Privacy Policy

PURPOSE AND APPLICABILITY

This Policy applies to all users, hospitals, healthcare providers, insurers, TPAs, employers, government agencies, healthcare professionals, patients, visitors, vendors, and business partners using Tecforz services including FHMS, Claimforz™, Smart SOC™, AHI EMR™, interoperability platforms, APIs, portals, mobile applications and websites.

REGULATORY FRAMEWORK

Tecforz operates in accordance with applicable laws including the Digital Personal Data Protection Act, Information Technology Act, contractual obligations, healthcare regulations, cyber security requirements, and internationally recognized privacy principles.

DEFINITIONS

Detailed definitions include Personal Data, Sensitive Personal Data, Health Information, Clinical Data, Insurance Data, Data Principal, Data Fiduciary, Data Processor, Consent Manager, Anonymization, Pseudonymization, Interoperability Data, Claims Data, Healthcare Provider, and Authorized User.

DATA CATEGORIES

Identity data, demographic data, contact data, employment data, healthcare records, diagnostic reports, prescriptions, claims records, financial records, billing information, audit logs, device identifiers, security logs, consent records, and operational metadata may be processed.

Information Collected Automatically: In addition to the above, this includes IP addresses, browser types, device information, and details of how users interact with our website.:

SOURCES OF DATA

Data may be obtained directly from users, hospitals, insurers, TPAs, government systems, healthcare professionals, authorized third parties, integrations, APIs, interoperability exchanges, and customer-provided databases.

PURPOSE OF PROCESSING

Data may be processed for healthcare delivery, clinical documentation, claims management, reimbursement workflows, interoperability, analytics, fraud prevention, customer support, quality assurance, security monitoring, product improvement, and regulatory compliance. Data is processed to provide and maintain our services, improve website functionality and user experience, communicate with users (sending updates, marketing, or answering support queries), and ensure security and fraud prevention.

COOKIES AND TRACKING TECHNOLOGIES

Tecforz utilizes cookies and other tracking technologies (such as tracking pixels) to maintain basic traffic tracking, enhance performance, manage essential functionalities, and understand advertising/analytical reach. Users maintain the right to manage their cookie preferences or opt-out of non-essential tracking via their individual browser settings or dedicated website preference tools.

CONSENT MANAGEMENT

Tecforz maintains records of consent where legally required. Users may withdraw consent subject to legal, contractual, healthcare, and operational limitations. Withdrawal shall not invalidate prior lawful processing.

HEALTHCARE INFORMATION GOVERNANCE

Electronic medical records, laboratory reports, radiology reports, discharge summaries, prescriptions, clinical notes, and patient-generated data shall be processed only for authorized purposes. Healthcare information shall be subject to enhanced protection measures.

INSURANCE & CLAIMS DATA

Claims submissions, pre-authorizations, package calculations, reimbursement schedules, contract intelligence records, denial management data, and insurer communications may be processed to facilitate payer-provider workflows.

ABDM, NHCX AND INTEROPERABILITY

Where applicable, Tecforz may support ABDM-compliant workflows, FHIR resources, NHCX exchanges, consent artefacts, interoperability APIs, and healthcare information exchange frameworks. Customers remain responsible for lawful use of connected ecosystems.

AI, ANALYTICS AND AUTOMATION

Artificial intelligence, machine learning, predictive analytics, operational intelligence, infection risk models, revenue cycle analytics, and automation tools may be used to improve service quality. AI outputs are advisory and do not replace professional judgment.

INFORMATION SHARING

Information may be shared with authorized healthcare providers, insurers, TPAs, government agencies, regulators, auditors, cloud providers, technology partners, and service providers under confidentiality and security obligations. This includes necessary disclosures to third-party payment processors, email marketing tools, or analytics providers (such as Google Analytics), as well as necessary disclosures required by law enforcement or in connection with a corporate merger or acquisition.

INTERNATIONAL TRANSFERS

Personal data may be processed in India or other approved jurisdictions. Appropriate contractual safeguards, technical controls, and organizational measures shall be implemented before any cross-border transfer.

SECURITY CONTROLS

Tecforz employs encryption in transit and at rest (such as SSL encryption), role-based access control, least privilege access, multifactor authentication, logging, monitoring, vulnerability management, penetration testing, backup controls, disaster recovery, and secure software development practices.

DATA RETENTION

Information shall be retained only as long as reasonably necessary for healthcare, contractual, operational, legal, taxation, audit, regulatory, and business continuity purposes, or to fulfill the specific processing purposes outlined in this policy. Retention schedules may differ by data type.

DATA SUBJECT RIGHTS

Subject to applicable law, individuals may request access, correction, deletion, restriction, withdrawal of consent, grievance redressal, and information regarding processing activities. Requests may be denied where legally permissible.

: Regional Framework Rights: Depending on the user's location, these rights align with global standards such as the right to access, correct, delete, or restrict data under GDPR (Europe), alongside data portability. Where applicable under CCPA/CPRA (California), users maintain the right to know what data is collected, request its deletion, and opt-out of the sale or sharing of their personal information.

CHILDREN'S DATA

Processing of children's information shall comply with applicable legal requirements and may require parental or guardian authorization. Tecforz does not knowingly collect personal information from children under the age of 13 (or 16 in the EU) without appropriate authorization.

THIRD-PARTY PROCESSORS

Third-party vendors must implement reasonable privacy and security controls and are contractually obligated to protect information processed on behalf of Tecforz or its customers.

INCIDENT RESPONSE AND BREACH MANAGEMENT

Tecforz maintains incident response procedures covering identification, containment, investigation, eradication, recovery, lessons learned, customer communication, and regulatory notification where required.

CUSTOMER OBLIGATIONS

Customers remain responsible for obtaining lawful consents, ensuring data accuracy, assigning user permissions, maintaining endpoint security, and complying with applicable healthcare and privacy regulations.

CONFIDENTIALITY

Employees, consultants, contractors, and partners are bound by confidentiality obligations. Access to information is limited to authorized personnel with a legitimate business need.

BUSINESS TRANSFERS

Information may be transferred in connection with mergers, acquisitions, financing, restructuring, asset sales, or corporate transactions subject to lawful safeguards.

LIMITATION OF LIABILITY

While Tecforz implements commercially reasonable safeguards, no transmission or storage mechanism can be guaranteed as completely secure. Liability shall be governed by applicable contracts and law.

AUDIT RIGHTS

Tecforz may maintain audit records, access logs, security logs, and compliance documentation. Customers may be provided audit-related information subject to confidentiality and security restrictions.

GOVERNANCE STRUCTURE

Privacy and security governance are overseen by management, designated officers, compliance stakeholders, and authorized committees responsible for risk management and policy oversight.

POLICY UPDATES

This Policy may be amended periodically. Updated versions shall become effective immediately upon publication on the website unless otherwise stated.

GOVERNING LAW AND JURISDICTION

This Policy shall be governed by the laws of India. Courts located in Kochi, Kerala shall have jurisdiction unless otherwise agreed in writing.

ENTERPRISE COMMITMENT

Tecforz is committed to privacy-by-design, security-by-design, interoperability, responsible AI, healthcare ethics, transparency, accountability, and continuous improvement across all healthcare and insurance technology solutions.