Gooclaim OS
Legal · Privacy

Privacy Notice

Last updated · 07 Jun 2026

Gooclaim OS is an Insurance AI Operating System built for TPAs and insurers in India. We process personal data on behalf of our tenants (TPAs and insurers) under the Digital Personal Data Protection Act, 2023 (DPDP) and applicable IRDAI regulations. This notice explains what we collect, why, who sees it, and your rights.

One-line summaryGooclaim OS is a data processor for the insurer or TPA you are interacting with. We act only on their lawful instructions, never use your data to train external models, and always require explicit consent before any claim workflow begins.

1. Who we are

Gooclaim Technologies Private Limited (“Gooclaim”, “we”, “us”) is a company incorporated in India with its registered office in Bengaluru. We operate the Gooclaim OS platform on behalf of insurance ecosystem partners.

2. Our role under DPDP

Under DPDP terminology, we act as a Data Processor for the TPA or insurer (the Data Fiduciary) that engages us. The Data Fiduciary determines what data is collected and why; Gooclaim OS executes those instructions through an audited, multi-agent runtime.

3. Data we process

To run claim communication and coordination workflows, we may process:

  • Identifiers — name, phone number, email, claim reference, policy number, member ID (always hashed in our logs).
  • Claim context — claim status, requested documents, conversation history across WhatsApp, voice, SMS, email and web.
  • Health-related information shared by the claimant for the limited purpose of progressing the claim.
  • Channel metadata — message timestamps, delivery receipts, device locale, language preference.
  • Consent records — every consent grant and withdrawal, immutably logged.

4. Why we process it

  • To answer claim status queries on behalf of the insurer or TPA.
  • To request and collect pending documents needed to progress a claim.
  • To explain rejection reasons or next-step actions using approved, pre-reviewed templates only.
  • To meet regulatory obligations — including the IRDAI 1-hour admission / 3-hour discharge cashless mandate.
  • To produce immutable audit records for ombudsman and regulator review.

5. Consent gate

No claim workflow runs without an explicit CONSENT_GIVEN signal recorded against the claimant. Consent can be withdrawn at any time through the same channel it was given. Withdrawal is honored within one business day and the audit ledger reflects every state change.

6. Free-text never leaves the platform

Gooclaim OS sends only pre-approved templates to claimants. Every outbound message passes a 4-tier safety check — exact-template match, semantic safety, personal-data redaction, and source verification — before it leaves the platform. Large language models are used for internal reasoning, not for free-text responses to customers.

7. Who sees your data

  • The TPA or insurer that engaged Gooclaim OS for your claim, under their existing privacy obligations.
  • Sub-processors used for channel delivery (e.g. WhatsApp Cloud API), telephony, hosting infrastructure, and observability. These are bound by data-processing agreements.
  • Regulators, ombudsmen and courts where required by law.

We do not sell personal data. We do not use claimant data to train any third-party models. Multi-tenant data is strictly isolated; one tenant’s data is never accessible to another.

8. Security

  • Encryption in transit (TLS 1.2+) and at rest.
  • Per-tenant credential isolation and encrypted credential storage.
  • Personal data hashed in all internal logs — phone, name and claim identifiers are never logged in plaintext.
  • Zero-trust between internal services with short-lived machine tokens.
  • Immutable, SHA-256-chained audit ledger of every automated decision.
  • Continuous vulnerability scanning and a responsible-disclosure channel at security@gooclaim.com.

9. Retention

Audit ledger events are retained for 7 years in line with IRDAI record-keeping requirements. Conversation content and PII are retained only as long as the engaging insurer or TPA instructs us to retain them, after which the data is purged or returned.

10. Your rights under DPDP

  • Right to access the personal data we hold about you.
  • Right to correction and erasure (subject to regulatory holds).
  • Right to grievance redressal and right to nominate.
  • Right to withdraw consent at any time.

Because we act as a processor, requests are typically routed through the TPA or insurer that handles your claim. If you cannot reach them, write to contact@gooclaim.com and we will coordinate with the Data Fiduciary on your behalf.

11. International transfers

Production data is processed in India unless an engaging tenant explicitly chooses otherwise. Where transfers occur, they happen only to jurisdictions notified by the Government of India for DPDP transfers, with contractual safeguards in place.

12. Cookies on this website

This marketing website (gooclaim.com) uses only essential cookies for page-state and basic analytics. No advertising trackers run on this site. The Gooclaim OS platform itself does not rely on cookies for claim processing — authentication uses short-lived signed tokens.

13. Changes to this notice

We will update this notice when our practices change. The “Last updated” date at the top will always reflect the most recent revision. Material changes will be highlighted on the marketing site for at least 30 days.

14. Grievance officer

Per the DPDP Act, you may contact our Grievance Officer at contact@gooclaim.com. We will acknowledge within three business days and respond substantively within fifteen.

Questions? Reach us at contact@gooclaim.com. Security disclosures → security@gooclaim.com.