Platform Administrator & Staff Policy

HomeoConsulting.com

Effective Date: June 2026 | Version 1.0 | Confidential — Internal Use Only

Who This Policy Applies To

This Policy applies to all persons granted any level of administrative access to the homeoconsulting.com platform, including but not limited to:

  • Platform Administrators (ADMIN role)
  • Super Administrators (SUPERADMIN role)
  • Operations Staff with portal access
  • Technical staff managing the backend systems
  • Any third-party contractor granted temporary administrative access

By accepting an administrative role or accessing the admin portal, you unconditionally agree to all terms set out in this Policy. This is a legally binding agreement between you and homeoconsulting.com.

1. Definitions

  • "Platform" means homeoconsulting.com and all associated systems, databases, backend services, and admin portals.
  • "Administrator" or "Admin" means any person holding an ADMIN or SUPERADMIN role on the platform.
  • "SuperAdmin" means the highest-privileged operator role, capable of overriding case statuses, editing fee configuration, managing blogs, managing the Academy/LMS, and accessing all platform data.
  • "Admin" (non-super) means a role capable of managing doctor queues, approving/escalating/closing cases, managing orders and inventory, and reviewing intake submissions.
  • "Confidential Data" means all patient health records, doctor profiles, payment records, audit logs, consultation transcripts, and any other data accessible through the platform.
  • "Authorised Action" means any platform action taken within the scope of the Administrator's assigned role and explicitly permitted by this Policy.

2. Administrator Roles & Access Levels

2.1 ADMIN Role — Permitted Actions

Administrators with the ADMIN role are authorised to:

  • View all patient cases and case details
  • Approve, escalate, or close cases through the designated review queue
  • Access and process doctor applications (accept or reject)
  • Manage medicine inventory (add medicines, create fulfillment centres, process stock refills)
  • Manage orders (view, update order status, process fulfillment)
  • View and respond to the escalated cases queue
  • View doctor queues and assigned case lists
  • Access case intake history and expert review submissions
  • View notifications and queue counts
  • Manage followup cases in the admin panel

Administrators with the ADMIN role are NOT authorised to:

  • Access or modify fee configuration
  • Override case statuses without a documented reason
  • Access SuperAdmin earnings dashboards or ledger breakdowns
  • Create, edit, publish, or delete blog posts
  • Manage the Academy/LMS system
  • Block or permanently suspend user accounts
  • Modify platform-level configuration settings

2.2 SUPERADMIN Role — Permitted Actions

SuperAdministrators are authorised to perform all ADMIN actions plus:

  • View and modify platform fee configuration (patient fee, case-taking fee, review fee, medicine fee, delivery fee)
  • Override any case status with a mandatory documented reason (logged to immutable audit trail)
  • Access complete earnings dashboards (doctor earnings, platform earnings, ledger)
  • Manage the blog system (create, edit, publish, unpublish, delete)
  • Manage the Academy/LMS (create categories, manage enrollments, process payments, mark payments as paid)
  • View and manage all user accounts and roles
  • Block or suspend user accounts with documented cause
  • Access audit logs and security event logs

Important: Even SuperAdmin actions are logged and auditable. No action taken by any administrator — regardless of role — is off the record. Every mutating action (POST, PUT, PATCH, DELETE) on admin and superadmin endpoints is automatically recorded with the action type, timestamp, IP address, and request ID.

3. Responsibilities & Obligations

3.1 Access Credentials

  • Administrators are personally responsible for the security of their login credentials.
  • Credentials must never be shared with any other person, including colleagues, contractors, or family members.
  • Administrators must use a strong, unique password for their admin account.
  • If credentials are compromised or suspected to be compromised, the Administrator must immediately notify homeoconsulting.com at security@homeoconsulting.com.
  • Administrators must log out of the admin portal after each session. Leaving an active session unattended is a security violation.
  • Use of admin credentials on public or shared devices is strictly prohibited.

3.2 Data Access & Confidentiality

  • Administrators may only access data that is necessary for the performance of their assigned duties.
  • Patient health information, consultation records, prescription details, and payment records are strictly confidential.
  • Administrators must never download, copy, export, share, or transmit Confidential Data outside the platform's authorised systems.
  • Administrators must never discuss Confidential Data in public spaces, on personal devices, or through personal messaging channels (WhatsApp, Telegram, personal email, etc.).
  • Breach of data confidentiality is a serious violation and will result in immediate termination and legal action under the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and other applicable Indian laws.

