Privacy Policy
Last updated: 28 May 2026
This Privacy Policy explains how MarketsHost collects, uses, stores, and protects your personal data when you use the BioPharma Intelligence Hub. This policy complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.
1. Data Controller
MarketsHost, a private limited company registered in Chennai, Tamil Nadu, India, is the Data Fiduciary (as defined under the DPDP Act, 2023) responsible for processing your personal data through the BioPharma Intelligence Hub ("Platform").
For questions or concerns regarding your personal data, contact our Grievance Officer (see Grievance Officer page).
2. What Data We Collect
2.1 Data You Provide Directly
| Data Type | When Collected | Purpose |
|---|---|---|
| Email address | When you subscribe to catalyst alerts or newsletters | Sending regulatory event notifications and alerts |
| Alert preferences | When you configure alert settings | Customizing notifications (e.g., event types, companies) |
| Contact information | When you submit a grievance or inquiry | Responding to your query and maintaining records as required by law |
2.2 Data Collected Automatically
| Data Type | How Collected | Purpose |
|---|---|---|
| IP address (anonymized) | Server logs | Security monitoring, geographic content delivery |
| Browser type and version | HTTP headers | Ensuring compatibility and optimal rendering |
| Pages visited, timestamps | Server logs and analytics | Understanding usage patterns and improving the Platform |
| Device type and screen size | Analytics scripts | Responsive design optimization |
| Referring URL | HTTP headers | Understanding traffic sources |
3. Purpose of Data Collection
We collect and process personal data for the following lawful purposes under the DPDP Act, 2023:
- Service delivery: To provide you with access to the Platform, including personalized alerts and notifications
- Communication: To send regulatory event alerts, catalyst notifications, and service-related updates that you have opted into
- Platform improvement: To analyze usage patterns, diagnose technical issues, and improve the user experience
- Security: To detect and prevent fraud, unauthorized access, and abuse of the Platform
- Legal compliance: To comply with applicable laws, regulations, and legal processes
4. Legal Basis for Processing
Under the DPDP Act, 2023, we process your personal data based on:
- Consent: For email subscriptions and alert services, we obtain your explicit consent at the time of collection. You may withdraw consent at any time.
- Legitimate uses: For security monitoring, analytics, and platform functionality, we process data as permitted under Section 7 of the DPDP Act for legitimate uses without explicit consent.
- Legal obligation: Where required to comply with Indian law, including the Information Technology Act, 2000, and IT Rules, 2021.
5. How Data Is Stored and Protected
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption: All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted.
- Access control: Access to personal data is restricted to authorized personnel on a need-to-know basis.
- Infrastructure: Our servers are protected by Cloudflare Web Application Firewall (WAF), DDoS protection, and regular security monitoring.
- Incident response: We maintain procedures for detecting, reporting, and responding to data breaches in accordance with DPDP Act requirements.
While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.
6. Cookie Usage
The Platform uses the following types of cookies:
- Essential cookies: Required for basic Platform functionality, including session management and security. These cannot be disabled.
- Analytics cookies: Used to understand how visitors interact with the Platform (e.g., pages visited, time spent). These help us improve the service.
- Preference cookies: Store your alert preferences and display settings for a better experience on return visits.
We do not use advertising cookies or tracking cookies for behavioral targeting. You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.
7. Third-Party Services
We use the following third-party services that may process your data:
- Cloudflare: Content delivery, DDoS protection, and web application firewall. Cloudflare may process IP addresses and request headers. (Cloudflare Privacy Policy)
- Google Fonts: Web font delivery. Google may collect IP addresses when fonts are loaded. (Google Privacy Policy)
- Google Gemini (AI): Used for generating pipeline summaries and data analysis. We do not send personal user data to Google Gemini; only publicly available pharmaceutical and regulatory data is processed.
We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.
8. Cross-Border Data Handling
Your personal data is primarily stored on servers located in data center facilities that serve the Indian market. However, due to the nature of our service and infrastructure:
- Some data may be processed by Cloudflare through their global network of data centers
- Data from U.S. government sources (FDA, SEC, ClinicalTrials.gov) is fetched from servers in the United States
- Google services (Fonts, Gemini AI) may process requests through servers outside India
Where personal data is transferred outside India, we ensure that adequate safeguards are in place as required under Section 16 of the DPDP Act, 2023, and any rules notified by the Central Government regarding cross-border data transfers.
9. Your Rights Under the DPDP Act, 2023
As a Data Principal, you have the following rights under the DPDP Act, 2023:
- Right to access: You have the right to obtain a summary of your personal data being processed and the processing activities undertaken (Section 11).
- Right to correction and erasure: You have the right to request correction of inaccurate or misleading personal data, completion of incomplete data, updating of outdated data, and erasure of personal data that is no longer necessary for the purpose for which it was collected (Section 12).
- Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal (Section 6(5)).
- Right to grievance redressal: You have the right to have your grievances addressed by our Grievance Officer (Section 13).
- Right to nominate: You have the right to nominate another individual to exercise your rights in the event of your death or incapacity (Section 14).
To exercise any of these rights, please contact our Grievance Officer.
10. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Email subscriptions: Retained until you unsubscribe or request deletion
- Server logs: Retained for a maximum of 90 days, then automatically purged
- Analytics data: Retained in aggregated, anonymized form for up to 24 months
- Grievance records: Retained for 5 years as required under Indian IT Rules
When personal data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.
11. Children's Data
The BioPharma Intelligence Hub is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete such data. If you believe a child has provided us with personal data, please contact our Grievance Officer.
12. Data Breach Notification
In the event of a personal data breach that is likely to cause harm to Data Principals, MarketsHost will:
- Notify the Data Protection Board of India as required under the DPDP Act, 2023
- Notify affected Data Principals without undue delay
- Take immediate remedial action to contain and mitigate the breach
- Maintain records of all data breaches and remedial actions taken
13. Contact for Privacy Concerns
For any questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, please contact:
- Grievance Officer, BioPharma Intelligence Hub
- Email: [email protected]
- Address: MarketsHost, Chennai, Tamil Nadu, India
We will acknowledge your request within 24 hours and endeavor to resolve it within 15 days.
14. Changes to This Privacy Policy
MarketsHost reserves the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated "Last updated" date. Where changes are material, we will take reasonable steps to notify users (such as a notice on the Platform or an email to registered users). Continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.