Privacy Policy & Data Protection Framework
Effective Date: January 01, 2025 Last Updated: November 06, 2025, Version: 2.0 (Aligned with DPDP Act 2023 & IRDAI Guidelines)
1. Introduction
Welcome to Documantraa ("We," "Us," or "Our"). We provide Strategic Claim Intelligence, Field Investigation, and Forensic Verification services to Insurance Companies and Corporate Entities.
We recognize that our work involves handling sensitive personal data, medical records, and financial information. This Privacy Policy outlines how we collect, process, retain, and secure data in strict compliance with the Digital Personal Data Protection (DPDP) Act, 2023 and the Insurance Regulatory and Development Authority of India (IRDAI) regulations.
2. Scope of Data Collection
We collect data in two distinct capacities:
A. Information You Provide (Directly)
Clients (Insurers/Corporates): Company details, authorized officer contact info, contract data.
Website Visitors: Name, email, phone number, and IP address when you submit an inquiry.
Employees/Field Officers: KYC documents, geolocation data (during duty hours), and bank details for payroll.
B. Information We Process (Investigative Data)
When acting as a verified investigation agency for an Insurer, we process:
Claimant Personal Data: Name, Address, Policy Number.
Sensitive Personal Data: Medical history, Hospital admission records, Discharge summaries (for Health Claims).
Forensic Evidence: Site photographs, geo-tagged location data, witness statements, and handwriting samples.
Digital Footprints: Publicly available social media data and open-source intelligence (OSINT).
3. Purpose of Processing
We process personal data strictly for lawful purposes defined under contract:
Claim Verification: To validate the genuineness of medical, accident, or theft claims.
Fraud Detection: To identify "Medical Mill" scams, staged accidents, or document forgery.
Legal Admissibility: To generate forensic reports admissible in Indian Courts or Consumer Forums.
Compliance: To maintain audit trails required by IRDAI and ISO certifications.
4. Data Retention Policy (Strict Compliance)
In alignment with IRDAI (Minimum Information Required for Investigation and Inspection) Regulations, 2020, we adhere to the following retention periods:
Investigation Records: All case files, evidence, and final reports are retained for 10 Years from the date of case closure.
Data Purge: After the mandatory retention period, data is automatically moved to "Cold Storage" archives or securely purged using cryptographic erasure, unless required for ongoing litigation.
5. Data Sharing & Disclosure
We do not sell personal data. Data is shared only with:
The Client (Insurer): The final investigation report is shared strictly with the Insurance Company that assigned the case.
Legal Authorities: If required by a Court Order or Law Enforcement Agency under Indian Law.
Internal Audit Teams: For quality control and ISO compliance checks.
International Transfers: We store all sensitive medical and financial data on servers located physically within India (e.g., AWS Mumbai / Google Cloud Delhi) to comply with Data Residency laws.
6. Security Measures
We implement "Digital Forensic" grade security to protect data:
Encryption: All medical and claim data is encrypted at rest (AES-256) and in transit (SSL/TLS).
Role-Based Access Control (RBAC): Field Officers can only view cases assigned to them. Access is revoked immediately upon report submission.
Zero Tolerance Policy: Any employee found sharing claimant data unauthorizedly faces immediate termination and legal action.
7. Your Rights (Under DPDP Act 2023)
As a "Data Principal," you have the following rights:
Right to Access: Request a summary of your personal data being processed.
Right to Correction: Request updates to inaccurate or misleading data.
Right to Grievance Redressal: Report privacy concerns to our Data Protection Officer.
Right to Nominate: Appoint a nominee to exercise rights in case of incapacity.
Note: For investigation subjects, some rights may be limited if exercising them restricts our ability to prevent fraud or comply with the law.
8. Cookies & Digital Tracking
Our public website uses cookies to analyze traffic and improve user experience.
Essential Cookies: Required for the Client Portal login to function.
Analytics: We use anonymized data to understand website traffic patterns.
Opt-Out: You can disable cookies in your browser settings, though some portal features may stop working.
9. Grievance Officer Contact
In accordance with the IT Act 2000 and DPDP Act 2023, if you have any concerns regarding data privacy, please contact:
Data Protection Officer (DPO) Name: Anurag K Sudarshan Email: support@documantraa.com Address: Operations Hub, AFICS House, Feroke, Kozhikode, Kerala - 673631 Response Time: We acknowledge all grievances within 24 hours and resolve them within 30 days.
Disclaimer: This policy is subject to change based on amendments to the Digital Personal Data Protection Act. Clients are advised to review this page periodically.
Last Updated: April 16, 2026