations before content is published. However, this checker is an AI-powered aid, not a legal guarantee. You remain personally responsible for ensuring all published content complies with NMC regulations. The NMC compliance checker cannot be disabled for content destined for external publication.

3.3 Disclosure of AI Assistance

When publishing AI-assisted content on professional platforms (LinkedIn, medical journals, press releases), you are encouraged to include a disclosure such as: "Drafted with AI assistance and reviewed by [Your Name], [Qualification], [Registration Number]." This is consistent with emerging NMC guidance on AI-assisted medical communication and international professional standards.

4. Patient Data — Permitted & Prohibited Use

As the treating physician, you are the Data Fiduciary under DPDPA 2023 for all patient data you enter into Goalka. You must comply with the following rules:

4.1 Permitted Use of Patient Data

  • Store de-identified or pseudonymised clinical records for your own practice management and outcome tracking
  • Use clinical summaries generated from de-identified data for educational content, subject to NMC rules above
  • Refer to anonymous case statistics in professional communications (e.g., "In my series of 200 hip replacements...")
  • Use patient-consented data for research purposes where appropriate IRB/ethics committee approval has been obtained
  • Share de-identified case details with colleagues via Goalka's referral features for clinical collaboration

4.2 Prohibited Use of Patient Data

  • Enter a patient's full name + diagnosis combination without de-identification (use case IDs or initials only)
  • Upload identifiable patient photographs, videos, or audio without explicit, specific written consent from the patient
  • Share patient-identifiable data with any third party outside of Goalka's intended features, including emailing data exports to non-clinical third parties
  • Use patient data to build marketing databases, contact patients for promotional purposes, or share patient contact information with pharmaceutical companies
  • Input any patient's Aadhaar number, PAN, financial account details, or other sensitive personal data defined under IT (SPDI) Rules 2011 into Goalka's clinical vault
  • Use Goalka's AI features to process identifiable patient data in commands you send to the AI Command Center — send de-identified case descriptions only
Reminder: You are legally responsible for obtaining valid patient consent under DPDPA 2023 Section 7 before storing any patient personal data on any third-party cloud platform. A patient's consent to treatment is not equivalent to consent for data storage on Goalka. Consider using a specific consent form that covers digital health records management.

5. AI-Generated Content — Disclosure & Attribution

Goalka's AI features (Command Center, Content Engine, clinical summaries, press releases, LinkedIn posts) generate content using large language models. The following rules apply to AI-generated content:

  • Review Before Publication: All AI-generated content must be reviewed and approved by you before being published to any external platform. Goalka's publish workflow includes a mandatory review step. Never use the "Publish immediately" option without reading the generated content.
  • Clinical Information Verification: AI-generated clinical summaries, drug information, dosage references, and guideline citations must be independently verified against authoritative sources (current AIIMS protocols, NMC guidelines, ICMR advisories, indexed journals) before being used in patient care, teaching, or professional communication.
  • No Misrepresentation as Original Research: AI-generated content must not be submitted to peer-reviewed journals, medical conferences, or regulatory bodies as your original research or clinical data without appropriate disclosure of AI assistance, compliance with the journal's AI policy, and verification of all cited data.
  • No Ghost-Writing for Others: You may not use Goalka to generate content on behalf of other doctors, hospitals, or medical institutions without their knowledge and explicit involvement in the review process.
  • [VERIFY] Tags: When Goalka's AI inserts a [VERIFY] tag on a claim, that tag signals content that requires independent verification before use. Removing [VERIFY] tags without verifying the underlying claim is a violation of this AUP.

6. Prohibited Activities (Platform Integrity)

The following activities are strictly prohibited on the Goalka platform and will result in immediate account suspension:

Sharing your account credentials with any other person, including junior doctors, nurses, medical staff, or hospital administrators
Using automated scripts, bots, browser automation tools, or APIs without Goalka's written authorisation to extract data, manipulate usage quotas, or circumvent rate limits
Attempting to reverse-engineer, decompile, disassemble, or extract Goalka's AI system prompts, model configurations, or proprietary algorithms
Probing, scanning, or penetration testing Goalka's infrastructure, APIs, or systems without a written bug bounty agreement with Goalka
Introducing malware, ransomware, spyware, or any malicious code into the platform
Conducting denial-of-service (DoS or DDoS) attacks against Goalka infrastructure or any connected service
Exploiting any platform vulnerability without reporting it to security@goalka.com via our responsible disclosure programme
Creating multiple accounts to circumvent Free tier limits, rate limits, or subscription requirements
Misrepresenting your identity, NMC registration number, or medical qualifications during registration or on your Goalka profile

