Introduction
At Bloomeor Technologies (“Bloomeor”, “we”, “us”, or “our”), privacy, transparency, and security are central to how we design and operate our software platforms.
This Privacy Policy explains how we collect, use, store, and protect information when you use our cloud-based software, websites, applications, APIs, and related services (the “Services”).
By accessing or using our Services, you agree to the practices described in this Privacy Policy.
Bloomeor complies with applicable laws in India, including the Digital Personal Data Protection Act, 2023.
We do not sell personal or business data. Our services are built around providing software solutions, not monetising user information.
Information We Process
Information You Provide Directly
We collect information when you create an account, request a demo, subscribe to our Services, or contact our support team.
- Full name
- Business email address and phone number
- Organisation or institution name and address
- Billing and payment information
- Account credentials
- Support requests and correspondence
Institutional & Operational Data
As a software service provider, Bloomeor primarily acts as a Data Processor, processing information under your instructions. Depending on the product you use, this may include:
Bloomeor POS
- Product catalogs and inventories
- Barcode and SKU databases
- Billing and sales transactions
- Customer contact information
- Digital receipts and invoices
Bloomeor HMS
- Patient profiles and basic demographics
- Appointment and scheduling data
- Clinical and consultation records
- Pharmacy and inventory data
- Electronic Health Records ( where applicable)
Bloomeor ERP & Custom Platforms
- Employee information
- Student and institutional records
- Attendance and operational workflows
- Business reports and analytics
- Customer specific datasets uploaded into the system
How We Use Information
We use information solely to provide, operate, secure, and improve our Services.
- Delivering and maintaining our software services
- Managing user accounts and authentication
- Monitoring system performance, stability, and availability
- Providing technical support and resolving issues
- Sending service, product, and security-related communications
- Processing subscriptions and billing
- Preventing fraud, misuse, and unauthorised access
- Enforcing our Terms of Service and contractual obligations
- Complying with applicable legal and regulatory requirements
We do not use customer data for advertising, profiling, or data brokerage.
Sharing & Disclosure
We do not sell, rent, or trade customer information. Information may be shared only in the following circumstances:
Infrastructure & Service Providers
We work with trusted cloud and infrastructure providers, including AWS India and Google Cloud India, to host and operate our Services. These providers process data only on our behalf and under contractual confidentiality and security obligations.
Legal Compliance
We may disclose information when required by applicable law, court order, regulatory authority, or a legally binding government request. Any disclosure is limited to the information necessary to comply with such obligations.
Business Transactions
If Bloomeor is involved in a merger, acquisition, restructuring, financing, or sale of assets, information may be transferred as part of that process. Customers will be notified before any material changes affecting their information take effect.
Government & Legal Requests
At Bloomeor, we believe your data belongs to you. We do not provide access to customer information unless required by applicable law.
If we receive a legal request, court order, warrant, subpoena, or regulatory directive, we review the request to ensure it is lawful and properly authorized.
Where disclosure is required, we provide only the minimum information necessary to comply with our legal obligations.
When legally permitted, we will make reasonable efforts to notify affected customers before disclosing their information.
Bloomeor does not use customer data for surveillance, advertising, profiling, or purposes unrelated to delivering and securing our Services.
Security Measures
Protecting customer data is a core responsibility. Bloomeor implements technical, administrative, and organizational safeguards designed to protect information and maintain service integrity.
- AES-256 encryption for data at rest
- TLS 1.3 encryption for data in transit
- Role-Based Access Control (RBAC)
- Multi-Factor Authentication (MFA)
- Continuous monitoring and threat detection
- Security logging and audit trails
- Regular vulnerability assessments
- Independent security testing
- Segregated customer environments and logical isolation
- Principle of least privilege for internal access
Security is built into every Bloomeor platform from the outset, with a focus on privacy, resilience, and trust.
Data Retention
We retain information only for as long as necessary to provide our Services, comply with legal obligations, and maintain the integrity of our operations.
| Data type | Retention period |
|---|---|
| Account information | Duration of the customer relationship + 12 months |
| Transaction records | Up to 7 years, where required for accounting and tax purposes |
| Healthcare records | As required by applicable healthcare regulations |
| Support communications | Up to 1.5 years |
Upon a verified request and subject to legal or regulatory requirements, customer data may be deleted within 30 days following service termination.
DPDP Act, 2023
Bloomeor is committed to complying with the Digital Personal Data Protection Act, 2023 and other applicable laws. As applicable, we:
- Process personal data only for lawful and specified purposes
- Maintain reasonable accuracy of personal data
- Implement appropriate security safeguards
- Prevent unauthorized access, processing, and disclosure
- Respond to valid data rights requests
- Notify relevant authorities and affected individuals of reportable breaches, where required by law
- Execute Data Processing Agreements (DPAs) where required
For most enterprise and institutional deployments, Bloomeor acts as a Data Processor, while customers act as the Data Fiduciary for information processed through our Services.
Your Privacy Rights
Designed with privacy in mind. You may have rights over your personal data, including the ability to access, correct, delete, or manage how it is used, subject to applicable law.
- Access
- Request information about the personal data we process.
- Correction
- Request correction of inaccurate or incomplete information.
- Erasure
- Request deletion of personal data where legally permitted..
- Grievance Redressal
- Contact our privacy team with questions, concerns, or complaints.
- Nomination
- Designate another individual to exercise your rights where permitted by law.
We aim to respond to verified requests within 30 days, or as required by applicable law.
Cookies & Analytics
Our websites and applications use a limited set of cookies and similar technologies to provide, secure, and improve our Services.
Essential Cookies
Essential cookies support authentication, security, and core functionality. These cookies are required for the operation of our Services.
Analytics Cookies
Analytics cookies help us understand product performance and usage trends. We use tools such as Google Analytics 4 (GA4) and Microsoft Clarity to collect aggregated usage information.
We do not sell analytics data to third parties.
Preference Cookies
Preference cookies remember settings such as language and theme preferences to improve your experience.
We do not use advertising cookies, behavioral profiling systems, or cross-site tracking technologies.
Where available, users may manage or disable non-essential cookies through their browser settings or cookie preferences.
International Data Processing
To provide our Services, information may be processed using secure cloud infrastructure located in India or other jurisdictions where our service providers operate.
When information is processed across borders, we implement appropriate contractual, technical, and organizational safeguards to protect customer information and comply with applicable laws.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our Services, security practices, legal requirements, or operations.
If we make material changes, we will provide notice through our website, Services, or other appropriate communication channels
Unless otherwise stated, updates become effective when published. We encourage you to review this Privacy Policy periodically.
Contact Us
For privacy inquiries, data requests, compliance matters, or grievance redressal, please contact us.
We aim to respond to privacy-related requests within30 business days. For urgent security matters, please include "URGENT" in the subject line.