PRIVACY POLICY

Effective Date: 30.03.2026


Issued By: SAHCHI Hearing and Speech Solutions Private Limited (“Gabify”, “we”, “our”, “us”)

1. DEFINITIONS

The purpose of this policy is to regulate the privacy policy in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”). In this policy, the terms are used with the following meaning:

Term

Definition

Child

An individual who has not completed the age of eighteen years

Data

Representation of information, facts, concepts, opinions or instructions in a manner suitable for communication, interpretation or processing by human beings or by automated means;

Data Fiduciary

Any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data

Data Principal

The individual to whom the personal data relates, and where such individual is—

(i) a child, includes the parents or lawful guardian of such a child;

(ii) a person with disability, including her lawful guardian, acting on her behalf;

Digital Personal Data

Personal data in digital form

Personal Data

Any data about an individual who is identifiable by or in relation to such data

Personal Data Breach

Any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data;

Processing

In relation to personal data, it means a wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.

2. INTRODUCTION

This Privacy Policy sets out the framework under which Gabify collects, processes, stores, retains, shares, and protects personal data in connection with:

  • Visits to our corporate website
  • Requests for service information or demonstrations
  • Enterprise onboarding and subscription management
  • Customer support communications
  • Marketing subscriptions
  • Participation in events, partnerships, or sales engagements

This Policy applies exclusively to our corporate website and related business activities.

By accessing or using our website or services, you acknowledge that you have read and understood this Privacy Policy.

3. PRINCIPLES

The Company acts within the framework of the following principles in the processing and retention of personal data:

  • The Company fully complies with the Digital Personal Data Protection (DPDP) Act, 2023 applicable Indian laws, regulatory requirements, and the provisions of this Policy.
  • Personal data is collected only for lawful, specific, and legitimate purposes and is processed fairly and transparently.
  • The Company limits data collection to what is necessary for the stated purpose.
  • Appropriate technical and organisational safeguards are implemented to ensure data security.
  • All significant data processing activities are documented and monitored in accordance with internal governance and compliance requirements.
  • Personal data is retained only for as long as necessary for the fulfilment of lawful purposes or as required under applicable law.

4. LEGAL BASIS FOR PROCESSING AND RETENTION

Personal data is processed and retained on the following lawful grounds:

  • Where processing is necessary for the performance of a contract or before entering into a contract.
  • Where processing is required for compliance with legal or regulatory obligations.
  • Where processing is undertaken for legitimate uses permitted under the DPDP Act, provided such processing does not override fundamental rights and freedoms.
  • Where processing is based on the explicit, free, specific, informed, and unambiguous consent of the Data Principal.
  • Where processing is necessary for responding to medical emergencies, public health situations, disasters, or ensuring safety.
  • Where retention is expressly required or permitted under applicable legislation.

5. CATEGORIES OF DATA COLLECTED

The Company collects only such personal data as is necessary for lawful and legitimate purposes.

  1. 5.1 Personal Information

  • Name
  • Email address
  • Phone number
  • Organisation name
  • City/State/Country
  • Subscription details
  • Onboarding information

5.2. Cookies

The Company uses:

  • Essential cookies
  • Analytics cookies
  • Preference cookies

Users may manage cookie preferences through browser settings.

6. MODE OF COLLECTION

Personal data may be collected:

  • Directly from the users through forms, emails, demo requests, or onboarding processes.
  • Automatically through cookies and analytics tools.

7. PURPOSE OF PROCESSING

Personal data is processed strictly for lawful and defined purposes, including:

  • Providing enterprise onboarding and subscription services
  • Delivering customer support
  • Managing contracts and business relationships
  • Sending marketing communications (based on consent)
  • Fraud prevention and security monitoring
  • Compliance with regulatory requirements

Consent, where required, may be withdrawn at any time by using the unsubscribe option or by contacting the Company at info@gabify.life.

8. USE OF ARTIFICIAL INTELLIGENCE

Gabify develops and operates AI-powered Software.

Personal data may be processed using artificial intelligence and automated systems for:

  • Product performance improvement
  • System reliability enhancement
  • Usage pattern analysis
  • Safety and effectiveness optimisation

Where AI supports decision-making, appropriate human oversight and validation mechanisms are implemented.

Personal data is not used for AI model training beyond the specified lawful purpose without a valid legal basis.

