← Back to Home

Privacy Policy

Platform: Appoint8

Operator: OMNARYON LLP

Effective Date: 13th June, 2026

This Privacy Policy explains how OMNARYON LLP ("Company", "We", "Us", "Our") collects, uses, stores, shares, and protects personal data in connection with the Appoint8 appointment management platform ("Service"). It should be read together with the Appoint8 Terms and Conditions and, where applicable, the Data Processing Agreement entered into with business customers.

This Policy is drafted in line with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 (together, "DPDP Law").

Company Information

The Two Roles in Which We Handle Data

How this Policy applies to you depends on whose data is involved. DPDP Law distinguishes between a Data Fiduciary (who decides why and how data is processed) and a Data Processor (who processes data on a fiduciary's behalf).

A. Data for which OMNARYON LLP is the Data Fiduciary

This is data we collect and control directly: the account, identity, contact, technical, and billing data of the businesses and individual users who register for and use the Service. For this data, we are responsible for obtaining consent, providing notice, and responding to rights requests. Sections 3 to 12 of this Policy describe how we handle it.

B. Data for which OMNARYON LLP is the Data Processor

This is the appointment and customer data that our business customers (such as clinics) enter into the Service about their patients and clients ("End-Customer Data"). For this data, the business customer is the Data Fiduciary and we act only as its Data Processor, processing the data on its instructions to provide the Service. Section 13 describes how this works. If you are a patient or client of a business that uses Appoint8, that business — not OMNARYON LLP — is responsible for your data, and you should direct privacy requests to it in the first instance.

Data We Collect (Where We Are the Data Fiduciary)

Identity Data

Name, business name, username.

Contact Data

Email address, phone number.

Technical Data

IP address, browser type, device information, and log data.

Billing Data

Subscription and transaction records. Payment processing is handled by third-party payment gateways; we do not store full card details.

Communications

Support requests and correspondence with us.

How and Why We Use This Data

We process the data described in Section 3 to:

Legal Basis for Processing under DPDP Law

We rely on the following lawful bases recognised under DPDP Law:

We do not rely on open-ended "legitimate interest" grounds, as these are not recognised under DPDP Law.

Notice and Consent

This Privacy Policy, together with our Terms and Conditions, describes the personal data we collect, the purposes for which we process it, how you may exercise your rights, how you may withdraw consent, and how you may make a complaint to the Data Protection Board of India. By registering for and using the Service, you consent to the processing of your personal data as described in this Policy.

Withdrawing Consent

You may withdraw your consent at any time by:

Withdrawing consent is as easy as giving it. The consequence of withdrawal is that we may no longer be able to provide all or part of the Service. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Your Rights as a Data Principal

Where we are the Data Fiduciary for your data, you have the right to:

To exercise these rights, contact our Grievance Officer (Section 16). We will respond within the timelines required under DPDP Law.

Data Retention

We retain personal data only for as long as necessary for the purposes set out in this Policy:

Data Security

We implement reasonable security safeguards designed to protect personal data, including:

No system can guarantee absolute security, and you acknowledge that any internet-based service carries inherent risk. You are responsible for keeping your login credentials confidential.

Data Breach Response

If we become aware of a personal data breach, we will act in accordance with DPDP Law and our other legal obligations. Specifically:

Cookies and Similar Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, maintain security, and understand how the platform is used. You can control or disable non-essential cookies through your browser settings or any cookie controls we provide. Some essential cookies are required for the Service to function.

End-Customer Data — Where We Act as Data Processor

When a business customer enters data about its own patients or clients into the Service:

Children's Data

The Service is intended for use by businesses and professionals aged 18 or over and is not designed for direct use by children as account holders. We do not knowingly create accounts for individuals under 18.

We recognise, however, that business customers may record appointment information relating to minors (for example, paediatric patients). Where this occurs, the business customer is the Data Fiduciary and is responsible for obtaining verifiable parental or guardian consent and for ensuring no processing is undertaken that is likely to cause harm to a child, in accordance with DPDP Law. OMNARYON LLP processes such data only as a Data Processor on that business's instructions.

Third-Party Service Providers and Cross-Border Storage

Service providers. We use trusted third-party providers to deliver the Service, including cloud hosting, SMS, email, and payment gateway providers. These providers process personal data only to provide services to Appoint8 and are subject to obligations consistent with this Policy. We maintain a current list of these providers and will make it available on request.

Where data is stored. Personal data processed through the Service is primarily stored and processed on servers located in India. Where any processing occurs outside India, we will not transfer personal data to any country or territory restricted by the Central Government under DPDP Law, and we will take reasonable steps to ensure an appropriate level of protection.

Grievance Redressal

In compliance with DPDP Law, the following Grievance Officer has been appointed to address questions and complaints relating to personal data:

If you are not satisfied with our response, you have the right to register a complaint with the Data Protection Board of India.

Policy Updates

We may update this Privacy Policy from time to time. We will notify users of significant changes by email or through a platform announcement. Continued use of the Service after an update takes effect constitutes acceptance of the revised Policy.

Contact

For general questions about this Policy or the Service:

For data protection rights and grievances, please contact the Grievance Officer named in Section 16.

Last Updated: 13th June, 2026

Empowering India's Service Professionals.