Security Policy

This Security Policy (“Policy”) describes the security measures implemented by KSHITI Ayurveda (“Company”, “we”, “us”, “our”) for the protection of data processed through:

• KSHITI Ayurveda
• Location: Coimbatore, Tamil Nadu, India
• Phone: +91 95978 51971
• Email: hi@kshitiayurveda.com
• Website: www.kshitiayurveda.com and all its subdomains

This Policy applies to all users (“you”, “your”) accessing or using our websites, platforms, or services, including:

• Doctor Consultation (Online, Offline, Chat, Audio, and Video Consultation)
• Treatments and Procedures
• Ayurveda Medicines and related healthcare services

By using our website or services, you acknowledge that you have read and understood this Security Policy and agree to the practices described herein. If you do not agree, you should discontinue use of our website and services.

1. Security Commitment

• We are committed to maintaining the confidentiality, integrity, and availability of all data entrusted to us, especially health and personal information.
• We continuously monitor, review, and update our security controls to address emerging threats, vulnerabilities, and recognized industry best practices.
• Security patches, software updates, and configuration improvements are applied in a timely and systematic manner to mitigate risks from known vulnerabilities.

2. Data Protection Measures

To protect your personal and health-related information, we implement multiple technical and organizational controls, including but not limited to:

• Encryption in Transit and at Rest
• Data transmitted between your device and our systems is protected using industry-standard encryption protocols (such as HTTPS/SSL/TLS).
• Sensitive data stored in our systems is protected using robust encryption mechanisms and secure storage practices.
• Access Control and Least Privilege
• Access to personal and health data is strictly limited to authorized personnel who require such access to perform their professional duties (e.g., doctors, support staff, administrators).
• Role-based access control and authentication mechanisms are used to ensure that only appropriate individuals and systems can access specific data.
• Security Audits and Monitoring
• We subject our infrastructure and applications to regular security reviews and assessments, which may include vulnerability assessments and internal audits.
• Logs and key events are monitored to detect suspicious activity and facilitate timely investigation.
• Data Minimization and Purpose Limitation
• We collect and retain only the data that is necessary for providing safe and effective healthcare services, legal compliance, and operational purposes.
• Data is processed strictly in line with the purposes described in our Privacy Policy and applicable legal requirements.

3. Account Security

Where our website or subdomains provide patient portals or user accounts, we take steps to protect your account, while you also play a key role in its security:

• User Credentials
• Users are required or strongly encouraged to create strong, unique passwords using a combination of uppercase letters, lowercase letters, numbers, and special characters.
• Passwords should not be shared with anyone, including our staff.
• Additional Security Measures
• Where available, we encourage enabling multi-factor authentication (MFA/2FA) (e.g., one-time passwords) for an additional layer of security.
• We may employ risk-based checks or temporary account restrictions if unusual or suspicious login activities are detected.
• Suspicious Activity and Account Compromise
• In case of suspected unauthorized access, we may temporarily suspend or restrict access to your account and request additional verification to restore access.
• You should notify us immediately of any suspected unauthorized use of your account or other security concerns by contacting:
• Email: hi@kshitiayurveda.com
• Phone: +91 95978 51971

4. Payment Security

For consultations, treatments, and purchases of Ayurveda medicines, we prioritize the security of your payment information:

• Secure Payment Gateways
• All online payments are processed via reputed third-party payment gateways that follow robust security standards such as the Payment Card Industry Data Security Standard (PCI-DSS).
• Financial data (such as full card numbers, CVV, etc.) is generally processed directly by these gateways and not stored on our servers.
• Limited Payment Data Handling
• We may store non-sensitive transaction data such as transaction IDs, payment status, and limited billing information needed for accounting, support, and legal compliance.
• Payment data in transit between you and the payment gateway is protected using secure encryption protocols.
• Fraud Prevention
• We and our payment partners use automated measures and checks to detect fraudulent or suspicious payment activities.
• Transactions identified as high-risk may be subject to additional verification or declined to protect both you and us.

