Legal

Privacy Policy

Effective date: 11 May 2026 · Last updated: 11 May 2026

This Privacy Policy explains how Darshinfi Medicare (OPC) Private Limited (“Dazo”, “we”, “us” or “our”) collects, uses, shares and safeguards personal data when you use the Dazo mobile and desktop applications, the Dazo website at dazo.co.in, and related services (collectively, the “Service”).

We act as a “Data Fiduciary” for the personal data we determine the purpose and means of processing, under the Digital Personal Data Protection Act, 2023 (“DPDP Act”). We also comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”).

Contents

Who we are
What personal data we collect
Purposes & legal basis
Your files and records (User Content)
How we share data
International data transfers
Retention
Your rights as a Data Principal
Children’s data
Security
Cookies & analytics
Grievance Officer & how to contact us
Changes to this policy

1. Who we are

Dazo is operated by Darshinfi Medicare (OPC) Private Limited, a company incorporated under the Companies Act, 2013 with its registered office at Shop No S-10, DN Oxy Park, Dumduma, Bhubaneswar, Khordha 751019, Odisha, India.

2. What personal data we collect

We collect the categories of data below. Mandatory fields are needed to deliver core functionality; optional fields help us improve the Service.

Category	Examples
Account data	Name, email address, password (stored as a salted hash), profile photo (optional).
Subscription & billing data	Plan name, seat counts, subscription status, store transaction identifiers from Apple App Store, Google Play, Microsoft Store or our payment processor. We do not store full card numbers — payments are processed by the relevant platform store.
License data (desktop)	Offline license key issuance, valid-until dates, the device the key is bound to.
Device & technical data	Device type, operating system version, app version, language, IP address, crash logs, performance diagnostics.
Usage data	Feature use (e.g. uploads attempted, sync runs), error events, in-app navigation, all in aggregate or pseudonymous form where feasible.
Support data	Information you provide when raising a support ticket, including attachments you choose to share.
Sensitive personal data or information (SPDI)	Passwords (encrypted in transit and at rest), payment-related identifiers as above, and any health-related information you voluntarily place inside the Service. See section 4.

3. Purposes & legal basis

Under the DPDP Act, we rely on the following legal bases:

Consent — for processing personal data you submit at sign-up, optional profile fields, marketing communications, and any sensitive data you choose to store.
Legitimate uses (as permitted under section 7 of the DPDP Act) — for fulfilling our contract with you (delivering the Service, sync, license activation, support), compliance with law, and limited security or fraud-prevention purposes.

Specific purposes include:

Creating and managing your account, authenticating you, and providing the four use-case workspaces (Patient, Event, Research, Spreadsheet).
Storing your records and files in the storage mode you select (Cloud or on-device).
Enabling sync between mobile and desktop (Cloud Sync via Firebase Storage; WiFi Sync over your local network).
Issuing and validating desktop license keys.
Managing subscriptions, renewals, seat counts and add-ons (via the relevant platform store and our subscription provider).
Customer support, including responding to tickets you raise from inside the app.
Diagnostics, crash reporting, security and fraud prevention.
Complying with applicable law and responding to lawful requests.

4. Your files and records (User Content)

Dazo lets you store records (such as patient files, events, research and spreadsheets) and attachments (photos, video, audio, PDFs and other files) that may contain personal information about you or third parties.

You remain the controller of that content. We process it only to provide the Service and only on your instructions.
If you choose Cloud storage mode, your User Content is stored in Firebase Storage (Google Cloud). If you choose Local / Device storage mode, the User Content does not leave your device unless you initiate WiFi Sync or share it.
If you store information relating to identifiable patients or other natural persons, you confirm that you have a lawful basis to do so (such as consent or a regulatory exemption) and that you are responsible as the “Data Fiduciary” in respect of that content under the DPDP Act and any sectoral law (including the Clinical Establishments Act, the National Medical Commission rules, the EHR Standards 2016 and the Telemedicine Practice Guidelines 2020, where applicable).
You agree to use Dazo only in compliance with applicable healthcare, data-protection and confidentiality laws.

