PRIVACY
Legal

PrivacyPolicy

Effective Date09 March 2026
JurisdictionIndia · Howrah, West Bengal
EntitySolanacy Technologies · Compliance: DPDP Act 2023 & GDPR Principles
00

Introduction

Solanacy Technologies ("we", "us", or "our") is a technology company incorporated in Howrah, West Bengal, India, operating at solanacy.in. We build AI-powered healthcare infrastructure products, including D-Dey Smart Pharmacy OS and ARIA, our agentic AI system.

This Privacy Policy explains how we collect, use, store, and protect any information you provide when you access and use the D-Dey Pharmacy Management System (PMS) — a web-based SaaS platform designed for licensed pharmacists and pharmacy owners across India.

By registering, logging in, or otherwise using D-Dey PMS, you acknowledge that you have read, understood, and agreed to the data practices described in this policy. If you do not agree, please discontinue use of the Service immediately.

We do not sell, rent, or trade your personal information to third parties for commercial purposes. Your data exists solely to power your pharmacy operations.

01

Information We Collect

We collect the minimum information necessary to provide a fully functional pharmacy management experience. The categories of data we collect include:

1.1. Account & Identity Information

When you register using Google Sign-In (via Firebase Authentication), we automatically receive and store:

  • Your full name and primary email address as registered with Google.
  • Your Google profile picture URL (used for display purposes only).
  • A unique User ID (UID) generated by Firebase for internal identification.

During onboarding, you voluntarily provide:

  • Your pharmacy/company name, registered mobile number, and GST Number.
  • Your Drug License number (for compliance verification).
  • Staff email addresses if you choose to add team members to your account.
1.2. Business & Operational Data

As you use the platform, we process the following data to facilitate your day-to-day pharmacy operations:

  • Inventory Data: Medicine names, batch numbers, expiry dates, stock quantities, purchase prices, and selling prices.
  • Sales & Billing Records: Invoice details, item-wise quantities, discounts, GST breakdowns, and timestamps.
  • Customer Information: Mobile numbers voluntarily entered by you for WhatsApp billing. We do not collect patient names or addresses unless you choose to input them.
  • Staff Activity Logs: Actions performed by staff accounts under your company ID, for accountability and audit purposes.
1.3. Technical & Usage Data

We automatically collect certain technical information when you use the app:

  • Browser type, operating system, and device type.
  • IP address (for fraud detection and geographic access control).
  • Service Worker cache data to enable offline functionality.
  • Error logs and crash reports to improve platform stability.
02

Sensitive Health Data

Important — Data Fiduciary Notice

Under the DPDP Act, 2023 (India), Solanacy acts solely as a Data Processor. You, the Pharmacy Owner/Subscriber, are the Data Fiduciary with respect to your patients' health and prescription data.

We do not own, analyze for commercial purposes, or monetize any prescription or patient health data that passes through our systems.

2.1. Processing of Prescriptions via AI Scanner

When you use the AI Scanner feature to scan a prescription document or medicine strip:

  • The image or video frame is transmitted to Google's Gemini AI API for OCR text extraction.
  • Extracted text (medicine names, dosages) is returned to your device and pre-filled in the billing cart.
  • Images are processed transiently and are not permanently stored on our servers after processing is complete.
  • We do not build patient profiles, link prescriptions to patient identities, or use health data for any purpose other than assisting your immediate billing workflow.
2.2. Your Responsibility as Data Fiduciary

By using the AI Scanner, you represent and warrant that:

  • You have obtained necessary consent from your customers/patients to process their prescription data.
  • You are a licensed pharmacist operating within the bounds of the Drugs and Cosmetics Act, 1940.
  • You will not use the scanner to process prescriptions for illegal, controlled, or banned substances.
03

Camera & Microphone Permissions

3.1. Camera Access

The D-Dey PMS app requests camera access exclusively for:

  • Scanning medicine barcodes and QR codes for instant inventory lookup.
  • Capturing images of medicine strips or handwritten prescriptions for AI-assisted OCR text extraction.

