PRIVACY POLICY

Updated on 22^nd April 2026

 

Summary:

We are committed to safeguarding your personal information and handling it with transparency and care.
In keeping with the principles of the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025 and other applicable laws, we collect only the minimum amount of information required to provide our services, fulfil legal obligations, or improve our offerings.

Our approach to privacy is guided by:

• The Digital Personal Data Protection Act, 2023 (“DPDP Act”) and rules thereunder;.
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules); and
• Internationally recognised privacy and security standards, including ISO/IEC 27001 and NIST Cybersecurity Framework principles where applicable.

 

Privacy Policy

 

This Privacy Policy statement is made by Weltrix RDS Private Limited hereby referred to as “Weltrix”, “we”, “us” or “our” etc.)

 

Weltrix values its users’ privacy. This Privacy Policy (“Policy”) will help you understand how we collect and use personal information from those who visit our website or make use of our online facilities, integrations, API, mobile or desktop applications, information available on our website or application, or when you otherwise use our services or interact with us (collectively referred to as “our Services”), and what we will and will not do with the information we collect.

Our Policy has been drafted to ensure those affiliated with Weltrix are aware of our commitment to meet the existing privacy standards.

We reserve the right to make changes to this Policy at any given time. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page. If at any point in time Weltrix decides to make use of any personally identifiable information on file, in a manner vastly different from that which was stated when this information was initially collected, we will post the updated policy on this page and update the effective date. Users at that time shall have the option as to whether to permit the use of their information in this separate manner.

1. Scope of this Policy

This Policy applies to Weltrix, and it governs any and all data collection and usage by us. This Privacy Policy applies to:

• All websites, applications, and services offered by us; and
• All interactions you have with us — whether online, in person, or via third-party channels.

Through the use of our Services, you are therefore consenting to the data collection procedures expressed in this Policy.

Please note that this Policy does not govern the collection and use of information by companies that Weltrix does not control, nor by individuals not employed or managed by us. If you visit a website that we mention or link to, be sure to review its privacy policy before providing the site with information. It is highly recommended and suggested that you review the privacy policies and statements of any website you choose to use or frequent to better understand the way in which websites, make use of and share the information collected.

Our website is primarily an informational website describing our business and services. The primary way we collect personal data through the website is when you voluntarily submit information through our “Contact Us” form (or similar inquiry forms) or otherwise choose to communicate with us (for example, by email or phone). We do not require you to create an account to browse the website. We do not provide a patient portal, clinical trial participation portal, or other system intended for trial participants to submit clinical or health information through the website. Please do not submit sensitive medical or health information through the website contact form.

If you visit websites, some of your basic information like how you were referred to the site, your searches on the website, and what features and settings you use, may be accessed. We use this information to improve our websites and services and to drive new product development. Please note that we may sometimes obtain your personal information from trusted third-parties that you have consented to sharing your information with, this includes, information received through a referral program, authorized reseller, or partner to ensure that your queries are responded to by us in a timely manner. Furthermore, if you interact with us on social media such as by liking, commenting, sharing, tagging or mentioning us, we may receive information pertaining to such interactions and publicly available information of your profile.

To the extent we act as a Clinical Research Organization (CRO) and process information relating to clinical trial participants or research subjects, that processing is not governed by this website Privacy Policy. Such information is processed under the applicable study documentation and privacy notices provided in connection with the relevant clinical trial or research activity (for example, informed consent forms, sponsor privacy notices, site notices, and/or study-specific privacy disclosures), as applicable.

 

Where we process personal data on behalf of a sponsor, customer, or other organization in connection with clinical research services (including safety/pharmacovigilance, monitoring, data management, statistics, or related services), we do so in our role as a service provider/data processor and in accordance with the applicable contract and the sponsor’s instructions, subject to applicable law.

 

Please note that in line with the Digital Personal Data Protection Act, 2023 (“DPDP”), we will use such information only for legitimate business purposes. Please note that even if you later remove such interactions with us, we may retain a copy of the information already collected, as permitted by law and in line with our retention policy.

This Privacy Policy is issued by Weltrix RDS Private Limited. We may conduct operations and provide services to customers in the United States; however, unless expressly stated otherwise in a written agreement, Weltrix RDS Private Limited is the contracting entity and the entity responsible for this website and the processing described in this Policy. Data processing and storage may occur in either location, subject to legal safeguards described in Section 12 (“Cross-Border Transfers”).

2. Definitions

For the purposes of this Privacy Policy:

• “Personal Data” means any data about an individual who can be identified directly or indirectly from that data.
• “Data Fiduciary” means the entity that determines the purpose and means of processing personal data.
• “Data Principal” means the natural person to whom the personal data relates.
• “Data Processor” means any entity that processes personal data on behalf of the Data Fiduciary.
• “Service Data” means data that you upload or store using our Services about your customers, employees, or other individuals.
• “Consent” means any voluntary, specific, informed, and unambiguous indication of agreement to the processing of Personal Data.

