Get A Free Consultation

Privacy Policy

Effective Date: 21 February 2026 

This Privacy Policy (“Policy”) governs the collection, use, storage, sharing, and protection of personal data by Planswell Insurance Brokers Pvt. Ltd. (“Planswell”, “we”, “us”, or “our”), operating through the website www.planswellib.com and associated digital platforms.

We are registered with the Insurance Regulatory and Development Authority of India (“IRDAI”) as an Insurance Broker and are committed to handling your personal information in accordance with the Information Technology Act, 2000, and all applicable data protection legislation in India.

By accessing this website, submitting a form, or engaging our services, you confirm that you have read and understood this Policy and consent to the practices described herein.

1. Who We Are

Planswell Insurance Brokers Pvt. Ltd. is incorporated under the Companies Act, 2013, and registered as a Direct Broker (General & Life) with the IRDAI.

For all privacy-related queries, you may contact our designated Grievance Officer at aayush@planswellib.in or +91 9910901857.

2. Information We Collect

We collect information to provide you with accurate insurance advisory, policy recommendations, risk audits, and claims support. The categories of data we collect include:

2.1 Information You Provide Directly

  • Full name, date of birth, and gender
  • Contact information including email address, mobile number, and postal address
  • Financial information such as income range, existing liabilities, or asset values (required for insurance needs assessment)
  • Health information, including pre-existing conditions, medical history, or disability details, when required for health, life, or critical illness insurance
  • Business information, including company name, turnover, number of employees, industry sector, and regulatory status
  • Details of existing insurance policies, including insurer names, premium amounts, and coverage terms
  • Government-issued identification documents such as PAN Card, Aadhaar, passport, or GSTIN, where required for KYC compliance
  • Payment details, including bank account or UPI information for premium processing (processed via secured payment gateways; we do not store card data)

2.2 Information Collected Automatically

  • IP address, browser type, device type, and operating system
  • Pages visited, time spent, clickstream data, and referral URLs
  • Cookies, web beacons, and similar tracking technologies (see Section 9)
  • Geolocation data (city or region level, based on IP)

2.3 Information from Third Parties

  • Data from insurance companies we work with, including premium quotes, policy documents, and underwriting decisions
  • KYC data from regulatory databases, where permitted
  • Information from referral partners or aggregator platforms, where you have consented to data sharing with us

3. How We Use Your Information

We process your personal data for the following legitimate purposes:

3.1 Core Service Delivery

  • Assessing your insurance requirements and conducting risk audits
  • Generating personalised insurance recommendations and comparative quotes
  • Facilitating policy applications, endorsements, renewals, and cancellations on your behalf
  • Providing claims support, including documentation assistance, insurer coordination, and settlement follow-up
  • Conducting KYC verification as mandated by IRDAI and applicable regulations

3.2 Communication and Support

  • Responding to enquiries submitted via web forms, email, phone, or WhatsApp
  • Sending policy-related updates, renewal reminders, and claim status notifications
  • Providing advisory communications including risk alerts, regulatory changes, and coverage recommendations
  • Sharing newsletters, educational content, and insurance insights (you may opt out at any time)

3.3 Business Operations and Compliance

  • Maintaining broker records as required under the IRDAI (Insurance Brokers) Regulations, 2018
  • Conducting internal audits, fraud prevention, and regulatory reporting
  • Improving our website, services, and advisor performance through analytics
  • Legal, regulatory, and statutory obligations including tax filings and dispute resolution

4. Legal Basis for Processing

Under Indian law, we process your personal data on one or more of the following bases:

  • Your explicit consent when you submit a form, request a quote, or sign up for communications. Consent:
  • Processing required to deliver the insurance services you have requested from us. Contractual Necessity:
  • Compliance with IRDAI regulations, Income Tax Act, Anti-Money Laundering laws, and other statutory requirements. Legal Obligation:
  • Improving our services, preventing fraud, and maintaining client relationships, provided these interests do not override your privacy rights. Legitimate Interests:

Where your data falls within the definition of “Sensitive Personal Data or Information” under the SPDI Rules (including health, financial, and biometric data), we will always seek your explicit written consent prior to collection.

5. Sharing of Your Information

Planswell does not sell, rent, or trade your personal data to third parties for marketing purposes. We may share your information in the following limited circumstances:

5.1 Insurance Companies and Underwriters

We share relevant personal and risk data with licensed insurers and reinsurers solely for the purpose of obtaining quotes, binding coverage, processing endorsements, and settling claims. This sharing is inherent to insurance brokerage and is disclosed to you at the point of engagement.

5.2 Regulatory and Government Authorities

We may be required to disclose your information to IRDAI, the Income Tax Department, Financial Intelligence Unit (FIU-IND), or other statutory bodies in response to lawful requests, court orders, or mandatory reporting obligations.

5.3 Technology and Service Providers

We engage carefully selected third-party vendors to support our operations, including:

  • Cloud hosting and data storage providers (operating within India or with adequate data protection safeguards)
  • CRM and communication platforms
  • Payment gateway operators (compliant with PCI-DSS standards)
  • Analytics and website optimisation tools

All such vendors are bound by data processing agreements that restrict the use of your data to the purposes for which it was shared and require them to maintain appropriate security standards.

5.4 Professional Advisors

We may share data with legal counsel, auditors, or compliance consultants on a strictly need-to-know basis and under obligations of confidentiality.

5.5 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business, your data may be transferred to the successor entity. You will be notified of any such transfer and any change in the applicable privacy terms.

6. Sensitive Personal Data (SPDI)

Certain information we collect — specifically health data, financial information, and government ID details — is classified as Sensitive Personal Data or Information (SPDI) under the IT Rules, 2011. In handling such data, we observe the following additional safeguards:

  • SPDI is collected only with your explicit, informed, written consent
  • It is used exclusively for the purpose for which consent was obtained
  • You may withdraw consent for SPDI processing at any time, subject to any regulatory obligations that require us to retain it
  • SPDI is not shared with third parties except as described in Section 5, and only with your consent or under legal compulsion
  • Special category data relating to health is shared with insurers only to the extent required for underwriting or claims, and no further

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

  • Client engagement data (enquiries, quotations, and correspondence): 3 years from last contact
  • Active policy records and supporting documentation: For the full policy term plus 5 years thereafter
  • Claims-related data: 7 years from final settlement, in accordance with insurance regulatory requirements
  • KYC documents and identity verification records: 5 years from the date of last transaction, as required under PMLA, 2002
  • Financial transaction records: 8 years as per the Income Tax Act, 1961
  • Website analytics and log data: 12 months on a rolling basis

Upon expiry of the applicable retention period, data is securely deleted or anonymised such that it can no longer be linked to you as an individual.

8. Your Rights

As a data principal under applicable Indian law, you have the following rights with respect to your personal data held by Planswell:

  • You may request a copy of the personal data we hold about you and information about how it is used. Right to Access:
  • You may request that we correct inaccurate or incomplete personal data. Right to Correction:
  • You may withdraw consent for processing at any time, subject to legal and contractual obligations. Withdrawal will not affect the lawfulness of processing prior to withdrawal. Right to Withdrawal of Consent:
  • You have the right to raise a complaint regarding the use of your personal data, which we will address within 30 days of receipt. Right to Grievance Redressal:
  • Where technically feasible, you may request your data in a structured, commonly used format for transfer to another service provider. Right to Data Portability:
  • You may request deletion of your personal data where there is no lawful basis for its continued retention, subject to our regulatory obligations. Right to Erasure:

To exercise any of these rights, please write to us at info@planswellib.in with the subject line “Data Privacy Request”. We will acknowledge your request within 72 hours and resolve it within 30 days.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse site usage. The types of cookies we use are:

  • Required for the basic functioning of the website, including form submissions and session management. These cannot be disabled without affecting core functionality. Essential Cookies:
  • Used to understand how visitors interact with the site (e.g., pages visited, time spent, traffic sources). Data is aggregated and does not identify individuals. Analytics Cookies:
  • Enable personalisation features such as remembering your preferences or pre-filling form fields. Functional Cookies:
  • May be used to serve relevant communications about our services. We do not sell this data to advertisers. Marketing Cookies:

You may manage your cookie preferences through your browser settings at any time. Disabling certain cookies may limit the functionality of the website. Where required by law, we will obtain your consent before placing non-essential cookies.

10. Data Security

We implement industry-standard technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These measures include:

  • SSL/TLS encryption for all data transmitted between your browser and our servers
  • Encrypted storage of sensitive data at rest
  • Role-based access controls, ensuring only authorised personnel can access client data
  • Multi-factor authentication for internal systems
  • Regular security assessments, vulnerability testing, and penetration testing
  • Staff training on data protection obligations and secure data handling practices
  • Vendor due diligence to ensure third-party processors maintain equivalent standards

Despite these measures, no digital system is entirely immune to risk. In the unlikely event of a data breach that poses a significant risk to your rights or interests, we will notify you and the relevant regulatory authorities in accordance with applicable law, without undue delay.

11. Cross-Border Data Transfers

Our primary operations are based in India and we endeavour to process and store data within India wherever possible. In cases where we engage with internationally hosted platforms (such as cloud services or analytics tools), data transfers outside India are conducted only where:

  • The recipient country provides an adequate level of data protection as recognised under Indian law
  • Appropriate safeguards (such as standard contractual clauses) are in place with the recipient organisation
  • Your explicit consent has been obtained for the transfer

We do not share your personal data with overseas insurance companies unless you have specifically requested a product that requires international underwriting (e.g., Global Health Insurance or Marine Cargo Insurance for international trade).

12. Children’s Privacy

Our services are not directed to individuals under the age of 18 years. We do not knowingly collect personal data from minors without the consent of a parent or legal guardian.

If a policy is being taken out to cover a minor (e.g., a child health plan or a term policy with a minor nominee), the application and data are submitted by the adult policyholder, and all consents are obtained from them in their capacity as the child’s guardian.

If we become aware that we have inadvertently collected personal data from a minor without appropriate consent, we will take immediate steps to delete such data.

13. Third-Party Links

Our website may contain links to external websites, including insurer portals, regulatory sites, and informational resources. This Policy applies solely to data collected by Planswell through our own website and platforms. We are not responsible for the privacy practices of third-party websites and encourage you to review their respective privacy policies before submitting any personal information.

14. Marketing Communications

With your consent, we may send you communications about our services, new insurance products, risk advisory content, and regulatory developments. You may opt out of marketing communications at any time by:

  • Clicking the “Unsubscribe” link in any email communication
  • Sending an opt-out request to aayush@planswellib.in
  • Calling our advisory line at +91 9910901857

Opting out of marketing will not affect transactional communications related to your active policies or ongoing service engagements, which we are obligated to send.

15. Grievance Redressal

In accordance with the Information Technology Act, 2000, and the Consumer Protection (E-Commerce) Rules, 2020, we have designated a Grievance Officer for privacy-related matters:

Grievance Officer: Aayush Kumar Juneja (Co-Founder & COO)

Email: aayush@planswellib.in

Phone: +91 9910901857

All complaints received will be acknowledged within 72 hours and addressed within 30 days of receipt. If you are not satisfied with our response, you may escalate your grievance to the IRDAI or the National Consumer Helpline.

17. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. When we make material changes, we will:

  • Update the Effective Date at the top of this document
  • Post a notice on our website homepage for a period of at least 30 days
  • Notify active clients by email where the changes materially affect how we process their data

Your continued use of our website or services after the effective date of any update constitutes your acceptance of the revised Policy.

18. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located in New Delhi, India.

Get In Touch