Privacy & Policy

Introduction:
All Samadhan (“we”, “us”, or “our”) is a platform offering medicine delivery, unified pharmacy access, ambulance services, and pharmacy management software in Bangladesh. We are committed to protecting your privacy and handling personal information in a lawful, transparent manner. This Privacy Policy explains what personal data we collect from users (including patients/customers and partner service providers like pharmacies and ambulance operators), how we use and share that data, and your rights regarding this information. We adhere to the laws of Bangladesh and align with global data protection standards (such as the EU GDPR), including the principles of the Bangladesh Personal Data Protection Ordinance 2025 which treats personal data privacy as a fundamental right. By using All Samadhan’s services, you agree to the practices described in this Policy. If you do not agree, please discontinue use of the platform.

1. Personal Data Collection, Use, and Lawful Basis

We only collect personal data that is necessary for the specified purposes of providing and improving our services. Below are the categories of personal data we collect and how we use them, along with the lawful basis for processing:

• Identity and Contact Information: When you create an account or register on All Samadhan, we collect information like your name, phone number, email address, postal address, and other contact details. We use this to create and manage your user account, verify your identity, and communicate with you about your orders or services. 

Lawful basis: Necessary for performance of our contract (providing the services) and your consent when you provide these details.

• Delivery and Location Information: For medicine deliveries or ambulance services, we collect the delivery address and may collect your real-time location or pickup/destination details (for example, using GPS on the app with your permission) to facilitate these services. We use location data to route deliveries or ambulances efficiently. 

Lawful basis: Your consent (especially for accessing GPS/location data) and contract necessity (to deliver the service you requested). Sensitive Data: Location data related to an identifiable individual is treated as sensitive and is handled with heightened protection and explicit consent.

• Health and Prescription Data: When you use our pharmacy services, you might provide health-related information such as doctor prescriptions, medication details, or medical conditions. We use this information to process your medicine orders (e.g. verifying prescriptions, suggesting pharmacies) and to facilitate healthcare services you request. 

Lawful basis: Explicit consent. Health information is considered sensitive personal data, so we only process it with your clear permission and use it strictly for your healthcare needs. We will not use health data for any other purpose without your consent.

• Payment and Financial Information: If you make payments through our app or if you are a service provider receiving payouts, we collect payment details such as mobile banking account numbers, bank account info, or debit/credit card details. These are used to process transactions (for example, charging customers for orders, or disbursing earnings to partner pharmacies or drivers). 

Lawful basis: Performance of contract (completing payment transactions) and compliance with legal obligations (financial record-keeping). We do not store full credit/debit card numbers on our servers (they may be handled by secure payment gateways) and we protect any financial information with encryption and strict confidentiality.

• Technical and Usage Information: When you use the All Samadhan app or website, we automatically collect certain technical data to improve your experience and maintain security. This includes information like your device type, operating system, browser type, IP address, unique device identifiers, app version, and usage logs (e.g. features you use, pages viewed, times and dates of access). We use this data to analyze service performance, personalize your experience, and prevent fraud or misuse. 

Lawful basis: Our legitimate interests in maintaining and improving our platform’s functionality and security (we ensure this does not override your privacy rights), as well as consent via cookie or device permissions where applicable.

Lawful Basis for Processing: Depending on the context, All Samadhan processes personal data under one or more of the following legal grounds: 

(i) Consent – We will ask for your consent for processing sensitive data (like health or precise location) and for optional features (such as receiving marketing communications). You have the right to withdraw consent at any time. 

(ii) Performance of a Contract – We process data that is necessary to provide the services you request (for example, using your address to deliver medicines, or sharing details with an ambulance driver when you book an ambulance). 

(iii) Compliance with Legal Obligations – We may process or retain certain data to comply with laws and regulations (for instance, maintaining transaction records for accounting or following pharmacy regulations). 

