HomePrivacy Policy

Privacy Policy

CUBEXLE Solutions Private Limited
Effective Date: October 25, 2025
Last Updated: November 7, 2025

INTRODUCTION

CUBEXLE Solutions Private Limited (“CUBEXLE,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal information entrusted to us. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you visit our website (www.cubexle.com), use our services, or interact with us in the course of our medical-legal service operations.

As a provider of medical record review services, litigation support services, independent medical examination (IME) coordination, and related medical-legal services, CUBEXLE handles sensitive personal and health information. We recognize our responsibility to maintain the highest standards of data protection, privacy, and regulatory compliance.

This Privacy Policy applies to all personal data processed by CUBEXLE, including information collected directly from you, information provided by our clients, and information obtained from authorized third parties. We encourage you to review this policy periodically as we reserve the right to update it to reflect changes in our practices, technology, legal requirements, or other operational factors.

By using CUBEXLE’s services, accessing our website, or providing us with your information, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to our collection, use, and disclosure of your information as described herein.

SCOPE AND APPLICABILITY

This Privacy Policy applies to

  • Website Visitors: Individuals who visit www.cubexle.com
  • Service Users: Clients, attorneys, insurance companies, healthcare providers, and other entities who engage our services
  • Data Subjects: Individuals whose personal or health information we process in the course of providing services to our clients
  • Job Applicants: Individuals who submit employment applications through our careers portal
  • Business Partners: Vendors, consultants, and other third parties with whom we have business relationships

This policy covers all personal data processed by CUBEXLE in India and any other jurisdictions where we operate, including data transferred across borders in accordance with applicable data protection laws.

INFORMATION WE COLLECT

Information Collected Directly from You

When you interact with CUBEXLE, we may collect

  • Contact Information: Name, email address, phone number, mailing address, business address
  • Professional Information: Company name, job title, professional credentials, medical licenses, legal bar admissions
  • Account Information: Username, password, security questions, authentication credentials
  • Communication Data: Content of emails, chat messages, phone calls, and other correspondence with us
  • Job Application Data: Resume, cover letter, educational qualifications, professional experience, references, certifications
  • Payment Information: Billing address, payment method details (processed through secure third-party payment processors)
  • Website Usage Data: IP address, browser type, device information, pages visited, time spent on pages, referring website

Information Collected in the Course of Service Delivery

When providing medical-legal services to our clients, we may process

  • Protected Health Information (PHI): Medical records, treatment histories, diagnostic reports, test results, provider notes, prescriptions, IME reports
  • Personal Identifiers: Name, date of birth, Social Security number, medical record numbers, insurance policy numbers
  • Case-Related Information: Legal case details, claim information, injury or illness descriptions, treatment timelines
  • Provider Information: Healthcare provider names, facility information, treatment dates, medical opinions
  • Expert Information: Medical expert qualifications, testimony, opinions, and reports

Important Note: CUBEXLE collects and processes this information only when authorized by our clients and when we have obtained appropriate written consent or legal authorization from the data subject, their legal representative, or as permitted by applicable law.

Information from Third-Party Sources

We may receive information from

  • Client Organizations: Law firms, insurance companies, healthcare facilities, government agencies
  • Healthcare Providers: Hospitals, clinics, physicians, specialists providing medical records
  • Public Records: Court documents, regulatory filings, publicly available professional credentials
  • Third-Party Service Providers: Technology vendors, payment processors, background check services (for employment)
  • Web Analytics: Google Analytics, website tracking tools (anonymized and aggregate data)

LEGAL BASIS FOR PROCESSING PERSONAL DATA

CUBEXLE processes personal data based on the following legal grounds, in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable regulations

Consent

Where you have provided explicit, free, informed, specific, and unambiguous consent for us to process your personal data for defined purposes

Contractual Necessity

Processing necessary to fulfill our contractual obligations to clients and service users, including:

  • Delivering medical record review and litigation support services
  • Processing payments and managing accounts
  • Providing customer support and responding to inquiries

Legal Obligations

Processing required to comply with legal or regulatory obligations, including:

