Privacy Policy

Splash Social ("Platform") is operated by Medvarsity Technologies Pvt. Ltd. ("MTPL", "we", "us"). This Privacy Policy describes how we collect, use, store, and protect personal data when you use our AI-powered social media marketing platform for healthcare organizations.

By using Splash Social, you agree to the practices described in this policy. If you disagree, please discontinue use and contact us to delete your account.

2.1 Account Information

Name, email address, organization name, role, phone number (optional), profile photo (if using Google OAuth).

2.2 Organization Data

Organization name, type, headquarters region, website URL, email domain, entity/location details, medical specialties, brand configuration (fonts, voice, imagery preferences).

2.3 Content Data

Social media posts created, reviewed, and published through the platform. Brand guidelines, uploaded documents, images, and compliance configurations. AI-generated content drafts and revision history.

2.4 Usage Data

AI token consumption, API usage metrics, login timestamps, IP addresses, browser type, feature usage patterns, audit trail of administrative actions.

2.5 Third-Party Integration Data

OAuth tokens for LinkedIn and Instagram (stored encrypted). Social media engagement metrics retrieved from connected platforms. API keys provided by organizations for their own AI provider accounts (BYO-AI).

We use collected data exclusively for:

Providing and operating the Splash Social platform. Generating, reviewing, and publishing AI-powered content on your behalf. Ensuring compliance with healthcare advertising regulations (MCI, ASCI, Drugs Act). Billing, invoicing, and token usage metering. Security monitoring, fraud prevention, and platform integrity. Improving our AI agents and content quality. Sending transactional emails (account, billing, compliance alerts). Aggregated analytics for platform improvement (never shared with third parties in identifiable form).

All data is stored on servers located in India (AWS Mumbai / DigitalOcean BLR regions). We implement industry-standard security measures including:

AES-256-GCM encryption for all API keys and OAuth credentials at rest. TLS 1.3 for all data in transit. Schema-per-entity PostgreSQL isolation — each entity's data is physically separated. Role-based access control (RBAC) with principle of least privilege. Audit logging of all administrative actions. Regular security assessments and dependency updates.

No employee of MTPL can access the content of your social media posts without explicit authorization from your organization's admin.

We do NOT sell, rent, or trade personal data. We share data only with:

AI Providers (Anthropic, Google AI): Post content is sent to AI APIs for generation and compliance review. These providers process data per their own privacy policies but do not retain input/output data from API calls.

Social Media Platforms (LinkedIn, Instagram): Content you publish is sent to these platforms via their official APIs. Data on those platforms is governed by their respective privacy policies.

Payment Processors (Razorpay): Billing information is processed by Razorpay. We do not store credit card numbers.

Law Enforcement: Only when required by valid legal process under Indian law.

Under the Digital Personal Data Protection Act 2023 (DPDP Act) and applicable regulations, you have the right to:

Access: Request a copy of your personal data. Correction: Request correction of inaccurate data. Erasure: Request deletion of your account and associated data. Portability: Export your content and data (ZIP download). Withdraw Consent: Withdraw consent for data processing (may require account closure). Grievance: File a complaint with our Data Protection Officer.

To exercise any right, email: [email protected]

Active accounts: Data retained while your subscription is active. Trial accounts: Data retained for 90 days after trial expiry, then deleted. Cancelled accounts: Content data deleted within 30 days; billing records retained for 7 years (regulatory requirement). Audit logs: Retained for 3 years (compliance requirement). Anonymized analytics: Retained indefinitely.

We use essential cookies only: session authentication (next-auth), theme preference, and onboarding progress. We do NOT use advertising cookies, tracking pixels, or third-party analytics that track individual behavior. We do NOT use Google Analytics, Facebook Pixel, or similar services.

Splash Social is a B2B platform for healthcare organizations. We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor's data has been collected, contact us immediately.

Splash Social is designed for organizations operating primarily in India. If you access the platform from outside India, your data will be processed and stored in India in accordance with Indian data protection laws.

We will notify registered users of material changes via email at least 15 days before the changes take effect. Continued use after the effective date constitutes acceptance.

Data Protection Officer: Gerald Jaideep
Email: [email protected]
Address: Medvarsity Technologies Pvt. Ltd., Jubilee Hills, Hyderabad, Telangana 500033, India