7. Prohibited Activities (Legal & Regulatory)

You must not use Goalka for any purpose that violates applicable Indian law, including but not limited to:

IT Act 2000, Section 66: Hacking, data theft, introduction of viruses, or denial-of-service attacks
DPDPA 2023: Processing patient personal data without appropriate consent, sharing personal data with unauthorised third parties, or hindering data principal rights
Indian Penal Code / BNS 2023: Defamation of other medical professionals, impersonation of doctors, or fraud in medical billing using Goalka-generated content
NDPS Act, 1985: Using Goalka to facilitate prescription of controlled substances outside legitimate medical practice, or to document illegitimate prescriptions
Pre-Conception and Pre-Natal Diagnostics Techniques (PCPNDT) Act, 1994: Documenting, publishing, or communicating sex determination of foetuses in any form via Goalka
Transplantation of Human Organs and Tissues Act, 1994: Facilitating or documenting illegal organ trade or transplantation outside permitted channels
Drug and Cosmetics Act, 1940: Generating or distributing false medical claims about drugs, promoting unapproved drug uses, or advertising prescription drugs directly to consumers through Goalka content
NMC Act 2019 / MCI Ethics Regulations 2002: Any activity that constitutes professional misconduct as defined by the National Medical Commission

Goalka is obligated to cooperate with legitimate law enforcement requests under Section 69 of the IT Act 2000. If Goalka becomes aware of activity that may constitute a criminal offence, we may report it to appropriate authorities without prior notice to the user.

8. Social Media & Content Publishing

Goalka's Content Engine and PR tools enable you to draft and publish content to LinkedIn, Instagram, and other platforms. The following rules apply:

  • Platform Terms Compliance: All content published via Goalka must comply with the terms of service of the target platform (LinkedIn, Meta/Instagram, etc.) in addition to NMC regulations and this AUP.
  • No Mass Unsolicited Messaging: Do not use Goalka's social publishing features to send unsolicited promotional messages to individuals who have not opted in to receive communications from you. This applies to LinkedIn InMail, Instagram DMs, and WhatsApp broadcasts.
  • Press Kit Microsite Content: Content published to your public press kit microsite (goalka.com/presskit/[your-slug]) is publicly accessible. Ensure all content on your press kit complies with NMC advertising regulations and does not include patient-identifiable information.
  • Conference & Award Claims: Claims of awards, conference presentations, and academic achievements displayed on your profile or press kit must be accurate and verifiable. Do not add credentials you do not hold.
  • Intellectual Property: Do not publish content that infringes the copyright, trademark, or other intellectual property rights of journals, medical organisations, pharmaceutical companies, or other practitioners. Properly cite all sources in educational content.

9. WhatsApp & Communications

Goalka delivers WhatsApp briefings, alerts, and notifications via Gupshup Business API using your registered WhatsApp number. The following rules apply to Goalka-facilitated WhatsApp communications:

  • WhatsApp briefings are sent only to your own registered number — you cannot use Goalka to send WhatsApp messages to your patients or other doctors without their explicit opt-in consent
  • Goalka-generated WhatsApp templates used for practice communications must comply with Meta's WhatsApp Business Policy and India's Telecom Commercial Communications Customer Preference Regulations (TCCCPR) 2018
  • Do not use Goalka to send promotional medical content via WhatsApp to individuals who have not consented to receive such communications from you
  • You may not use Goalka's WhatsApp integration to impersonate a hospital, medical council, or government health authority
  • Patient appointment reminders or health tips sent via WhatsApp to your patients must comply with TCCCPR and require patient consent registered with the telecom operator

10. Third-Party Integrations

When you connect third-party services (Google Calendar, Gmail, LinkedIn, Instagram, Razorpay) to Goalka, you remain responsible for complying with the terms of service and policies of those third parties. Goalka is not responsible for how those third parties handle data.