(iv) Legitimate Interests – We may process data for our legitimate business interests, such as improving platform performance, ensuring IT security, preventing fraud, or analyzing usage trends, only where these interests are not outweighed by your rights and interests. In all cases, we ensure data is processed fairly, lawfully, and transparently. We do not collect personal data unrelated to the specific purposes described, and we do not subject your data to automated decisions without human oversight in any way that significantly affects you.

2. Cookies and Similar Technologies

Like many online platforms, All Samadhan uses cookies and similar tracking technologies to enhance user experience and gather analytics. Cookies are small text files placed on your device (browser or app storage) when you use our service. We use cookies for purposes such as:

• Authentication and Functionality: To keep you logged in, maintain your session, and remember your preferences so that the app/website functions smoothly for you.
  
  

• Analytics: To understand how users navigate our platform, which features are most used, and to diagnose technical issues. For example, cookies (or mobile app analytics tools) help us collect information about page response times, crashes, and user interaction patterns. We use this information to improve our services and fix problems.
  
  

• Advertising (if applicable): Currently, All Samadhan does not serve third-party ads within the app; however, if we introduce promotions, we might use cookies or similar tools to show relevant offers. We will update this Policy and seek consent if our practices change in the future.

You have control over cookies and tracking: if you are using our web interface, your browser or device settings may allow you to refuse some or all cookies or alert you when cookies are being sent. However, please note that disabling cookies might affect certain features of our service (for example, you may need to log in repeatedly or some interactive features may not remember your settings). On our mobile app, you can control certain tracking permissions (like location services or analytics) via your device settings. We do not use cookies to collect sensitive personal data, and any analytics or tracking data is used in aggregate form to improve our platform.

2.1 App Permissions and Device Access

To provide core features of the All Samadhan app, we may request certain device permissions with your consent:

• Camera Access: Required to capture and upload prescription images directly through the app.


• Storage/Media Access: Required to upload existing prescription files or images from your device.


• Location Access: Required to detect your location for medicine delivery, ambulance booking, and showing nearby pharmacies. Location data may be collected in real-time when you use these services.

These permissions are only used for the stated purposes and only when necessary. You can enable or disable these permissions anytime from your device settings. Disabling certain permissions may limit some features of the app.

3. Your Rights Regarding Your Personal Data

All Samadhan respects your rights over your personal data. Under applicable data protection laws, you have the following rights (subject to certain conditions and exceptions):

Right to Access: You have the right to request a copy of the personal data we hold about you. We will provide you with a summary of the information, and explain how it is being used, upon verification of your identity. For example, you can request to know what account information or order history we have on file for you.

Right to Rectification (Update/Correction): If any of your personal data is inaccurate or outdated, you have the right to correct or update it. You can update certain information directly through your All Samadhan app profile (such as your contact details). For any data not editable by you, you may contact us to request correction, and we will promptly make the necessary updates.

 Right to Deletion (“Right to be Forgotten”): You may request that we delete your personal data. If you no longer wish to use All Samadhan, you can delete your account through the app (in the account settings) or by contacting customer support. Upon such request, we will delete or anonymize your personal information so that you can no longer be identified, except for information we are required to keep by law or for legitimate business purposes (as described in Data Retention below). Important: Once your account is deleted, your data and order history will be permanently removed or irreversibly anonymized, and this action cannot be undone.

Right to Withdraw Consent: If we are processing any personal data based on your consent, you have the right to withdraw that consent at any time. For example, you can opt out of receiving marketing emails by following the unsubscribe instructions, or disable location sharing after initially permitting it. Withdrawal of consent will not affect the lawfulness of any processing done before you withdrew, but it may limit our ability to provide certain services (for instance, if you withdraw consent to process your prescription data, we may not be able to facilitate pharmacy orders for you).

 Right to Object and Restrict Processing: You have the right to object to our processing of your data in certain situations – for example, if we were to use your data for direct marketing or our legitimate interests, and you disagree. You also can request that we temporarily restrict processing of your data if you contest its accuracy or if you want to exercise legal claims. We will honor such objections or restrictions to the extent required by applicable law.

