Privacy Policy

CentAI Technologies Private Limited ("us", "we", or "Cent", which also includes its affiliates) is the author and publisher of the internet resource www.centai.health and the mobile application "Cent" ("Website"). The Website as well as the software, services and applications provided by Cent (collectively referred to as the "Services").

This privacy policy ("Privacy Policy") explains how we collect, use, share, disclose and protect Personal information about the Users (as defined below) and End User (as defined below) (jointly and severally referred to as "you" or "Users"). Your use of the Services is subject to this Privacy Policy and our Terms of Use available at https://www.cent.health/conditions (the "Terms of Use"). We created this Privacy Policy to demonstrate our commitment to the protection of your privacy and your personal information. Your use of and access to the Services is subject to this Privacy Policy and our Terms of Use. Any capitalized term used but not defined in this Privacy Policy shall have the meaning attributed to it in our Terms of Use.

"User" means any individual or entity who accesses, browses or registers on the Website including End User, business partners.

"End User" means a natural person who uses the Services provided by Cent including but not limited to book appointments, obtain health reports or any other ancillary services.

BY USING THE SERVICES OR BY OTHERWISE GIVING US YOUR INFORMATION, YOU WILL BE DEEMED TO HAVE READ, UNDERSTOOD AND AGREED TO THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY AND AGREE TO BE BOUND BY THE PRIVACY POLICY. YOU HEREBY CONSENT TO OUR COLLECTION, USE AND SHARING, DISCLOSURE OF YOUR INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. WE RESERVE THE RIGHT TO CHANGE, MODIFY, ADD OR DELETE PORTIONS OF THE TERMS OF THIS PRIVACY POLICY, AT OUR SOLE DISCRETION, AT ANY TIME. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY AT ANY TIME, DO NOT USE ANY OF THE SERVICES OR GIVE US ANY OF YOUR INFORMATION. IF YOU USE THE SERVICES ON BEHALF OF SOMEONE ELSE OR AN ENTITY (SUCH AS YOUR EMPLOYER), YOU REPRESENT THAT YOU ARE AUTHORISED BY SUCH INDIVIDUAL OR ENTITY TO (I) ACCEPT THIS PRIVACY POLICY ON SUCH INDIVIDUAL'S OR ENTITY'S BEHALF, AND (II) CONSENT ON BEHALF OF SUCH INDIVIDUAL OR ENTITY TO OUR COLLECTION, USE AND DISCLOSURE OF SUCH INDIVIDUAL'S OR ENTITY'S INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY.

1. WHY THIS PRIVACY POLICY?

This Privacy Policy is published in compliance with, inter alia:

i. Section 43A of the Information Technology Act, 2000;
ii. Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the "SPI Rules");
iii. Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011; and
iv. The Digital Personal Data Protection Act, 2023 and the rules framed thereunder (the "DPDP Act").

This Privacy Policy is intended to operate in compliance with the DPDP Act as the primary framework governing personal data processing. The Information Technology Act, 2000 and the SPI Rules continue to apply to the extent not superseded by the DPDP Act.

This Privacy Policy states the following:

i. The type of information collected from the Users, including Personal Information (as defined in paragraph 2 below) and Sensitive Personal Data or Information (as defined in paragraph 2 below) relating to an individual;
ii. The purpose, means and modes of collection, usage, processing, retention and destruction of such information; and
iii. How and to whom Cent will disclose such information.

2. COLLECTION OF PERSONAL INFORMATION

Generally some of the Services require us to know who you are so that we can best meet your needs. When you access the Services, or through any interaction with us via emails, telephone calls or other correspondence, we may ask you to voluntarily provide us with certain information that personally identifies you or could be used to personally identify you. You hereby consent to the collection of such information by Cent. Without prejudice to the generality of the above, information collected by us from you may include (but is not limited to) the following:

i. contact data (such as your email address and phone number);
ii. demographic data (such as your gender, your date of birth and your pin code);
iii. data regarding your usage of the Services and history of the appointments made by or with you through the use of Services;
iv. other information that you voluntarily choose to provide to us (such as information shared by you with us through emails or letters) including any images and other documents/files.
v. data shared by healthcare providers, laboratory service providers, and other providers of medical and medical-adjacent services pertaining to the Services availed by you.

