InFlow Logo

Privacy Policy

Your privacy is our priority. This policy outlines how we collect, use, and protect your personal data in compliance with Indian laws.

Last Updated: October 23, 2025

Quick Navigation

Data CollectionData UsageData SecurityYour RightsCookiesThird PartiesData RetentionContact Us

Introduction

Welcome to InFlow. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Intelligent Clinical Task Management platform.

We are committed to protecting your privacy and ensuring compliance with:

  • The Digital Personal Data Protection Act (DPDP), 2023
  • The Information Technology Act, 2000 and its amendments
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Other applicable Indian laws and regulations

By using our services, you consent to the data practices described in this policy. Please read this policy carefully to understand our practices regarding your personal data.

Information We Collect

Personal Information

We may collect the following types of personal information:

  • Identity Data: Name, employee ID, designation, department
  • Contact Data: Email address, phone number, work location
  • Profile Data: Username, password (encrypted), profile picture, professional credentials
  • Clinical Data: Task assignments, patient-related workflow information (de-identified where possible)
  • Communication Data: Messages, notifications, and communications within the platform
  • Usage Data: Login times, feature usage, task completion metrics

Sensitive Personal Data

In accordance with Rule 3 of the IT Rules, 2011, we may collect sensitive personal data or information (SPDI), including:

  • Passwords (stored in encrypted form)
  • Health data related to clinical workflows (de-identified)
  • Biometric information (if applicable for authentication)

We collect SPDI only with your explicit consent and implement reasonable security practices to protect it.

Automatically Collected Information

  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Access times, pages viewed, time spent on pages, error logs
  • Cookies and Tracking: Session cookies, preferences, analytics data

How We Use Your Information

We use your personal information for the following lawful purposes:

Service Delivery

  • Provide and maintain our clinical task management services
  • Facilitate real-time communication between departments
  • Manage user accounts and authentication
  • Process and assign clinical tasks

Operational Purposes

  • Monitor and analyze usage patterns
  • Improve system performance and user experience
  • Generate analytics and reports for hospitals
  • Troubleshoot technical issues

Communication

  • Send service notifications and updates
  • Respond to your inquiries and support requests
  • Send important security alerts
  • Provide administrative information

Legal Compliance

  • Comply with legal obligations
  • Enforce our terms and conditions
  • Protect our rights and property
  • Prevent fraud and ensure security

Data Security Measures

We implement reasonable security practices and procedures as required under Indian law to protect your personal information from unauthorized access, disclosure, alteration, or destruction:

Encryption

Data encryption in transit (SSL/TLS) and at rest

Access Controls

Role-based access control and authentication mechanisms

Secure Storage

Data stored on secure servers within India

Monitoring

24/7 security monitoring and audit logs

Staff Training

Regular security awareness training for employees

Compliance

Regular security audits and compliance assessments

Note: While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

Your Rights Under Indian Law

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights:

Right to Access

You have the right to request access to the personal information we hold about you.

Right to Correction

You can request correction of inaccurate or incomplete personal information.

Right to Erasure

You can request deletion of your personal data, subject to legal and contractual obligations.

Right to Data Portability

You can request a copy of your personal data in a structured, commonly used format.

Right to Withdraw Consent

You can withdraw your consent for data processing at any time, where processing is based on consent.

Right to Nominate

You can nominate another individual to exercise your rights in case of death or incapacity.

To exercise any of these rights, please contact Cirakas using the contact details provided in the "Contact Us" section below.

Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following limited circumstances:

Service Providers

We may share data with trusted third-party service providers who assist us in operating our platform (e.g., cloud hosting, analytics). These providers are bound by strict confidentiality agreements.

Hospital Administrators

Your employer (hospital/healthcare facility) may have access to data related to task management and operational metrics.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

Data Localization: Your personal data is primarily stored on servers located within India, in compliance with Indian data protection laws.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data

Retained for the duration of your active account plus 3 years after account closure for audit and legal purposes.

Clinical Task Data

Retained as per hospital policies and regulatory requirements (typically 7-10 years).

Communication Logs

Retained for 90 days for operational purposes, then archived or deleted.

Analytics Data

Aggregated and anonymized data may be retained indefinitely for research and improvement purposes.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect usage information.

Types of Cookies We Use:

  • Essential Cookies: Required for basic functionality and security
  • Performance Cookies: Help us understand usage patterns and improve performance
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Collect data about site usage and user behavior

Managing Cookies:

You can control and manage cookies through your browser settings. However, disabling certain cookies may affect the functionality of our platform.

Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies if you prefer.

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

International Data Transfers

Your personal data is primarily stored and processed within India. In cases where data is transferred outside India, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Ensuring the recipient country has adequate data protection laws
  • Obtaining your explicit consent where required

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for operational reasons. We will notify you of any material changes by:

  • Posting the updated policy on our platform
  • Sending you an email notification (if applicable)
  • Displaying a prominent notice on our platform

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of our services after such modifications constitutes your acknowledgment and acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

General Inquiries:

Email: info@cirakas.com

Phone: +91-7025216219

Your Consent

By using our platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. You consent to the collection, use, and disclosure of your personal information as described herein.

If you do not agree with this policy, please do not use our services.