Privacy Policy

1. Purpose and Legal Status of This Policy

This Privacy Policy forms an integral and binding part of the Terms of Use and applies to all Users, including visitors, subscribers, developers, enterprise customers, and Pharma Partners.

It is governed by the Digital Personal Data Protection Act, 2023 of India. By accessing or using the Platform, you explicitly consent to the data practices described herein. If you do not agree, you must not access or use the Platform.

2. Role Under the DPDP Act

• Renaid Solutions LLP acts as the Data Fiduciary.
• Users whose personal data is processed are Data Principals.
• This Policy describes how we discharge our obligations as a Data Fiduciary.

3. Scope of This Privacy Policy

• Website visits
• Account registration and authentication
• API access and usage
• Pharma data uploads
• Enterprise and developer integrations
• Customer support communications
• This Policy does not apply to third party websites, tools, or services linked from DrugSetu.

4. Categories of Information We Collect

We may collect personal data such as full name, email address, phone number, organisation name, designation, login credentials stored in encrypted or hashed form, and billing or invoicing details when you register, subscribe, contact support, or act as a Pharma Partner or enterprise representative.

We automatically collect technical and usage data including IP address, browser type, device identifiers, operating system, API request and response metadata, timestamps, authentication logs, rate limit and security data, and diagnostic logs.

Pharma Partners may upload product names, compositions, strengths, pack sizes, MRPs, barcodes, images, and regulatory metadata. This is commercial product information rather than personal data.

Payment information is processed exclusively by third party payment gateways. DrugSetu does not store card or bank details.

5. Cookies and Similar Technologies

DrugSetu uses cookies and similar technologies for authentication, session management, security, fraud prevention, analytics, performance monitoring, abuse detection, and enforcement. See the Cookie Policy for full details.

6. Purposes of Processing

• Platform operations such as account creation, authentication, access control, dashboard functionality, subscription management, and billing.
• Security, abuse prevention, and enforcement, including detection of scraping, automation, misuse, and unauthorized access.
• Analytics and product improvement, including usage analysis, performance improvement, debugging, diagnostics, API optimization, and capacity planning.
• Transactional, administrative, service related, and security communications. Promotional communications are not sent without explicit consent.

7. Legal Basis for Processing

• Your consent
• Contractual necessity to provide the Services
• Legitimate business interests
• Legal obligations
• Processing is limited to what is necessary, proportionate, and reasonable.

8. Consent Withdrawal and Consequences

You may withdraw consent where legally permitted. However, withdrawal may result in restricted access or termination of Services, and certain data may continue to be processed for legal, security, contractual, or enforcement reasons. Withdrawal does not require deletion of data retained under lawful exceptions.

9. Automated Processing and Decision Making

DrugSetu uses automated systems to monitor API usage, detect abuse or violations, enforce rate limits, suspend or restrict access, and trigger security responses. Such automated processing may directly affect your access to the Platform.

10. Data Sharing and Disclosure

• DrugSetu does not sell personal data.
• Data may be shared with trusted vendors for cloud hosting, email delivery, payment processing, analytics, monitoring, and security, subject to confidentiality and security obligations.
• Pharma product data may be shared with API subscribers as part of the Service. Personal data of Pharma Partner representatives is not shared.
• Information may be disclosed to comply with law, respond to lawful requests, enforce the Terms, or protect rights, property, or safety.

11. Data Retention Policy

• Account data is retained while the account remains active.
• Billing records are retained as required by law.
• API and security logs are retained for enforcement, auditing, and risk mitigation.
• Pharma product data is retained under perpetual license.
• Technical logs are retained for limited internal periods.
• Data may be retained beyond account deletion where required by law or legitimate business needs.

12. Data Security Measures

• Encryption in transit and at rest
• Role based access controls
• Authentication safeguards
• Monitoring and logging
• Periodic security reviews
• No system is completely secure. Use of the Platform is at your own risk.

13. Data Breach Response and Limitation

In the event of a personal data breach, DrugSetu will take reasonable steps to investigate and mitigate and will provide notifications where required by law. Individual notification is not guaranteed in all circumstances. Liability for breaches is limited as permitted by law.

14. User Rights Under India DPDP Act, 2023

• Right to access and request confirmation and a summary of personal data held.
• Right to correction of inaccurate or incomplete data.
• Right to deletion of personal data, except where retention is required for legal compliance, contractual obligations, enforcement obligations, or Pharma Partner product data.
• Right to grievance redressal by raising privacy related complaints with DrugSetu.
• Requests may be denied where legally permitted.

15. Children’s Privacy

DrugSetu is not intended for individuals under 18 and does not knowingly collect personal data from minors.

16. Third Party Links and Services

The Platform may contain links to third party services. DrugSetu is not responsible for their privacy practices, content, or security standards. Use of third party services is at your own risk.

17. International Data Transfers

Data may be processed or stored outside India via global cloud infrastructure. DrugSetu applies reasonable safeguards consistent with applicable law.

18. Aggregated and Anonymized Data

DrugSetu may create and use aggregated or anonymized data for analytics, research, and platform improvement. Such data does not identify individuals and may be used without restriction.

19. Changes to This Privacy Policy

DrugSetu may update this Policy at any time. Updates will be posted with a revised Last Updated date. Continued use of the Platform constitutes acceptance.

20. Limitation of Liability

• To the maximum extent permitted by law, DrugSetu is not liable for unauthorized access beyond reasonable control.
• DrugSetu is not liable for third party breaches.
• DrugSetu is not liable for indirect or consequential damages.

21. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Courts in Ahmedabad, Gujarat have exclusive jurisdiction.

22. Contact and Grievance Officer

For privacy inquiries, data requests, or grievances, contact info@drugsetu.com or write to Renaid Solutions LLP, Ahmedabad, Gujarat, India.