Overview

1. Overview

This Privacy Policy applies to Kodur PCC, also referred to in our materials as the Oruma palliative care platform, developed and operated by AFO. It covers our mobile applications, web application, related APIs, and this public website.

Kodur PCC is intended for authorized organizations, staff, and care teams who use the service to manage palliative care operations such as patient registration, home visits, equipment, and medicine supply workflows. It is not a consumer social network, advertising app, or general-purpose public forum.

i

This policy is intended to support public privacy disclosures for Google Play and the Apple App Store. Your store disclosures and in-app disclosures should stay consistent with this policy and the current app behavior.

Where patient or beneficiary information is entered by a healthcare provider, NGO, or similar organization, that organization is responsible for its own legal basis, notices, authorizations, and consent management under applicable law. AFO processes that information in order to provide the Kodur PCC service.

This policy should be read together with your service agreement and any organization-specific data governance rules. Applicable laws may include the Digital Personal Data Protection Act, 2023 and other Indian or regional privacy laws that apply to your deployment.

Data Collection

2. Information We Collect

2.1 Account and organization data

  • User name, email address, password hash, role, and account timestamps
  • Organization or center details provided during onboarding or support communication
  • Support and enquiry information submitted through our website, phone, or WhatsApp channels

2.2 Operational and patient-related data entered into the service

  • Patient identifiers and profile details such as name, relation, gender, age, address, phone numbers, village, ward, location link, registration number, and registration date
  • Care-related details such as diseases, care plans, visit notes, visit dates, visit mode, team notes, medicine supply records, equipment supply records, and deceased-patient status where entered by the organization
  • Receiver, caregiver, and contact details needed for equipment or medicine handover and returns
  • Inventory records such as equipment identifiers, serial numbers, supplier or purchase details, storage place, and status

2.3 Technical and security data

  • Authentication tokens and basic session data stored locally on your device so the app can keep you signed in
  • Server-side request logs, timestamps, IP address or similar network metadata, and error information needed to operate, secure, and troubleshoot the service
  • Basic website submission details when you contact us through the landing page
Category Examples Why It Is Used
Account data Name, email, role, password hash Authentication, access control, support
Patient and care data Patient profile, disease list, care plan, home visits Service delivery and record management
Supply and inventory data Equipment, medicine, receiver and return records Tracking care operations and assets
Technical data Auth token, timestamps, IP or request logs, errors Security, reliability, debugging
Health Data

3. Sensitive Health and Care Data

!

Kodur PCC can process sensitive health-related and care-related information. That data should only be entered by authorized users for legitimate care-management, operational, or compliance purposes.

Depending on how your organization uses the platform, sensitive data may include patient identity details, condition or disease information, care plans, visit observations, medicine records, equipment history, death status, and related caregiver information.

We do not sell health data. We do not use health data for advertising. We do not disclose health data to data brokers. We do not use health data for profiling unrelated to service delivery, security, compliance, or direct platform support.

If your organization collects data about minors or other vulnerable individuals, your organization is responsible for obtaining all necessary permissions, notices, and consents required by applicable law before entering that information into the service.

Kodur PCC is a care-management tool. It is not presented as emergency response software, consumer medical advice, or a substitute for professional clinical judgment.

Data Use

4. How We Use Information

We use personal and sensitive data only for legitimate, disclosed purposes such as:

  • Creating and maintaining authorized user accounts
  • Authenticating users and keeping sessions active
  • Displaying, updating, exporting, and managing patient, visit, equipment, and medicine records
  • Operating the API and synchronizing data between the app and server
  • Providing onboarding, customer support, and service communications
  • Detecting misuse, unauthorized access, service issues, and security incidents
  • Complying with legal obligations, enforcing our terms, and resolving disputes
  • Improving the reliability and usability of the service using internal operational insights
OK

We do not sell personal data, we do not use patient data for advertising, and we do not use hidden data collection for unrelated marketing purposes.

Sharing

5. How Data May Be Shared

We do not sell or rent personal data. We may disclose data only in the limited situations below:

5.1 Within your organization

Authorized users within the same organization may access information made available to them through the service, depending on their role, responsibilities, and the way the organization uses the platform.

5.2 Service providers and infrastructure

We may use hosting, database, domain, communications, security, or similar infrastructure providers to run Kodur PCC. These providers may process data on our behalf only to deliver the service or support it. They are expected to protect data in a manner consistent with this policy and applicable law.

5.3 Legal and safety disclosures

We may disclose information when required by law, regulation, court order, lawful request, or when reasonably necessary to protect rights, safety, security, or the integrity of the service.

5.4 Business changes

If AFO undergoes a merger, acquisition, restructuring, or asset transfer, data may be transferred as part of that transaction subject to applicable confidentiality and legal requirements.

5.5 With your direction or consent

We may share information when your organization instructs us to do so, or when you expressly request or consent to a particular disclosure.

