1. Introduction

We value your privacy. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

• Account data: name, email, phone, address, role (patient or provider)
• Booking data: appointments, selected services, preferred providers, messages
• Device data: browser, OS, IP address, approximate location
• Usage data: pages visited, actions, timestamps, referral source
• Communications: support queries, feedback, emails

3. How We Use Data

• Provide and improve services (bookings, notifications, records)
• Customer support and service communications
• Personalization and recommendations
• Security, fraud prevention, and legal compliance
• Analytics and product development (aggregated/anonymous where possible)

4. Legal Basis

• Consent (e.g., marketing emails)
• Contract (to deliver requested services)
• Legitimate interests (security, analytics)
• Legal obligation (record-keeping, compliance)

5. Sharing of Data

• Service providers (hosting, analytics, communication) under strict DPAs
• Healthcare partners to fulfill bookings (with minimal necessary data)
• Legal authorities when required by law
• Business transfers (merger, acquisition) with prior notice

6. Cookies & Tracking

Essential cookies for authentication and session management; analytics cookies with IP anonymization and opt-out options.

7. Data Retention

Account and booking data retained while your account is active and for up to 6 years thereafter, unless law requires longer.

8. Your Rights

Access, correction, deletion, portability, restriction, and objection rights. Contact support@boonboonze.com.

9. Security

HTTPS, encryption in transit; access controls; periodic security reviews.

10. Children’s Privacy

Services are not intended for children under 13 without guardian consent.

11. International Transfers

Data may be processed outside your country with appropriate safeguards.

12. Contact

Email: support@boonboonze.com | Address: Noida, India

13. Updates to This Policy

We may update this policy; changes will be posted with a new effective date.

14. Cookie Details

Like most modern services, we use cookies and similar technologies to keep our platform secure, remember your preferences, and understand how our products are used so we can improve them. The categories we use include:

• Strictly Necessary: enable core site functionality and security.
• Performance/Analytics: help us understand usage to improve services.
• Functional: remember your preferences (e.g., language, city).
• Marketing (optional): only with your consent, to show relevant information.

You can manage cookies in your browser settings and, where available, via in‑product controls. Disabling certain cookies may affect site functionality such as login and booking flows.

15. Data Subject Rights (Details)

You can request access, correction, deletion, or portability of your personal data. You may also object to processing or request restriction in specific circumstances. We will verify your identity before processing requests and aim to respond within 30 days (or the applicable statutory timeline). If we need more time, we will let you know the reason and extension period.

16. Data Controller & Grievance Officer (India)

Controller: Boonboonze Healthtech Private Limited

Registered Address: Ocean Complex, 403, Sector 18, Noida, Uttar Pradesh 201301, India

Contact: support@boonboonze.com | +91 85860 87792

Grievance Officer: Appointed per applicable Indian law (contact via the above email). Include your full name, registered phone/email, and a detailed description of the issue.

17. Third-Party Processors

To operate our services efficiently, we work with carefully vetted third parties under written data protection agreements. We disclose only the minimum data needed for each task and require comparable security safeguards. Typical categories include:

• Hosting/CDN: AWS / Cloudflare
• Analytics: Google Analytics (IP anonymization) / Plausible
• Payments: Razorpay / Stripe (card/UPI processing)
• Communications: Email/SMS providers for OTPs and updates
• Maps/Geolocation: Google Maps Platform

18. Security Measures

We protect your information with encryption in transit (HTTPS), strict access controls, least‑privilege permissions, audit logging, and periodic security reviews. We also train staff on data protection and review vendors for compliance. While no method is 100% secure, we continually invest in strengthening our safeguards.

18.1 Payment Security

Payments are handled by PCI DSS‑compliant providers (e.g., Razorpay/Stripe). We never store full card details on our servers, and transaction data is tokenized where supported.

19. Breach Notification

In the unlikely event of a data incident that affects your personal information, we will promptly investigate, mitigate risks, and notify you and relevant authorities without undue delay where required by law.

20. Marketing Communications

With your consent, we may send product updates, tips, or offers relevant to your use of Boonboonze. You can opt out at any time using the unsubscribe link in our emails or by contacting us.

21. Regional Disclosures

EEA/UK (GDPR): You have the right to lodge a complaint with your local data protection authority. We rely on consent, contract, and legitimate interests as legal bases. Where data is transferred outside the EEA/UK, we apply appropriate safeguards (e.g., Standard Contractual Clauses).

California (CPRA/CCPA): We do not sell or share personal information for cross‑context behavioral advertising. California residents can exercise access, deletion, and correction rights by writing to support@boonboonze.com. We will not discriminate against you for exercising your rights.

22. Retention Periods (Illustrative)

• Account & profile data: retained while the account is active, then up to 6 years for record‑keeping and dispute resolution.
• Bookings & invoices: typically 6–8 years to meet legal and tax obligations.
• Support tickets: 2 years from closure to improve service quality and resolve follow‑ups.
• Marketing consents: retained until you withdraw consent, after which we will suppress further messages.