3. Information We Collect
   • Information Shared with Us

It is always up to you whether to disclose personally identifiable information to us, although if you elect not to do so, we reserve the right not to register you as a user or provide you with any products or services. While using our Services, we may collect various types of information, such as:

• When you request more information about Us or contact Us via our Website/applications:

• Name, email, phone number, business or residential address, date of birth;
  • Customer Support Interactions
• Information in emails, chat messages or phone calls with our support team;
• Support ticket histories, escalation records and resolutions.
  • Voluntary Data
• Feedback surveys, Services review and testimonials;
• Optional profile data such as photograph, time zone or language preference.

Please review our Cookie Policy as that we use strictly necessary cookies for secure session management and basic site functionality. With your consent where required, we may also use analytics/performance cookies and advertising/targeting cookies (including third party cookies) as described in our Cookie Policy.

Detailed information about the types of cookies we use, their purposes, duration, and how you can manage or revoke consent is available in our Cookie Policy at______. You may adjust your  preferences at any time via the cookie consent banner or your account settings.

As a general rule, we do not intend to collect health, medical, or other special category/sensitive personal data from visitors through our public website. If you choose to include health-related information in a message to us (for example, in a free-text contact form field), we will use that information only to respond to your inquiry and for related recordkeeping, unless we are required to retain it or use it to comply with law.

Please rest assured that this site will only collect personal information that you knowingly and willingly provide to us by way of surveys, completed membership forms, and emails. It is the intent of this site to use personal information only for the purpose for which it was requested, and any additional uses specifically provided for on this Policy.

• Information Collected Automatically
  • IP address, browser type, operating system, device make and model and time zone settings;
  • Navigation paths, clicks, scrolls, and feature usage frequency.
  • Error reports, crash logs, and latency measurements.
  • Cookies are used in accordance with the policy mentioned herein;
  • Consent for cookies is obtained through a pop-up before they are placed;
  • You have granular control over cookie preference; and
  • cookie consents ae reviewed and renewed periodically.
• Information From Third Parties

We may receive your data if:

• You are referred to us by authorized resellers or partners;
• You interact with us directly via our Website, social media or review platform

We do not personal data outside India and the USA, nor do we share it with unrelated third parties. If transfers outside these jurisdictions occur, they will comply with:

Digital Personal Data Protection Act, 2023 and appropriate laws of the states of the USA or contractual clauses. For more information, please contact our Data Protection Officer at muthuraj.v@weltrix.co.

• Data of Minors

Our website is not directed to, and does not knowingly collect personal identifiable information from, children under the age of eighteen (18). If it is determined that such information has been inadvertently collected on anyone under the age of eighteen (18), we shall immediately take the necessary steps to ensure that such information is deleted from our system’s database, or in the alternative, that verifiable parental consent is obtained for the use and storage of such information. Anyone under the age of eighteen (18) must seek and obtain parent or guardian permission to use our Service.

4. Purpose of Processing
   • We collect and process data strictly for:
     • Authentication and securing access to our services;
     • Monitoring for fraudulent activity, enforcing access controls and protecting account integrity;
     • Providing product updates, essential service notices, and legal notifications via email;
     • Maintaining platform security through cloud security infrastructure;
   • In compliance with the Digital Personal Data Protection Act, 2023, we may use your information for legitimate interests such as for improving our services and ensuring security, for compliance with tax, anti-fraud, and data protection regulations, providing subscription service etc.
5. Consent Management
   • Consent is collected via pop-up notifications before processing begins.
   • We share a clear, plain language to explain the purpose of collecting consent
   • You may approve or reject non-essential cookies individually;
   • You may discontinue use of your Personal Data or withdraw your consent for use of Your Personal Data by sending an email to our Data Protection Officer at muthuraj.v@weltrix.co and we will endeavor to delete your Personal Data within 15 (fifteen) days of receipt of such request and confirm the same via email subject to any legal retention obligations under the applicable laws. Please not that request for deletion or withdrawal of consent will not affect the lawfulness of processing of Personal Data based on consent prior to such request for deletion or withdrawal of consent.
   • All consent actions are logged with timestamps and retained for 6 months;
   • Right to Object to the processing of your Personal Data where we rely on legitimate interests;
   • Right to request restriction of processing;
   • Right to request for data portability;
   • Right to lodge a complaint with the Data Protection Officer (details at clause 15)
   • Notice to USA Users

We are located primarily in the USA and India. If you provide information to us, the information may be transferred out of the USA and sent to India. By providing personal information to us, you are consenting to its storage and use as described in this Policy.