Right to Data Portability: To the extent applicable under law (e.g., GDPR principles), you may have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format, and to request that we transmit it to another service provider if technically feasible. This would apply, for instance, to basic account information if you wanted to reuse it elsewhere.

Exercising Your Rights: To exercise the above rights, you can use the features available in the All Samadhan app (for example, profile editing and account deletion options) or contact us using the information in the Contact Us section. We will respond to your requests as soon as possible, and at most within the timeframe required by law. Please note we may need to verify your identity (to protect your privacy) before fulfilling certain requests. If you have an unresolved concern, you also have the right to contact the relevant data protection authority. In Bangladesh, this may be the National Data Governance Authority (NDGA) established under the new data protection laws once it becomes operational.

4. Data Sharing with Third Parties

All Samadhan does not sell your personal information to anyone. However, in order to provide our services and comply with legal requirements, we may share your personal data with certain trusted third parties. We ensure that any third party receiving personal data has an appropriate need-to-know and a legal or contractual obligation to protect your information. The scenarios in which we share data include:

• Service Providers Involved in Your Requests: We share relevant information with independent service providers on our platform to fulfill the services you request. For example, if you place a medicine order, we will share the necessary details with the pharmacy that will dispense the medication and the delivery person who will bring it to you (such as your name, ordered items, and delivery address). If you book an ambulance, we provide the ambulance driver or service with your location and contact info so they can reach you. These providers are only allowed to use your information for the purposes of fulfilling your specific service request and are contractually bound to keep it confidential and secure.

• Third-Party Vendors and Partners: All Samadhan may use third-party companies to support our operations, such as payment gateways, cloud hosting providers, SMS or email communication services, analytics tools, or customer support services. We share only the information necessary for these vendors to perform their functions on our behalf. For example, your payment details may be processed by a licensed payment processor to complete transactions; our cloud service provider will store data on secure servers; or we may use an analytics service that processes usage data (in anonymized form) to help us improve the app. These third-party processors act under our instructions and must protect your data in line with this Privacy Policy and applicable laws.

• Legal Compliance and Safety: We may disclose personal information to government authorities, regulators, law enforcement, or other third parties if required by law or legal process, or if we believe in good faith that such disclosure is reasonably necessary to: 

(a) comply with a legal obligation or governmental request; 

(b) enforce our Terms of Service or other agreements; 

(c) investigate and defend ourselves against any third-party claims or allegations; 

(d) protect the rights, property, or safety of All Samadhan, our users, or the public. 

For instance, we might share information when required by court order, or to report a fraudulent or illegal activity. In all cases, we will ensure that the request is legitimate and share only the minimum data necessary.

• Business Transfers: If All Samadhan is involved in a merger, acquisition, investment, financing due diligence, reorganization, bankruptcy, or sale of all or part of its assets, your data may be transferred to the relevant party as part of that transaction. We will ensure that the new owner or entity continues to uphold the privacy protections outlined in this Policy, and we will notify you (for example, via email or notice on our app) of any change in data ownership or use.

In all instances of sharing, we strive to minimize the data disclosed to what is directly relevant and necessary for the intended purpose. Third parties who receive personal data from us are expected to handle it with a comparable level of protection. We remain responsible for the protection of your information throughout these transfers and require any third-party service providers to adhere to strict confidentiality and data security standards.

5. Children’s Privacy

All Samadhan’s services are not intended for use by children under the age of 18. We do not knowingly collect personal data from individuals under 18 years old without verifiable parental or guardian consent. Our platform is designed for adult users such as patients, caregivers, and service providers who can enter into binding agreements and provide informed consent for data processing. If you are under 18, please do not use the All Samadhan app or provide any personal information without the involvement of a parent or legal guardian.

