Privacy Policy
Last updated:
This Privacy Policy explains how Jaanch("we", "us", "our") collects, uses, retains, and shares your personal data when you use the service available at jaanch.in and related domains (the "Service"). We are the Data Fiduciary for this Service for the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act").
We have written this policy to be readable. Where Indian statute requires specific language, we have preserved it. Where it does not, we have tried to be plain.
1. Who we are
Jaanch is a document audit tool for Indian consumers. You upload a document — most often a hospital bill — and we run it against publicly available government data (such as NPPA ceiling prices, CGHS rate schedules, IRDAI non-payable items, and CBIC GST notifications) and return a plain-English report of potential overcharges or terms worth verifying.
We are based in India and operate the Service from servers located in India, the United States, and the European Union depending on the sub-processor (see §6). Contact details for the Service's grievance officer appear in §10.
2. The personal data we collect
We collect the minimum information required to deliver the Service. We do not require you to sign up or create an account. The categories below are exhaustive.
2.1 Documents you upload
When you submit a document for audit, we receive and process the contents of that document. A hospital bill typically contains your name or your family member's name, the hospital's name and address, dates of admission and discharge, the diagnosis or service category, itemised charges, and the total amount billed. Some bills also contain your UHID, doctor names, and your insurer's identifying information.
We treat the full document content as sensitive personal data. See §4 for retention and §3 for what we do with it.
2.2 Session and technical data
For each session we collect:
- An opaque, randomly generated session identifier stored in an HTTP-only first-party cookie. We use this to scope your audits to your browser so you can return to them without creating an account. The cookie is signed with our server key.
- A salted SHA-256 hash of your IP address. We never store the raw IP. The hash is used only for rate limiting and spam detection. The salt is rotated on a documented schedule.
- Your browser's user agent string. We retain this only for spam analysis on the contact form and for diagnosing browser-specific issues.
- The size, type, and SHA-256 hash of the document you upload. The hash lets us detect when a user re-uploads the same file.
2.3 Information you provide voluntarily
If you choose to receive your audit report by email, you supply an email address. If you contact us through the in-product contact form, you supply your email address and optionally a name, along with the contents of your message. These fields are strictly optional and used only for the specific purpose you provided them.
2.4 What we do not collect
We do not collect or store the following: passwords (the Service has no login for end users), payment information (the Service is currently free; if and when a paid tier launches, payment will be processed entirely by an Indian payment gateway and we will not see card data), advertising identifiers, location data, contacts, calendar entries, third-party social-media profiles, or any biometric data.
We do not maintain shadow profiles of visitors who have not actively interacted with the Service.
3. How we use your personal data
Each category of data is used only for the purposes listed against it. We do not use your data for advertising, profiling for marketing, or sale to third parties.
- Document contents are used to (a) generate your audit report; (b) train internal accuracy benchmarks after personal identifiers have been removed (see §4); (c) respond to support requests you initiate that reference the specific audit; (d) comply with lawful regulatory or judicial requests.
- Session identifier, IP hash, and user agent are used to enforce rate limits, detect abuse, debug errors, and prevent automated misuse.
- Email address (if provided) is used solely to deliver the report, respond to the message you sent, or answer the data-rights request you submitted. We do not send marketing, newsletters, or product announcements to addresses collected this way.
4. How long we keep it
We apply different retention windows based on how sensitive the data is.
| Data category | Retention | Why |
|---|---|---|
| Original uploaded document (PDF/image) | 30 days from upload, then automatically deleted | Long enough to handle support questions and re-runs; short enough that the highest-sensitivity asset is not kept indefinitely |
| Extracted structured data (line items, amounts, dates), after personal identifiers are scrubbed | Retained indefinitely | Used to improve audit accuracy and benchmark across the population of bills. Person names are removed before retention; hospital names and category-level data are kept. |
| Audit report content and findings | Retained while the document above is retained | Required for you to view your report |
| Email address (report delivery, contact form) | Until the specific transaction is complete + 90 days for reply continuity | Single-purpose under DPDP. Not reused for any other communication. |
| IP hash and user agent (rate limiting) | 90 days | Spam-pattern analysis window |
| Operational logs (error stacks, request paths) | 90 days | Diagnostic + security |
| Contact-form messages | 2 years | In case the issue recurs and historical context helps |
Where this policy says we delete data, we mean we delete it from the primary store and from any backups within thirty days of the primary deletion.
5. Lawful basis for processing
We process your personal data under the following lawful bases recognised by §4 of the DPDP Act:
- Consent. When you upload a document, you consent to its processing for the purpose of generating the audit report. When you submit your email for report delivery or contact, you consent to its use for that specific purpose.
- Legitimate use. Rate-limit metadata (IP hashes, session identifiers, user agent) is processed under §7(c) (compliance with applicable law and judicial orders) and §7(g) (employment-related processing — not applicable here) to the extent permitted. Where consent is the more appropriate basis, we obtain it.
