⚕ IS360 Technologies · SaMD · CDSCO Regulated

Legal & Compliance Documentation

NeuroSync ERP™ v4.1  ·  Effective: 1 January 2026  ·  IS360 Technologies & Services Pvt. Ltd.

POLICIES
BILLING
COMPLIANCE
Last updated: 18 May 2026Jurisdiction: India (DPDP Act 2023 · ICMR)Classification: SaMD Class B
NeuroSync ERP™ is a Software as a Medical Device (SaMD) regulated under CDSCO guidelines. All data handling is governed by the Digital Personal Data Protection (DPDP) Act, 2023 and ICMR Ethical Guidelines for Biomedical and Health Research.
1

Data We Collect

Clinical Data

  • EEG recordings (EDF, CSV, MAT formats) uploaded for SLDA analysis
  • Patient identifiers: name, age, sex, clinical indication, case ID
  • SLDA outputs: band powers, PAZ score, asymmetry index, KSI, classification
  • Generated clinical reports (Tier 1 / 2 / 3) and SHA-256 audit hashes

Account Data

  • Name, email address, institution affiliation, professional role
  • Login credentials (passwords stored as bcrypt hashes — never plaintext)
  • Session tokens and activity timestamps

Technical Data

  • Browser type, device type, IP address (for security auditing only)
  • Feature usage telemetry (anonymised, aggregated)
We do not collect biometric data beyond EEG signals submitted explicitly by the clinician for analysis.
2

How We Use Your Data

  • Performing SLDA-based EEG analysis and generating clinical reports
  • Maintaining the blockchain audit chain (SHA-256 tamper detection)
  • Role-based access control — ensuring only authorised roles access clinical tiers
  • Platform performance monitoring and bug resolution
  • Regulatory compliance reporting to CDSCO and ICMR
Patient EEG data is never used for model training, advertising, or shared with third parties without explicit institutional consent.
3

Data Storage & Security

LayerProviderRegionStandard
Static hostingAWS S3 + CloudFrontap-south-1 (Mumbai)AES-256
Session dataBrowser sessionStorageClient-side onlyCleared on tab close
Audit chainSubtleCrypto (SHA-256)Client + S3Tamper-evident

All data in transit is encrypted via TLS 1.3. Session data is stored in browser sessionStorage and cleared automatically when the tab closes — no persistent client-side storage of patient data.

4

Your Rights (DPDP Act 2023)

  • Right to access — Request a copy of all personal data held
  • Right to correction — Request correction of inaccurate data
  • Right to erasure — Request deletion (subject to regulatory retention)
  • Right to grievance redressal — 30-day response guarantee via DPO
  • Right to nominate — Nominate a representative to exercise rights

Email privacy@is360.in with your registered email and institution name to exercise any right.

5

Cookies & Tracking

NeuroSync ERP™ uses no third-party tracking cookies. We use browser sessionStorage (not cookies) for session management. No analytics platforms are embedded in the clinical portal.

The public home page may use first-party analytics for visitor counting only — no cross-site tracking.
6

Data Retention

Data TypeRetention PeriodLegal Basis
Session / EEG dataBrowser session onlyDPDP Act s.8(7)
Audit chain hashes7 yearsCDSCO SaMD requirement
Account dataSubscription + 2 yearsContractual
Billing records8 yearsCompanies Act 2013
IS360 Technologies & Services Pvt. Ltd.
privacy@is360.in
30 calendar days
Last updated: 18 May 2026Governing Law: India (Karnataka)Entity: IS360 Technologies & Services Pvt. Ltd.
By accessing NeuroSync ERP™, you confirm you are a licensed healthcare professional or authorised researcher. This platform is not intended for the general public.
1

Acceptance of Terms

By registering for or accessing NeuroSync ERP™, you agree to be bound by these Terms. These Terms apply to all users including Physicians, Therapists, Lab Researchers, Caregivers, and Institutional Admins. If you do not agree, you must not access the platform.