For parents or guardians, if you become aware that a minor in your care has provided personal data to All Samadhan without your consent, please contact us immediately so that we can take steps to remove the information and terminate the child’s account if applicable. We will promptly delete any personal data collected from a minor under 18 once we verify the situation.

All Samadhan also does not direct any content, marketing, or services to children. We avoid any profiling or targeted advertising to minors in compliance with global best practices for child data protection. If we ever need to process personal data of children for certain services (for example, processing a pharmacy order for a child’s medication under a parent’s request), we will do so only with appropriate parental consent and in compliance with applicable child privacy protection laws.

6. Data Retention and Deletion

All Samadhan retains personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required by law or legitimate business purposes. We have policies in place to ensure that we do not keep personal information longer than needed. In general:

 Active Account Data: For as long as you maintain an account with All Samadhan, we will keep the personal information associated with your account (such as your profile information, order history, etc.) so that we can provide you with services.

Transaction Records: Even if you delete your account or cease using All Samadhan, we may retain certain information about your transactions, orders, and communications for a period of time. This retention could be required for legal compliance (e.g., maintaining records for financial reporting, audits, or dispute resolution) or for safety and fraud prevention. For example, in Bangladesh, financial and accounting regulations may require us to keep payment records for a number of years, and health-related transactions might be retained to comply with pharmacy laws or to address any later inquiries about services provided. Such data will be retained only in a secure manner and accessed only if needed for those purposes.

 Archived and Backups: We maintain secure backups and logs for reliability and security purposes. These may contain your personal data even after it is deleted from our primary systems, for a limited time. We implement strict access controls to such backups. When retention periods expire, we ensure that data is permanently deleted or anonymized in backups as well.

 Deletion Procedure: When you request deletion of your data or when data is no longer needed, we ensure it is safely removed from our systems. Personal data will be erased or anonymized so that you can no longer be identified from it. In some cases, rather than complete deletion, we may anonymize data (for instance, keep aggregated usage statistics that contain no personal identifiers) for analytical purposes. If full deletion is not immediately possible (for example, data stored in encrypted backups), we will securely isolate it and prevent any further use until deletion is feasible.

After account deletion, please note that some information cannot be immediately deleted if it is required to be retained by law. However, such information will not be used for any other purpose than legal compliance. We will also keep a record of your request to delete your data, as required, to demonstrate our compliance.

7. International Data Transfers

All Samadhan primarily operates in Bangladesh, but the personal data we collect may be stored or processed in other countries if necessary (for example, if we use cloud servers or service providers based outside Bangladesh). In the event that personal data is transferred outside of Bangladesh, we take steps to ensure that your data is afforded an equivalent level of protection as required under Bangladeshi law. This means:

• We will only transfer your data to a country or recipient that is subject to adequate data protection standards. For instance, if our server infrastructure or database is hosted in another country, we will ensure that country has robust privacy laws or the hosting provider certifies to international security frameworks.
  
  

• Alternatively, we use contractual agreements (such as standard data protection clauses) or other approved transfer mechanisms to legally safeguard the data during the transfer. These contracts oblige the recipient to protect your personal data according to strict standards, similar to those in Bangladesh.
  
  

• We will inform you in this Privacy Policy about significant cross-border data flows. Currently, our primary data storage is on secure cloud servers [specify location if known, e.g., in Singapore or the EU ]. Regardless of location, we apply the same privacy safeguards to your data.
  
  

• Any cross-border transfer will also comply with the conditions of the Bangladesh Personal Data Protection Ordinance (PDPO) once in force, which requires that the receiving country or organization guarantees similar protection for the personal data. We remain responsible for your information even when it is transferred abroad, and we will promptly address any issues or incidents that might occur during transfer or in the foreign jurisdiction.

By using our services, you understand that your personal data may be transferred to and stored on servers located in a different country than your own. However, such transfers will always be done securely – we employ encryption and secure network protocols to prevent interception of data in transit. If in the future we need to transfer sensitive personal data (like health information) overseas, we will do so only in accordance with legal requirements and will notify you or seek your consent as required.

