Privacy policy

This privacy policy describes how Klaro Care Technologies Pvt. Ltd. ("we", "us") collects, uses, and shares personal data in line with the Digital Personal Data Protection Act, 2023 ("DPDP Act").

• Identity: Aadhaar, PAN, photograph — required for KYC.
• Contact: mobile, email, residential and office addresses.
• Health: self-declared conditions, smoker flag, height, weight.
• Financial: bank account (encrypted), policy/claim/payment history.
• Usage: IP, device, pages viewed — for product improvement.

To issue and service policies, personalise recommendations, process claims, meet regulatory obligations, and improve the platform. We don't use your data to train public AI models.

We share data with partner insurers only at proposal stage (when you apply for a specific policy) and with payment gateways for transactions. We never sell your data or share it with third-party marketers.

• AES-256 field-level encryption for PII at rest.
• TLS 1.3 for data in transit.
• ISO 27001, PCI-DSS 4.0, CERT-In empanelled.
• Role-based access, audit-logged, least-privilege principle.

• Right to access — full data export within 30 days.
• Right to correction — via Account → Profile.
• Right to erasure — with retention overrides for regulatory records.
• Right to withdraw consent — per purpose, via Account → Privacy.
• Right to grievance redressal — see Grievance Officer.

Account data is retained while your account is active. Regulatory records (policy, claim, payment) are retained for 7 years after last transaction, per IRDAI. Marketing consents can be withdrawn anytime.

We use strictly necessary cookies by default, and analytics/personalisation cookies only with consent. See our Cookie Policy.

We don't knowingly collect data from children under 18. Policies covering minors are bought by the parent/guardian who holds the account.

Data Protection Officer · dpo@klarocare.in · Klaro Care Technologies Pvt. Ltd., Embassy Tech Village, Bengaluru 560103.