CureALife Healthtech – Data Protection Policy

DATA PROTECTION POLICY

Effective Date: 10/Sep/2025

1. Objective

To protect personal, sensitive, and health data from unauthorized access, breach, or misuse.

2. Lawful Processing

Data is processed based on consent, contractual necessity, legal obligation, or public interest.

3. Security Measures

The Company implements technical and organizational security controls, including:

• Encryption (data-in-transit and data-at-rest)

• Role-based Access Control (RBAC) to limit data visibility

• Secure cloud hosting (e.g., Azure) with robust perimeter defense

• Detailed Audit logs for tracking all data access and modifications

• Regular penetration testing and vulnerability assessments

4. Employee & Vendor Obligations

All staff and vendors are bound by strict confidentiality and Non-Disclosure Agreements (NDAs). Training is provided to ensure compliance with this policy.

5. Data Breach Management

We maintain a dedicated Data Breach Response Plan covering: Breach assessment, Mitigation and containment, and Notification to relevant regulatory authorities and affected users as required by law.

6. AI & Data Protection

Artificial Intelligence (AI) models are trained and utilized primarily using anonymized or pseudonymized datasets to protect individual identities and sensitive health information.

7. Review

This Data Protection Policy will be formally reviewed and updated at least once annually, or more frequently if there are significant changes in regulatory requirements or technology.

© CureALife Healthtech Private Limited. All rights reserved.