The information collected from you by Cent may constitute 'personal information' or 'sensitive personal data or information' under the SPI Rules.

"Personal Information" is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.

The SPI Rules further define "Sensitive Personal Data or Information" of a person to mean personal information about that person relating to:

i. passwords;
ii. financial information such as bank accounts, credit and debit card details or other payment instrument details;
iii. physical, physiological and mental health condition;
iv. sexual orientation;
v. medical records and history;
vi. biometric information;
vii. information received by body corporate under lawful contract or otherwise;
viii. visitor details as provided at the time of registration or thereafter; and
ix. call data records.

Cent will be free to use, collect and disclose information that is freely available in the public domain without your consent.

3. PRIVACY STATEMENTS

3.1 ALL USERS NOTE:

This section applies to all users.

3.1.1Accordingly, a condition of each User's use of and access to the Services is their acceptance of the Terms of Use, which also involves acceptance of the terms of this Privacy Policy. Any User that does not agree with any provisions of the same has the option to discontinue the Services provided by Cent immediately.

3.1.2All the information provided to Cent by a User, including Personal Information or any Sensitive Personal Data or Information, is voluntary. You understand that Cent may use certain information of yours, which has been designated as Personal Information or 'Sensitive Personal Data or Information' under the SPI Rules: (a) for the purpose of providing you the Services, (b) for research, statistical analysis and business intelligence purposes in an aggregated or non-personally identifiable form (d) for communication purpose so as to provide You a better way of booking appointments and for obtaining feedback in relation to the Services, (e) debugging customer support related issues, (f) for the purpose of contacting you to complete any transaction if you do not complete a transaction after having provided us with your contact information in the course of completing such steps that are designed for completion of the transaction. Cent also reserves the right to use information provided by or about the End-User for the following purposes:

i. Identifying You.
ii. Publishing such information on the Website.
iii. Contacting End User for offering new products or services.
iv. Contacting End User for taking product and Service feedback.
v. Analysing software usage patterns for improving product design and utility.
vi. Analysing anonymized practice information for commercial use.
vii. Processing payment instructions including those through independent third-party service providers such as payment gateways, banking and financial institutions, pre-paid instrument and wallet providers for processing of payment transaction or deferral of payment facilities.

By accessing and using the Website and/or verifying your contact number with Cent, You have explicitly consented to receive all above stated communications (through call, SMS, email or other digital and electronic means) from Cent and/or its authorized representatives, even if your contact number is registered under the DND / NCPR list under the Telecom Commercial Communications Customer Preference Regulations, 2018. For this purpose, the required information may be shared with third-party service providers or any affiliates, group companies, and their authorized agents.

3.1.3Collection, use and disclosure of information which has been designated as Personal Information or 'Sensitive Personal Data or Information' under the SPI Rules requires your express consent. By affirming your assent to this Privacy Policy, you provide your consent to such use, collection and disclosure as required under applicable law.

3.1.4 Cent does not control or endorse the content, messages or information found in any Services and, therefore, Cent specifically disclaims any liability with regard to the Services and any actions resulting from your participation in any Services, and you agree that you waive any claims against Cent relating to same, and to the extent such waiver may be ineffective, you agree to release any claims against Cent relating to the same.

3.1.5 You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of account registration. If your personal information changes, you may correct, delete inaccuracies, or amend information by making the change on our member information page or by contacting us through privacy@centai.in. We will make good faith efforts to make requested changes in our then active databases as soon as reasonably practicable. If you provide any information that is untrue, inaccurate, out of date or incomplete (or becomes untrue, inaccurate, out of date or incomplete), or Cent has reasonable grounds to suspect that the information provided by you is untrue, inaccurate, out of date or incomplete, Cent may, at its sole discretion, discontinue the provision of the Services to you. There may be circumstances where Cent will not correct, delete or update your Personal Data, including (a) where the Personal Data is opinion data that is kept solely for evaluative purpose; and (b) the Personal Data is in documents related to a prosecution if all proceedings relating to the prosecution have not been completed.

