Privacy & Security Policy
Avishi Connect App
Effective Date: 1 April 2026 | Version 1.0 | Avishi Center LLP
1. About This Policy
This Privacy and Security Policy explains how Avishi Center LLP collects, uses, stores, and protects personal data processed through the Avishi Connect application (the App). It applies to all users of the App and governs all data held by Avishi Center LLP in connection with the services described herein.
This policy is governed by the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act).
By accessing or using the App, you acknowledge that you have read and understood this policy. If you do not agree to the terms of this policy, please do not use the App.
2. Who We Are
| Legal Entity | Avishi Center LLP |
| Registered Address | 827, Skanda, 3rd Floor, 29th Main Road, near Arehalli Arch, Poorna Prajna Layout, Uttarahalli Hobli, Bengaluru, Karnataka 560061 |
| contactus@avishicenter.com | |
| Phone | +91-8971657082 |
| App Name | Avishi Connect |
| Platform | Android (Google Play Store) |
| Jurisdiction | India |
3. The App and User Roles
The App is an internal practice management tool used exclusively by Avishi Center LLP and its clients. It is not a public-facing consumer application. Access is granted only through role-based accounts. There are four distinct user roles:
| User Role | Data Accessible | Actions Permitted |
|---|---|---|
| Parent | Own child's profile, package balance, invoice history, attendance history, payment history, holiday calendar | View and download own invoices, view own child's session and attendance records |
| Therapist | Assigned client profiles, holiday calendar | Mark session attendance, view client details relevant to scheduled sessions |
| Admin | All client records, appointments, packages, invoices, therapist records | Schedule and manage appointments, create and manage packages and invoices, add and update client and therapist records |
| SuperAdmin | All data accessible to Admin, plus financial data, operational analytics, and the Founder Dashboard | All Admin actions plus access to P&L, revenue, cohort analytics, break-even tools, and system configuration |
Each user role has access only to data strictly necessary for the performance of their function. No user role can access another user’s personal account data or another family’s child records.
4. Data We Collect
4.1 Client and Child Data
When a child is enrolled at Avishi Center, the following data is collected and stored:
- Child's full name, date of birth, gender
- Developmental or clinical diagnosis (where applicable)
- Assessment reports and therapy progress notes
- Session attendance records and completion status
- Program enrollment details (ABA therapy, Speech therapy, Montessori)
- Package details including sessions purchased, sessions remaining, and effective rate
4.2 Parent and Guardian Data
As the consenting adult on record, the following parent or guardian data is collected:
- Full name and contact details (phone number, email address)
- Relationship to the child
- Payment history (offline/UPI references — no card or bank data is stored in the App)
- Invoice records
- Referral source (how you heard about Avishi Center)
4.3 Therapist Data
For therapist accounts, the following data is stored:
- Full name and contact details
- Session delivery records and utilization metrics
- Assigned client list
4.4 Financial and Operational Data
The following data is accessible only to Admin and SuperAdmin roles:
- Invoice amounts, payment status, and collection records
- Package pricing and session rate configurations
- Center-level financial metrics including revenue, expenses, and P&L data
- Expense templates and financial configuration parameters
4.5 Data We Do Not Collect
The App does not collect the following:
- Payment card details, bank account numbers, or UPI credentials — all payments are processed offline or via external payment links outside the App
- Location data or device GPS
- Biometric data
- Browsing history or data from other apps on your device
- Advertising identifiers
5. How We Use Your Data
Data collected through the App is used exclusively for the following purposes:
- Delivering and managing therapy and education services to enrolled children
- Scheduling and tracking therapy sessions and Montessori classes
- Generating invoices and maintaining payment records
- Communicating session schedules, package balances, and attendance records with parents
- Monitoring therapist utilization and center-level operational performance
- Financial planning and management by the founder through the Founder Dashboard
- Complying with applicable legal and regulatory obligations
We do not use your data for advertising, marketing to third parties, or any automated profiling or decision-making that produces legal or similarly significant effects.
6. Children's Data Protection
Avishi Center LLP recognises that a significant portion of data processed through the App relates to children, who are afforded heightened protection under applicable law. The following safeguards are in place:
- Parental Consent: All child data is linked exclusively to the parent or guardian account of the consenting adult on record
- Access Control: Child clinical and assessment data is accessible only to authorised Admin and SuperAdmin roles in addition to the parent account. Therapist accounts can view only the client information necessary for their assigned sessions
- No Commercial Sharing: Child data is never shared with third parties for commercial purposes
- Parent Rights: Parents may contact us at any time to review, update, or raise concerns about their child's data held in the system
If you are a parent or guardian and have concerns about how your child’s data is being handled, please contact us immediately at contactus@avishicenter.com.