3.3 Authorised Use Only

  • The admin portal must be used exclusively for legitimate platform operations. Personal use of admin access is prohibited.
  • Administrators must not use their access to favour, disadvantage, or otherwise influence any specific doctor, patient, or order.
  • Administrators must not accept gifts, payments, or any form of consideration from doctors or patients in exchange for any platform action.
  • Any conflict of interest (e.g., a family member is a registered doctor on the platform) must be disclosed immediately to the homeoconsulting.com management. The Administrator must recuse themselves from any case, doctor application, or action where a conflict of interest exists.

3.4 Case Management Standards

  • Cases must be reviewed and actioned within the timeframes specified by homeoconsulting.com.
  • Case escalation, approval, or closure must be based solely on objective platform criteria, not personal preference.
  • Any case override (SuperAdmin only) must include a factually accurate, detailed reason of at least 10 characters. Vague or false reasons are a policy violation.
  • Administrators must not manually reassign cases to specific doctors based on personal relationship or undisclosed preference.

3.5 Inventory & Order Management

  • Medicine inventory records must accurately reflect actual stock. False inventory entries are a terminable offence.
  • Order status updates must accurately reflect the real status of an order. Marking an order as shipped or delivered before it has been processed is fraud.
  • Administrators must not divert, retain, or redirect medicine orders for personal use or benefit.

4. Prohibited Actions

The following actions are strictly prohibited for all Administrators and will result in immediate termination and potential legal proceedings:

  • Data theft or misuse — accessing, copying, downloading, or sharing patient or doctor data for any unauthorised purpose
  • Bribery or corruption — accepting or soliciting payments, gifts, or favours from doctors, patients, or third parties in exchange for any platform action
  • Fraudulent entries — entering false data into the platform, including false case approvals, false order statuses, or false inventory counts
  • Impersonation — using another person's credentials to access the platform
  • Credential sharing — sharing admin login credentials with any other person
  • Unauthorised data export — exporting platform data to personal storage, email, or third-party services without written authorisation
  • Sabotage — deliberately disrupting, damaging, or manipulating platform data or operations
  • Competitive misuse — using platform data or access to benefit a competing platform or service
  • Leak of proprietary information — disclosing fee structures, business strategies, doctor earnings, or platform operations to external parties
  • Circumventing audit trails — any attempt to disguise, delete, or manipulate audit logs is a criminal offence under the IT Act, 2000

5. SuperAdmin-Specific Obligations

5.1 Fee Configuration Changes

  • Any change to the fee configuration must be supported by a documented business justification.
  • Fee changes must not result in negative portal income (the platform enforces this technically, but the intent is equally required).
  • Practitioners must be notified of material fee changes with a minimum of 30 days' notice, as per their service agreement.
  • All fee changes are recorded in the fee_config table with the SuperAdmin's user ID and timestamp.

5.2 Case Override

  • Case status overrides must only be used in genuine operational situations (e.g., correcting a system error, reinstatement after verified complaint resolution).
  • Overrides must never be used to favour a specific doctor or patient.
  • All overrides are permanently recorded in case_events as SUPERADMIN_OVERRIDE with the mandatory reason and cannot be deleted.
  • Misuse of the case override function is considered data fraud.

5.3 Blog & Academy Management

  • Blog content published on the public marketing site must be accurate, non-defamatory, and compliant with Indian media and publishing laws.
  • Academy course content and pricing must be approved by homeoconsulting.com management before publication.
  • Academy payments manually marked as "Paid" by a SuperAdmin must be supported by verifiable offline payment proof (bank transfer receipt, UTR number, etc.) retained for audit purposes.

5.4 User Account Management

  • Blocking or suspending a user account must be based on documented evidence of a policy violation.
  • SuperAdmins must not block user accounts based on personal disputes, bias, or at the request of a third party without platform management approval.
  • Any account suspension must be logged with the specific reason. "Blocked" without a documented reason is not permissible.

6. Security Obligations

  • Administrators must promptly report any suspected security breach, unauthorised access, or suspicious activity to security@homeoconsulting.com.
  • Administrators must not attempt to bypass, disable, or test security controls (rate limiting, IP blocking, XSS/SQLi detection) without explicit written authorisation from platform management.
  • Administrators must not share API keys, database credentials, environment variables, or backend access details with any unauthorised person.
  • All access to the admin portal must occur from secure, trusted devices on secure networks. Use of unsecured public Wi-Fi to access the admin portal is prohibited.
  • If an Administrator's device is lost or stolen, they must immediately report it and request credential invalidation.

