Privacy Policy

NAIQ Health Tech Private Limited ("NAIQ", "we", "our", "us") respects your privacy and is committed to protecting your personal data. This policy explains what we collect, how we use it, and your rights under India's Digital Personal Data Protection Act, 2023 (DPDP Act), the EU's General Data Protection Regulation (GDPR), and other applicable laws.

1. Who We Are

NAIQ Health Tech Pvt. Ltd. is a private limited company incorporated in India, with its registered office in Raipur, Chhattisgarh. We are the Data Fiduciary (under DPDP Act) / Data Controller (under GDPR) for the personal data described in this policy.

2. What Data We Collect

Category	Examples	Collected When
Identity	Name, designation, company name	Sign up, contact form, onboarding
Contact	Email address, phone number	Sign up, onboarding, payment
Professional	Industry, company size, revenue range	Onboarding form (paid plans)
Operational	Pain points, AI maturity, business goals	Onboarding questionnaire
Payment	Razorpay transaction ID (we do NOT store card details)	Plan purchase
Technical	IP address, browser, device, usage analytics	While browsing the site
Authentication	Firebase Auth UID, session tokens	Sign in

3. How We Use Your Data

• Service delivery: Process onboarding, deliver assessments, schedule consultations
• Account management: Authenticate logins, maintain user dashboards
• Communication: Send confirmation emails, engagement updates, scheduling links
• Payment processing: Confirm transactions and issue invoices via Razorpay
• Improvement: Analyse aggregated usage patterns to improve our services
• Legal compliance: Meet ROC and applicable statutory obligations

4. Lawful Basis for Processing

Under DPDP Act and GDPR, we process your data on the following legal grounds:

• Consent: When you sign up, submit forms, or opt into communications
• Contract: When you purchase a paid plan, we process data to fulfil our service obligations
• Legitimate interest: For fraud prevention, security, and business operations
• Legal obligation: For tax filings, regulatory compliance, and statutory record-keeping

5. Data Sharing & Third Parties

We share data only with vetted service providers who help us run the platform:

• Google Firebase (Authentication, Firestore database) — data stored in asia-south1, Mumbai
• Cloudflare (hosting, CDN, edge worker) — global infrastructure with India edge locations
• Resend (transactional email delivery) — used to send confirmation and consultation emails
• Razorpay (payment processing) — PCI-DSS Level 1 certified, RBI-regulated

We never sell, rent, or trade your personal data. We do not share data with advertisers or marketing partners.

6. International Data Transfers

Some service providers (Cloudflare, Resend) may process data outside India. We ensure transfers are protected by Standard Contractual Clauses or equivalent safeguards. By using our service, you consent to such transfers where lawful.

7. Data Retention

Data Type	Retention Period
Account data	Until account deletion + 90 days
Payment records	8 years (mandatory under Indian tax law)
Onboarding submissions	3 years from engagement completion
Email communications	2 years
Analytics/logs	12 months

8. Your Rights

Under DPDP Act and GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data ("right to erasure")
• Withdraw consent at any time
• Port your data in machine-readable format
• Lodge a complaint with the Data Protection Board of India or your local supervisory authority

To exercise any of these rights, email us at hello@naiq.in. We respond within 30 days.

9. Security

We implement industry-standard security measures, including HTTPS encryption, Firebase security rules, role-based access controls, and regular security reviews. However, no system is 100% secure — please use strong passwords and avoid sharing credentials.

10. Children's Data

NAIQ is a B2B platform. We do not knowingly collect data from anyone under 18. If you believe a minor has shared data with us, contact us for immediate removal.

11. Cookies

We use essential cookies for authentication (Firebase Auth) and session management. We do not use advertising or tracking cookies. By using the site, you consent to essential cookies.

12. Changes to This Policy

We may update this policy as our services evolve or laws change. The "Last updated" date at the top will reflect any changes. Material changes will be communicated via email or a banner on our site.