2

Permitted Use & Clinical Scope

  • Upload and analyse EEG files (EDF, CSV, MAT, PDF formats)
  • Generate SLDA-based clinical reports within your RBAC tier
  • Access RBAC-restricted reports consistent with your professional credentials
  • Share reports within your institution for care coordination
Reports are clinical decision support tools only. Final clinical decisions remain the sole responsibility of the treating clinician.
3

Prohibited Activities

  • Sharing login credentials or sessions across multiple users
  • Uploading EEG data without valid patient informed consent
  • Reverse-engineering the SLDA-v4.1 algorithm or audit chain
  • Using the platform for unsupervised autonomous diagnosis
  • Circumventing RBAC controls to access reports beyond your assigned tier
  • Using demo or test accounts in live clinical settings
4

Subscription Plans & Billing

PlanPriceUploads/moReports
Free Trial₹02Tier 1 only
Starter₹2,999/mo20Tier 1 + 2
Professional ⭐₹7,999/mo100All 3 + API
Institutional₹29,999/moUnlimitedAll 3 + 50 users
Channel PartnerCustomUnlimitedAll 3

Subscriptions renew monthly. Cancellation must be requested at least 7 days before renewal. See the Refund Policy for eligible scenarios.

5

Intellectual Property

All algorithms (SLDA-v4.1), visualisations, MRI annotation systems, audit chain architecture, and UI components are the exclusive IP of IS360 Technologies & Services Pvt. Ltd., protected under Indian copyright law.

Generated clinical reports are owned by the subscribing institution and clinician. IS360 Technologies claims no ownership over patient data or reports.

6

Limitation of Liability

IS360 Technologies' total liability shall not exceed subscription fees paid in the 3 months preceding any claim. We are not liable for indirect, consequential, or clinical outcome damages.

We target 99.5% uptime for Professional and Institutional plans but do not warrant uninterrupted availability.

7

Governing Law & Disputes

These Terms are governed by the laws of India. Disputes are subject to the exclusive jurisdiction of courts in Bangalore, Karnataka. IS360 will pursue mediation in good faith before litigation.

Regulatory authority: CDSCO, Ministry of Health & Family Welfare, Government of India.

legal@is360.in
IS360 Technologies & Services Pvt. Ltd.
Bangalore, Karnataka, India
Last updated: 18 May 2026Applies to: All paid subscriptionsCurrency: INR
NeuroSync ERP™ is a SaaS clinical platform. Refunds are assessed case-by-case in accordance with the Consumer Protection Act, 2019 and IT (Intermediary Guidelines) Rules, 2021.
1

Refund Eligibility

Eligible for Full Refund

  • Platform outage exceeding 48 consecutive hours within a paid billing period
  • Double-charge or duplicate billing due to payment processor error
  • Subscription charged after confirmed written cancellation request
  • Plan features materially misrepresented at time of purchase
  • New subscription cancelled within the 7-day cooling-off period before any EEG analysis is performed

Eligible for Pro-Rata Refund

  • Institutional plan downgrade by CDSCO or regulatory directive
  • Clinician's professional registration suspended or revoked (verified)
  • Death of individual account holder (next-of-kin request with documentation)

Not Eligible for Refund

  • Partial-month cancellations — standard subscription policy
  • Dissatisfaction with SLDA outputs — clinical tool limitations are disclosed at onboarding
  • Failure to use the platform during a paid period
  • Accounts suspended for policy violation
  • Free Trial — no charge applies
  • Coupon-discounted plans where net charge was ₹0
2

Refund Process & Timeline

📧
DAY 0 — SUBMIT
Lodge Request
Email billing@is360.in with subject "Refund — [Order ID]", reason, and supporting evidence
🔍
DAY 1–3 — REVIEW
Verification
Billing team verifies against platform logs, payment records, and policy eligibility criteria
DAY 4–7 — RESOLVE
Decision & Credit
Written decision issued. Approved refunds processed to original payment method within 5–7 business days
Bank processing times may add 3–5 business days beyond IS360's window. UPI and wallet refunds are typically faster than card refunds.
3

7-Day Cooling-Off Period

All new paid subscriptions include a 7-calendar-day cooling-off period from the date of first charge, provided:

  • No EEG file has been uploaded and analysed
  • No clinical report has been generated or downloaded
  • The request is submitted in writing before Day 7 ends at 23:59 IST
If any analysis has been performed, the cooling-off period is automatically waived — the core service has been delivered. Demo mode usage does not trigger this waiver.
4

Chargebacks & Payment Disputes

Please contact our billing team before initiating a chargeback. Unjustified chargebacks result in:

  • Immediate account suspension pending investigation
  • Permanent ban if chargeback is found fraudulent
  • Reporting to payment networks in cases of repeated abuse

IS360 Technologies will cooperate fully with payment provider dispute resolution and will supply platform logs as evidence where appropriate.

5

Institutional & Partner Plans

Institutional and Channel Partner plans are governed by a Master Services Agreement (MSA). MSA refund terms supersede this general policy.

Plan TypeRefund WindowContact
Starter / Professional7-day cooling off · then case-by-casebilling@is360.in
InstitutionalPer MSA termsaccounts@is360.in
Channel PartnerPer Partner Agreementpartners@is360.in
billing@is360.in
1 business day
5–7 business days after approval
Last updated: 18 May 2026Applies to: All users & institutionsBusiness hours: Mon–Fri 09:00–18:00 IST
IS360 Technologies is committed to resolving all issues transparently and within defined timelines. This matrix defines who to contact, when to escalate, and what to expect at each tier.
1

Issue Severity Classification

SeverityDefinitionExamplesTarget Response
P1 — CriticalPlatform down or patient data at riskFull outage, data breach, audit chain failure2 hours
P2 — HighMajor feature broken, no workaroundReport generation fails, RBAC bypass, login failure8 hours
P3 — MediumFeature degraded, workaround availableMRI annotation misaligned, slow SLDA, UI glitch48 hours
P4 — LowMinor issue or enhancement requestCosmetic bugs, documentation errors, feature requests5 business days
2

Four-Tier Escalation Path

T1
Tier 1 — Self-Service & In-App Support

First contact. Use the in-portal help, FAQs, and documentation at neurosync-erp.com/docs. Email support@is360.in with full issue details.

Channels: In-app chat · Email support@is360.in · FAQ portal

SLA: P1/P2 — 2–8 hrs · P3/P4 — 48 hrs to 5 days
T2
Tier 2 — Technical Support Engineer

Escalate if T1 fails to resolve within SLA, or if a P1/P2 is not acknowledged within 2 hours. TSE reviews platform logs, session data, and audit chain records.

Escalate to: techsupport@is360.in — include T1 ticket number

SLA: P1 — 2-hr resolution target · P2 — same business day
T3
Tier 3 — Engineering Lead & Product Owner

For unresolved P1/P2 after T2 SLA breach, billing disputes unresolved after 7 days, or any incident involving patient data integrity or audit chain corruption.

Escalate to: lead@is360.in · Subject: "T3 Escalation — [Ticket ID] — [P1/P2]"

SLA: P1 — 4 hrs · P2 — 24 hrs · Billing — 48 hrs
T4
Tier 4 — Director & Regulatory Escalation

Executive escalation for: unresolved data breaches, CDSCO regulatory concerns, institutional MSA contract disputes, or any SaMD compliance failure. Also handles all authority inquiries.

Escalate to: director@is360.in · CDSCO: cdsco.gov.in · DPDP Board: dpboard.gov.in

SLA: P1 breach — immediate · Regulatory — 72 hrs
3

Escalation by Issue Type

Issue TypeStart AtEscalate ToContact
Technical / Platform BugT1T2 → T3support@is360.in
Billing / Refund DisputeT1T2 → T3billing@is360.in
Account Access / RBAC IssueT1T2support@is360.in
Data Breach / Privacy IncidentT3 directT4 immediateprivacy@is360.in
CDSCO / Regulatory ConcernT4 directCDSCO portaldirector@is360.in
Institutional MSA DisputeT3T4accounts@is360.in
Feature Request / FeedbackT1Product teamproduct@is360.in
4

What to Include in Every Escalation

  • Your registered email address and institution name
  • Original ticket or reference number from the previous tier
  • Date and time of the issue (IST timezone)
  • Your user role and subscription plan tier
  • Steps to reproduce the issue, plus any screenshot or screen recording
  • For clinical issues: case ID (e.g. NS-NEO-2026-ELM-001), file format, analysis tier
  • For billing: transaction ID or payment reference number
Never include patient names, dates of birth, or raw EEG data in support emails. Reference by case ID only.
5

