This Privacy Policy explains how Phairo (operated by Whitelilly Corporate Solutions Pvt Ltd) collects, uses, and protects your information when you use our pharmacy ERP platform available at phairo.in. By using Phairo, you agree to the practices described here.
1. Who We Are
Phairo is a product of Whitelilly Corporate Solutions Pvt Ltd, a company incorporated in India. Our registered office is in Mumbai, Maharashtra. For any privacy-related queries, contact us at support@phairo.in.
2. Information We Collect
We collect information in two categories:
Account & Business Information
- Shop/pharmacy name, owner name, GSTIN
- WhatsApp phone number and email address
- State and city of operation
- Drug license number (for Schedule H/H1/X compliance)
Operational Data
- Billing and invoice data (medicine name, quantity, price, GST)
- Inventory and stock levels per SKU and batch
- Purchase orders and distributor transactions
- WhatsApp bot interactions and commands
- Invoice images uploaded for OCR parsing
What We Do NOT Collect
- Patient names, Aadhaar numbers, or any patient PII
- Prescription contents beyond what you voluntarily enter
- Payment card details (handled by Razorpay, PCI-DSS compliant)
3. How We Use Your Information
- To provide, operate, and improve the Phairo platform
- To send GST reports, expiry alerts, and daily summaries via WhatsApp
- To process subscription billing via Razorpay
- To generate OCR-parsed inventory from invoice photos
- To provide customer support via WhatsApp and email
- To comply with applicable Indian laws and regulations
4. Pharma Data Sharing — What We Share and With Whom
This is the most important section for chemist users to read carefully.
Phairo's business model includes providing brand-level sell-through analytics to pharmaceutical companies. Specifically:
- What is shared: Aggregated SKU-level sales data — medicine name, units sold, geography (pincode/district), time period — attributed to a brand manufacturer.
- What is NEVER shared: Patient names, patient phone numbers, prescription details, or any personally identifiable patient information.
- Who receives it: Only the manufacturer of the specific brand being sold. Example: Cipla receives only Cipla brand data from your sales.
- Your consent: You explicitly consent to this during signup. You can view which brands are "unlocked" for sharing in your account settings. You may opt out of sharing data for specific brands at any time.
Patient privacy is non-negotiable. We are committed to never sharing any patient-identifiable information with any third party, including pharmaceutical companies.
5. Data Storage & Security
- All data is stored on AWS infrastructure in the ap-south-1 (Mumbai) region — data stays in India.
- Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Access to your data is controlled by Row-Level Security at the database level.
- We maintain regular encrypted backups with point-in-time recovery.
- Invoice images are stored in AWS S3 with private access controls.
6. Data Retention
We retain your data for as long as your account is active. Upon account deletion:
- Personal account data is deleted within 30 days.
- GST and billing records are retained for 7 years as required by Indian tax law.
- Anonymised, aggregated analytics data (no personal identifiers) may be retained indefinitely.
7. Your Rights
Under India's Digital Personal Data Protection Act (DPDPA) 2023, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate personal data
- Request erasure of your personal data (subject to legal retention requirements)
- Withdraw consent for pharma data sharing at any time
- Nominate a person to exercise rights on your behalf
To exercise any of these rights, email support@phairo.in.
8. Cookies & Analytics
Our website (phairo.in) uses minimal, privacy-respecting analytics to understand traffic. We do not use advertising cookies or third-party trackers. The Phairo app itself does not use cookies — authentication is handled via JWT tokens.
9. Third-Party Services
- Razorpay — Payment processing (PCI-DSS compliant)
- Meta (WhatsApp Business API) — Message delivery
- AWS — Cloud infrastructure and storage
- Firebase FCM — Push notifications
- AWS Textract — OCR invoice parsing
Each of these providers has their own privacy policy and data processing agreements with us.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via WhatsApp message and email at least 7 days before the changes take effect. Continued use of Phairo after that date constitutes acceptance of the updated policy.
11. Contact Us
For any privacy concerns, data requests, or questions about this policy:
- Email: support@phairo.in
- Company: Whitelilly Corporate Solutions Pvt Ltd
- Address: Mumbai, Maharashtra, India