Privacy Policy

1. Introduction

Welcome to Sanvya Health Software ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our hospital management system and related services.

We are committed to protecting your privacy and maintaining the confidentiality of all information entrusted to us. This policy applies to all users of our software, including hospitals, healthcare providers, staff members, and patients.

                        Healthcare Data Compliance: We comply with applicable healthcare privacy laws including HIPAA (Health Insurance Portability and Accountability Act) and local data protection regulations to ensure the highest level of privacy protection for medical information.
                    

2. Information We Collect

We collect various types of information to provide and improve our services:

2.1 Information You Provide Directly

Account Information: Hospital name, administrator details, contact information, billing details
User Information: Names, email addresses, phone numbers, job titles, roles and permissions
Patient Information: Medical records, personal details, insurance information, treatment history
Communication Data: Support requests, feedback, correspondence with our team

2.2 Information Collected Automatically

Usage Data: Log files, access times, pages viewed, features used
Device Information: IP addresses, browser type, operating system, device identifiers
Performance Data: System response times, error logs, usage patterns

Data Type	Purpose	Retention Period
Account Information	Service provision, billing, support	Duration of subscription + 7 years
Patient Health Records	Healthcare delivery, legal compliance	As required by law (typically 7-10 years)
System Logs	Security, troubleshooting, optimization	90 days (security logs: 1 year)
Communication Records	Support, service improvement	3 years

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

Providing and maintaining our hospital management system
Processing transactions and managing billing
Facilitating communication between healthcare providers and patients
Generating reports and analytics for hospital operations

3.2 Service Improvement

Analyzing usage patterns to improve user experience
Developing new features and functionality
Conducting research to enhance healthcare delivery
Optimizing system performance and reliability

3.3 Legal and Security

Complying with legal obligations and regulations
Protecting against fraud, abuse, and security threats
Enforcing our terms of service and policies
Responding to legal requests and court orders

                        Legitimate Interest: We process certain data based on our legitimate business interests, always balancing these interests against your privacy rights and freedoms.
                    

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information only in the following circumstances:

4.1 With Your Consent

We may share information when you have given us explicit consent to do so.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in:

Cloud hosting and data storage
Payment processing
Email and communication services
Technical support and maintenance

All service providers are bound by strict confidentiality agreements and data protection requirements.

4.3 Legal Requirements

We may disclose information when required by law, court order, or government regulation, or when necessary to:

Comply with legal processes
Protect our rights and property
Ensure user safety and security
Investigate potential violations of our terms

                        No Data Sales: We never sell your personal information or patient data to third parties for marketing or commercial purposes.
                    

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

Encryption: 256-bit SSL/TLS encryption for data in transit
Data at Rest: AES-256 encryption for stored data
Access Controls: Multi-factor authentication and role-based access
Network Security: Firewalls, intrusion detection, and monitoring
Regular Updates: Security patches and software updates

5.2 Physical Safeguards

Secure data centers with 24/7 monitoring
Biometric access controls and security cameras
Environmental controls and backup power systems
Secure disposal of hardware and storage media

5.3 Administrative Safeguards

Employee background checks and security training
Confidentiality agreements and access limitations
Regular security audits and vulnerability assessments
Incident response and breach notification procedures

                        Security Certifications: Our security practices are regularly audited and we maintain compliance with industry standards including SOC 2 Type II and ISO 27001.
                    

6. Patient Health Information

We recognize the sensitive nature of patient health information and provide special protections:

6.1 HIPAA Compliance

For US-based healthcare providers, we act as a Business Associate under HIPAA and:

Execute Business Associate Agreements (BAAs) with covered entities
Implement required safeguards for Protected Health Information (PHI)
Provide breach notification as required by law
Allow patients to exercise their rights under HIPAA

6.2 International Compliance

We comply with applicable healthcare privacy laws in all jurisdictions where we operate, including:

Personal Data Protection Act (PDPA) in various countries
General Data Protection Regulation (GDPR) for EU data subjects
Local healthcare privacy regulations

6.3 Patient Rights

Patients have the right to:

Access their health information
Request corrections to inaccurate data
Receive an accounting of disclosures
Request restrictions on use and disclosure
File complaints about privacy practices

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

7.1 Types of Cookies

Essential Cookies: Required for basic functionality and security
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand usage patterns and improve our service
Security Cookies: Protect against fraudulent activity and unauthorized access

7.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our software.

                        No Third-Party Advertising: We do not use cookies for third-party advertising or tracking across other websites.
                    

8. Data Retention

We retain information only as long as necessary for the purposes outlined in this policy:

8.1 Retention Periods

Account Data: Duration of subscription plus 7 years for legal compliance
Patient Records: As required by applicable healthcare laws (typically 7-10 years)
Financial Records: 7 years for tax and legal purposes
System Logs: 90 days (security logs retained for 1 year)
Communication Records: 3 years for support and service improvement

8.2 Data Deletion

When data is no longer needed, we securely delete it using industry-standard methods that make recovery impossible.

9. Your Rights and Choices

You have several rights regarding your personal information:

9.1 Access and Portability

Request access to your personal information
Receive a copy of your data in a portable format
Export your data when terminating service

9.2 Correction and Deletion

Correct inaccurate or incomplete information
Request deletion of personal information (subject to legal requirements)
Update your account and profile information

9.3 Processing Restrictions

Object to certain types of processing
Restrict processing in specific circumstances
Withdraw consent where processing is based on consent

                        Exercising Your Rights: Contact us at privacy@sanvyahealth.com to exercise any of these rights. We will respond within 30 days of receiving your request.
                    

10. International Data Transfers

We may transfer your information across borders for processing and storage:

10.1 Transfer Safeguards

Standard Contractual Clauses for EU data transfers
Adequacy decisions where available
Binding Corporate Rules for internal transfers
Additional safeguards as required by local law

10.2 Data Localization

Where required by law, we ensure data remains within specific geographic boundaries and comply with local data residency requirements.

11. Children's Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without parental consent.

11.1 Pediatric Patient Data

When processing health information for pediatric patients, we:

Follow applicable laws regarding minors' health information
Respect parental rights and guardian consent requirements
Provide appropriate protections for sensitive information

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

12.1 Notification of Changes

Email notification for material changes
In-app notifications for significant updates
Posted updates on our website
30-day advance notice for major changes

12.2 Continued Use

Your continued use of our services after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Privacy Officer

Email: privacy@sanvyahealth.com
Phone: +91 7086178512
Address: Sanvya Health Software, India

Data Protection Officer (EU)

For EU-related privacy matters, contact our Data Protection Officer at dpo@sanvyahealth.com

Table of Contents