  • Responding to court orders, subpoenas, or government requests
  • Meeting HIPAA, state privacy laws, and healthcare compliance requirements
  • Fulfilling retention requirements under applicable laws
  • Cooperating with regulatory investigations

Legitimate Interests

Processing necessary for our legitimate business interests, provided such processing does not
override your fundamental rights and freedoms, including:

  • Fraud prevention and security measures
  • Network and information security
  • Business analytics and operational improvements
  • Marketing and business development (with appropriate opt-out mechanisms)

Vital Interests

Processing necessary to protect the vital interests of individuals, including medical emergencies or situations involving threats to life or safety

HOW WE USE YOUR INFORMATION

Service Delivery

We use personal data to

  • Provide medical record review, analysis, and litigation support services
  • Coordinate independent medical examinations and expert witness services
  • Prepare medical chronologies, summaries, and legal documentation
  • Retrieve and organize medical records from multiple sources
  • Conduct medical bill reviews and life care planning
  • Facilitate communication between clients, medical experts, and other stakeholders
  • Generate reports, analyses, and deliverables as specified in client contracts

Business Operations

We use personal data to

  • Process payments and manage billing
  • Maintain customer accounts and service records
  • Respond to inquiries and provide customer support
  • Conduct quality assurance and service improvement initiatives
  • Train staff and ensure compliance with quality standards
  • Manage vendor relationships and third-party service providers

Legal and Compliance

We use personal data to

  • Comply with applicable laws, regulations, and legal processes
  • Respond to lawful requests from courts, government agencies, and regulatory authorities
  • Enforce our terms of service and protect our rights and property
  • Investigate and prevent fraud, security breaches, and prohibited activities
  • Maintain required records and documentation for audit purposes
  • Ensure HIPAA compliance and adherence to healthcare privacy standards

Marketing and Business Development (With Consent)

We may use contact information to

  • Send newsletters, industry updates, and service announcements
  • Provide information about new services, features, or offerings
  • Conduct customer satisfaction surveys
  • Invite participation in webinars, events, or educational programs

You may opt out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting our Data Privacy Officer.

Website Analytics and Improvement

We use website usage data to

  • Analyze website traffic and user behavior
  • Improve website functionality, design, and user experience
  • Troubleshoot technical issues and optimize performance
  • Develop new features and services based on user needs

HOW WE SHARE YOUR INFORMATION

CUBEXLE does not sell, rent, or trade personal information. We share information only as
described below

With Client Authorization

When acting as a service provider to our clients (law firms, insurance companies, healthcare organizations), we share personal data only as authorized by our clients and as necessary to fulfill service obligations. This may include sharing

  • Medical record analyses with attorneys and legal teams
  • IME reports with insurance adjusters and claims administrators
  • Expert opinions with litigation teams
  • Medical chronologies with case managers

We require written authorization from data subjects or their legal representatives before collecting and disclosing personal health information, except where permitted by law.

With Service Providers and Business Partners

We engage trusted third-party vendors who assist with business operations, including

  • Technology Providers: Cloud hosting, data storage, cybersecurity services
  • Payment Processors: Secure payment gateways and billing systems
  • Medical Experts: Independent physicians, specialists providing IME and expert witness services
  • Record Retrieval Services: Authorized medical record retrieval vendors
  • Professional Services: Legal counsel, auditors, consultants

All third-party service providers are contractually obligated to

  • Process personal data only as instructed by CUBEXLE
  • Maintain appropriate security safeguards
  • Comply with applicable privacy and data protection laws
  • Return or destroy data upon completion of services
  • Provide Business Associate Agreements (BAAs) where required by HIPAA

For Legal Compliance

We may disclose personal information when required or permitted by law, including

  • In response to subpoenas, court orders, or legal
  • To comply with government inquiries or regulatory investigations
  • To protect CUBEXLE’s legal rights or defend against legal claims
  • To prevent fraud, security breaches, or illegal activities
  • To protect the safety and security of individuals or the public
  • As required by HIPAA, DPDPA, or other applicable regulations

Business Transfers

In the event of a merger, acquisition, reorganization, asset sale, or bankruptcy, personal information may be transferred to successor entities, subject to

  • Continued adherence to this Privacy Policy or a substantially similar policy
  • Notice to affected individuals of any material changes
  • Compliance with applicable data protection laws governing such transfers

With Your Consent

We may share personal information for purposes not described in this policy when we have
obtained your explicit consent to do so.