7. Data Storage and Security
7.1 Where Your Data Is Stored
All data is stored on MongoDB Atlas (M0 tier), hosted in the Mumbai, India region (AWS ap-south-1). Data does not leave Indian territory.
7.2 Who Has Access to the Database
Direct database access is restricted to the SuperAdmin (founder) of Avishi Center LLP only. No third-party vendor, contractor, or external party has access to the production database.
7.3 Security Measures
The following security practices are in place:
- Role-based access control (RBAC) ensuring each user sees only the data their role permits
- Authentication required for all App access — no anonymous or guest access
- Data in transit is encrypted via HTTPS/TLS
- MongoDB Atlas provides encryption at rest for all stored data
- The App contains no advertising SDKs, third-party analytics, or tracking libraries
- No third-party services receive any user data
7.4 Data Breach Response
In the event of a data breach that is likely to result in risk to the rights and freedoms of individuals, Avishi Center LLP will notify affected users and the relevant authority within the timelines prescribed under the DPDP Act, 2023.
8. Payments
All payments to Avishi Center LLP are made outside the App — in person, via UPI, or through payment links shared separately. The App does not process, transmit, or store any payment card details, bank account information, or UPI credentials. Payment records visible in the App reflect transaction references logged manually by the Admin for record-keeping purposes only.
9. Data Sharing and Third Parties
Avishi Center LLP does not share, sell, rent, or trade any personal data with third parties for commercial or marketing purposes.
Data may be disclosed in the following limited circumstances only:
- Where required by applicable Indian law, court order, or direction from a competent government authority
- To protect the safety of a child or other individual where disclosure is necessary in the public interest
The App does not integrate with any third-party analytics platforms, social media SDKs, advertising networks, or data brokers. There are no third-party services receiving user data in connection with the App.
10. Data Retention
Avishi Center LLP retains personal data for as long as necessary to provide services and meet legal obligations. Our current retention guidelines are as follows:
| Data Category | Retention Period | Basis |
|---|---|---|
| Active client and child records | Duration of enrollment | Service delivery |
| Post-discharge client records | 3 years after last session | Legal/regulatory compliance |
| Invoice and payment records | 7 years | Financial/tax records |
| Therapist records | Duration of employment + 3 years | HR and legal compliance |
| Parent account data | 3 years after child's last session | Linked to client record |
These retention periods may be updated as Avishi Center LLP formalises its data governance framework. Users will be notified of any material changes.
11. Your Rights Under the DPDP Act, 2023
As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights:
- Right to Access: The right to access a summary of the personal data held about you and the purposes for which it is being processed
- Right to Correction: The right to correct inaccurate or misleading personal data
- Right to Erasure: The right to request erasure of personal data where it is no longer necessary for the purpose for which it was collected, subject to legal retention obligations
- Right to Nominate: The right to nominate another individual to exercise your rights on your behalf in the event of your death or incapacity
- Right to Grieve: The right to raise a complaint with us and, if unresolved, with the Data Protection Board of India once constituted
To exercise any of the above rights, please contact us at contactus@avishicenter.com or +91-8971657082. We will respond within a reasonable time as prescribed under applicable law.
12. Account Deletion
In-app self-service account deletion is not currently available. If you wish to request the deletion of your account and associated data, please contact us directly:
- Email: contactus@avishicenter.com
- Phone: +91-8971657082
Please note that deletion of an account does not automatically result in deletion of all associated data. Clinical and therapy records relating to a child are subject to the retention periods described in Section 10 above and may be retained in compliance with applicable legal and regulatory obligations even after an account deletion request is processed.
We will acknowledge all deletion requests within 7 working days and communicate the outcome and timeline clearly.
13. Changes to This Policy
Avishi Center LLP reserves the right to update this policy at any time. Where changes are material, we will notify users through the App or via the contact details on record at least 14 days before the changes take effect. Continued use of the App after the effective date of any revised policy constitutes acceptance of the updated terms.
The version number and effective date at the top of this document will be updated with each revision. Previous versions will be made available on request.
14. Contact Us
For any questions, concerns, or requests relating to this policy or the handling of your personal data, please contact:
| Data Controller | Avishi Center LLP |
| Address | 827, Skanda, 3rd Floor, 29th Main Road, near Arehalli Arch, Poorna Prajna Layout, Uttarahalli Hobli, Bengaluru, Karnataka 560061 |
| contactus@avishicenter.com | |
| Phone | +91-8971657082 |
| Response Time | Within 7 working days |
Avishi Center LLP
Bengaluru, Karnataka, India | Version 1.0 | April 2026