ValiCore
ValiCore

Privacy Policy

Last updated: May 1, 2026

ValiCore Technologies Pvt. Ltd. (“ValiCore”, “we”, “us”) operates a software-as-a-service platform for laboratory validation, calibration, and quality compliance. This policy explains what personal data we process, why, and your rights regarding it.

1. Data we collect

  • Account data: name, work email, role, and organisation name supplied at sign-up.
  • Authentication data: hashed passwords (bcrypt), TOTP secrets if you enable 2FA, session tokens, IP address, and user-agent strings for security auditing.
  • Operational data: records you create in the platform — instruments, calibration logs, QC tests, incidents, documents, audit-trail entries.
  • Usage telemetry: request paths, error rates, and performance metrics needed to operate the service. We do not use third-party advertising or behavioural-tracking cookies.

2. How we use it

  • To provide, secure, and improve the service.
  • To meet your regulatory and audit obligations (e.g. 21 CFR Part 11, Schedule M, ISO 15189) by maintaining a tamper-evident audit trail of who did what, when.
  • To send transactional notifications (calibration due dates, incident alerts) and security alerts.
  • To respond to your support requests.

3. Legal basis

We process personal data under the legal bases of contract (delivering the subscribed service), legitimate interest (security, fraud prevention, product improvement), and legal obligation (regulatory record-keeping required by your industry).

4. Where data is stored

Customer data is hosted in India (AWS ap-south-1) with encryption at rest (AES-256) and in transit (TLS 1.2+). We do not transfer customer data outside India without your prior written consent.

5. Retention

Operational records are retained for the lifetime of your subscription plus seven (7) years thereafter, in line with pharmaceutical record-keeping norms. You may request earlier deletion of non-regulatory data by contacting us.

6. Sharing

We do not sell personal data. We share data only with:

  • Sub-processors that operate the platform (cloud hosting, transactional email).
  • Authorities, when legally compelled by valid Indian legal process.

A current list of sub-processors is available on request.

7. Your rights

You may request access, correction, export, or deletion of your personal data, and you may withdraw any consent you previously gave. Contact your organisation administrator for in-product changes, or write to us at the address below for everything else.

8. Security

We apply layered security controls: bcrypt password hashing, optional TOTP-based 2FA, per-organisation data isolation, immutable audit logging of mutating actions, role-based access control, rate-limited APIs, and standard transport security headers (HSTS, X-Content-Type-Options, X-Frame-Options, CSP).

9. Children

The service is intended for use by employees of regulated organisations and is not directed at individuals under 18.

10. Changes

We will post any material change here and notify subscribed administrators by email at least thirty (30) days before it takes effect.

11. Contact

ValiCore Technologies Pvt. Ltd.
Privacy queries: privacy@valicore.in