DATA SECURITY

CUBEXLE has implemented comprehensive technical, administrative, and physical safeguards to protect personal information against unauthorized access, disclosure, alteration, and destruction

Technical Safeguards

  • Encryption: 256-bit AES encryption for data at rest and TLS 1.3 encryption for data in transit
  • Access Controls: Role-based access restrictions, multi-factor authentication, strong password policies
  • Network Security: Firewalls, intrusion detection/prevention systems, regular security monitoring
  • Secure Infrastructure: SOC 2 Type II certified cloud hosting, redundant backup systems, disaster recovery protocols
  • Application Security: Regular security testing, vulnerability assessments, penetration testing
  • Data Anonymization: De-identification and pseudonymization techniques where appropriate

Administrative Safeguards

  • Privacy Policies: Comprehensive privacy and security policies aligned with industry standards
  • Staff Training: Mandatory privacy and security training for all employees handling personal data
  • Access Management: Strict authorization procedures, regular access reviews, immediate termination of access for departing employees
  • Vendor Management: Due diligence assessments, contractual data protection obligations, ongoing monitoring
  • Incident Response: Documented breach response procedures, incident investigation protocols
  • Compliance Officer: Designated Data Privacy Officer and HIPAA Compliance Officer

Physical Safeguards

  • Facility Security: Secure facilities with access controls, visitor management, surveillance systems
  • Device Security: Full-disk encryption on laptops and mobile devices, remote wipe capabilities
  • Secure Disposal: Certified data destruction procedures for end-of-life hardware and media
  • Workspace Policies: Clean desk policies, secure document storage, visitor escort requirements

Despite our comprehensive security measures, no system is entirely invulnerable. We cannot
guarantee absolute security of data transmitted over the Internet or stored on our systems.

DATA BREACH NOTIFICATION

In the event of a data breach involving personal or health information, CUBEXLE will

  1. Investigate the incident promptly to determine the scope, nature, and impact of the breach
  2. Contain the breach and implement remediation measures to prevent further unauthorized access
  3. Notify affected individuals without undue delay, as required by applicable law (within 72 hours where mandated)
  4. Report the breach to regulatory authorities, including the Data Protection Board of India and HHS Office for Civil Rights (for HIPAA breaches)
  5. Inform our clients whose data may have been compromised
  6. Provide information about steps individuals can take to protect themselves
  7. Document the incident and implement corrective measures to prevent recurrence

Notification will include

  • Description of the breach and types of data affected
  • Steps we have taken to investigate and respond
  • Contact information for questions or concerns
  • Resources for identity protection and credit monitoring (where appropriate)

DATA RETENTION AND DISPOSAL

Retention Periods

CUBEXLE retains personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law

  • Service-Related Data: Retained for the duration of the client relationship plus the period specified in client contracts (typically 7-10 years for medical-legal records)
  • Medical Records: Retained in accordance with applicable healthcare retention laws and client agreements
  • Employment Records: Retained as required by labor and employment laws
  • Financial Records: Retained as required by tax and accounting regulations
  • Website Data: Anonymized analytics retained indefinitely; identifiable data deleted within 24 months of inactivity
  • Marketing Data: Retained until you opt out or withdraw consent

Indian Legal Requirements: CUBEXLE complies with retention requirements under the Indian Evidence Act, 1872, Companies Act, 2013, and applicable
state-specific regulations.

HIPAA Compliance: For U.S. clients, we maintain records for at least 6 years from the date of
creation or date when last in effect, whichever is later.