Permissions

6. Permissions, Device Access, and Tracking

The current Android application requests network access to connect to the Kodur PCC service. In the current app version, the mobile app does not request runtime access to contacts, camera, microphone, photos, precise location, SMS, call logs, or Bluetooth for core operation.

The current iOS application does not include privacy permission strings for camera, microphone, photos, contacts, or location access in the current configuration. If a future version adds any privacy-sensitive permission or SDK, this policy and the relevant store disclosures must be updated before release.

We do not describe the current app as using third-party advertising SDKs, cross-app tracking, or health-data monetization. The app is designed to support authenticated care operations, not targeted advertising.

On supported devices, the app may store a sign-in token locally so you remain logged in until logout, token expiry, or administrator action. If you use the public website, standard browser and server interactions may create routine web logs necessary to serve the site and handle enquiries.

Security

7. Data Security

We use reasonable administrative, technical, and organizational safeguards appropriate to the nature of the service and the data processed. These measures may include authenticated access, password hashing, transport security, controlled server access, and operational monitoring.

  • Passwords are stored as hashes, not plain text
  • Authenticated API routes are protected using bearer-token based access controls
  • Data transmitted between the app and production API uses HTTPS/TLS endpoints
  • We limit use of data to service operation, support, security, and disclosed business purposes
!

No internet-based system can guarantee absolute security. If we become aware of a reportable incident, we will respond in accordance with applicable law, contractual commitments, and the nature of the event.

Retention

8. Retention and Deletion

We retain data only for as long as reasonably necessary to operate Kodur PCC, satisfy contractual obligations, support authorized users, maintain security records, and comply with applicable law.

  • Account and organization data are generally retained while the account or service relationship remains active
  • Patient and operational records are typically retained according to the organization's instructions, workflows, and applicable legal or clinical recordkeeping requirements
  • Technical logs and troubleshooting data may be retained for a limited period needed for security, fraud-prevention, and debugging
  • When deletion is approved, data may be deleted, de-identified, or put beyond active use, subject to legal retention duties and legitimate dispute-resolution or security needs

If you want to request account closure, data export, or deletion, contact your organization administrator or use the privacy contact method in Section 12. Where we are able to verify and honor the request, we will do so within a reasonable period, typically within 90 days unless a shorter or longer period is legally required or technically necessary.

Your Rights

9. Your Rights and Choices

Depending on where you are located and the role you have in relation to the data, you or your organization may have rights to request access, correction, export, restriction, objection, or deletion of personal data.

  • Request access to personal data we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion, subject to legal and operational limitations
  • Request support if you believe your data has been handled improperly
  • Withdraw optional consents where processing depends on consent

For patient data, requests should usually be directed first to the healthcare organization, NGO, or center that collected the information and uses Kodur PCC in its care operations. That organization is typically best placed to validate the request and instruct us on the required action.

Children

10. Children's Privacy

Kodur PCC is not designed for children to create or manage their own accounts directly. We do not knowingly offer direct self-service account registration to children.

Some organizations using the service may enter records relating to minors who receive palliative or home-care services. In those cases, the organization using the platform is responsible for ensuring it has an appropriate legal basis and any required parent or guardian permissions.

Updates

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect service changes, legal requirements, or improvements in our privacy practices. When we make a material change, we will update the date at the top of this page and may also provide notice through the app, website, or direct communications where appropriate.

Terms

Terms of Service

These Terms govern use of Kodur PCC and related services provided by AFO.

Acceptance and authority

By using the service, you confirm that you are authorized to use Kodur PCC on your own behalf or on behalf of your organization.

Permitted use

You may use Kodur PCC only for legitimate, lawful care-management or organizational operations. You must not misuse the service, interfere with it, reverse engineer it, or use it to store data you are not authorized to process.

Organization responsibility

Your organization is responsible for ensuring that the information entered into the service is accurate, lawfully obtained, and used in compliance with applicable healthcare, privacy, and employment obligations.

Availability

We work to keep the service available and reliable, but uninterrupted availability cannot be guaranteed. The service may be limited by maintenance, connectivity, third-party infrastructure, or events outside our control.

Ownership

AFO retains rights in the software, design, branding, and service components of Kodur PCC. Your organization retains rights in the data it lawfully contributes to the platform.

Termination

We may suspend or terminate access where necessary for security, misuse, non-payment, legal compliance, or the end of a service relationship. Upon validated termination, export and deletion handling will follow the applicable agreement and Section 8 of this page.

Law

Unless another written agreement states otherwise, these Terms are governed by applicable Indian law, with venue in Kerala where legally permitted.

Contact

12. Privacy Contact and Support

If you have a privacy question, want to request deletion or export, or need to report a security or data handling concern, you can contact AFO using the methods below:

AFO Privacy and Support

For privacy requests, please include your organization name, your role, and enough detail for us to verify and route the request. Urgent security issues should be clearly marked as urgent.

Open Contact Form →

Phone / WhatsApp: +91 999 55 66 067

Website: palliative.ziyaq.in

Contact form: Submit an enquiry or privacy request

Address: Malappuram, Kerala, India