Privacy Policy

1. Introduction

Swachh Hospital Technologies Pvt. Ltd. ("Swachh Hospital," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

• Account information: Name, email address, phone number, organization name, and job title when you register or request a demo.
• Facility data: Information about healthcare facilities, including facility type, size, and operational details relevant to hygiene governance.
• Assessment data: Hygiene assessment images, scores, observations, and associated metadata submitted through the platform.
• Communications: Messages, feedback, and correspondence you send to us.

2.2 Automatically Collected Information

• Device information, browser type, IP address, and operating system.
• Usage data including pages visited, features used, and interaction patterns.
• Log data and analytics information to maintain and improve service quality.

3. How We Use Information

• To provide, maintain, and improve our hygiene governance platform.
• To process AI-assisted hygiene assessments and generate compliance reports.
• To communicate with you about your account, support requests, and service updates.
• To enforce our terms of service and protect against misuse.
• To comply with legal obligations and respond to lawful requests.
• To aggregate and anonymize data for analytics and product improvement (no individual identification).

4. Healthcare Data & Protected Health Information (PHI)

Swachh Hospital processes operational hygiene data within healthcare facilities. While our platform is not designed to collect patient medical records, assessment images and facility data may be considered sensitive.

• All assessment data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
• Access is controlled through role-based permissions with least-privilege principles.
• We support organizations in maintaining compliance with applicable healthcare data protection regulations, including considerations aligned with HIPAA, DISHA, and local data protection laws.
• Our platform is designed to support — not guarantee — compliance with healthcare data regulations. Your organization remains responsible for its own regulatory obligations.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide you with our Services. Assessment data is retained in accordance with your organization's configured retention policies and applicable legal requirements.

Upon termination of your account, we will delete or anonymize your data within 90 days, unless retention is required by law or legitimate business purposes (such as resolving disputes or enforcing agreements).

6. Security

We implement industry-standard security measures to protect your information, including:

• End-to-end encryption for data at rest and in transit.
• Role-based access control with separation of duties.
• Regular security assessments and infrastructure monitoring.
• Complete audit trails for all platform actions.
• Infrastructure aligned toward SOC 2 Type II certification.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Portability: Request your data in a structured, machine-readable format.
• Objection: Object to processing of your personal data for certain purposes.

To exercise any of these rights, contact us at privacy@swachhhospital.com.

8. Third-Party Services

We may use third-party services for hosting, analytics, and communication. These providers are contractually bound to protect your data and only process it as instructed by us. We do not sell your personal information to third parties.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Continued use of our Services after changes constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: