Privacy Policy

Privacy Policy

Privacy Policy

Last updated 17th June, 2026

Objective

This Privacy Policy ("Policy") outlines the approach undertaken by Ashta Therapeutics Private Limited ("Company" or "We" or "Us"), a company established under the laws of the Republic of India, having its registered office at 601/602, Nilamber Triumph, Gotri, Vadodara, Gujarat, India, for collecting, processing, and safeguarding personal information in compliance with relevant privacy laws.

The Policy aims to define the standards and practices by which the Company manages personal data, ensuring that the data is handled responsibly and securely. This Policy is designed to establish transparency in data practices, ensuring compliance with applicable privacy laws in the Republic of India or as may be applicable to the Company from time to time, while prioritizing data integrity and user trust.

By providing any data to the Company, the user agrees to the terms outlined under this Policy. If you do not agree, please discontinue the use of our services. For assistance with any queries, the user may contact the Company through: contact@ashtatx.com

Applicability

This Policy applies to all individuals engaging with the Company. It provides an overview of the practices of the Company for collecting, processing, and managing personal data.

Categories of Personal Data Collected

The Company may obtain the following categories of personal data from individuals via several modes, including but not limited to when individuals sign up for our services, request assistance from our customer support team, complete surveys, subscribe to newsletters, request information, participate in contests, apply for employment opportunities, and/or through other situations including those described in this Policy:

  • personal information, including name, professional/academic designation, and institutional, university, or corporate affiliation, father's or husband's name, age, gender, Aadhaar number, PAN number, and other similar identifying details of the individual;

  • contact data, including corporate email address, telephone/mobile number, and geographical location;

  • communication data, including the raw text content of your query and any digital attachments uploaded through our portal;

  • technical data, including Internet Protocol (IP) address, browser type, and time-stamp logs collected via necessary functional cookies;

  • nominee details provided for Employee Provident Fund (EPF), Gratuity, and other employment-related benefits or accounts; and

  • supporting documents submitted for verification purposes, such as identity proof, address proof, and other KYC-related documents.

Data Collection from Minors and Persons with Disabilities

It is the policy of the Company to never knowingly collect or maintain information about anyone under the age of 18 (Eighteen) years or a person with disability, except where consent from the parents or legal guardians, as the case may be, forms the basis of processing.

In the event that we become aware that we have collected personal data from a user under the age of 18 (Eighteen) years or from a person with disability, we will promptly take reasonable steps to delete the data from our records.

If you believe we may have inadvertently collected information from a minor, please contact us at contact@ashtatx.com.

Methods of Processing Personal Data

The Company takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the personal data. Personal data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Company, in some cases, the personal data may be accessible to certain types of persons in charge, involved with the operation of this website (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by the Company.

Grounds for Processing Personal Data

We may rely on the following lawful reasons when collecting and using personal data to operate our business and provide our products and services:

Consent: We may rely on your freely given consent at the time you provide your personal data to us. By checking the mandatory consent box, you provide unconditional, specific, informed, and unambiguous consent for the processing of your data for the purposes listed below. You may withdraw, and/or review your consent at any time by contacting us at contact@ashtatx.com.

Legitimate use: Personal data may be processed by us for any of the following uses, namely:

  • for the specified purpose for which you have voluntarily provided your personal data and in respect of which you have not indicated to us that you do not consent to the use of your personal data;

  • for evaluating, authenticating, and responding to potential research collaborations, licensing inquiries, vendor associations, or strategic business partnerships;

  • for processing inbound requests from academic institutions or corporate partners regarding our drug discovery pipeline;

  • for maintaining an internal log of business-to-business (B2B) communications for compliance, audit, legal and contractual requirements and corporate governance;

  • for furthering our legitimate business interests including (i) to prevent, identify, investigate and deter fraudulent, harmful, unauthorised, unethical or illegal activity, including cyberattacks and identity theft and (ii) to facilitate merger, consolidation, transfer of control, sale of all or substantially all of the assets of the Company or potential fundraise;

  • for fulfilling any obligation under any law for the time being in force in the Republic of India on any person to disclose any information to the appropriate Government or any of its instrumentalities, subject to such processing being in accordance with the provisions regarding disclosure of such information in any other law for the time being in force;

  • for compliance with any judgment, decree or order issued under any law for the time being in force in the Republic of India, or any judgment or order relating to claims of a contractual or civil nature under any law for the time being in force outside the Republic of India; and

  • for the purposes of employment or those related to safeguarding the employer from loss or liability, such as prevention of corporate espionage, maintenance of confidentiality of trade secrets, intellectual property, classified information or provision of any service or benefit sought by a user who is an employee.

Purpose of Collecting Personal Data

We aspire to be transparent when we collect and use your personal data and tell you why we need it, which typically includes performing the following functions:

Regarding employment related matters:

  • for Know Your Customer (KYC) verification of employees engaged or proposed to be engaged by the Company;

  • for registration of employees with statutory authorities, including but not limited to the Employees' Provident Fund Organisation (EPFO) and the Employees' State Insurance Corporation (ESIC);

  • for deduction and deposit of income tax and other statutory contributions as may be applicable;

  • for submission of documents required for opening of salary or reimbursement bank accounts; and

  • for nomination of dependents and other nominees, wherever required under applicable laws or internal policies.

Regarding customer related matters:

  • for Know Your Customer (KYC) verification as required under applicable laws and internal compliance policies;

  • for processing payments, refunds, or reimbursements; and

  • for compliance with applicable legal, regulatory, and audit requirements.

Sharing Personal Data with Third Parties

We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. These recipients are contractually bound to safeguard the data we entrust to them and shall ensure the same level of data protection that is adhered by us. We may engage with several or all of the following categories of recipients:

  • parties that support us as we provide our services;

  • professional advisers, including lawyers, auditors and insurers;

  • parties that provide us support with anti-money laundering, client conflicts and independent checks;

  • law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation;

  • governmental agencies or other companies assisting us in fraud prevention or investigation;

  • payment, marketing and recruitment service providers; and

  • parties involved in investing in the Company or transfer of the business of the Company including mergers, the sale of company assets, financing, or acquisitions of all or a portion of business to another entity.

Data Protection Rights

We are processing your personal data and we acknowledge your rights pertaining to such data, including:

  • Right to access information about your personal data: You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.

  • Right to correct, complete, update and delete personal data: You can ask us to correct or update our records if you believe they contain incorrect or incomplete information about you. Further, you can ask us to remove or delete your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.

  • Right to Grievance Redressal: You have the right to readily available means of grievance redressal in respect of any act or omission regarding the performance of our obligations in relation to the processing of your personal data, or the exercise of your rights under applicable law. You can write to us at contact@ashtatx.com for redressal of any grievances in this regard. We shall respond to you within a reasonable time period, in accordance with applicable law.

  • Right to nominate in the event of death or incapacity: You may nominate an individual who shall, in the event of your death or incapacity, exercise the rights vested with you with respect to processing of your personal data by the Company.

  • Right to Withdraw Consent: You can withdraw consent previously given for one or more specified purposes. The consequences of the withdrawal shall be borne by you, and such withdrawal shall not affect the legality of processing based on consent provided prior to withdrawal. To exercise this right, write to us at contact@ashtatx.com. We may need to request specific information to confirm your identity and ensure your right to access the information or exercise any of your rights, so that personal data is not disclosed to any person who has no right to receive it. Depending on the circumstances, we may be unable to comply with your request on other lawful grounds, in which case this will be communicated to you.

Personal Data Security

We have put in place appropriate technical and organizational measures to comply with our obligations to safeguard your personal data. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.

Timeline for Data Retention

The Company shall retain personal data only as long as necessary to fulfil the purposes outlined in this Policy, or for longer if required under applicable law (such as tax, accounting, or other legal obligations). Once the data is no longer required, the data will be securely deleted or anonymized. However, if deletion is not immediately possible (for example, due to storage in backup archives), we will securely store your information and isolate it from any further processing until deletion becomes feasible.

Data Breach Notification

In the event of a data breach involving your personal information, the same will be informed to the board of directors of the Company, within 72 (Seventy Two) hours of the occurrence of such breach or such shorter period as may be required under applicable law, along with such details as required under applicable laws. Further, we will take reasonable steps to notify affected individuals and implement measures to contain and mitigate the impact. We may also notify regulatory authorities in accordance with applicable laws and industry standards.

Severability

If any court or competent authority finds that any provision of this Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part of the provision shall, to the extent required, be deemed to be deleted, and the validity and enforceability of the remaining provisions of this Policy shall not be affected.

Grievance / Right to Lodge a Complaint

In the event you think your personal data is not processed in line with this Policy or applicable laws, or if you have questions regarding your privacy rights, please contact our designated Grievance Officer:

Name: Dr. Abishek Iyer, Grievance Officer and Chief Executive Officer

Email: contact@ashtatx.com

Address: Ashta Therapeutics Private Limited, 601/602, Nilamber Triumph, Gotri, Vadodara, Gujarat, India

Changes to the Policy

The Company expressly reserves at its sole discretion, the right to modify this Policy at any time without prior notice to the users. In the event of significant changes being made to the Policy, we will notify you via email.

Contact Us — If you have any questions or concerns about this Policy, you can reach us at contact@ashtatx.com, or write to us at 601/602, Nilamber Triumph, Gotri, Vadodara, Gujarat, India.