  • Google Calendar / Gmail: The Google OAuth integration allows Goalka to read calendar events and email metadata to generate contextual briefings. You must not grant Goalka access to a shared mailbox or calendar that contains other doctors' patient data without their consent. Do not use the Gmail integration to access emails from patients containing confidential health information unless you are the treating physician.
  • LinkedIn: Content published to LinkedIn via Goalka must comply with LinkedIn's Professional Community Policies, including prohibitions on misleading content. The LinkedIn OAuth connection should only be authorised from your personal professional account, not from an account impersonating a hospital or institution.
  • Instagram: Health and wellness content on Instagram is subject to Meta's Advertising Policies, including restrictions on medical claims. All Goalka-generated Instagram content is subject to NMC rules in addition to Meta's policies.
  • Razorpay: You must not use Goalka's billing features to process payments for services you are not actually providing, or to split or obscure income to evade GST or income tax obligations.

11. Monitoring & Enforcement

Goalka takes a trust-based approach to compliance. We do not actively monitor the clinical content you store in your vault. However, we do maintain automated systems to detect:

  • Anomalous API usage patterns that suggest quota abuse or credential sharing
  • Rate limit violations and automated scraping behaviour
  • Content published through Goalka that triggers our NMC compliance checker at a persistent violation level
  • Security vulnerabilities or attack patterns directed at Goalka infrastructure

All monitoring is conducted at the system metadata level. We do not read your clinical notes, draft content, or AI command history for compliance purposes unless required by a valid court order or in the context of a specific reported violation under Section 13 of this AUP.

AI command logs are retained for 90 days for quality, safety, and security purposes as disclosed in our Privacy Policy. These logs may be reviewed in the event of a credible report of AUP violation.

12. Consequences of Violation

Violations of this AUP may result in the following actions, proportional to the severity and nature of the violation:

WarningFor first-time or minor violations, we will issue a formal written warning to your registered email explaining the violation and the required remediation.
Feature RestrictionFor repeated minor violations or violations affecting a specific feature (e.g., persistent NMC non-compliance in content publishing), access to the relevant feature may be temporarily restricted pending review.
Account SuspensionFor serious violations — including patient data misuse, attempted fraud, platform security attacks, or violations of Indian law — your account will be suspended immediately and without prior notice. A detailed explanation will follow via email within 24 hours.
Account TerminationFor the most severe violations — criminal activity, persistent data breaches, or repeat serious violations after prior suspension — your account will be permanently terminated. All data will be deleted per our Privacy Policy retention schedule.
NMC ReferralFor violations that appear to constitute professional misconduct (e.g., systematic patient data misuse, false credentials, unethical advertising), Goalka reserves the right to report the violation to the relevant State Medical Council or the NMC Ethics and Medical Registration Board.
Legal ActionFor violations constituting criminal offences under Indian law (IT Act offences, fraud, data theft, etc.), Goalka may file a complaint with law enforcement. We will cooperate fully with police investigations and court proceedings.

If your account is suspended or terminated under this AUP, you may appeal within 14 days by emailing legal@goalka.com with a detailed explanation. We will review appeals within 10 business days. Refunds for any prepaid subscription period following a for-cause termination are at Goalka's discretion.

13. Reporting a Violation

If you believe another Goalka user is violating this AUP — particularly with respect to patient data misuse, false medical credentials, or unlawful activity — please report it to us:

  • Email: legal@goalka.com with subject line "AUP Violation Report"
  • Include: description of the alleged violation, date/time observed, relevant evidence (screenshots, links)
  • All reports are treated confidentially. We will not disclose your identity to the reported user
  • False or bad-faith reports made to harass other users may themselves constitute an AUP violation

For security vulnerability reports (responsible disclosure), email security@goalka.com with a detailed description. We aim to acknowledge security reports within 24 hours and resolve within 90 days. We do not pursue legal action against good-faith security researchers who follow responsible disclosure principles.

14. Contact

For questions about this Acceptable Use Policy, or to report a violation:

Legal & AUP enquiries
legal@goalka.com
Security vulnerability reports
security@goalka.com
NMC compliance questions
legal@goalka.com
Registered Office
Goalka Technologies Private Limited
91Springboard, Koramangala
Bengaluru, Karnataka 560034, India

This Acceptable Use Policy is incorporated into the Goalka Terms of Service and is governed by the laws of India. In the event of conflict between this AUP and the Terms of Service, the Terms of Service shall prevail. This policy may be updated without prior notice for clarifications; material substantive changes will follow the 30-day notice process in the Terms of Service.