Privacy Policy

Last updated: February 2026

1. Introduction

Namoza (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our healthcare marketing platform at namoza.in and related services (the “Service”).

This policy is drafted in compliance with the Information Technology Act, 2000 and the Digital Personal Data Protection (DPDP) Act, 2023 of India.

2. Data Fiduciary

Namoza acts as the Data Fiduciary under the DPDP Act, 2023. For any privacy-related queries, contact us at:

  • Email: support@namoza.in
  • WhatsApp: +91 99119 17450

3. Personal Data We Collect

We collect the following categories of personal data:

  • Account Information: Name, email address, and profile picture obtained via Google OAuth sign-in.
  • Business Profile: Clinic name, doctor name, phone number, address, specialty, and clinic logo that you voluntarily provide.
  • Usage Data: Images generated, templates used, download history, and credit usage.
  • Payment Information: Transaction details processed via Razorpay (we do not store your card or bank details).
  • Technical Data: IP address, browser type, and device information collected automatically via server logs.

4. Purpose of Data Processing

We process your personal data for the following purposes:

  • To provide and maintain the Service, including template generation and image downloads.
  • To authenticate your identity and manage your account.
  • To personalize templates with your clinic branding and doctor information.
  • To process payments and manage subscriptions.
  • To communicate service updates, security alerts, and support responses.
  • To improve the Service through aggregated, anonymized usage analytics.

5. Data Storage and Security

Your personal data is stored on Amazon Web Services (AWS) infrastructure in the Asia Pacific (Mumbai) region (ap-south-1). We implement the following security measures:

  • Data at rest is encrypted using AWS managed encryption keys.
  • Data in transit is encrypted via TLS/HTTPS.
  • Access to data is restricted through AWS IAM policies and API authorization.
  • Generated images are stored in Amazon S3 and served via CloudFront CDN.

6. Cookies and Local Storage

We use the following cookies and browser storage:

  • namoza_id_token: Authentication token for maintaining your login session. Expires after 24 hours.
  • namoza_session: Contains basic user info (userId, name, email) for the frontend. Expires after 24 hours.
  • namoza_theme: Stores your display theme preference (light/dark) in localStorage. No expiry.

We do not use third-party tracking cookies or analytics cookies.

7. Your Rights Under DPDP Act, 2023

As a Data Principal, you have the following rights:

  • Right to Access: You can request a summary of your personal data and processing activities.
  • Right to Correction: You can update your profile information at any time via the Profile page.
  • Right to Erasure: You can request deletion of your account and all associated data.
  • Right to Grievance Redressal: You can raise concerns about data processing by contacting us.
  • Right to Nominate: You can nominate another person to exercise your rights in case of death or incapacity.

To exercise any of these rights, contact us at support@namoza.in. We will respond within 30 days.

8. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion, all personal data is permanently removed within 90 days, except where retention is required by law. Generated images in S3 are deleted upon account closure.

9. Third-Party Services

We use the following third-party services:

  • Google OAuth: For authentication. Google's privacy policy applies to data processed by Google.
  • Razorpay: For payment processing. Razorpay's privacy policy governs payment data.
  • Amazon Web Services: For cloud infrastructure, storage, and content delivery.

We do not sell your personal data to any third party. We do not share your data with third parties except as necessary to provide the Service.

10. Cross-Border Data Transfer

Your data is stored in AWS Mumbai (ap-south-1) region. We do not transfer personal data outside India except where required for service operation (e.g., Google OAuth servers). Any such transfer complies with applicable provisions of the DPDP Act, 2023.

11. Children's Data

Our Service is intended for healthcare professionals aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that a minor has provided personal data, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be notified via email or a prominent notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and DPDP Act, 2023, the Grievance Officer can be contacted at:

  • Email: support@namoza.in
  • WhatsApp: +91 99119 17450
  • Response time: Within 30 days of receiving the grievance