9. DE-IDENTIFIED AND ANONYMISED DATA

The Company may de-identify or anonymise personal data so that it no longer identifies any individual.

Such data may be used for:

  • Research and development
  • AI model validation
  • Product enhancement
  • Statistical analysis
  • Regulatory and quality compliance

Anonymised data is not treated as personal data under applicable law.

10. DATA SHARING

Personal data may be shared with:

  • Cloud hosting providers
  • IT and cybersecurity service providers
  • Email and marketing platforms
  • Contracted Data Processors
  • Regulatory or governmental authorities where legally required

All Data Processors operate under valid contractual arrangements as required under Section 8 of the DPDP Act.

The Company does not sell personal data.

11. INTERNATIONAL DATA TRANSFER

Where personal data is processed outside India:

  • Appropriate contractual and technical safeguards are implemented.
  • Encryption and security controls are applied.
  • All transfers comply with applicable Indian law.

12. CHILD’S DATA

In view of the heightened sensitivity of children’s and health-related data, the Company adheres to the following safeguards:

  • Verifiable consent of a parent or lawful guardian shall be obtained before the collection or processing of any child’s personal data, in accordance with the DPDP Act.
  • Personal data of children shall be collected solely for screening, assessment, clinical support, onboarding, regulatory compliance, and service delivery purposes.
  • The Company shall not undertake behavioural tracking, targeted advertising, or profiling of children for commercial purposes.
  • Processing of children’s data shall not be conducted in a manner that is detrimental to the child’s well-being or development.
  • Health-related data and screening outputs shall be treated as sensitive in nature and shall be subject to enhanced security, access controls, and confidentiality safeguards.
  • Human oversight shall be maintained in clinical or AI-assisted screening processes to ensure responsible and ethical use of technology.
  • Children’s personal data shall be retained only for the duration necessary to fulfil the screening or service purpose, or as required under applicable law.

The Company recognises the special duty of care owed when processing children’s data and implements additional organisational and technical safeguards accordingly.

13. RIGHTS OF DATA PRINCIPALS

Under the DPDP Act, Data Principals have the following rights:

  • Right to access a summary of personal data and processing activities.
  • Right to correction, completion, updating, or erasure of personal data.
  • Right to withdraw consent at any time.
  • Right to grievance redressal, with response within 30 days.
  • Right to nominate another person to exercise rights in case of death or incapacity.

Unresolved grievances may be escalated to the Data Protection Board of India.

14. DUTIES OF DATA PRINCIPALS

While exercising rights under the DPDP Act, Data Principals shall:

  • Not impersonate another person.
  • Not provide false or misleading information.
  • Not file frivolous or malicious complaints.
  • Provide accurate and authentic data.

15. DATA SECURITY

The Company implements appropriate technical and organisational safeguards, including:

  • Encryption in transit
  • Secure cloud infrastructure
  • Role-based access controls
  • Firewalls and DDoS protection
  • Periodic security audits
  • Employee confidentiality obligations

While reasonable safeguards are implemented, absolute security cannot be guaranteed.

16. PERSONAL DATA BREACH

Gabify shall take prompt and appropriate action in accordance with Section 8 of the Digital Personal Data Protection Act, 2023 and applicable rules.

  • The Company shall notify the Data Protection Board of India in such form and manner as may be prescribed.
  • Where the breach is likely to cause harm to a Data Principal, including children, the Company shall inform the affected Data Principals and/or their parent or lawful guardian without undue delay.
  • Immediate remedial and containment measures shall be undertaken to prevent further unauthorised access, disclosure, alteration, or loss of personal data.
  • All personal data breaches shall be documented internally, including facts relating to the breach, its effects, and corrective actions taken.

17. BUSINESS TRANSFERS

In the event of a merger, acquisition, restructuring, or asset transfer, personal data may be transferred subject to applicable legal safeguards.

18. THIRD-PARTY SERVICES

The website may contain links to third-party websites or services. The Company is not responsible for the privacy practices of such third parties.

19. CHANGES TO THIS POLICY

The Company reserves the right to update this Policy periodically. Updated versions will be published with a revised effective date. Where changes are material, additional notice may be provided.

20. GRIEVANCE OFFICER

SAHCHI Hearing and Speech Solutions Private Limited


Email: care@gabify.life


Response Time: Within 15 days

Welcome to Gabify

Screen | Intervene | Thrive