3.1.6 Right to Withdraw Consent. You may withdraw your consent to the collection and processing of your personal data at any time by contacting us at support@centai.in or through the account settings on the Website. Withdrawal of consent will be effective within a reasonable period of receipt of your request. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to the withdrawal. Please note that withdrawal of consent or cancellation of your account may result in Cent being unable to provide you with its Services or to continue any existing relationship with you.

3.1.7 Data Retention and Erasure. Cent retains your personal data only for so long as is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable law. Once the purpose for which personal data was collected is no longer being served, and no legal obligation to retain such data subsists, Cent will erase or delete your personal data in accordance with the requirements of the DPDP Act. Where personal data is irreversibly anonymised such that no individual can be identified therefrom, the resulting anonymised data falls outside the scope of personal data and may be retained and used for analytical and product improvement purposes.

3.1.8 If you wish to opt-out of receiving non-essential communications such as promotional and marketing related information regarding the Services, please send us an email at support@centai.in.

3.1.9Cent may require the User to pay with a credit card, wire transfer or debit card for Services. Cent will collect such User's credit card number and/or other financial institution information such as bank account numbers and will use that information for the billing and payment processes, including but not limited to the use and disclosure of such credit card number and information to third parties as necessary to complete such billing operation. Verification of credit information, however, is accomplished solely by the User through the authentication process. User's credit-card/debit card details are transacted upon secure sites of approved payment gateways which are digitally under encryption, thereby providing the highest possible degree of care as per current technology. However, Cent provides you an option not to save your payment details. User is advised, however, that internet technology is not full proof safe and User should exercise discretion on using the same.

3.1.10Due to the communications standards on the Internet, when a User or the End-User or anyone who visits the Website, Cent automatically receives the URL of the site from which anyone visits. Cent also receives the Internet Protocol (IP) address of each User's computer (or the proxy server a User used to access the World Wide Web), User's computer operating system and type of web browser the User is using, email patterns, as well as the name of User's ISP. This information is used to analyze overall trends to help Cent improve its Service. The linkage between User's IP address and User's personally identifiable information is not shared with or disclosed to third parties. Notwithstanding the above, Cent may share and/or disclose some of the aggregate findings (not the specific data) in anonymized form (i.e., non-personally identifiable) with advertisers, sponsors, investors, strategic partners, and others in order to help grow its business.

3.1.11The Website uses temporary cookies to store certain (that is not sensitive personal data or information) that is used by Cent and its service providers for the technical administration of the Website, research and development, and for User administration. In the course of serving advertisements or optimizing services to its Users, Cent may allow authorized third parties to place or recognize a unique cookie on the User's browser. The cookies however, do not store any Personal Information of the User. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use the Website, but the Website may be limited in the use of some of the features.

3.1.12 A User may have limited access to the Website without creating an account on the Website. Unregistered Users can make appointments for the Services by providing their name and phone number. In order to have access to all the features and benefits on our Website, a User must first create an account on our Website. To create an account, a User is required to provide the following information, which such User recognizes and expressly acknowledges is Personal Information allowing others, including Cent, to identify the User: name, User ID, email address, country, ZIP/postal code, age, phone number, password chosen by the User and valid financial account information. Other information requested on the registration page, including the ability to receive promotional offers from Cent, is optional. Cent may, in future, include other optional requests for information from the User to help Cent to customize the Website to deliver personalized information to the User.

3.1.13Cent does not exercise control over the sites displayed as search results or links from within its Services. These other sites may place their own cookies or other files on the Users' computer, collect data or solicit personal information from the Users, for which Cent is not responsible or liable. Accordingly, Cent does not make any representations concerning the privacy practices or policies of such third parties or terms of use of such websites, nor does Cent guarantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, messages or other materials available on such websites. The inclusion or exclusion does not imply any endorsement by Cent of the website, the website's provider, or the information on the website. If you decide to visit a third-party website linked to the Website, you do this entirely at your own risk. Cent encourages the User to read the privacy policies of that website.

3.1.14Cent maintains a strict "No-Spam" policy, which means that Cent does not intend to sell, rent or otherwise give your e-mail address to a third party without your consent.

3.1.15Cent has implemented best international market practices and security policies, rules and technical measures to protect the personal data that it has under its control from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss. However, for any data loss or theft due to unauthorized access to the User's electronic devices through which the User avails the Services, Cent shall not be held liable for any loss whatsoever incurred by the User.

3.1.16Cent implements reasonable security practices and procedures and has a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Cent's business.

3.1.17 Cent takes your right to privacy very seriously and other than as specifically stated in this Privacy Policy, will only disclose your Personal Information in the event it is required to do so by law, rule, regulation, law enforcement agency, governmental official, legal authority or similar requirements or when Cent, in its sole discretion, deems it necessary in order to protect its rights or the rights of others, to prevent harm to persons or property, to fight fraud and credit risk, or to enforce or apply the Terms of Use.

3.2 END USER NOTE:

This section applies to all End User.

3.2.1 As part of the registration/application creation and submission process that is available to End User on this Website, certain information, including Personal Information or Sensitive Personal Data or Information is collected from the End User.

3.2.2 All the statements in this Privacy Policy apply to all End User, and all End User are therefore required to read and understand the privacy statements set out herein prior to submitting any Personal Information or Sensitive Personal Data or Information to Cent, failing which they are required to leave the Cent immediately.

3.2.3 If you have inadvertently submitted any such information to Cent prior to reading the privacy statements set out herein, and you do not agree with the manner in which such information is collected, processed, stored, used or disclosed, then you may access, modify and delete such information by using options provided on the Website. In addition, you can, by sending an email to privacy@centai.in, inquire whether Cent is in possession of your personal data, and you may also require Cent to delete and destroy all such information.

3.2.4 Cent may share your personal information or any other information with healthcare providers, laboratory service providers, and other providers of medical and medical adjacent services.

3.2.5End User' personally identifiable information, which they choose to provide on the Website is used to help the End User describe/identify themselves. Other information that does not personally identify the End User as an individual, is collected by Cent from End User (such as, patterns of utilization described above) and is exclusively owned by Cent. Cent may also use such information in an aggregated or non-personally identifiable form for research, statistical analysis and business intelligence purposes, and may use, and where applicable transfer to third parties, data that has been irreversibly anonymised such that no individual can be identified therefrom. For the avoidance of doubt, Cent does not sell, transfer, or otherwise commercialise personal data of End Users. The transfer of truly anonymised data falls outside the scope of personal data protection laws. In particular, Cent reserves with it the right to use anonymized End-User demographics information and anonymized End-User health information for the following purposes:

i. Analyzing software usage patterns for improving product design and utility.
ii. Analyzing such information for research and development of new technologies.
iii. Using analysis of such information in other commercial product offerings of Cent.
iv. Sharing analysis of such information with third parties for commercial use.

3.2.6 Cent will communicate with the End User through email, phone and notices posted on the Website or through other means available through the service, including text and other forms of messaging. The End User can change their e-mail and contact preferences at any time by logging into their "Account" at www.centai.in and changing the account settings.

3.2.7At times, Cent conducts a User survey to collect information about End User' preferences. These surveys are optional and if End User choose to respond, their responses will be kept anonymous. Similarly, Cent may offer contests to qualifying End User in which we ask for contact and demographic information such as name, email address and mailing address. The demographic information that Cent collects in the registration process and through surveys is used to help Cent improve its Services to meet the needs and preferences of End User.

3.2.8 Cent may keep records of electronic communications and telephone calls received and made for making appointments or other purposes for the purpose of administration of Services, customer support, research and development.

3.2.9All Cent employees and data processors, who have access to, and are associated with the processing of sensitive personal data or information, are obliged to respect the confidentiality of every End User' Personal Information or Sensitive Personal Data and Information. Cent has put in place procedures and technologies as per good industry practices and in accordance with the applicable laws, to maintain security of all personal data from the point of collection to the point of destruction. Cent engages Data Processors only through written contracts that impose the following obligations: (i) to process personal data solely on Cent's documented instructions and not for any other purpose; (ii) to implement appropriate technical and organisational security measures commensurate with the nature and sensitivity of the personal data processed; (iii) not to engage sub-processors without Cent's prior written authorisation; (iv) to assist Cent in fulfilling its obligations under the DPDP Act, including responding to Data Principal rights requests and breach notifications; and (v) to delete or return all personal data upon termination of the processing engagement.

3.2.10Cent may also disclose or transfer End User' personal and other information provided by a User, to a third party as part of reorganization or a sale of the assets of a Cent corporation division or company. Any third party to which Cent transfers or sells its assets to will have the right to continue to use the personal and other information that End User provide to us, in accordance with the Terms of Use.

3.2.11 To the extent necessary to provide End User with the Services, Cent may provide their Personal Information to third party contractors who work on behalf of or with Cent to provide End User with such Services, to help Cent communicate with End User or to maintain the Website or independent third party service providers to process payment instructions including providing a payment deferral facility to End User in relation to the Services. These third-party service providers have access to information needed to process payments, but may not use it for other purposes. Generally these contractors do not have any independent right to share this information, however certain contractors who provide services on the Website, including the providers of online communications services, may use and disclose the personal information collected in connection with the provision of these Services in accordance with their own privacy policies. In such circumstances, you consent to us disclosing your Personal Information to contractors, solely for the intended purposes only.

4. CONFIDENTIALITY AND SECURITY

4.1Your Personal Information is maintained by Cent in electronic form on its equipment, and on the equipment of its employees. Such information may also be converted to physical form from time to time. Cent takes all necessary precautions to protect your personal information both online and off-line, and implements reasonable security practices and measures including certain managerial, technical, operational and physical security control measures that are commensurate with respect to the information being collected and the nature of Cent's business.

4.2 No administrator at Cent will have knowledge of your password. It is important for you to protect against unauthorized access to your password, your computer and your mobile phone. Be sure to log off from the Website when finished. Cent does not undertake any liability for any unauthorised use of your account and password. If you suspect any unauthorized use of your account, you must immediately notify Cent by sending an email to support@centai.in You shall be liable to indemnify Cent due to any loss suffered by it due to such unauthorized use of your account and password.

4.3 Cent makes all User information accessible to its employees, agents or partners and third parties only on a need-to-know basis, and binds only its employees to strict confidentiality obligations.

4.4 Notwithstanding the above, Cent is not responsible for the confidentiality, security or distribution of your Personal Information by our partners and third parties outside the scope of our agreement with such partners and third parties. Further, Cent shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond the reasonable control of Cent including but not limited to, acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of Internet service or telephone service of the User etc.

5. CHANGE TO PRIVACY POLICY

Cent may update this Privacy Policy at any time, with or without advance notice. In the event there are significant changes in the way Cent treats User's personally identifiable information, or in the Privacy Policy itself, Cent will display a notice on the Website or send the End User an email, as provided for above, so that you may review the changed terms prior to continuing to use the Services. As always, if you object to any of the changes to our terms, and you no longer wish to use the Services, you may contact support@centai.into deactivate your account. Unless stated otherwise, Cent's current Privacy Policy applies to all information that Cent has about you and your account.

If a User uses the Services or accesses the Website after a notice of changes has been sent to such User or published on the Website, such User hereby provides his/her/its consent to the changed terms.

6. ARTIFICIAL INTELLIGENCE FEATURES

Cent uses artificial intelligence (AI) technologies to power certain features of its Services, including automated chat support, document summarisation, and the generation of structured risk reports for preventive screening purposes. These AI features are designed to improve the quality and usability of the Services and are regularly tested for fairness and accuracy. The following principles govern Cent's use of AI in processing personal data: (i) Consent: AI-based processing of your personal data is conducted only with your consent and for the specific purposes disclosed in this Privacy Policy; (ii) Purpose: Cent's AI layer generates structured risk reports for preventive screening purposes only — it does not diagnose any medical condition, prescribe treatment, or make clinical decisions, and outputs do not constitute medical advice; (iii) Human oversight: No automated decision-making with legal or similarly significant effects is applied without a human review layer; and (iv) Data minimisation: Personal data processed through AI features is limited to what is necessary for the relevant purpose. When you interact with AI-powered features, Cent may collect and process information you provide to generate relevant outputs and improve its Services.

7. CHILDREN UNDER THE AGE OF 18

Cent's Website and Services are directed at adults and are not intended for use by persons under the age of 18 ("children"). Cent does not knowingly collect personal data from children without the verifiable consent of their parent or legal guardian. Where a parent or legal guardian books a Service on behalf of a child, the parent or guardian is treated as the consenting Data Principal for the purposes of the DPDP Act, and the child's personal data will be processed solely for the purpose of providing the relevant Service. Cent strictly prohibits the tracking, behavioural monitoring, profiling, or targeting of advertising at children. If Cent becomes aware that it has collected personal data from a child without the requisite parental or guardian consent, it will promptly delete such data and, where appropriate, notify the parent or guardian. Cent strongly encourages parents and guardians to supervise the online activities of their children. Should you become aware that Cent holds personal data of a child without appropriate consent, please contact us at privacy@centai.in

8. CONSENT TO THIS POLICY

You acknowledge that this Privacy Policy is a part of the Terms of Use of the Website and the other Services, and you unconditionally agree that becoming a User of the Website and its Services signifies your (i) assent to this Privacy Policy, and (ii) consent to Cent using, collecting, processing and/or disclosing your Personal Information in the manner and for the purposes set out in this Privacy Policy. Your visit to the Website and use of the Services is subject to this Privacy Policy and the Terms of Use.

9. GRIEVANCE OFFICER AND CONTACT DETAILS

Should you have questions about this Privacy Policy or Cent's information collection, use and disclosure practices, please contact our designated Grievance Officer. We will use reasonable efforts to respond to your request within a reasonable period and in accordance with the timelines prescribed under the DPDP Act.

Name: Arpit Garg
Email: privacy@centai.in

10. PERSONAL DATA BREACH

Cent maintains appropriate technical and organisational measures to detect, investigate, and mitigate personal data breaches. In the event of a personal data breach that is likely to result in a risk to the rights of any Data Principal, Cent shall:

i. notify the Data Protection Board of India in the prescribed form and within the timeline prescribed under the DPDP Act and the rules framed there under, and
ii. notify the affected Data Principal(s) in a clear and plain manner, describing the nature of the breach, the categories of personal data affected, and the measures taken or proposed to be taken to address the breach and mitigate its effects.

Breach notifications will be issued in accordance with the requirements of the DPDP Act and any rules or guidance issued by the Data Protection Board of India.

11. RIGHTS OF DATA PRINCIPALS

As a Data Principal under the DPDP Act, you have the following rights in relation to your personal data processed by Cent:

i. Right to Information: You have the right to obtain a summary of the personal data held by Cent in relation to you, the processing activities carried out with respect to such data, and the identities of Data Fiduciaries and Data Processors with whom your personal data has been shared.
ii. Right to Correction and Completion: You have the right to request that Cent correct any inaccurate or misleading personal data and complete any incomplete personal data, where necessary having regard to the purpose of processing.
iii. Right to Erasure: You have the right to request erasure of your personal data where it is no longer necessary for the purpose for which it was collected, or where you have withdrawn consent and there is no other lawful basis for continued processing.
iv. Right to Grievance Redressal: You have the right to have your grievances regarding the processing of your personal data addressed by the Grievance Officer designated by Cent. If you are dissatisfied, you may approach the Data Protection Board of India.
v. Right to Nominate: You may nominate any other individual to exercise your rights under the DPDP Act on your behalf in the event of your death or incapacity.

To exercise any of the above rights, please contact our Grievance Officer at privacy@centai.in. We will use reasonable efforts to respond to your request in accordance with the timelines prescribed under the DPDP Act.