Privacy Policy

JiffyBenefits (“we”, “our”, “us”) is a health insurance technology platform designed to serve multiple stakeholders including Insurers, Third Party Administrators (TPAs), Brokers, Agents, Corporate Clients, and Employees.

We are committed to protecting the privacy, confidentiality, and security of personal and sensitive data entrusted to us. This Privacy Policy explains how we collect, use, disclose, store, and safeguard information when you access or use the JiffyBenefits platform, website, mobile applications, and related services (collectively, the “Services”).

1. Scope of This Privacy Policy

This Privacy Policy applies to:

• All users accessing JiffyBenefits through web or mobile applications
• Corporate administrators and employees
• Insurers, TPAs, brokers, agents, and partners
• Visitors to our website

This policy does not apply to third-party websites or services linked from our platform.

2. Information We Collect

2.1 Personal Information

• Full name
• Email address
• Mobile number
• Address and location details
• Date of birth
• Government-issued identifiers (where required for policy servicing)
• Employment details (corporate users)

2.2 Insurance & Health-Related Information

• Policy details and coverage information
• Nominee and dependent details
• Claims, endorsements, renewals, and servicing data
• Medical disclosures submitted during underwriting or claims
• Documents uploaded for insurance processing

Note: JiffyBenefits does not create medical diagnoses and processes health information strictly as required for insurance administration.

2.3 Technical & Usage Information

• IP address
• Browser type and device information
• Login activity and timestamps
• Pages visited and actions performed
• Error logs and system diagnostics

3. Purpose of Data Processing

• Policy issuance, administration, renewals, and servicing
• Claims facilitation and coordination with Insurers and TPAs
• User authentication and access control
• MIS, reports, dashboards, and analytics
• Regulatory, audit, and compliance requirements
• Customer support and grievance handling
• Platform security, fraud detection, and risk mitigation
• Service communications and operational notifications

We do not use sensitive personal or health data for marketing or advertising without explicit consent.

4. Legal Basis for Processing

• User consent
• Contractual obligations
• Legitimate business interests
• Compliance with legal and regulatory requirements

Processing is aligned with:

• Information Technology Act, 2000 (India)
• Digital Personal Data Protection Act (DPDP Act), 2023
• IRDAI data protection and outsourcing guidelines
• Applicable global data protection standards, where relevant

5. Data Sharing & Disclosure

• Insurers and TPAs for policy and claims servicing
• Brokers, agents, and corporate administrators (as per role)
• Authorized service providers under contractual obligations
• Government or regulatory authorities, when legally required
• Auditors and compliance partners

🚫 We do not sell, rent, or trade personal or health data to third parties.

6. Role-Based Access Control

• Role-based permissions
• Organization-level access restrictions
• Least-privilege principles

Each stakeholder can only access data relevant to their authorized role.

7. Cookies & Tracking Technologies

• Secure login and session management
• Platform performance and analytics
• Fraud prevention and system security

Sensitive personal or health information is never stored in cookies.
Please refer to our Cookie Policy for detailed information.

8. Data Security Measures

• Encryption of data in transit and at rest
• Secure APIs and authentication mechanisms
• Audit logs and activity monitoring
• Periodic security assessments
• Access logging and anomaly detection

While we strive to protect all data, no system is completely immune from risk.

9. Data Retention

We retain data only for as long as necessary:

• To fulfill contractual and service obligations
• To meet regulatory and statutory requirements
• For audit, dispute resolution, and compliance needs

Upon expiry of retention periods, data is securely deleted or anonymized.

10. Cross-Border Data Transfers

Data may be processed or stored on secure cloud infrastructure located within or outside India. Appropriate safeguards are applied to ensure compliance with applicable laws.

11. User Rights

• Access and review personal data
• Request correction or updates
• Withdraw consent (where applicable)
• Request data deletion, subject to legal obligations
• Lodge grievances or complaints

Requests can be raised via the contact details below.

12. Children’s Data

JiffyBenefits is not intended for independent use by minors. Any data related to minors is processed only as part of insurance coverage under a parent, guardian, or corporate policyholder.

13. Third-Party Integrations

Our platform may integrate with insurer systems, TPAs, payment gateways, or government platforms. Each third party is responsible for its own data practices.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in:

• Legal or regulatory requirements
• Platform features or services
• Business or operational practices

Updates will be published on this page with a revised “Last Updated” date.

15. Contact & Grievance Redressal

For privacy concerns, data requests, or grievances, contact:
JiffyBenefits
📧 Email: privacy@jiffybenefits.com