You may withdraw your consent at any time using the steps in §9. Withdrawal does not affect processing that has already taken place but ends future processing for the relevant purpose.
6. Sub-processors and where your data is stored
We use the following third-party processors to deliver the Service. Each is bound by our terms of engagement and we select them on the basis of their stated security and privacy posture. The country column reflects the primary data centre region for our use of that processor.
| Processor | Purpose | Country |
|---|---|---|
| Anthropic, PBC | Reads uploaded documents and returns structured extraction | United States |
| Cloudflare, Inc. | Object storage for uploaded documents (R2); bot challenge (Turnstile); content delivery | Global edge with India presence |
| Amazon Web Services, Inc. | Transactional email delivery via Simple Email Service (SES) | United States (us-east-1) |
| Vercel, Inc. | Frontend hosting and edge functions | United States and global edge |
| Railway, Inc. | Backend application and database hosting | United States |
| Functional Software, Inc. (Sentry) | Error monitoring | United States |
We do not use third-party advertising networks, web analytics platforms (such as Google Analytics or Meta Pixel), session replay tools, or marketing automation tools.
7. Cross-border transfers
Some of the sub-processors above store or process data outside India, primarily in the United States. The DPDP Act permits cross-border transfer to jurisdictions not specifically restricted by the Central Government. As of the date of this policy, the United States is not on the restricted list. We will update this section if that position changes.
We minimise the personal data sent to each processor. Anthropic receives the document content needed to extract line items, but our prompts instruct it not to retain the content beyond the request. We have requested the Anthropic Zero-Data-Retention addendum and will note its status here once executed.
8. Security
We take security seriously. The Service uses HTTPS end-to-end. Documents stored at rest in object storage are encrypted using AES-256. Database storage is encrypted at rest by the underlying provider. We rotate secrets on a documented schedule and apply rate limits and bot challenges to prevent abuse. The detailed engineering security posture is published as part of our SECURITY.md document and updated with each change.
No system is perfectly secure. If you believe you have identified a vulnerability, please write to hello@jaanch.in with the subject "Vulnerability report". We will acknowledge within two working days.
9. Your rights as a Data Principal
The DPDP Act gives you the following rights with respect to the personal data we process. You can exercise any of these rights at no cost by contacting the grievance officer (§10).
- Right to information. You may ask for a summary of the personal data we hold about you and what we do with it. We will respond within 7 days of receiving your verifiable request.
- Right to correction and erasure. You may ask us to correct inaccurate personal data, complete incomplete data, or erase data we no longer need to retain for the purpose it was collected. We will act on corrections within 7 days. Erasure requests are processed within 7 days unless we are required by law to retain the data for longer.
- Right to grievance redressal. You may raise a complaint about how we have handled your data using the process in §10. If we do not respond within 7 days, or if you are dissatisfied with the response, you may approach the Data Protection Board of India.
- Right to nominate. You may nominate another person to exercise these rights on your behalf in case of your death or incapacity. Email the grievance officer to register a nomination.
- Right to withdraw consent. You may withdraw consent for any processing that depends on consent. The Service will continue to function but any feature dependent on the withdrawn data will stop working (for example, if you withdraw consent for email delivery, we will not be able to send your report by email).
10. Grievance officer
We have appointed a grievance officer to handle questions and complaints about how we process personal data, in line with DPDP §10.
Email: grievance@jaanch.in
Response SLA: 7 days from receipt of a verifiable request.
Escalation: If you are dissatisfied with our response, or if we fail to respond within 7 days, you may file a complaint with the Data Protection Board of India under the procedure published on its website.
To help us respond faster, please include the audit ID (if applicable), the email address you used (if any), and a clear description of what you would like us to do. We may ask follow-up questions to verify your identity before acting on data-access or deletion requests.
11. Children
The Service is intended for adults handling their own or their family's documents. We do not knowingly process personal data of children under 18 except where a parent or lawful guardian is uploading the child's medical bill for audit on their behalf, in which case the parent or guardian provides consent on the child's behalf in accordance with DPDP §9.
If you believe a child has used the Service without parental consent, please contact the grievance officer and we will delete the relevant data.
12. Cookies and similar technologies
We use exactly one cookie: a first-party, HTTP-only, signed session token that scopes audits to your browser without requiring a login. The token expires after one year of inactivity. You can delete it from your browser preferences at any time; doing so will end your ability to view existing audits but will not delete the audits from our servers (use §9 for that).
We do not use third-party advertising cookies, cross-site tracking pixels, fingerprinting libraries, or analytics beacons.
13. Changes to this policy
We will update the "Last updated" date at the top of this page whenever we change the policy in a way that affects you. For significant changes (for example, adding a new category of data we collect, or adding a new sub-processor in a new country), we will give 30 days' notice on the home page before the change takes effect. If you do not agree with a change, you may exercise your right to deletion under §9 and discontinue use of the Service.
14. Contact
For privacy questions, use the grievance officer email in §10. For all other questions, write to hello@jaanch.in.