Privacy Policy
1. Introduction
Welcome to Reclaim Bharosa ("we", "our", "us"), a platform providing insurance claim assistance services. We are committed to protecting the privacy of individuals whose personal data we process and to complying with all applicable Indian laws.
This Privacy Policy is issued in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 and rules made thereunder, and other applicable Indian laws.
For the purposes of the DPDP Act:
- Reclaim Bharosa is the Data Fiduciary.
- Users of the platform are Data Principals.
By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data in accordance with this Policy, unless such processing is permitted under law without consent.
2. Personal Data We Collect
We collect only such personal data as is necessary for lawful purposes connected with our services.
2.1 Identity and Contact Data
- Full name
- Email address
- Mobile number
- City, State, and PIN code
2.2 Insurance and Claim-Related Data
- Type of insurance (health, life, motor, general, etc.)
- Insurance company name
- Policy number or identifier
- Claim details, descriptions, and status
- Nature of claim issue (rejected, delayed, partial settlement, etc.)
2.3 Documents Uploaded by You
- Insurance policy documents
- Medical records and bills
- Correspondence with insurers
- Rejection or settlement letters
- Other documents necessary for claim processing
2.4 Authentication and Technical Data
- Authentication tokens generated through Azure AD
- Session identifiers
- IP address, browser type, device information, operating system, timestamps
2.5 Usage Data
- Platform interaction logs
- Chat interactions with the AI assistant
- Language preferences
3. Purposes and Legal Basis for Processing
We process personal data only for specific, lawful, and clearly defined purposes, as required under the DPDP Act.
3.1 Provision of Services
Personal data is processed to:
- Assist in preparation, submission, and follow-up of insurance claims
- Communicate with insurance companies on your behalf
- Provide updates, guidance, and support related to claims
Legal Basis: Consent and performance of contract.
3.2 Communication and Account Security
We process contact and authentication data to:
- Verify identity through OTP or similar mechanisms
- Send service-related communications and alerts
- Respond to user queries and support requests
Legal Basis: Consent and legitimate use as permitted under Section 7 of the DPDP Act.
3.3 Platform Functionality and Security
We process technical and usage data to:
- Maintain platform security and prevent fraud or misuse
- Authenticate users and manage sessions
- Enable document uploads and AI-assisted features
Legal Basis: Performance of contract and legitimate use under Section 7 of the DPDP Act.
3.4 Legal and Regulatory Compliance
We may process personal data to:
- Comply with applicable laws, court orders, or regulatory directions
- Establish, exercise, or defend legal claims
Legal Basis: Legal obligation.
3.5 Analytics and Improvement
We may use anonymised and aggregated data only to analyse platform performance and improve services. No personal data is used for analytics without consent.
Legal Basis: Anonymised data falls outside the scope of the DPDP Act.
4. Data Storage, Security, and Retention
4.1 Storage and Data Location
Personal data is stored on secure cloud infrastructure, primarily located in India. Where data is processed or stored outside India, such transfer shall be in accordance with restrictions and conditions notified by the Central Government under the DPDP Act.
4.2 Security Safeguards
We implement reasonable security safeguards as required under Section 8 of the DPDP Act, including:
- Encryption in transit and at rest
- Access control and role-based permissions
- Secure authentication mechanisms
- Periodic security reviews and audits
4.3 Data Breach Notification
In the event of a personal data breach likely to cause harm, we will notify the Data Protection Board of India and affected Data Principals in accordance with the DPDP Act.
4.4 Data Retention
Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected, or as required under applicable laws:
- Claim-related data: for the duration of the claim and such additional period as required under insurance, tax, or other applicable laws
- Inactive accounts: retained for a limited period and thereafter deleted or anonymised
- Documents: retained in accordance with statutory and contractual obligations
5. Data Sharing and Data Processors
We may share personal data only with:
- Insurance companies, where required for claim processing and with your consent
- Service providers acting as Data Processors, under written contracts ensuring DPDP Act compliance
- Government or judicial authorities, where required by law
We do not sell personal data or share it for unsolicited marketing.
6. Cross-Border Data Transfers
Where personal data is transferred outside India, such transfer shall be:
- Permitted under applicable law and government notifications
- Subject to appropriate contractual and technical safeguards
7. Rights of Data Principals
Subject to the DPDP Act, you have the right to:
- Access information about personal data processed by us
- Seek correction or erasure of personal data
- Withdraw consent for processing, where applicable
- Nominate another individual to exercise rights in the event of death or incapacity
- Register a grievance with us or the Data Protection Board of India
Requests may be made by contacting us using the details below. We may require identity verification before acting on requests.
8. Children’s Personal Data
Our services are not intended for individuals below 18 years of age. We do not knowingly process children’s personal data.
10. Data Protection Officer / Grievance Officer
We have designated a contact point for data protection and grievance redressal:
- Email: dpo@reclaimbharosa.com
- Phone: +91 90045 97095
- Location: Office No 304, Sainath (Malad) SRA CHS Ltd, Daruwala Compound, S V Road, Malad (West), Mumbai, 400 064
The appointment of a Data Protection Officer is voluntary unless otherwise notified under the DPDP Act.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law or our practices. Material changes will be notified through the platform or via email, and fresh consent will be obtained where required by law.
12. Contact Information
For questions, concerns, or requests relating to this Privacy Policy or personal data processing, please contact:
- Email: privacy@reclaimbharosa.com
- Support: support@reclaimbharosa.com
- Phone: +91 90045 97095
If you are not satisfied with our response, you may approach the Data Protection Board of India in accordance with the DPDP Act.