Privacy Policy

Last Updated and Effective Date: May 7, 2026

At Curobase, accessible from https://uat.curobase.com, one of our main priorities is the privacy of our visitors and users. This Privacy Policy document contains types of information that is collected and recorded by Curobase and how we use it.

This Privacy Policy applies only to our online activities and is valid for visitors and registered business users of our website and scheduling platform with regards to the information that they share and/or collect in Curobase.

1. Our Role: Data Controller vs. Data Processor

1.1 Curobase as a Data Processor: Curobase is a Business-to-Business (B2B) Software-as-a-Service (SaaS) platform. When professional clinics, doctors, or receptionists ("Business Users") use our platform to manage appointments and send reminders, Curobase acts purely as a Data Processor. We process end-user (client/patient) data solely on behalf of, and under the strict instructions of, our Business Users.

1.2 Business User as a Data Controller: The Business User utilizing our software is the Data Controller. They decide why and how the personal data of their clients is processed. It is the sole responsibility of the Business User to ensure they have the lawful right to collect this data and enter it into our system.

2. Information We Collect

The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

  • Account Information: When a Business User registers for an Account, we may ask for contact information, including items such as name, business name, address, email address, and telephone number.
  • End-User Data (Processed on behalf of businesses): We store appointment details, names, and phone numbers of the clients/patients entered by the Business User strictly to facilitate the requested scheduling and reminder services.
  • Log Files & Technical Data: We follow a standard procedure of using log files. These files log visitors when they visit websites. The information collected includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks.

3. WhatsApp & SMS Communications (Strict Consent Policy)

To comply with the Meta WhatsApp Business Policy and local telecommunications regulations, Curobase enforces a strict policy regarding automated messaging:

3.1 Mandatory Opt-In: Curobase does not automatically assume consent to send messages. The Business User (the clinic/receptionist) is legally obligated to obtain explicit, affirmative opt-in consent from their clients/patients prior to using our platform to trigger any WhatsApp or SMS notifications to those individuals.

3.2 Purpose of Messaging: Phone numbers entered into the platform are used exclusively for transactional notifications, such as appointment confirmations, scheduling changes, and reminders. Curobase will never use end-user phone numbers for our own marketing, nor will we sell, rent, or share these phone numbers with unauthorized third parties.

4. How We Use Your Information

We use the information we collect in various ways, including to:

  • Provide, operate, and maintain our B2B SaaS platform.
  • Improve, personalize, and expand our platform functionalities.
  • Understand and analyze how Business Users utilize our software.
  • Develop new products, services, features, and functionality.
  • Communicate with Business Users for customer service, updates, and platform-related information.
  • Process transactions and manage Business User subscriptions.
  • Find and prevent fraud and ensure platform security.

5. Third-Party Service Providers

We may share your data with trusted third-party service providers solely to facilitate our services. This includes cloud hosting providers, payment gateways, and communication API providers (such as Meta for the WhatsApp Business API). These third parties are legally bound to protect your data and may only process it in accordance with our strict instructions.

6. Data Retention and Security

We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). We utilize industry-standard encryption, firewalls, and secure server hosting to protect the data stored on our platform from unauthorized access, alteration, or destruction.

7. Your Data Protection Rights

We would like to make sure you are fully aware of all of your data protection rights. Depending on your jurisdiction, you may be entitled to the right to access, rectify, erase, restrict processing, or object to the processing of your personal data.

Note for End-Users (Patients/Clients): Because Curobase operates as a Data Processor, any requests to access, modify, or delete your personal scheduling data must be directed to the Data Controller (the clinic or doctor's office you visited). We will fully assist our Business Users in fulfilling these requests.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify our Business Users of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this document. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Business Name: Curobase

Operating As: Curobase

Registered Office: LODHA SIGNET 1 UNIT NO. 825 PREMIER COLONY GROUND KALYAN THANE Mangaon (N.V.) 421204

Email: connect@curobase.com