Secure Disposal

Upon expiration of retention periods, personal data is securely destroyed using

  • Electronic Data: Secure wiping, cryptographic erasure, physical destruction of storage media
  • Physical Documents: Cross-cut shredding, incineration, or certified destruction services
  • Verification: Documentation of disposal activities, certificates of destruction

Legal Hold Exceptions

Retention periods may be extended when data is subject to legal holds, pending litigation, government investigations, or unresolved claims.

YOUR PRIVACY RIGHTS

CUBEXLE respects your rights regarding your personal data. Subject to applicable law, you have
the following rights

Right to Access

You may request

  • Confirmation of whether we process your personal data
  • A copy of your personal data in our possession
  • Information about how we use and share your data
  • Details about data sources and retention periods

Right to Correction

You may request correction of inaccurate, incomplete, or outdated personal information.

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when

  • It is no longer necessary for the purposes for which it was collected
  • You withdraw consent and no other legal basis exists for processing
  • You object to processing and no overriding legitimate grounds exist
  • Data has been unlawfully processed
  • Erasure is required for legal compliance

Limitations: We may be unable to honor deletion requests when retention is required by law,
necessary for legal claims, or essential for legitimate business purposes.

Right to Data Portability

You may request your personal data in a structured, commonly used, machine-readable format and have it transmitted to another service provider (where technically feasible).

Right to Object

You may object to

  • Processing based on legitimate interests
  • Direct marketing communications
  • Automated decision-making and profiling

Right to Restrict Processing

You may request restriction of processing when

  • You contest the accuracy of data (pending verification)
  • Processing is unlawful but you prefer restriction over deletion
  • We no longer need the data but you require it for legal claims
  • You have objected to processing (pending verification of grounds)

Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.

Right to File Complaints

You have the right to file complaints with

  • Data Protection Board of India: For DPDPA-related concerns
  • HHS Office for Civil Rights: For HIPAA violations (U.S. clients)
  • State Data Protection Authorities: Where applicable

Exercising Your Rights

For Data Subjects: If CUBEXLE processed your information on behalf of a client (e.g., your attorney, insurance company), please submit privacy requests directly to that client organization. We will cooperate with our clients to facilitate your rights.

For Direct Relationships: If you provided information directly to CUBEXLE (e.g., job applications, business inquiries), contact our Data Privacy Officer at

Email: privacy@cubexle.com
Address: CUBEXLE Solutions Private Limited, Data Privacy Officer, No. 80, M.E.S. Road,
Ganapathipuram, Tambaram East, Chennai – 600059, India
Phone: +91 44 2239 0084

Response Timeline: We will respond to verified requests within 30 days (or as required by applicable law). For complex requests, we may extend the response period by an additional 30 days with notification.

Verification: To protect privacy, we will verify your identity before processing requests. Verification may require providing identifying information such as name, email, phone number, or case reference numbers.

CHILDREN’S PRIVACY

CUBEXLE’s services and website are not directed to children under 18 years of age. We do not knowingly collect personal information from minors without parental or guardian consent.

If we process a minor’s information as part of medical records provided by clients, we do so only with appropriate authorization from parents, legal guardians, or as permitted by law.

If you believe we have inadvertently collected information from a minor without proper authorization, please contact our Data Privacy Officer immediately so we can take corrective action.

INTERNATIONAL DATA TRANSFERS

CUBEXLE primarily operates in India. However, we may transfer personal data to countries outside India when

  • Necessary to fulfill service obligations to international clients
  • Required to engage service providers with global operations
  • Mandated by legal or regulatory requirements

Transfer Safeguards: When transferring data internationally, we ensure appropriate safeguards including

  • Standard Contractual Clauses: Approved by relevant data protection authorities
  • Data Processing Agreements: Comprehensive agreements with contractual protections
  • Adequacy Decisions: Transfers only to countries with adequate data protection frameworks
  • Client Authorization: Explicit consent for cross-border transfers where required
  • Technical Measures: Encryption and security controls during transmission

HIPAA Compliance: For U.S. clients, we ensure international data transfers comply with HIPAA requirements and execute appropriate Business Associate Agreements.

