Privacy Policy

Plain-English summary: KriTech builds healthcare software for hospitals. We collect only what we need to run our website, deliver our products, and support our customers. When hospitals use our HMIS/ERP, the patient health information they enter stays under their control — we process it on their behalf and never sell it.

1. Introduction

This Privacy Policy ("Policy") explains how Krishav Technology and Healthcare Solution Private Limited ("KriTech", "we", "us" or "our") collects, uses, discloses, and safeguards information when you visit kritech.ai (the "Website"), interact with us, or use our products and services ("Services").

We are committed to protecting your privacy and complying with applicable laws, including the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000 and Reasonable Security Practices Rules, the Health Insurance Portability and Accountability Act (HIPAA) for our US-based hospital customers, and the EU General Data Protection Regulation (GDPR) where applicable.

2. Scope & Roles

KriTech acts in two distinct capacities:

• Data Fiduciary / Controller — for information you provide directly to KriTech via our Website, contact forms, partner applications, career applications, sales conversations and chatbot.
• Data Processor — for personal and health information that hospitals, clinics or partners ("Customers") enter into our HMIS, ERP, AI and other Services. Customers remain the Data Fiduciary/Controller of that data; we process it on their instructions, governed by a separate Data Processing Agreement.

3. Information We Collect

3.1 Information you provide to us

• Identifiers: name, email, phone, designation, company name.
• Inquiry & application data: messages, project details, partner information, CV/résumé, employment history.
• Communications: emails, WhatsApp messages, call notes, chatbot conversations.

3.2 Information collected automatically

• Device & log data: IP address, browser type, operating system, referring URL, pages viewed, timestamps.
• Cookies & similar technologies: see Section 8.

3.3 Information from third parties

• Public business directories, LinkedIn (for partner/career outreach).
• Referrals from existing partners or customers.

4. How We Use Your Information

• Respond to enquiries, demos, partner and career applications.
• Operate, secure and improve the Website and our Services.
• Send service-related communications (we don't spam).
• Conduct analytics to understand usage and prevent abuse.
• Comply with legal, tax, audit and regulatory obligations.
• Protect the rights, property and safety of KriTech, our customers and the public.

We do not sell your personal information. We do not use it for unrelated advertising or share it with data brokers.

5. Legal Basis for Processing

Where applicable, we rely on the following legal bases:

• Consent — for marketing emails, optional cookies, etc.
• Contract — to deliver Services you've engaged us for.
• Legitimate interests — to operate, secure and improve the Website.
• Legal obligation — to meet statutory and regulatory requirements.

6. Healthcare Information & PHI

When KriTech is a Data Processor for our hospital customers, any patient health information ("PHI") in our systems is treated with the highest level of care:

• Access is restricted by role-based access control (RBAC) at the per-action level.
• All PHI is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• We maintain detailed audit trails of access and modifications.
• We only access PHI on a need-to-know basis to provide support requested by the customer, or where legally required.
• Where required, we sign Business Associate Agreements (HIPAA) and Data Processing Addenda (DPDP Act / GDPR) with our customers.
• We never use PHI to train AI models for unrelated customers without explicit, specific authorisation.

7. Sharing & Disclosure

We share information only in these limited circumstances:

• Service providers: cloud hosting, email delivery, analytics, customer support tools — bound by contract to protect data.
• Authorised partners: where you've requested partner-mediated engagement and consented to such sharing.
• Legal & safety: to comply with law, court orders, or to protect rights and prevent fraud.
• Business transfers: in connection with a merger, acquisition or sale of assets, with notice to affected individuals.

8. Cookies & Tracking

Our Website uses a minimal set of cookies and local storage to keep the experience working — for example, remembering whether you've opened the chatbot, or storing your preferences. We do not currently use third-party advertising cookies.

You can clear or block cookies via your browser settings. Some Website features (notably the chatbot) may not work without local storage.

9. Data Security

We implement industry-standard safeguards including:

• TLS encryption for all data in transit.
• AES-256 encryption for data at rest.
• Multi-factor authentication for KriTech personnel.
• Network isolation, role-based access and audit logging.
• Regular vulnerability scans, dependency monitoring and penetration testing.
• ISO 27001-aligned policies, incident response plans and training.

No method of transmission or storage is 100% secure. If we become aware of a breach affecting your personal information, we will notify you and the appropriate authorities without undue delay, in line with applicable laws.

10. Data Retention

We retain personal information only as long as necessary for the purposes described in this Policy or as required by law. Sales/marketing inquiries are retained up to 3 years; job applications up to 1 year (or longer with your consent for future opportunities); contracts and tax records for the periods required by law (typically 7–8 years in India).

11. Your Rights

Subject to applicable law, you have the right to:

• Access your personal information.
• Correct inaccurate or outdated information.
• Erase personal information, where permitted.
• Withdraw consent for processing based on consent.
• Object to certain types of processing.
• Portability — receive your data in a structured, machine-readable format.
• Nominate — under India's DPDP Act, nominate another individual to exercise these rights on your behalf in the event of incapacity or death.
• Lodge a complaint with the Data Protection Board of India (or your local supervisory authority).

To exercise any of these rights, contact our Grievance Officer at the address in Section 15.

12. International Data Transfers

We are headquartered in India and may process information in cloud regions located in India, the EU, the United States, or other regions. Where information is transferred across borders, we use appropriate safeguards (e.g., standard contractual clauses) to ensure protection consistent with this Policy.

13. Children's Privacy

Our Website and Services are not directed to children under 18, and we do not knowingly collect personal information from children. Our hospital customers may process information about minor patients on their own legal basis; in such cases we act only as a Data Processor.

14. Changes to this Policy

We may update this Policy to reflect changes in our practices, technology, legal requirements or other factors. We will post the updated Policy on this page with a new "Last updated" date. For material changes we will provide additional notice (e.g., via email or a prominent notice on the Website).

15. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, the Grievance Officer for KriTech is:

16. Contact Us

For any questions about this Privacy Policy or our privacy practices, contact us:

© Krishav Technology and Healthcare Solution Pvt. Ltd. All rights reserved. KriTech and the KriTech logo are trademarks of Krishav Technology and Healthcare Solution Pvt. Ltd.