6. Data Access, Correction, and Deletion

As a Data Principal, you have the right to:

• Access your personal data;
• Request corrections;
• Manage cookies and advertising preferences.
• Opt out of marketing communications.
• Receive notice of changes to our Privacy Policy or Terms
• Request for deletion of your Personal Data; and
• File a grievance with our Data Protection Officer at muthuraj.v@weltrix.co
• If you wish to unsubscribe or opt-out from any third-party websites, you must go to that specific website to unsubscribe or opt-out. We will continue to adhere to this policy with respect to any personal information previously collected.
• Access and Corrections

You may correct or delete your Personal Data. You can initiate such requests by contacting us as described in Section ____ (“Contact Us”).

If you would like to know if we have collected your personal data or how we have used your personal data, if we have disclosed your personal data and to who we disclosed your personal data, or if you would like your data to be deleted or modified in any way, please contact our privacy officer below.

7. Sharing of Personal Data

We share your information only with:

• Our Authorized personnel within defined roles  who have a legitimate purpose for access.
• Third party integrations or APIs you enable, limited to essential operations, such as payment processors, cloud hosting and API;
• Government institutions, including law enforcement or courts, as required by law or to ensure compliance with our policies and protect our rights and safety.
• We do not share data for marketing purposes.

8. Security Measures
   • We maintain a cloud-based security with:

• Cloud security infrastructure with real time threat monitoring;
• Multi-factor authentication (MFA) for administrative access;
• Role-based access control to enforce purpose limitation and data minimization.
• Continuous monitoring and logging of system activity.
• Security incidents escalated within 24 hours of detection.
• Notification to affected users.
  • We implement robust technical safeguards to protect personal data but cannot guarantee absolute security due to inherent risks. While we take all reasonable precautions to ensure that the user data is secure and that users are protected, there always remains a risk of harm. All online platforms can be insecure at times and therefore, we are unable to guarantee the security of user data beyond what is reasonably practical.
  • Data Breach Notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where required by law, inform the relevant data protection authorities within 72 hours of becoming aware of the breach. Notifications will include details of the breach, potential consequences, and measures taken to mitigate risks.

9. Retention

We retain personal data only as long as necessary for the purposes described in this Policy, unless a longer retention period is required or permitted by law, contract, or applicable regulatory obligations. Where personal data is processed in connection with clinical research, retention periods may be substantially longer to satisfy applicable legal, contractual, and regulatory requirements. After the applicable retention period expires, we will delete or anonymize the data in accordance with our retention schedule, unless further retention is required by law.

10. Service Data Processing

When you store other individuals’ data on our platform or for availing our Services:

• You remain the Data Fiduciary; we act as a Data Processor;
• Processing follows your instructions only;
• Access is limited and logged for audit purposes;

 

11. User Behaviour Restrictions

You may not:

• Access the underlying source code/object code of our website and application or engage in any conduct/ activity which will affect the working of our website or application;
• Attempt to bypass access controls;
• Use the Services for prohibited activities,

12. Cross- Border Data Transfer

We store and process data in India and USA. If transfers outside these jurisdictions occur, they will comply with:

Digital Personal Data Protection Act, 2023 and appropriate laws of the states of the USA or contractual clauses. For more information, please contact our Data Protection Officer at muthuraj.v@weltrix.co.

13. Cookie Policy

A cookie is a small file, stored on a user’s hard drive by a website. Its purpose is to collect data relating to the user’s browsing habits. You can choose to be notified each time a cookie is transmitted. You can also choose to disable cookies entirely in your internet browser, but this may decrease the quality of your user experience.

We use the following types of cookies:

• Strictly necessary purposes, such as security, fraud prevention, and basic site functionality;
• Analytics and performance, to understand how the website is used and improve it; and
• Advertising/targeting (to measure the effectiveness of campaigns and deliver relevant advertising), if enabled.

Examples of third-party technologies we may use: Depending on your cookie preferences and configuration, we may use third-party analytics and advertising technologies such as Google Analytics, the Meta Pixel, and the LinkedIn Insight Tag. These providers may collect information from your browser or device (such as cookie identifiers, IP address, and browsing events) and may process that information under their own privacy policies.

Your Choices: You can control non-essential cookies through our cookie banner/consent tool and may also adjust your browser settings to block or delete cookies. Where required by applicable law, we will not set non-essential cookies unless you opt in.

14. Policy Updates

We may revise this Privacy Policy.

