PulseChart · B2B Platform

Privacy Policy

For hospital staff, administrators, and authorised users of the PulseChart Hospital Management System.

Effective Date·April 14, 2026·Version 1.0

1. Introduction

1.1This Privacy Policy describes how Spectoprod Private Limited (“we”, “our”, or “PulseChart”), a company incorporated under the Companies Act, 2013, with its registered office in Bengaluru, Karnataka, collects, uses, stores, and protects personal data in connection with the PulseChart Hospital Management System (“HMS”) platform (“Platform”).

1.2This Policy applies to all hospital staff, administrators, doctors, front desk personnel, lab technicians, pharmacists, nurses, radiologists, and other authorised users (“Authorised Users” or “you”) of the Platform. It covers your personal data as a user of the Platform. Patient data processing is governed by the Data Processing Agreement between PulseChart and the Hospital.

1.3This Policy is published in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), the Digital Personal Data Protection Act, 2023 (“DPDPA”), the Digital Personal Data Protection Rules, 2025 (“DPDP Rules”), and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

1.4By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

2. Personal Data We Collect

2.1 Account Data

When your Hospital Administrator creates your account on the Platform, we collect: your full name, phone number, email address (if provided), role designation, and your association with the subscribing hospital.

2.2 Authentication Data

We use Firebase Authentication with phone number and OTP verification. We process your phone number and OTP codes for the purpose of authenticating your identity each time you log in. We do not store OTP codes after verification.

2.3 Usage and Operational Data

When you use the Platform, we automatically collect: login and logout timestamps, features accessed, actions performed (e.g., patient records viewed, prescriptions created, lab results entered), IP address, device type, browser type, and session duration. This data is collected through server-side logging, not through cookies or client-side tracking.

2.4 Audit Log Data

For security, regulatory compliance, and accountability, the Platform logs all access to and modification of clinical records (Protected Health Information). Audit logs record: user identity, role, tenant ID, resource type and ID, action type (read/write), and timestamp.

3. How We Use Your Personal Data

PurposeData UsedLegal Basis
Providing the Platform and account managementAccount data, authentication dataPerformance of contract (SaaS Agreement between PulseChart and Hospital)
Authenticating your identityPhone number, OTPLegitimate interest in security; performance of contract
Technical support and issue resolutionAccount data, usage data, audit logsPerformance of contract; legitimate interest
Security monitoring and threat detectionUsage data, authentication data, IP addressLegitimate interest in platform security; legal obligation (IT Act)
Audit and complianceAudit log dataLegal obligation (DPDPA, SPDI Rules, IMC Regulations)
Platform improvement and analyticsAnonymised usage data (no individual identification)Legitimate interest in improving the Platform

4. Data Sharing and Sub-Processors

4.1We do not sell your personal data. We do not share your personal data with third parties for marketing purposes.

4.2We share your personal data only with the following categories of recipients, to the extent necessary for the purposes described in Section 3:

  1. Google Cloud Platform (GCP) and Firebase — our cloud infrastructure and authentication provider (data stored in asia-south1, Mumbai, India);
  2. WhatsApp Business API / Interakt — for delivering operational notifications to you (if applicable to your role);
  3. Your employing Hospital — we may share your account and usage data with the Hospital’s Administrator for the purposes of managing staff access to the Platform;
  4. Law enforcement or regulatory authorities — where required by Applicable Law, court order, or government directive.

5. Data Security

5.1We implement reasonable security safeguards in compliance with the SPDI Rules and the DPDP Rules, including: encryption at rest (AES-256 via GCP), encryption in transit (TLS 1.2+), role-based access control, tenant isolation, and audit logging.

5.2While we take all reasonable measures to protect your personal data, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security.

6. Data Retention

6.1We retain your account data for the duration of your employment at the subscribing Hospital plus two (2) years, or until the Hospital’s SaaS Agreement with PulseChart terminates, whichever is later.

6.2Audit logs are retained for a minimum period of five (5) years.

6.3Anonymised usage analytics data (which does not identify you) may be retained indefinitely for platform improvement purposes.

7. Your Rights as a Data Principal

7.1Under the DPDPA and the SPDI Rules, you have the following rights:

  1. Right to Access: You may request a summary of your personal data processed by us and the processing activities related to it.
  2. Right to Correction: You may request the correction or completion of inaccurate or incomplete personal data.
  3. Right to Erasure: You may request the erasure of your personal data, subject to any legal retention obligations.
  4. Right to Grievance Redressal: You may raise a complaint with our Grievance Officer (see Section 9 below).

7.2To exercise any of these rights, please contact us at privacy@pulsechart.in. We shall acknowledge your request within seven (7) days and respond substantively within thirty (30) days.

7.3If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India once established and operational.

8. Children’s Data

8.1The Platform is intended for use by hospital staff and professionals. It is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal data from children in their capacity as users of the Platform.

9. Grievance Officer

9.1In accordance with the SPDI Rules and the IT (Intermediary Guidelines) Rules, 2021, we have appointed a Grievance Officer who can be contacted for any complaints, concerns, or queries regarding the processing of your personal data:

DesignationGrievance Officer, PulseChart
Emailprivacy@pulsechart.in
Response TimelineAcknowledgment within 7 days; resolution within 30 days
Operated bySpectoprod Private Limited, Bengaluru, Karnataka

10. Data Localisation

10.1All personal data processed through the Platform is stored exclusively on Google Cloud Platform infrastructure located in India (asia-south1, Mumbai region). We do not transfer your personal data outside India.

11. Changes to this Privacy Policy

11.1We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Platform. We shall notify you of any material changes by posting the updated Policy on the Platform with the revised effective date.

11.2Your continued use of the Platform after such changes constitutes your acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data processing practices, please contact us at:

CompanySpectoprod Private Limited
ProductPulseChart HMS/EHR
Privacy Emailprivacy@pulsechart.in
Registered OfficeBengaluru, Karnataka, India

— End of Privacy Policy —

Managed by SPECTOPROD PRIVATE LIMITEDPrivacyTerms