Legal

Privacy Policy

Last Updated: December 25, 2024

1. Introduction

GenBricks ("Company," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, software, and services.

Our Commitment: We adhere to the highest standards of data protection, including ISO 27001 (Information Security), ISO 27799 (Health Information Security), and compliance with GDPR, HIPAA, and India's DPDP Act where applicable.

2. Regulatory Compliance

Our privacy practices are designed to comply with applicable data protection regulations:

ISO 27001 ISO 27799 ISO 25237 GDPR HIPAA DPDP Act (India) PCI-DSS

For healthcare solutions (GenLIMS, Arogya), we implement additional safeguards including pseudonymization (ISO 25237) and enhanced access controls.

3. Information We Collect

3.1 Information You Provide

Category Examples Purpose
Account Information Name, email, phone, company name Account creation, communication
Business Information Company size, industry, role Service customization
Payment Information Billing address, payment method Transaction processing
Communication Data Emails, support tickets, feedback Customer support
Healthcare Data* Patient records, lab results Service delivery (GenLIMS, Arogya)

*Healthcare data is processed only for customers using our healthcare solutions and is subject to enhanced protections.

3.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system
  • Usage Data: Pages visited, features used, time spent
  • Cookies: Session cookies, preference cookies, analytics cookies
  • Log Data: Access times, error logs, referring URLs

3.3 Information from Third Parties

  • Identity verification services (for healthcare compliance)
  • Payment processors
  • Analytics providers
  • Government databases (Aadhaar verification for Arogya, with consent)

4. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: Providing, maintaining, and improving our software and services
  • Account Management: Creating and managing your account, authentication
  • Communication: Responding to inquiries, sending updates and notifications
  • Security: Detecting, preventing, and addressing fraud, abuse, or security issues
  • Compliance: Meeting legal obligations and regulatory requirements
  • Analytics: Understanding usage patterns to improve our services
  • Marketing: Sending promotional communications (with your consent)

Legal Basis (GDPR): We process data based on: (a) your consent, (b) contractual necessity, (c) legal obligations, or (d) legitimate business interests.

5. Data Protection Measures

We implement comprehensive security measures to protect your data:

5.1 Technical Safeguards

  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit
  • Field-Level Encryption: Sensitive fields encrypted individually
  • Pseudonymization: ISO 25237-compliant pseudonymization for healthcare data
  • Access Controls: Role-based access control (RBAC), multi-factor authentication
  • Audit Trails: Comprehensive logging of all data access and modifications

5.2 Organizational Safeguards

  • Regular security training for all personnel
  • Background checks for employees with data access
  • Incident response procedures
  • Regular security audits and penetration testing
  • Vendor security assessments

6. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

6.1 Service Providers

  • Cloud hosting providers (AWS, with data processing agreements)
  • Payment processors (PCI-DSS compliant)
  • Analytics services (anonymized data only)
  • Customer support tools

6.2 Legal Requirements

We may disclose information when required by:

  • Court orders or legal process
  • Government or regulatory requests
  • Protection of our rights or safety of others
  • Fraud prevention or security investigations

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction, subject to the same privacy protections.

7. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

Data Type Retention Period
Account Information Duration of account + 3 years
Transaction Records 7 years (legal requirement)
Healthcare Records* As per applicable regulations (typically 10+ years)
Audit Logs 7 years (regulatory compliance)
Marketing Preferences Until consent withdrawn
Analytics Data 26 months (anonymized)

*Healthcare data retention is governed by applicable healthcare regulations in your jurisdiction.

8. Your Rights

Depending on your location, you may have the following rights:

8.1 GDPR Rights (EU/EEA)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw previously given consent

8.2 DPDP Act Rights (India)

  • Right to access and confirmation of processing
  • Right to correction and erasure
  • Right to grievance redressal
  • Right to nominate

8.3 HIPAA Rights (US Healthcare)

  • Access to protected health information (PHI)
  • Request amendments to PHI
  • Receive accounting of disclosures
  • Request restrictions on use/disclosure

To exercise your rights, contact us at genbricks.io@gmail.com

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for site functionality (always active)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Understand how visitors use our site
  • Marketing Cookies: Deliver relevant advertisements (with consent)

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect site functionality.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all vendors
  • Selection of vendors with appropriate certifications (SOC 2, ISO 27001)

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at genbricks.io@gmail.com.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending email notification for significant changes
  • Requesting renewed consent where required by law

13. Contact Us

For questions about this Privacy Policy or our data practices:

GenBricks - Privacy Team

Email: genbricks.io@gmail.com

Legal Inquiries: genbricks.io@gmail.com

General Contact: genbricks.io@gmail.com

Website: https://genbricks.io

For EU residents, you have the right to lodge a complaint with your local Data Protection Authority if you believe your rights have been violated.

Back to Home