Last Updated: 5/7/2025
1. Introduction
ConsentZen ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our consent management web application (the "Service"). This policy is designed to align with the Digital Personal Data Protection (DPDP) Act of India.
2. Information We Collect
We may collect personal information that you provide directly to us, such as when you create an account, manage consents, or communicate with us. This may include:
- Personal Identifiable Information (PII): Name, email address, phone number, and other identifiers necessary for account creation and management.
- Consent Data: Information related to the consents you grant, modify, or revoke, including the data processor, data fiduciary, purpose of processing, and duration of consent.
- Usage Data: Information about how you access and use the Service, such as IP address, browser type, operating system, access times, and pages viewed. This is collected automatically.
- Log Data: We maintain secure audit logs of all consent transactions and significant system activities as required by the DPDP Act.
3. How We Use Your Information
We use the information we collect for various purposes, including:
- To provide, operate, and maintain our Service.
- To manage your account and your consent preferences.
- To facilitate communication between users and healthcare software providers regarding consent.
- To comply with legal obligations, including the DPDP Act requirements for consent logging and auditing.
- To improve our Service, including monitoring usage and analyzing trends.
- To send you technical notices, updates, security alerts, and support messages.
- To respond to your comments, questions, and requests.
4. Sharing Your Information
We do not sell your personal information. We may share your information in the following circumstances:
- With Healthcare Providers: To facilitate the consent management process as directed by you.
- For Legal Reasons: If required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of ConsentZen, our users, or others.
- With Service Providers: We may share information with third-party vendors and service providers who perform services on our behalf, such as data hosting or analytics. These providers are obligated to protect your information.
- Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
5. Your Data Rights under DPDP Act
In accordance with the DPDP Act, you have certain rights regarding your personal data, including:
- The right to access your personal data.
- The right to correction and erasure of your personal data.
- The right to grievance redressal.
- The right to nominate another person to exercise your rights in case of death or incapacity.
You can manage your consents (including access, modification, and revocation) directly through the Service. For other requests related to your data rights, please contact our Data Protection Officer.
6. Data Security
We implement appropriate technical and organizational measures to protect the security of your personal information. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure.
7. Data Retention
We will retain your personal information and consent logs for as long as necessary to fulfill the purposes outlined in this Privacy Policy, and to comply with our legal obligations (e.g., DPDP Act requirements), resolve disputes, and enforce our agreements.
8. Children's Privacy
Our Service is not intended for use by individuals under the age of 18, or the age of majority in their jurisdiction, without parental or guardian consent as applicable under the DPDP Act for processing children's data. We do not knowingly collect personal information from children without appropriate consent.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.
10. Contact Us (Data Protection Officer)
If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights under the DPDP Act, please contact our Data Protection Officer at:
[Your Company Name/Address for DPO Contact, if applicable]