---

Who We Are

Sanjeevani is a cloud-based healthcare ERP built on Odoo 19 Community and hosted on servers located in India. It is developed and operated by:

Candidroot Solutions Private Limited
Ahmedabad, Gujarat, India
Email: privacy@candidroot.com
WhatsApp: +91 88490 36209

---

What Data We Collect

We collect two types of data:

A. Clinic / Hospital Account Data (Collected from you when you subscribe)

• Business name, clinic/hospital name, address, city, state, PIN code
• GST number (if applicable)
• Contact person name, email address, phone number
• Payment and billing information (processed via secure payment gateway - we do not store card numbers)
• Subscription plan and usage data

B. Patient Health Data (Collected by you through Sanjeevani)

When your clinic or hospital uses Sanjeevani to manage patients, the following data is stored on your behalf:

• Patient name, age, gender, date of birth, address, phone number
• UHID (Unique Health ID) and ABHA ID
• Consultation notes, diagnoses, prescriptions
• Lab reports, radiology reports, discharge summaries
• Billing and payment records
• Appointment history

As a Sanjeevani subscriber, you are the Data Fiduciary for your patients' health data under the Digital Personal Data Protection Act, 2023 (DPDP Act). Candidroot acts as the Data Processor on your behalf.

---

How We Use Your Data

Clinic/Hospital account data is used to:

• Provide and maintain your Sanjeevani subscription
• Process payments and issue GST invoices
• Send product updates, support communications, and renewal reminders
• Improve the Sanjeevani platform
• Comply with legal and regulatory obligations

Patient health data is used to:

• Store and display records within your Sanjeevani instance
• Enable ABDM / ABHA integrations as authorised by your clinic
• Send WhatsApp appointment reminders and prescriptions (only if you enable this feature)
• Generate reports and analytics within your account

We do not sell, rent, or share patient health data with any third party for advertising or commercial purposes.

---

ABDM / ABHA Data Handling

Sanjeevani integrates with India's Ayushman Bharat Digital Mission (ABDM) ecosystem. When you use ABDM features:

• ABHA IDs are created or linked only with explicit patient consent
• Health records shared via ABDM follow HL7 FHIR R4 standards
• Data exchange with the National Health Authority (NHA) occurs only as per ABDM guidelines
• Patients can withdraw ABHA consent at any time through the ABHA app

We comply with all NHA-issued ABDM data governance policies, including the Health Data Management Policy.

---

Data Storage & Security

• All data is stored on servers located within India
• Data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Daily automated backups with point-in-time recovery
• Role-based and row-level access controls within each clinic instance
• SSL certificates managed automatically via Let's Encrypt
• Access to production systems is restricted to authorised Candidroot engineers only

We follow security practices aligned with:

• IT Act 2000 and the Information Technology (Reasonable Security Practices) Rules, 2011
• DPDP Act 2023 obligations for Data Processors
• ABDM Health Data Management Policy

---

Data Sharing

We share data only in the following circumstances:

We do not share data with advertisers, data brokers, or overseas entities except where required by law.

---

Your Rights Under DPDP Act 2023

As a Data Principal (individual whose data is processed), you have the right to:

• Access your personal data held by us
• Correction of inaccurate or incomplete data
• Erasure of your personal data (subject to legal retention requirements)
• Grievance redressal - raise a complaint with our Data Protection Officer
• Nominate a nominee to exercise rights on your behalf in case of death or incapacity

To exercise any of these rights, contact us at:
privacy@candidroot.com
+91 88490 36209

We will respond within 30 days of receiving your reques

If your grievance is not resolved within 30 days, you may approach the Data Protection Board of India once it is constituted under the DPDP Act 2023.

---

Data Retention

---

Cookies & Website Data

Our website (sanjeevanierp.in) uses:

• Essential cookies - for login sessions and form functionality
• Analytics cookies - Google Analytics (anonymised IP) to understand website traffic

We do not use advertising cookies or sell browsing data to third parties.

You can disable cookies in your browser settings. Essential cookies cannot be disabled without affecting website functionality.

---

Children's Data

Sanjeevani may store health records of minor patients (under 18 years) as part of clinic operations. Such records are entered by the clinic on behalf of the patient's parent or guardian. We do not knowingly collect personal data directly from minors.

---

Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

• The "Last updated" date at the top will change
• For material changes, we will notify you via email or in-app notification
• Continued use of Sanjeevani after the update constitutes acceptance of the revised policy

---

Contact Us

Data Protection Officer / Grievance Officer
Candidroot Solutions Private Limited
Ahmedabad, Gujarat, India
privacy@candidroot.com
+91 88490 36209