Camera access is activated only when you explicitly open the Scanner module. We do not access your camera in the background, on other screens, or when the app is minimized. We do not record continuous video or store raw camera feeds.

3.2. Microphone Access

The Voice Agent feature requests microphone access for hands-free billing and inventory operations.

  • Microphone is active only when Voice Agent mode is explicitly turned on — a visible on-screen indicator is displayed at all times while active.
  • Audio is streamed in real-time to our processing infrastructure via a secure WebSocket connection.
  • We do not record audio in the background or retain voice recordings after the command has been processed.
04

How We Use Your Data

We use the data we collect strictly for the following defined, legitimate purposes:

  • Service Delivery: To manage your pharmacy inventory, generate GST-compliant bills, track sales, and enable multi-staff operations under your company account.
  • AI Feature Enablement: To process prescription images via OCR, power the Voice Agent, and provide intelligent low-stock alerts and expiry notifications.
  • Subscription Management: To verify your active plan, enforce feature access limits (AI scan quotas, staff seats), and notify you of upcoming renewals or expirations.
  • Platform Communication: To send system-wide announcements via the Broadcast feature (Super Admin only) and to deliver critical security or policy update notifications.
  • AI Model Improvement: Anonymized and aggregated scan data (with all personally identifiable information stripped) may be used internally to improve our OCR model accuracy for Indian pharmacy contexts.
  • Fraud Detection & Security: To identify and prevent unauthorized access attempts, account sharing violations, and API abuse patterns.
  • Legal Compliance: To meet our obligations under Indian tax laws (GST record-keeping), the DPDP Act 2023, and other applicable regulations.

We will not use your data for any purpose not listed above without obtaining your explicit consent first.

05

Third-Party Sharing & Sub-Processors

We do not sell your personal data to any third party. We share your data only with trusted infrastructure providers essential to delivering the Service:

5.1. Google Firebase (Authentication, Database & Hosting)

Firebase is our primary backend infrastructure provider. Your account data, business data, and billing records are stored in Google Firestore (a NoSQL cloud database). Authentication is handled via Firebase Auth using Google OAuth 2.0. All data stored in Firebase is encrypted at rest and in transit. Firebase is compliant with ISO 27001, SOC 1, SOC 2, and SOC 3 standards.

5.2. Google Gemini AI (AI Scanner & OCR)

When you use the AI Scanner, prescription images and text are processed by Google's Gemini API. This data is subject to Google's Generative AI Prohibited Use Policy. We transmit only the image data required for the specific OCR task and do not include any persistent customer identifiers.

5.3. WhatsApp / Meta Platforms (Invoice Sharing)

When you tap "Send on WhatsApp", the app generates a pre-filled message and opens WhatsApp on your device. This is a device-level redirection — we do not transmit data to Meta's servers, access your WhatsApp contacts, or store the content of any WhatsApp conversations.

5.4. Legal Disclosure

We may disclose your information without prior notice if required by applicable law, court order, or lawful governmental authority. We will notify you of any such disclosure to the extent permitted by law.

06

Data Security

We implement multiple layers of technical and organizational security measures to protect your data:

  • Encryption in Transit: All data is encrypted using HTTPS/TLS 1.2 or higher. Voice Agent WebSocket connections are also encrypted end-to-end.
  • Encryption at Rest: All data stored in Google Firestore is encrypted at rest using AES-256 encryption managed by Google.
  • Company-Level Data Isolation: Every record is tagged with a unique companyId. Firestore Security Rules ensure one pharmacy can never access another pharmacy's data.
  • Role-Based Access Control (RBAC): Staff accounts are restricted to specific features. Staff cannot access billing exports, staff management, or subscription settings.
  • Authentication Security: Login is exclusively via Google OAuth 2.0. We do not store passwords. Google enforces MFA if enabled by the user.
  • Admin Lock Screen: The platform enforces an automatic lock screen after inactivity to prevent unauthorized physical access.
  • Subscription-Based Access Control: Expired accounts are automatically locked at the platform level.