• Significant updates will be emailed to you before they take effect.
• Continued use after the effective date constitutes acceptance

15. Contact Information

For any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact our Data Protection Officer:

Data Protection Officer / Grievance Officer:
Name:
Email:

Acceptance of Terms

By using our Services, you are hereby accepting the terms and conditions stipulated within the Privacy Policy Agreement. If you are not in agreement with our terms and conditions, then you should refrain from further use of our sites. In addition, your continued use of our Services following the posting of any updates or changes to our terms and conditions shall mean that you agree and acceptance of such changes.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional disclosures for California Compliance:

As required under California law, we disclose that we may collect the following categories of personal data:

• Identifiers: This includes your name, alias, mailing address, online identifiers, IP address, and email address.
• Online Activity Data: Information such as your browsing and search history and details about your interactions with our services.
• Geolocation Data: Information related to your physical location.

This information is collected in accordance with the guidelines outlined in Section 1 of this Privacy Policy.

Data Sharing: In the past 12 months, we have not disclosed any personal data belonging to users.

Data Sales: We have not sold any user information over the last 12 months.

Your Privacy Rights as a California Resident: If you are a California resident and your interactions with us are primarily for personal, family, or household use, you have rights under the California Consumer Privacy Act (CCPA). Specifically, you can request details about how your information is shared.

To make a request, contact our privacy officer using the details provided in this Privacy Policy, including the subject line “California Privacy Information Request.” Once we confirm your request and verify your identity, we will disclose:

1. The types of personal information we have collected about you.
2. The sources from which your data was collected.
3. The purposes for which we use this information.
4. The types of third parties with whom your information is shared.
5. The specific pieces of personal data we hold about you.

Right to Deletion: You may also request that we delete your personal information from our records, subject to certain exceptions. Once your identity has been verified and your request is confirmed, we will remove your data from our systems and instruct our service providers to do the same unless an applicable exception applies.

When We May Deny Deletion Requests:: We may retain your data if necessary to:

1. Complete transactions or provide requested services.
2. Detect and address security threats or illegal activities.
3. Debug our systems and fix errors.
4. Protect free speech or comply with other legal rights.
5. Meet the requirements of the California Electronic Communications Privacy Act.
6. Fulfill legal obligations.
7. Use the data for internal purposes compatible with its original collection context.

To request data deletion, please contact our privacy officer with the subject line “California Data Deletion Request.”

Limitations on Requests: You may submit up to two requests within a 12-month period. To ensure privacy, we can only process requests that verify your identity and confirm that the data pertains to you.

Response Time: We aim to respond to verified requests within 45 days. If more time is required, up to a maximum of 90 days, we will notify you of the delay and its reason in writing. Responses will be provided electronically or via mail based on your preference. Any disclosure will cover the 12 months prior to your request. If we cannot fulfill a request, our response will explain the reason.

Do Not Track Signals: Some browsers allow users to enable “Do Not Track” preferences. Currently, we do not respond to these signals but remain committed to transparent and lawful data practices as described in this Privacy Policy.

Cookies and Tracking Pixels: You can choose to decline cookies through your browser settings. Refer to the cookie section of our Privacy Policy for more details.

Non-Discrimination Policy: You have the right to exercise your CCPA rights without facing discrimination. We will not:

1. Deny you goods or services.
2. Charge different prices or impose penalties.
3. Provide services of differing quality.
4. Imply that exercising your rights could result in unfavourable treatment.

 

 

 

 

 

 

 

 

 

 

 

 

Children’s Privacy Policy

This notice serves as an addendum to our general Privacy Policy and specifically addresses the collection and handling of personal data for children in the United States who are under 13 years of age (“Child” or “Children”). It has been created to comply with the Children’s Online Privacy Protection Act (COPPA). Any terminology used here follows the definitions set forth by COPPA.

Information Collected About Children: We do not knowingly gather personal data from children under 13 years old.

Public Access Restrictions: Children are restricted from sharing personal information publicly on our platform.

Third-Party Access: Our services do not permit third parties to gather personal information from children through our platform.

Parental Rights and Controls: Parents or legal guardians hold the right to access their child’s personal data, request its deletion, and deny any further data collection or use. Parents or guardians may also approve data collection and use while restricting us from sharing the child’s data with third parties unless such sharing is required for the services provided. These rights can be exercised by contacting our privacy team in writing.

Data Minimization: We will never require children to provide more personal information than is reasonably necessary for participation in activities or services on our platform.

Contact Information: For any questions or concerns regarding this policy or our handling of children’s personal data, please contact our privacy officer:

• Name: Muthuraj V
• Email: muthuraj.v@weltrix.co
• Address: Site No. 26 Laskar, Hosur Rd, Chikku Lakshmaiah Layout, Adugodi, Bengaluru, Karnataka 560029
• Phone Number: 9632213237