8. Data Security Measures

We take the security of your personal data very seriously. All Samadhan implements appropriate technical and organizational security measures to safeguard your information from unauthorized access, loss, destruction, or alteration. These measures include:

 Encryption: Sensitive information (such as passwords, financial account details, or payment card information) is encrypted both in transit and at rest. For example, we use industry-standard SSL/TLS protocols to encrypt data exchanged between your device and our servers. Any banking or card details you provide are stored in encrypted form in our database or handled by a PCI-compliant payment processor.

Access Controls: We restrict access to personal data strictly to authorized personnel and service providers who need it to operate our services. All Samadhan staff and partners are bound by confidentiality obligations. We use authentication measures (like strong passwords, two-factor authentication for our internal systems) to prevent unauthorized account access. Service providers (pharmacies, delivery agents, ambulance services) only receive the information necessary for their task and are contractually required to keep it confidential.

Security Testing and Protocols: Our technical team regularly updates and patches our application and servers to protect against security vulnerabilities. We employ firewalls, anti-malware tools, and intrusion detection systems to monitor and defend our network. Periodic security audits and testing (including vulnerability assessments and penetration testing) are conducted to evaluate the strength of our safeguards.

Data Minimization and Anonymization: We follow the principle of collecting the minimum data required for each purpose, which reduces risk. Wherever feasible, we use anonymization or pseudonymization. For example, within our analytics systems, personal identifiers may be removed or replaced with codes so that individual users are not easily identified.

Training and Awareness: We train our employees and partners on data privacy and security best practices, ensuring that everyone who handles personal data is aware of how to protect it. We also have an internal protocol for handling any suspected security incident swiftly and effectively.

Despite our robust measures, no system is 100% secure. We therefore also have a Data Breach Response Plan in place. In the unlikely event of a data breach or unauthorized access to personal data, All Samadhan will immediately contain the incident, mitigate any harm, and investigate the cause. We will notify affected users and the relevant authorities (such as the NDGA in Bangladesh) as required by law, providing information on the nature of the breach and any steps users should take for protection. We continually update our security practices to adapt to new threats and to protect your data at the highest standard.

9. Changes to This Privacy Policy

All Samadhan may update or revise this Privacy Policy from time to time to reflect changes in our services or to comply with new legal requirements. We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If we make any material changes (for example, if we change how we use your personal data or introduce new purposes), we will notify you in a timely manner. We may notify you by prominent notice within the app, by email to your registered address, or by other reasonable means.

The “Last Updated” date at the top of this Policy indicates when the latest changes were made. Your continued use of All Samadhan after any changes to this Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by law. In cases where your consent is required for a change (such as if a new use of your data is introduced that requires consent), we will obtain your consent before that change affects your personal data. If you do not agree with the changes to the Policy, you should stop using the services and may request that your data be deleted.

We maintain an archive of previous versions of this Privacy Policy (available upon request) for transparency. If you have any questions about the changes or would like a clarification, feel free to contact us.

10. Contact Information

If you have any questions, concerns, or complaints regarding this Privacy Policy or how All Samadhan handles your personal data, please contact us:

Email: You can reach our data protection team at support@allsamadhan.com. We typically respond within a few business days.

Customer Support Hotline: Call our support line at [+880 1711-897016] for any urgent issues or to speak with a representative. (Available during business hours)

Mailing Address: (Please check our official website for the most current mailing address and contact information.)

We take all privacy inquiries and complaints seriously. Upon receiving a complaint, we will confirm receipt and work with you to resolve your concerns. If you are not satisfied with our response, you have the right to escalate the matter to the appropriate data protection authority in Bangladesh. However, we hope to address any issue to your satisfaction. Your trust is extremely important to us, and we are fully committed to safeguarding your privacy and providing a safe, reliable service for all users and partners.