Desi POS

1. Information We Collect

We collect the following types of information depending on how you use the Platform:

• Account information: Name, email address, mobile number, and business details provided during registration or sign-in.
• Business data: Store names, locations, products, inventory, billing records, and employee information entered by the account holder.
• Patient and healthcare data: Patient name, date of birth, gender, contact details, ABHA number, radiology study details, clinical history, report content, and related medical records entered for diagnostic and radiology workflows.
• Transaction data: Payment details, order records, invoice history, and Razorpay transaction references (we do not store full card numbers).
• Device and usage data: IP address, browser type, device identifiers, Firebase Cloud Messaging tokens, and app usage activity for security and service improvement.
• Uploaded files: Images, DICOM study previews, report PDFs, radiologist signatures, and clinic branding assets uploaded through the Platform.

2. How We Use Information

We use collected information to:

• provide, operate, and improve the Desi POS Platform and its features;
• manage retail billing, inventory, multi-branch operations, and staff access;
• support radiology worklist management, DICOM viewing, and AI-assisted report generation;
• process payments and maintain financial records;
• send billing confirmations, report notifications, and operational alerts;
• enable ABHA (Ayushman Bharat Health Account) patient linking via ABDM;
• generate and publish radiology reports and billing PDFs;
• provide customer support and ensure platform security.

3. Healthcare and Patient Data

Desi POS handles sensitive healthcare information as part of its radiology and patient management features. We are committed to protecting this data:

• Patient data is only accessible to authorized users within your organisation.
• Radiology reports and DICOM images are stored securely in Firebase Cloud Storage.
• AI-assisted report content (generated via Gemini) is used only to draft findings for radiologist review and is not stored beyond the session unless explicitly saved.
• ABHA linking is performed through the official ABDM gateway with OTP-based verification.

4. Data Storage and Processing

Your data is stored and processed using the following Google Cloud and Firebase services:

• Cloud Firestore — for all structured business and healthcare records
• Firebase Cloud Storage — for uploaded files, reports, and images
• Firebase Authentication — for secure sign-in and session management
• Firebase Cloud Messaging — for push notifications
• Google App Engine — for hosting the web application
• Google Cloud Build and Artifact Registry — for deployment

All data is processed in accordance with Google Cloud's security and compliance standards.

5. Sharing of Information

We do not sell your personal or business data to third parties.

We may share information in the following circumstances:

• with authorised staff and administrators within your organisation for business operations;
• with service providers such as Google Firebase, Razorpay, and Gemini AI, solely to operate and improve the Platform;
• with ABDM gateway services when performing ABHA patient verification (with user consent);
• when required by applicable law, regulation, or court order;
• to protect the rights, property, or safety of our users, staff, or the public.

6. Payments

Payment processing is handled by Razorpay. When you make or receive payments through the Platform, your payment information is processed by Razorpay under their privacy policy and security standards. We do not store full card or bank account numbers on our servers.

7. AI Features

Desi POS uses Google Gemini AI for radiology report assistance and invoice data extraction. Data submitted to Gemini is used solely for generating responses and is not used to train AI models under our usage agreements. AI-generated content must be reviewed and validated by qualified professionals before use.

8. Data Retention

We retain your data for as long as your account is active or as required to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Upon account termination, data may be retained for a period required by law or for legitimate business purposes before deletion.

9. Data Security

We implement industry-standard technical and organisational measures to protect your data, including:

• HTTPS encryption for all data in transit
• Firebase Authentication with secure token management
• Role-based access control for all sensitive data
• Regular security reviews of our infrastructure

Despite these measures, no system can guarantee absolute security. Please notify us immediately if you suspect any unauthorised access.

10. Your Rights

Subject to applicable law, you may:

• request access to the personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request deletion of your personal data (subject to legal retention requirements);
• withdraw consent for data processing where consent is the legal basis;
• disable push notifications through your device or account settings.

To exercise your rights, contact us at the details below.

11. Cookies and Local Storage

The Desi POS web platform uses cookies and local browser storage for:

• authentication session management (secure HttpOnly cookies);
• language preference storage;
• application state and preferences.

We do not use third-party advertising cookies. You may clear cookies through your browser settings, but this may affect your ability to use the Platform.

12. Children's Privacy

Desi POS is a business platform intended for use by adults. We do not knowingly collect personal information from children under 18 for account creation. Patient data for minors may be entered by authorised representatives for healthcare booking and management purposes only.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by updating the effective date and, where appropriate, by notifying active users. Continued use of the Platform after updates constitutes acceptance of the revised policy.

14. Contact Us

For any questions, requests, or concerns about this Privacy Policy or your data, please contact: