Privacy Policy — Varolyn Healthcare

Varolyn Healthcare ("Varolyn", "we", "us") provides home‑healthcare services across Bangalore and India. We respect your privacy and handle your personal and health information with care. This policy explains what we collect, why, how we protect it, and your rights. We collect the minimum we need, keep it in India, encrypt it, and delete it when its purpose is over.

1 Information we collect

When	What	Why
Enquiry / Contact form	Name, phone, email (optional), city, service needed, message	To call you back & arrange care
Phone (OTP) verification	Mobile number & one‑time code	To confirm it's really you
Appointment booking	Name, phone, date/time, service	To schedule a visit (via Zoho)
Career application	Name, contact, role, résumé, experience	Recruitment
Live chat	What you type, basic device info	To answer your questions
BMI calculator	Age, gender, height, weight	Shown on screen only — never sent to us
Every visit (automatic)	IP address, browser, pages viewed	Security & basic analytics

Because we provide healthcare, some of this may reveal health‑related information. We treat all of it as sensitive personal data and protect it accordingly.

2 What we do not collect

No card, bank or UPI details on this website — payments go through a secure gateway; we never store card numbers.
No medical records, prescriptions or diagnoses through the public site.
No BMI data leaves your browser — it is calculated on your device and never transmitted or stored.
No selling or renting of your data to advertisers, ever.
No hidden tracking beyond what's needed for security and basic analytics.

3 How we use your information

Only for the purpose you gave it: to respond to enquiries, schedule and deliver home‑healthcare services, verify your phone, process job applications, support you over chat, and keep the site secure. We store your information securely in our own protected systems and our CRM so our care team can follow up and serve you. We do not use your data for unrelated purposes without asking you first.

4 How we protect it

In transit & at rest

All connections use HTTPS/TLS encryption. Your data is stored with encryption at rest in our secured systems and CRM, hosted on Indian infrastructure. Passwords and one‑time codes are hashed, never stored in plain text; codes expire within minutes.

Hardened systems

Our servers sit behind a security layer (Cloudflare) that hides the server and blocks attacks; no public ports are left open.
Input validation on every field and a strict content‑security policy block the kind of injection that compromises websites.
Rate‑limiting on forms (and especially OTP) stops spam and abuse; uploaded résumés are type/size‑checked and never executed.

Access control

Only authorised Varolyn staff can access your data, behind strong login + multi‑factor authentication, on a need‑to‑know basis, with activity logs.

5 Who we share it with

We never sell your data. We share it only with trusted service providers who help us run the service, under confidentiality obligations:

Cloud hosting & database (Indian region) — to store data securely.
Our CRM — so our care team can follow up with you.
SMS/OTP provider — to send your verification code (sees your number).
Zoho — forms & appointment booking.
Live‑chat provider — to power chat support.
Cloudflare — security & delivery (sees IP/metadata).

We may also disclose information if required by law or a valid legal/court order.

6 How long we keep it

Enquiry/contact leads: up to 12 months after last contact, then deleted.
Appointment & service records: as needed to provide care and meet legal requirements.
Career applications: 6 months (unless you're hired or agree we keep them on file).
OTP codes: minutes (auto‑expire). Security logs: 30–90 days. BMI inputs: not retained.

7 Your rights

Under the DPDP Act, 2023 you can ask us to:

Access the personal data we hold about you;
Correct or update it;
Erase it (where we're not legally required to keep it);
Withdraw consent at any time;
Nominate someone to act on your behalf;
Raise a grievance about how we handle your data.

To exercise any right, email us at [email protected] and we'll respond within the timeframe required by law.

8 Cookies

We use a few essential cookies to keep the site working and secure. Non‑essential cookies (basic analytics) are used only if you accept them in our cookie banner. You can decline non‑essential cookies and still use the site fully.

9 Children

Our website is intended for adults arranging care. We do not knowingly collect data from children without verifiable parental/guardian consent. If a guardian arranges care for a dependent, they are responsible for the consent to share that information with us.

10 Contact & grievances

For any privacy question, request, or grievance, contact us:

Varolyn Healthcare
Email: [email protected]
Bangalore, India

If you're not satisfied with our response, you may approach the Data Protection Board of India.

11 Changes to this policy

We may update this policy as our services or the law evolve. The "Last updated" date at the top shows the latest version. Significant changes will be highlighted on this page.