Privacy Policy

1. Who we are

Acredify India ("Acredify", "we", "us", "our") operates the hospital compliance intelligence platform accessible at acredify.in and its subpaths. We are a healthcare SaaS product built and operated from Karnataka, India.

Data Controller contact: founder@acredify.in

2. Data we collect and why

• Hospital contact and onboarding data: Hospital name, administrator name, role, email, phone, and bed count — collected during pilot application and onboarding. Used to set up and manage your account.
• Compliance operational data: NABH checklists, BMW logs, CAPA records, incident reports, committee minutes, training records, and evidence documents — entered by hospital staff into the platform. Used exclusively to operate the compliance service for your hospital.
• Usage data: Module access logs, session timestamps, and feature usage — used to improve the platform and provide audit trails as required by hospital compliance obligations.
• Communication data: Emails and messages exchanged with Acredify — retained for support and operational continuity.

We do not collect patient clinical records, EMR/HIS data, patient identifiers, or any Protected Health Information (PHI). Acredify operates exclusively in the compliance and quality management layer.

3. Data hosting and residency

All data entered into Acredify is stored exclusively on India-hosted servers. We do not transfer hospital data outside India. This satisfies both the Digital Personal Data Protection Act 2023 (DPDP Act) data localisation requirements and NABH data governance expectations.

4. Data Processing Agreement

Before any hospital begins using Acredify in a live capacity, we sign a Data Processing Agreement (DPA) with the hospital's authorised representative. The DPA specifies the purpose, scope, and retention terms of data processing, and establishes your hospital as the data principal for all operational compliance data.

5. Data sharing

We do not sell hospital data. We do not share it with third parties for marketing. We may share data with:

• Hosting and infrastructure providers operating within India, under data processing terms
• Regulatory authorities, if required by law or valid legal process
• Your hospital's authorised users, per the role-based access control setup

6. Your rights

Under the DPDP Act 2023, you have the right to access, correct, and request deletion of data we hold about you. To exercise these rights, contact founder@acredify.in. We will respond within 30 days.

7. Cookies and tracking

Acredify uses minimal cookies for session management (authentication tokens). We do not use advertising cookies, third-party tracking pixels, or behavioural analytics across other websites. Session cookies expire when you close your browser or after 8 hours of inactivity.

8. Security

We use HTTPS across all services, role-based access control, session expiry, and audit-logged access to restrict who can view hospital compliance data. We conduct periodic security reviews. If you discover a security issue, please report it to founder@acredify.in immediately.

9. Data retention

Operational compliance data (BMW logs, NABH records, CAPA, incident reports) is retained for the duration of your subscription and for 3 years after termination, unless a shorter period is requested. This retention period reflects NABH and CPCB documentation retention requirements that apply to hospitals. Contact us to request earlier deletion.

10. Changes to this policy

We will notify active hospital accounts by email at least 14 days before any material changes to this privacy policy take effect. The latest version is always at acredify.in/privacy/.

11. Contact

Privacy queries: founder@acredify.in
Acredify India · Bengaluru & Mysuru, Karnataka, India