Infedis Infotech LLP - Privacy Policy

Last Updated: 02/01/2026

PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING OUR PLATFORM OR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND OUR TERMS AND CONDITIONS. IF YOU DO NOT AGREE, PLEASE DO NOT USE THE PLATFORM OR SERVICES.

Infedis Infotech LLP (“Infedis,” “we,” “our,” or “us”), located at Office 108, Suyog Center, Gultekdi, Pune - 411 037, is committed to protecting your personal data and privacy. This Privacy Policy outlines how we collect, use, store, disclose, and safeguard your personal data in accordance with applicable Indian laws, including the DPDP Act, 2023 and the DPDP Rules, 2025.

1. Scope and Applicability
This Privacy Policy applies to all users of Infedis’s digital platforms, mobile applications, web services, and tools that collect, store, or process personal data. It governs how we manage your data when you access our services from India or from jurisdictions where Indian data protection laws apply.

This Privacy Policy operates alongside asset-specific privacy policies issued for particular platforms or mobile applications. Such asset-specific policies supplement this Privacy Policy and shall prevail only in relation to features or processing unique to the relevant asset.

2. Data Fiduciary and Data Principal Roles
Under the DPDP Act and Rules, Infedis acts as a “Data Fiduciary,” and you, the user, are the “Data Principal.” As a Data Fiduciary, we are responsible for ensuring the lawful, fair and transparent processing of your personal data.

3. Categories of Personal Data Collected

We may collect the following categories of personal data (subject to consent as required by DPDP Rules):

  Identity Data: Name, gender, date of birth, Aadhaar number (only when required and with consent), photo ID, medical registration numbers (if applicable)

  Aadhaar or other government identifiers will be collected only where strictly necessary, legally permitted, and with explicit consent, in line with the DPDP Rules, 2025.

  Contact Data: Email address, phone number, residential address

  Demographic and Professional Data: Age, location, medical specialty or practice area

  Technical and Device Data: IP address, browser type and version, device identifiers, operating system, geolocation (only with explicit consent), usage logs

  Communication Data: Emails, chat logs, call recordings (with consent), customer support interactions

  Transactional and Payment Data: UPI IDs, payment method information, transaction history (processed through secure payment gateways)

  Preference and Behavioural Data: Interests, app usage history, selected preferences, clicked links, viewed content

  Publicly Available Personal Data: If processed, such data will be handled in accordance with the DPDP Rules.

  Professional / Behavioural data: Engagement, referral, incentive, reward, ranking, and redemption-related data associated with professional participation on Infedis platforms.

We do not knowingly collect personal data of children under 18 years. If we reasonably suspect that such data has been submitted without verifiable parental/guardian consent as required under DPDP Rules, we will delete such data immediately.

4. Purpose of Processing

We collect and process your personal data for the following lawful purposes:

  To deliver, manage, and improve our products and services

  To verify user identity and professional qualifications (where applicable)

  To personalise user experience and deliver relevant content

  To enable customer support and respond to user requests

  To provide marketing communications (only with your explicit consent)

  To detect, prevent, and address technical or security issues

  To ensure legal compliance, resolve disputes, enforce agreements

  For internal audits, research, product improvement, analytics, and lawful business operations

  Administration, verification, analytics, audit, and fulfilment of referral, engagement, incentive, and reward-based programmes.

All processing shall be limited to what is strictly necessary for the purpose.

5. Legal Basis for Processing

The legal bases under which we process your personal data include (as per DPDP Act/Rules):

  Your explicit consent (for optional/consent-based processing)

  Processing necessary for performance of a contract(e.g., account registration, service delivery)

  Compliance with Legal obligation under applicable law

  Legitimate interests pursued by Infedis (e.g., fraud prevention, security) - only when such interests are not overridden by your rights as Data Principal

6. Consent, Notice & Withdrawal Mechanism

  We will obtain your explicit, informed consent before collecting or processing any personal data for which DPDP requires consent.

  We will provide a clear, standalone notice (separate from these Terms) at the time of collection - describing what data is collected, for what purpose, how long it will be retained, and your data rights. Each such notice will also include the contact details of our Grievance Officer, as required under the DPDP Rules, 2025.

  You may withdraw consent at any time by contacting our Grievance Officer or via the mechanism provided on our Platform (if implemented). Withdrawal will not affect lawful processing done before withdrawal.

7. Data Sharing and Disclosure

We may share your personal data in the following scenarios (subject to DPDP compliance):

  With our affiliates, vendors, and trusted service providers performing services on our behalf - under strict confidentiality and data-processing agreements.

