Privacy policy · plain-language first
How we handle your data.
In short: your shop's data belongs to your shop. We don't sell it, don't train models on it without your written opt-in, and don't pretend deletion means anything other than deletion. This page is the longer version.
The one-paragraph version
We collect what we need to run the product, store it isolated per shop, encrypt it at rest, retain it only as long as it's useful or legally required, and delete it when you ask. We don't sell data to anyone, ever. We don't train AI models on your shop's transactions without your written, separately-collected opt-in. If we ever have to materially change this policy, you get notice before it takes effect.
Who this applies to
This policy covers everyone who uses Pia — pharmacy owners, managers, workers, family members logged in under a shop's tenant — and everyone who visits this website. We are the data fiduciary under India's Digital Personal Data Protection Act, 2023. The shop's owner is the data principal for that shop's data.
What we collect
From the website
- Basic request metadata (IP, user-agent, referrer) for security and abuse prevention. Retained for 30 days.
- If you fill in a form or message us: whatever you sent us. Retained for the life of the conversation plus 12 months.
- We do not run third-party advertising trackers. We do not run a cookie banner because we're not setting cookies that would require one.
Inside the product
- Account & user data: name, role (owner / manager / worker), phone number, optional email, language preference.
- Shop & business data: shop name, GSTIN, address, drug license number where required, the products and batches you stock.
- Operational data: bills, purchases, customer records, supplier records, returns, ledger entries — everything the product needs to do its job.
- Conversation data: your messages to Pia, the drafts Pia produced, what you approved or edited.
- Photographs: receipts, prescriptions, or product labels you photograph for OCR.
- Device & app diagnostics: crash logs, performance traces, app version. Aggregated, not tied to individual users by default.
How we use it
- To run the product — everything above, used to do what you asked Pia to do.
- To improve the product for you — aggregated usage patterns that inform what features to build next.
- To meet legal obligations — GST filings, audit trails, drug-regulator reporting where required.
- To respond when you contact us — support, feedback, recovery from incidents.
What we don't use it for
- Training AI models on your shop's data without your written, separately-collected opt-in. Opt-in is never bundled with feature access.
- Selling to data brokers, advertisers, or any third party.
- Profiling individuals across pharmacies.
- Marketing to your customers without your shop's explicit instruction.
How long we keep it
| Category | Retention |
|---|---|
| Transactional data (bills, purchases, ledger) | 8 years — matches GST audit requirements |
| Customer records inside a tenant | For as long as the shop wants; deletable on request |
| Pia conversation history | 3 years rolling, unless you opt to shorten or extend |
| OCR source photographs | 180 days, then purged; the parsed data stays |
| Server logs | 30 days |
| Crash & diagnostic logs | 90 days |
| Account & access records after closure | 90 days, then deleted; legally-required records anonymized beyond that |
Where it lives
Operational data is stored on infrastructure with data centers in India and at the edge worldwide. Each shop's data is logically isolated with its own encryption keys. We don't transfer your shop's data outside India for processing unless we've told you, in writing, why and where.
Who we share with
- Payment processors — UPI, card, bank rails — for the limited purpose of processing your subscription payment.
- Cloud and infrastructure providers — under data-processing agreements, bound to the same standards we hold ourselves to.
- WhatsApp Business — when you opt in to the WhatsApp surface, message content goes through WhatsApp's pipes per their terms.
- Lawful authority — only on a valid order, only the data the order specifies, and we tell you it happened unless legally prohibited.
Your rights
Under DPDPA 2023 and as a matter of policy, every data principal has the right to:
- Access — a copy of the personal data we hold about you.
- Correction & updation — fixing anything inaccurate.
- Erasure — deletion of personal data, subject only to legal-retention exceptions we'll cite specifically.
- Withdrawal of consent — for anything where consent was the basis.
- Grievance — a working channel to raise concerns. Ours is below.
- Nomination — assign someone to exercise these rights if you can't.
The full mechanics are at our DPDPA 2023 statement, including how long we take to fulfill a request and what we charge (nothing, in almost every case).
Grievance officer
Per DPDPA 2023, our grievance officer is the founder, reachable at [email protected]. We aim to resolve grievances within 30 days. If you're unsatisfied, you can escalate to the Data Protection Board of India under the Act.
Children
Pia is built for businesses. We don't knowingly collect personal data of individuals under 18 as a Pia user. If a pharmacy uses Pia to track customers who happen to be minors, that processing is governed by the shop's own customer-data obligations, not ours directly.
Changes to this policy
Material changes get email notice 30 days before they take effect. Clarifications (typos, restructure for readability) don't. Every change is timestamped at the bottom of this page; the canonical history lives in our git log.