Statutory & Regulatory Contacts

AuthorityScopePortal
CDSCOMedical Device complaints, SaMD compliancecdsco.gov.in · sugam.gov.in
Data Protection Board of IndiaDPDP Act 2023 grievancesdpboard.gov.in
ICMRResearch ethics, biomedical EEG studiesicmr.gov.in
State Medical CouncilClinician registration & conductPer clinician's registered state
support@is360.in
techsupport@is360.in
director@is360.in
privacy@is360.in
Last updated: 18 May 2026Required: All registered usersRenewal: Annual re-acceptance required
This Acceptance of Usage confirms you have read, understood, and agree to operate NeuroSync ERP™ within the bounds of clinical ethics, Indian law, and IS360's policies. All items must be confirmed before full platform access is granted.
1

Professional Eligibility Declaration

You must satisfy at least one of the following to register:

RoleEligibility Requirement
Physician / NeonatologistValid registration with MCI / NMC or State Medical Council
Occupational TherapistRegistered with Rehabilitation Council of India (RCI)
Laboratory / ResearcherInstitutional affiliation with a recognised university or hospital
Caregiver / ParentVerified relationship to the patient on record
Institutional AdminAuthorised representative of a CDSCO-registered medical institution
Providing false credentials is a violation of the Information Technology Act, 2000 (s.66C — Identity fraud) and may result in criminal prosecution and permanent platform ban.
2

Clinical Use Obligations

  • You will obtain valid informed consent from patients (or guardians for minors/neonates) before uploading any EEG data
  • You will use SLDA outputs only as a clinical decision support tool — not as a standalone diagnostic conclusion
  • You will document your independent clinical judgement alongside any NeuroSync-generated report in the patient's medical record
  • You will not share Tier 3 IRT reports with patients or caregivers without the supervising physician's approval
  • You will report any unexpected or clinically concerning SLDA outputs to IS360 via the in-portal feedback mechanism
3

Data Handling Obligations

  • You will not upload EEG files containing patient PII beyond what is strictly necessary for clinical analysis
  • You will not store, screenshot, or export raw session data to unsecured personal devices
  • You will immediately notify IS360 at privacy@is360.in if you suspect a data breach or unauthorised access
  • You acknowledge that data processing occurs within Indian territory (AWS ap-south-1, Mumbai)
4

Account Security Obligations

  • You will not share login credentials with any other person
  • You will use a password meeting the platform's strength requirements and change it if you suspect compromise
  • You will log out when using shared or public devices
  • You will not use VPNs or proxies to misrepresent your geographic location during clinical use
  • Institutional admins must promptly de-provision access when a team member leaves the institution
5

Regulatory Compliance Obligations

  • You acknowledge that NeuroSync ERP™ is CDSCO-regulated SaMD Class B and its outputs carry regulatory implications
  • You will not modify, alter, or tamper with generated reports after the SHA-256 audit chain is sealed
  • You will cooperate with IS360 in any CDSCO inspection involving reports generated on your account
  • You will notify IS360 if your professional licence, registration, or institutional affiliation changes
Annual re-acceptance of these terms is mandatory for continued access. You will receive an email 30 days before re-acceptance is due.
6

Consequences of Breach

Breach TypeImmediate ActionFurther Action
Credential sharing or unauthorised accessAccount suspensionTermination + legal referral if harm occurred
Upload of non-consented patient dataData purge + suspensionNotification to DPDP Board & ICMR
Report tamperingAudit chain flagged + suspensionCDSCO notification + criminal referral
False credentialsImmediate banIT Act s.66C prosecution
Unjustified chargebackAccount holdPermanent ban if fraud confirmed

📋 Formal Acceptance — All Items Required

I confirm I am a licensed healthcare professional or authorised researcher and that the credentials I provided during registration are accurate and current.
I understand that NeuroSync ERP™ outputs are clinical decision support tools only and will not substitute for my independent clinical judgement.
I will obtain valid patient informed consent before uploading any EEG data, in accordance with ICMR guidelines and applicable state law.
I have read and agree to the Privacy Policy, Terms of Use, Refund Policy, and Escalation Matrix of IS360 Technologies & Services Pvt. Ltd.
I acknowledge that my acceptance is cryptographically logged in the NeuroSync audit chain and may be presented to CDSCO or ICMR in regulatory proceedings.