  With legal authorities or regulators when required under applicable law.

  With your explicit consent, where additional services or third-party collaborations require disclosure.

  In connection with any merger, acquisition, or asset transfer involving Infedis - with appropriate notice to you.

  With fulfilment partners, payment processors and service providers engaged for incentive or reward distribution, under binding data-processing and confidentiality obligations.

We do not sell or rent your personal data to third parties.

8. Data Storage and Retention

We store personal data securely using industry-standard encryption and access control mechanisms.
Personal data will be retained:

  For as long as your account is active and as needed to fulfil the purpose of collection.

For as long as required by applicable Indian laws or regulatory obligations.

Additional logs for upto one (1) year for audit/legal requirements, after which such extraneous data will be deleted or anonymized.

9. Data Security Measures

We adopt physical, electronic, and organizational safeguards to protect your personal data. Measures include:

  Multi-factor authentication (MFA) for access where feasible

  Role-based access control

  Encryption of data in transit and at rest

  Logging and audit trails, intrusion detection, and regular security assessments

Despite these measures, no system is entirely immune. We encourage you to safeguard your credentials and devices.

10. Your Rights as Data Principal

Under the DPDP Act/Rules, you have the following rights:

  Right to access your personal data held by us

  Right to request correction or updating of inaccurate data

  Right to request erasure of your data when consent is withdrawn or the purpose is fulfilled (subject to legal retention obligations)

  Right to data portability (if applicable)

  Right to withdraw consent at any time

  Right to lodge a grievance or complaint if you believe your rights under DPDP have been violated

  Right to nominate another person to act on your behalf in case of incapacity or death

Contact our Grievance Officer to exercise these rights.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  Manage login sessions and authentication

  Measure service performance, analytics, user preferences, and improve the user experience

Where tracking is not strictly necessary, we may ask for your consent. You may disable cookies via your browser or device settings, but some features might not function correctly.

12. Third-Party Services and Links

Our Platform may contain links to third-party websites or integrate services not operated by us. We are not responsible for the data handling practices of these third parties. We recommend reviewing their privacy policies.

13. Cross-Border Data Transfers / International Processing

If your personal data is transferred outside India for processing (e.g., cloud hosting, third-party services, affiliates), we will ensure such transfers meet the safeguards prescribed under DPDP Rules (including standard contractual clauses where applicable) - for the time being in force (or applicable regulations at the time).

14. Data Breach Notification & Response

In case of any personal data breach (unauthorised access, disclosure, loss, or theft), we commit to:

  Notify the affected Data Principal(s) without undue delay via their registered communication channel, detailing: nature of breach, what data was affected, likely consequences, steps taken/ to be taken, and recommended mitigation measures.

  Report the breach to the Data Protection Board of India (DPB)preferably within 72 hours, where feasible, with a detailed incident report, in line with the DPDP Rules, 2025.

15. Grievance Redressal & Data-Requests

You may submit grievances, complaints, or data-requests (access, correction, erasure, consent withdrawal, nomination) to:

Grievance Officer:

Vanshika Pradhan

Email: vanshikapradhan@hidoc.co

We will acknowledge your request within 24 hours and resolve or close it within 90 days of receipt, in accordance with the DPDP Act, 2023 and the DPDP Rules, 2025. This timeline is declared in line with statutory requirements and may be shorter if operationally feasible.”

16. Changes to This Policy / Terms

We reserve the right to modify this Privacy Policy / Terms. Any significant changes (especially those affecting your rights) will be notified to you via email (if registered) or prominently displayed on our Platform. Continued use of the Platform after changes constitutes your acceptance.
Where Infedis introduces new platforms or mobile applications, users may be required to review and accept supplemental privacy notices or policies specific to such assets.

For further information or queries, please contact:

Vanshika Pradhan

Infedis Infotech LLP

Email: vanshikapradhan@hidoc.co.

Scope and Covered Digital Properties

Click here to view the list of assets : https://hidocdr.com/asset_lists.php

Regulatory Compliance Notice

We adhere to the Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025, and have aligned our data practices with all applicable obligations. This includes ensuring valid consent, limiting data collection to what is necessary, providing clear withdrawal and grievance options, and enabling all user rights such as access, correction, erasure, and nomination. We do not collect Aadhaar, PAN, or other restricted identifiers, and we maintain appropriate organisational, technical, and contractual safeguards for all data processing activities, including cross-border transfers and third-party processing. We also follow mandated timelines for grievance handling and data breach response as prescribed under the DPDP framework.