5. Threat Detection and Response

We employ multiple layers of protection to defend against cyber threats and unauthorized access:

• Protective Technologies
• Firewalls, access controls, and other security measures are used to control and monitor network traffic.
• Intrusion detection and/or prevention mechanisms help identify and block suspicious activities.
• Continuous Monitoring
• Systems and services are monitored for anomalies, malware indicators, and unauthorized access attempts.
• Important security events are logged for analysis, investigation, and compliance purposes.
• Incident Response Process
• We maintain internal incident response procedures to ensure that, in the event of a security incident, our response includes:
• Immediate containment and mitigation steps
• Technical investigation to determine root cause and impact
• Implementation of corrective and preventive measures

6. User Responsibilities

Security is a shared responsibility. To help protect your information and our systems, you agree to:

• Use the Platform Responsibly
• Not attempt to circumvent, disable, or interfere with any security controls, authentication mechanisms, or access limitations implemented by KSHITI Ayurveda.
• Not attempt to access data or accounts that you are not authorized to access.
• Secure Your Devices
• Ensure that your personal devices (computers, smartphones, tablets) are protected with up-to-date operating systems, security patches, antivirus/anti-malware software, and firewalls.
• Avoid using untrusted networks (e.g., open Wi-Fi) for sensitive activities without appropriate protections.
• Be Vigilant Against Fraud and Phishing
• Exercise caution with unsolicited messages, emails, or calls asking for login details, payment information, or personal data.
• Verify that you are logging in to our legitimate website or trusted subdomains and not a spoofed or fraudulent site.
• Report any suspicious activity, scams, or phishing attempts related to KSHITI Ayurveda immediately to:
• Email: hi@kshitiayurveda.com

7. Data Breach Notification

Although we strive to implement strong security controls, no system is completely immune to risks. In the unlikely event of a data breach involving your information:

• User Notification
• We will notify affected users without undue delay and in accordance with applicable data protection and cybersecurity laws.
• Notifications may include information on the nature of the breach, the type of data affected, potential risks, and recommended steps for your protection.
• Corrective Measures
• We will take immediate steps to contain the breach, mitigate its effects, and prevent recurrence.
• Where required, we will cooperate with relevant regulatory or law enforcement authorities.

8. Compliance and Legal Framework

KSHITI Ayurveda’s security and data protection practices are designed to align with relevant legal and regulatory requirements:

• Applicable Indian Laws
• We aim to comply with applicable provisions of the Information Technology Act, 2000, and associated rules relating to reasonable security practices and sensitive personal data.
• We also take into account other applicable healthcare, consumer protection, and data-related regulations in India.
• International Principles
• For users outside India, we endeavor to follow recognized data protection and information security principles, to the extent applicable to our operations.
• You are responsible for ensuring that your use of our website and services complies with the laws of your own jurisdiction.

9. Changes to This Security Policy

We may update or modify this Security Policy from time to time to reflect:

• Changes in our services, infrastructure, or business operations
• Evolving legal, regulatory, or security requirements
• Improvements to our security measures and practices

When we make material changes:

• The updated Policy will be published on www.kshitiayurveda.com (and/or relevant subdomains) with a revised effective date.
• Your continued use of our website or services after the updated Policy is posted will constitute your acceptance of the revised terms.
• We encourage you to review this Policy periodically to stay informed of our current security practices.

10. Governing Law and Dispute Resolution

• This Security Policy is governed by and construed in accordance with the laws of India.
• Subject to applicable law, any disputes arising out of or relating to this Security Policy, your use of our website, or our security practices shall be subject to the exclusive jurisdiction of the competent courts in India, with appropriate venue determined based on KSHITI Ayurveda’s principal place of business.

Contact for Security-Related Queries

If you have any questions, concerns, or requests regarding this Security Policy or our security practices, you can contact us at:

• KSHITI Ayurveda
• Location: Coimbatore, Tamil Nadu, India
• Phone: +91 95978 51971
• Email: hi@kshitiayurveda.com
• Website: www.kshitiayurveda.com