In the event of a data breach affecting your personal information, we will notify you and relevant authorities as required by the DPDP Act, 2023.

07

Cookies & Local Storage

D-Dey PMS is a Progressive Web App (PWA) and relies on browser-side storage mechanisms to function correctly. We use these technologies only for necessary purposes:

  • Firebase Authentication Tokens (localStorage / IndexedDB): Firebase stores your session token to keep you logged in between sessions. This is strictly necessary — you cannot disable this without losing access.
  • Language Preference (appLang): Stores your selected interface language (English, Hindi, or Bengali) so the app translates correctly on every reload.
  • Theme Preference (d-dey-theme): Stores your chosen visual theme (Light or Dark Mode).
  • Service Worker Cache: Caches application assets to enable offline functionality and instant load times — essential for the Offline Billing feature.

We do not use cookies or local storage for cross-site tracking, advertising profiling, or any third-party analytics purposes.

08

Your Rights — DPDP Act 2023

Under the Digital Personal Data Protection Act, 2023 (India), you have the following rights:

  • Right to Access: Request a summary of the personal data we hold about your account. Email us with subject "DATA ACCESS REQUEST".
  • Right to Correction: Update your pharmacy name, mobile number, or GST details directly from Profile settings. For email/account corrections, contact us.
  • Right to Erasure: Request complete deletion of your account and all associated data. This action is permanent and irreversible. Note: we may retain anonymized financial records for GST compliance as required by Indian tax law.
  • Right to Withdraw Consent: Withdraw consent for optional data processing (such as AI model improvement using anonymized scan data) at any time by contacting us.
  • Right to Grievance Redressal: File a complaint with our Grievance Officer or with the Data Protection Board of India once constituted.
  • Right to Nominate: Under the DPDP Act, you may nominate another individual to exercise your data rights on your behalf in the event of death or incapacity.

We will respond to all verified data rights requests within 30 days of receipt.

09

Data Retention

We retain your personal and business data only for as long as necessary for the purposes outlined in this policy:

  • Active Accounts: All data retained for the duration of your active subscription.
  • Expired Subscriptions: After your subscription expires, your account enters a locked state. Your data is retained for a grace period of 90 days to allow for renewal.
  • Billing & Financial Records: GST invoices and payment records may be retained for up to 7 years to comply with the Goods and Services Tax Act, 2017.
  • Account Deletion Requests: Upon a verified Hard Delete request, all personal data is permanently removed from Firestore within 30 days. Backups may retain residual data for up to an additional 30 days before being overwritten.
  • AI Scanner Images: Prescription images are not retained after OCR processing completes. They are transient and never written to any persistent storage.
10

Children's Privacy

D-Dey PMS is a professional B2B SaaS platform designed exclusively for licensed pharmacists and pharmacy business owners. It is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors.

If you believe a minor has registered for or is using our Service, please contact us immediately at support@solanacy.in. We will take immediate steps to delete the associated account and data.

11

Policy Updates

We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or the features of the platform. When we make material changes, we will:

  • Update the "Effective Date" at the top of this page.
  • Display an in-app notification to active subscribers informing them of the update.
  • Where required by law, obtain fresh consent for the updated data practices.

Continued use of the Service after a policy update constitutes acceptance of the revised terms.

12

Contact Us & Grievance Officer

For any questions, data rights requests, or complaints related to this Privacy Policy, contact our designated Grievance Officer as required under the DPDP Act, 2023:

Solanacy Technologies

Grievance Officer: Saumik Paul (Founder & CEO)

Email: support@solanacy.in

Response Time: Within 30 days of receipt

Address: Howrah, West Bengal, India

Website: solanacy.in

© 2026 Solanacy Technologies — All rights reserved

ddey.solanacy.in