Privacy Policy

Updated 11^th February 2026.

Your Privacy is of utmost importance to us, and the protection of your Personal Data as disclosed by you to us is a key commitment for us. During your usage of our platform, we may collect and generate various data points about you as elaborated below. We collect and process your Personal Data only to the extent necessary for us to process your requirement(s). In case you choose not to share your Personal Data as required, with us, we may not be able to carry out your transaction.

“Personal Data” means data relating to an individual that is directly or indirectly identifiable, having regard to any characteristic, trait, attribute, or any other feature of their identity or any combination of such features with any other information. Personal Data does not mean information that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005, or any other law for the time being in force. Personal Data includes Sensitive Personal Data, which relates to passwords, financial information such as bank account or credit card or debit card or other payment instrument details, physical, physiological, and mental health condition, sexual orientation, medical records and history, biometrics or any other data categorized as sensitive under applicable law in India.

I. Types of Information we collect

We may collect the following information from you, as you have disclosed to us:

• Personal details (e.g., first name, last name, organization ID, contact details) provided by you to us to avail various products/services from us; and
• Images of medical condition (e.g., X-rays, CT scans, etc.).

II. Sharing and Storage of your Personal Data

We process Personal Data based on valid consent, contractual necessity, legal obligation, or other lawful grounds permitted under applicable data protection laws.

In various processes/submissions of applications of product/service offerings, we even seek your explicit consent to use/share your Personal Data.

In our business and operational processes, we only share the data on a partial and “need-to-know” basis with designated personnel or partners, or service providers.

We may process, store, and retain your Personal Data on our servers where the data centres are located, and/or on the servers of third parties having contractual relationships with us. The sensitive personal data may be stored till the time an image has been processed. Personal Data shall be retained only for as long as is necessary to fulfil the stated purpose or as required under applicable law. In case there is no requirement or obligation of data retention from your end, we shall follow our backup and recovery guidelines by default.

We will share your data with competent/legal/statutory/regulatory agencies/authorities or partners/service providers acting on our behalf (as the case may be) in the following cases:

• For enabling the provision of the products/services availed by you, strictly on a “need to know” basis and subject to applicable laws.
• Where it is directed or required by legal/regulatory/statutory/governmental authorities/judiciary under any applicable laws/regulations or judicial pronouncement though a legally obligated request.
• 3. Where it is required by financial institutions to verify, mitigate, or prevent fraud or to manage risk or recover funds in accordance with applicable laws/regulations.

III. Usage of Your Personal Data

We use your Personal Data in our business activities for providing our partners’ products/services and to perform, among other actions, the following:

• To facilitate the transactions or report on these transactions;
• To undertake research and analytics for offering or improving our products/services and their security and service quality;
• To check and process your requirements submitted to us for products/services and/or instructions or requests received from you in respect of these products/services;
• To take up or investigate any complaints/claims/disputes;
• To verify your re-identity and your details with the image processed through our platform;
• To monitor and review products/services from time to time;
• To undertake financial/regulatory/management reporting, and create and maintain various risk management models;
• To conduct audits and for record-keeping purposes;
• To comply with the requirements of applicable laws/regulations and/or court orders/regulatory directives received by us;
• To increase awareness and impart education;
• To build a network and establish connections;
• To undertake any measure to provide medical treatment or health services to you during an epidemic, outbreak of disease, or any other threat to public health or to ensure your safety, or to provide assistance or services to you during any disaster or any breakdown of public order.

IV. Purging of your Personal Data

You may choose to delete your account at any point of time by making such choice in CARPL.AI website or communicating the same to us. With this we will no longer provide your data for external processing as mentioned above. However, we retain your Personal Data as long as the purpose for its usage exists, after which the same is disposed of by us except for any record retention required as per applicable law. The provisions of various laws require your transaction logs to be stored for longer periods post the deletion of an account. Further, in the event of the pendency of any legal / regulatory proceeding or receipt of any legal and/or regulatory direction to that effect, we may be required by the law of the land to retain your Personal Data for longer periods.

V. Your Rights

You have certain rights in relation to your Personal Data under applicable data protection laws. Subject to your legal jurisdiction, you have the right to:

(a) access a summary of your Personal Data;

(b) request correction or erasure of inaccurate or misleading Personal Data;

(c) withdraw consent at any time, provided that such withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal and may impact our ability to provide certain services;

(d) nominate another person to exercise rights in case of death or incapacity;

(e) raise a grievance or complaint in relation to the processing of your Personal Data.

You may exercise your rights by contacting our Grievance Officer using the details provided in this Privacy Policy. We may require you to verify your identity before responding to such requests.

VI. Cookie Policy

• Please note that a “cookie” is a small piece of information stored by a web server on a web browser so it can be later read back from that browser.
• Cookies may collect limited technical or usage information. Where required, consent shall be obtained prior to deployment of non-essential cookies.
• No Personal Data will be collected via cookies and other tracking technology; however, if you previously provided Personal Data, cookies may be tied to such information.

VII. Links to other websites

Our website may contain links to other websites which are not maintained by us. This privacy policy only applies to us. You are requested to read the other website’s privacy policies when visiting these websites.

VIII. Reasonable Security Practices and Procedures

We take various steps and measures to protect the security of your Personal Data from misuse, loss, unauthorized access, modification, or disclosure. We use the latest secure server layers encryption and access control on our systems. Our safety and security processes are audited by a third-party cyber security audit agency from time to time.

While we observe reasonable and appropriate security measures to protect your Personal Information on all our digital platforms, security risks may still arise for reasons outside of our control such as hacking, virus dissemination, force majeure events, breach of firewall etc.  Please note that while the above-mentioned measures do not guarantee absolute protection to the Personal Information, we remain in complete and continuing compliance of our statutory obligations under applicable data protection laws.

IX. Contact us

You may contact us on any aspect of this policy or for exercising your rights / grievances with respect to your Personal Data, by writing to our Grievance Officer as per the details provided below:

Name: Dhruv Sahai

Designation: Chief Operating Officer

Email ID: legal@carpl.ai

CARPL.AI Pvt Ltd

K261, Lane No.5, Westend Marg, Saiyad Ul Ajaib Extension,

Saket, Delhi, New Delhi, Delhi 110030

X. Policy Review & Updates

This policy will be reviewed by us as and when required and the same may be subject to change at any point in time. The latest and most updated policy can always be found at CARPL.ai. While we will make reasonable efforts to keep you posted on any updates to this privacy policy, to make sure that you are aware of any changes, we recommend that you review this policy periodically. This Privacy Policy shall apply uniformly to CARPL.ai website.

CARPL reserves the right to modify/update this Privacy Policy. We will post the changes to our Privacy Policy, if any, on this page. Please check the “Last updated” legend at the top of this page to see when this Privacy Policy was last updated. We encourage you to check the same to be informed of how CARPL is committed to protecting your information and providing you with improved content.

In this policy, the words “we”, “ours” and/or “us” refer to CARPL Communications Limited and “you” and/or “your” refer to our customers.

XI. Governing Law & Jurisdiction

This policy will be governed by and construed in accordance with applicable data protection laws. Jurisdiction shall be determined in accordance with mandatory statutory requirements.