COOKIES AND TRACKING TECHNOLOGIES

Types of Cookies We Use

CUBEXLE uses cookies and similar tracking technologies on our website to enhance user experience and gather analytics

  • Essential Cookies: Required for website functionality (login, navigation, security)
  • Analytics Cookies: Google Analytics and similar tools to analyze website traffic (anonymized data)
  • Preference Cookies: Remember user settings, language preferences, display options
  • Security Cookies: Detect and prevent fraudulent activity, authenticate users

We do NOT use

  • Advertising or marketing cookies without explicit consent
  • Third-party tracking cookies
  • Cross-site tracking technologies

Managing Cookies

You can control cookies through

  • Browser Settings: Most browsers allow you to block or delete cookies
  • Cookie Consent Banner: Manage preferences through our website cookie notice
  • Opt-Out Tools: Google Analytics opt-out browser add-on

Note: Disabling essential cookies may impair website functionality.

THIRD-PARTY WEBSITES AND SERVICES

Our website may contain links to third-party websites, applications, or services (e.g., LinkedIn, professional organizations, partner platforms).

CUBEXLE is not responsible for the privacy practices or content of third-party websites. We do not endorse or make representations about third-party sites. We encourage you to review the privacy policies of any third-party websites you visit.

When you interact with third-party services linked from our website or services, your interactions are governed by their respective privacy policies, not this Privacy Policy.

CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to request deletion of personal information
  • Right to opt-out of the sale of personal information (Note: CUBEXLE does NOT sell personal information)
  • Right to non-discrimination for exercising privacy rights
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information

To exercise California privacy rights, contact: privacy@cubexle.com

EUROPEAN ECONOMIC AREA (EEA) AND UK RIGHTS

If you are located in the EEA or UK, you have rights under the General Data Protection Regulation (GDPR)

  • Right to access personal data
  • Right to rectification of inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge complaints with supervisory authorities

Legal Basis: CUBEXLE processes EEA/UK data based on consent, contractual necessity, legal obligations, or legitimate interests.

Data Protection Officer Contact: privacy@cubexle.com

CHANGES TO THIS PRIVACY POLICY

CUBEXLE reserves the right to update this Privacy Policy to reflect

  • Changes in our services, business practices, or operations
  • New legal or regulatory requirements
  • Enhanced security measures or technology implementations
  • Feedback from users, clients, or regulators

Notification of Changes

  • Material Changes: We will provide prominent notice on our website and via email to registered users at least 30 days before changes take effect
  • Minor Changes: Will be posted on our website with an updated “Last Updated” date

Continued use of our services after changes take effect constitutes acceptance of the revised Privacy Policy.

We encourage periodic review of this policy to stay informed about how we protect your information.

CONTACT INFORMATION

For questions, concerns, or requests regarding this Privacy Policy or our data practices:

Data Privacy Officer
CUBEXLE Solutions Private Limited
No. 80, M.E.S. Road, Ganapathipuram,
Tambaram East, Chennai – 600059
India
Email: privacy@cubexle.com
Phone: +91 44 2239 0084
Website: www.cubexle.com
Business Hours: Monday – Saturday, 9:00 AM – 6:00 PM IST
For HIPAA-Related Inquiries (U.S. Clients):
HIPAA Compliance Officer
Email: hipaa-compliance@cubexle.com

GOVERNING LAW

This Privacy Policy is governed by and construed in accordance with the laws of India, including

  • Digital Personal Data Protection Act, 2023 (DPDPA)
  • Information Technology Act, 2000 and Rules thereunder
  • Indian Evidence Act, 1872
  • Companies Act, 2013

For international clients, we also comply with applicable foreign laws including HIPAA (United States), GDPR (European Union), and other jurisdiction-specific privacy regulations.

Dispute Resolution: Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of courts in Chennai, Tamil Nadu, India.

ACKNOWLEDGMENT

By using CUBEXLE’s services or website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Use.

This Privacy Policy was last updated on November 7, 2025, and is effective immediately for new
users and 30 days after posting for existing users.

Start A Conversation