WhatsApp Book a Demo

Privacy Policy

Last Updated: June 8, 2026

CSoft Healthcare Solutions ("CSoft", "we", "us", or "our"), a company registered in Bangalore, Karnataka, India, is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our products, or engage with our services.

This Privacy Policy is governed by and compliant with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 ("IT Act"), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules").

1. Information We Collect

1.1 Personal Data Provided by You

We may collect the following personal data when you interact with our website, fill out forms, book a demo, or use our services:

  • Full name
  • Email address
  • Phone number / mobile number
  • Organisation or company name
  • Designation / job title
  • City, state, and country
  • Messages or queries submitted through contact forms

1.2 Sensitive Personal Data or Information (SPDI)

In the course of providing healthcare technology services, we may process sensitive personal data as defined under the SPDI Rules, which may include:

  • Financial information (bank account details, payment instrument details) for billing purposes
  • Medical records and health information processed through our healthcare platforms on behalf of healthcare providers
  • Biometric information, if applicable
  • Passwords and authentication credentials

We collect SPDI only with your explicit consent and process it solely for the purposes stated in this Policy.

1.3 Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address and device information
  • Browser type, version, and language preferences
  • Operating system
  • Pages viewed, time spent, and navigation paths
  • Referring website or source
  • Cookies and similar tracking technologies (see Section 7)

2. Purpose of Data Collection

We collect and use your personal data for the following lawful purposes:

  • To respond to your enquiries, demo requests, and support tickets
  • To provide, maintain, and improve our healthcare technology products and services
  • To process payments and manage billing
  • To send transactional communications (service updates, security alerts, account notifications)
  • To send promotional communications with your consent (newsletters, product updates, event invitations)
  • To comply with legal obligations under Indian law
  • To detect, prevent, and address fraud, abuse, or security issues
  • To conduct analytics and research to improve user experience
  • To enforce our Terms of Service and other agreements

3. Lawful Basis for Processing

Under the DPDP Act, 2023, we process your personal data based on one or more of the following grounds:

  • Consent: Where you have given clear, informed consent for us to process your personal data for a specific purpose.
  • Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract.
  • Legal Obligation: Where processing is necessary to comply with a legal obligation under Indian law.
  • Legitimate Uses: As specified under the DPDP Act for certain legitimate uses permitted by law.

4. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties. We may share your information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist us in operating our website, conducting our business, or servicing you (e.g., cloud hosting providers, payment gateways, email service providers), subject to confidentiality agreements.
  • Healthcare Provider Clients: If you are a patient or end-user of a healthcare provider that uses our platforms, your data may be processed on behalf of that healthcare provider in accordance with their privacy policies.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request, including requests from Indian courts or regulatory authorities.
  • Business Transfers: In connection with any merger, acquisition, sale of assets, or restructuring, your data may be transferred as part of such transaction, subject to this Privacy Policy.
  • Consent: With your explicit consent for any other purpose not described above.

5. Data Storage and Security

We implement appropriate technical and organisational security measures in accordance with the IT Act and SPDI Rules, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Employee training on data protection and security practices
  • Incident response procedures for data breaches

Your data is primarily stored on secure servers located in India. Where data is transferred outside India, we ensure adequate protection measures are in place as required under the DPDP Act.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including:

  • Account and service data: For the duration of your engagement with us and a reasonable period thereafter
  • Transactional data: As required by applicable tax and accounting laws (minimum 8 years under the Income Tax Act, 1961)
  • Communication records: For up to 3 years after the last interaction
  • Website analytics data: For up to 26 months

Upon expiry of the retention period, we securely delete or anonymise your personal data.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience. Types of cookies we use include:

  • Essential Cookies: Necessary for basic website functionality and security.
  • Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics).
  • Functional Cookies: Remember your preferences and settings.
  • Marketing Cookies: Used to deliver relevant advertisements and track campaign performance.

You can control cookie preferences through your browser settings. Disabling certain cookies may affect website functionality.

8. Your Rights Under Indian Law

Under the DPDP Act, 2023 and applicable Indian laws, you have the following rights:

  • Right to Access: You may request a summary of your personal data being processed and the processing activities.
  • Right to Correction and Erasure: You may request correction of inaccurate data, completion of incomplete data, updating of outdated data, or erasure of data that is no longer necessary.
  • Right to Grievance Redressal: You have the right to have your grievances addressed and resolved in a timely manner.
  • Right to Nominate: You may nominate another individual to exercise your rights in the event of your death or incapacity.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us using the details provided in Section 12.

9. Children's Privacy

Our website and services are not directed at individuals under the age of 18 years. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child without verifiable parental consent, we will take steps to delete such data promptly. Under the DPDP Act, processing of a child's personal data requires verifiable consent from the parent or lawful guardian.

10. Third-Party Links

Our website may contain links to third-party websites, services, or applications. We are not responsible for the privacy practices or content of such third parties. We encourage you to review the privacy policies of any third-party services before providing your personal data.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date. Your continued use of our website or services after such changes constitutes your acceptance of the updated Privacy Policy.

12. Grievance Officer

In accordance with the IT Act, 2000 and the DPDP Act, 2023, we have appointed a Grievance Officer to address your concerns regarding data processing:

Grievance Officer

CSoft Healthcare Solutions

Bangalore, Karnataka, India

Email: grievance@csoftsolutions.com

Phone: +91 99001 42148

We will acknowledge your grievance within 24 hours and endeavour to resolve it within 30 days from the date of receipt, in compliance with the requirements of the IT Act and applicable rules.

13. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Bangalore, Karnataka, India.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

CSoft Healthcare Solutions

Bangalore, Karnataka, India

Email: malli@csoftsolutions.com

Phone: +91 99001 42148

WhatsApp: +91 99001 42148