We do not sell your personal data. We share it only with the categories of recipients below, and only to the extent necessary:

Cloud infrastructure & storage — Google LLC (Firebase Authentication, Firestore, Firebase Storage, Cloud Functions) processes account data and, in Cloud storage mode, your User Content.
Subscription management — RevenueCat, Inc. processes subscription state and platform purchase events.
Platform stores — Apple Inc., Google LLC and Microsoft Corp. process billing for app-store purchases under their respective terms.
AI transcription — audio recordings on which you choose to run transcription/summarization may be processed by a third-party speech-to-text provider strictly to return the transcript/summary, with no use for training.
Diagnostics — crash and error reporting providers (such as Firebase Crashlytics) for the purpose of keeping the apps stable.
Government & legal — disclosure to authorities only where required by Indian law or a binding order.
Corporate transactions — in the event of a merger, acquisition, restructuring or sale of assets, your data may be transferred to the successor entity, subject to the same protections set out here.

6. International data transfers

Some of our service providers are located outside India, including the United States and the European Economic Area. When personal data is transferred outside India, we ensure it is protected by reasonable safeguards (such as standard contractual clauses or equivalent terms) and only to jurisdictions permitted under section 16 of the DPDP Act.

7. Retention

Account & subscription data — retained for as long as your account is active, plus a reasonable period (typically 30 days) after deletion for de-provisioning, plus longer where required by law (e.g. tax records for 8 years under the Income-tax Act, 1961).
User Content — retained while your account is active. On account deletion or storage-mode change, we delete or anonymize the corresponding data within 30 days, except where retention is required by law.
Support tickets — retained for up to 3 years for service-quality and audit purposes.
Crash & diagnostic logs — typically retained for 90 days.

8. Your rights as a Data Principal

Under the DPDP Act and the SPDI Rules, you have the right to:

Obtain confirmation that we are processing your personal data and a summary of that data.
Correct, complete, update or erase your personal data.
Withdraw your consent at any time (this may limit your ability to use parts of the Service).
Nominate another person to exercise your rights in the event of death or incapacity.
Lodge a complaint with our Grievance Officer (see section 12) and, if unresolved, with the Data Protection Board of India.

To exercise these rights, contact us via our contact form or write to our Grievance Officer (section 12). We will respond within the timelines required by law.

9. Children’s data

Dazo is not directed to children under 18. Where we process the personal data of any individual who is a child or a person with a disability with a lawful guardian, we will obtain verifiable consent from a parent or lawful guardian as required by section 9 of the DPDP Act. We do not undertake tracking, behavioural monitoring or targeted advertising directed at children.

10. Security

We implement “reasonable security practices and procedures” under the SPDI Rules, including:

TLS 1.2+ encryption in transit for traffic between the apps, our website and Firebase.
Encryption at rest for cloud-stored files via Google Cloud Storage default encryption.
Salted password hashing managed via Firebase Authentication.
Role-based access controls over our administrative interfaces.
Periodic vulnerability reviews and dependency patching.
Logical isolation between user accounts in Firestore and Cloud Storage.

In the unlikely event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals as required by section 8(6) of the DPDP Act.

11. Cookies & analytics

The Dazo website uses strictly necessary cookies for session management. We may use first-party analytics (such as Firebase Analytics) inside the apps to understand feature use in aggregate. We do not use third-party advertising cookies, and we do not run cross-site tracking.

12. Grievance Officer & how to contact us

In accordance with the SPDI Rules and section 8(9) of the DPDP Act, we have appointed a Grievance Officer to address your queries and complaints regarding personal data and this policy.

Name	Ms. Deepa Patro
Designation	Grievance Officer / Data Protection Officer
Email	tech.darshinfi@gmail.com
Postal address	Shop No S-10, DN Oxy Park, Dumduma, Bhubaneswar, Khordha 751019, Odisha, India
Phone	+91 94371 82313 · working hours: Mon–Fri, 10:00–18:00 IST

We will acknowledge your complaint within 24 hours and aim to resolve it within 15 days of receipt, in line with the SPDI Rules.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in law, our practices, or the Service. The “Last updated” date at the top reflects the latest version. We will provide reasonable notice (in-app or by email) of material changes.

If you have questions about this policy, please contact us via the contact page.