7. Audit & Monitoring

homeoconsulting.com maintains comprehensive audit logs of all administrative actions. Administrators acknowledge and consent to:

  • Full action logging — every mutating action (case approval, order update, fee change, blog publish, user block, case override) is permanently logged with user ID, timestamp, IP address, and request ID.
  • Access monitoring — login times, session durations, and access patterns are monitored.
  • Anomaly detection — unusual access patterns (off-hours logins, bulk data access, rapid successive actions) may trigger security alerts and investigation.
  • Periodic audits — homeoconsulting.com may conduct random or scheduled audits of administrator actions without prior notice.

Administrators have no expectation of privacy in their use of the admin portal. All activity on the platform's administrative systems is the property of homeoconsulting.com and subject to monitoring and review at any time.

8. Disciplinary Process

8.1 Minor Violations

For first-time or minor violations (e.g., leaving a session unattended, minor procedural lapses), the following process applies:

  1. Written warning issued to the Administrator
  2. Mandatory re-training on relevant policy section
  3. Increased monitoring for 30 days
  4. Documented in the Administrator's employment/contractor record

8.2 Serious Violations

For serious violations (data breach, bribery, fraudulent entries, credential sharing, case override misuse), the following applies:

  1. Immediate suspension of admin access pending investigation
  2. Investigation conducted within 5 business days
  3. If violation is confirmed: permanent termination of admin access and employment/contract
  4. Forfeiture of any pending remuneration from the period of violation
  5. Legal proceedings under applicable Indian law, including:
    • The Information Technology Act, 2000 (Section 43, 66, 66C)
    • The Digital Personal Data Protection Act, 2023
    • The Indian Penal Code (where applicable — fraud, criminal breach of trust)
    • Civil proceedings for recovery of damages

homeoconsulting.com's determination of a violation is final and binding, subject only to the jurisdiction of competent Indian courts.

9. Post-Termination Obligations

Upon termination of the administrative role — for any reason — the Administrator must:

  • Immediately cease all access to platform systems
  • Return any platform-issued devices, access tokens, or credentials
  • Delete any Confidential Data in their personal possession
  • Maintain confidentiality of all platform information indefinitely — the confidentiality obligation survives termination permanently
  • Not solicit, approach, or attempt to contact any patient or doctor from the platform for any commercial purpose for a period of 2 years from the date of termination

Violation of post-termination obligations will result in civil legal action and injunctive relief sought from competent Indian courts.

10. Indemnity

Administrators unconditionally indemnify and hold harmless homeoconsulting.com, its directors, shareholders, employees, agents, and affiliates from any claim, loss, damage, fine, penalty, or legal cost arising from:

  • Any unauthorised action taken by the Administrator
  • Any breach of this Policy by the Administrator
  • Any data leak, fraud, or misuse of platform access by the Administrator
  • Any third-party claim arising from the Administrator's actions on the platform

11. Governing Law & Jurisdiction

This Policy is governed by and construed in accordance with the laws of India. Any dispute arising from or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts in India.

12. Contact & Reporting

PurposeContact
Security incidentssecurity@homeoconsulting.com
Policy querieslegal@homeoconsulting.com
Grievance / Whistleblowergrievance@homeoconsulting.com
Platform supportsupport@homeoconsulting.com

Administrators may report policy violations by others, including fellow Admins or SuperAdmins, through the grievance portal at homeoconsulting.com/grievance. Whistleblower reports are treated in strict confidence.

Administrator Declaration

I, the undersigned, confirm that:

  • I have read, understood, and unconditionally agree to this Administrator Policy in its entirety.
  • I will use my administrative access solely for authorised platform operations.
  • I will maintain the strict confidentiality of all Confidential Data at all times, including after my role ends.
  • I understand that all my actions on the platform are logged and subject to audit at any time.
  • I will never share my credentials, export data unauthorised, or take any action for personal benefit or third-party benefit.
  • I accept that violations may result in immediate termination, forfeiture of earnings, and legal proceedings under Indian law.
  • I accept the exclusive jurisdiction of Indian courts for any dispute arising from this agreement.

Full Name:

Role (ADMIN / SUPERADMIN / Staff):

Employee/Contractor ID:

Signature:

Date:

© 2026 HomeoConsulting.com — All Rights Reserved

This is a confidential internal document. Do not share, reproduce, or distribute without written authorisation from homeoconsulting.com management.