Privacy Policy

Arogyan Health Technologies Private Limited

Personal Information

• Name, age, gender, and contact details
• Indian mobile number for OTP verification
• Email address for communications
• Location data (city/state) for localized services

Health Information (Sensitive Personal Data)

• Symptoms and health concerns reported by users
• Prescription images and medication information
• Health assessment responses and survey data
• Chat conversations with AI health assistant
• Health scores and wellness tracking data

Technical Information

• Device information and browser type
• IP address and usage analytics
• App performance and error logs
• Session data and user preferences

Consent

We process health information based on your explicit consent as required under the Digital Personal Data Protection Act, 2023. You can withdraw consent at any time.

Legitimate Interest

We process technical data for service improvement, security, and fraud prevention based on legitimate business interests.

Legal Compliance

We may process data to comply with Indian laws, court orders, or regulatory requirements from authorities like CDSCO or Karnataka health department.

Primary Services

• Provide AI-powered health screening and assessments
• Send medication reminders via WhatsApp
• Generate personalized health insights and recommendations
• Facilitate community health discussions

Service Improvement

• Analyze usage patterns to improve AI algorithms
• Conduct research for better health outcomes (anonymized data)
• Develop new features based on user needs
• Ensure platform security and prevent misuse

Communications

• Send service-related notifications and updates
• Provide customer support and respond to queries
• Share health tips and educational content (with consent)
• Send security alerts and important announcements

Data Localization

All personal and health data is stored exclusively within India using secure cloud infrastructure in Indian data centers, complying with data localization requirements.

Security Measures

• End-to-end encryption for all health data transmission
• AES-256 encryption for data at rest
• Multi-factor authentication for admin access
• Regular security audits and penetration testing
• ISO 27001 compliant security practices
• 24/7 security monitoring and incident response

Access Controls

Health data access is restricted to authorized personnel only, with role-based permissions and comprehensive audit trails as required under Indian healthcare data protection standards.

We DO NOT Share Health Data

Your health information is never shared with third parties for commercial purposes. We maintain strict confidentiality of all medical information.

Limited Sharing Scenarios

• Service Providers: Encrypted data with cloud hosting partners (within India)
• Legal Requirements: When required by Indian courts or regulatory authorities
• Emergency Situations: To prevent serious harm (with user notification)
• Research: Only anonymized, aggregated data for public health research

WhatsApp Integration

Medication reminders sent via WhatsApp are processed through Meta's Business API with end-to-end encryption. Only medication names and timing are shared, not full health profiles.

Digital Personal Data Protection Act, 2023 Rights

• Right to Access: Request copies of your personal data
• Right to Correction: Update or correct inaccurate information
• Right to Erasure: Request deletion of your data
• Right to Data Portability: Export your data in standard format
• Right to Grievance Redressal: File complaints with our grievance officer

How to Exercise Your Rights

Retention Periods

• Health Data: 7 years as per Indian medical record requirements
• Account Data: Until account deletion or 3 years of inactivity
• Chat Logs: 2 years for service improvement
• Technical Logs: 1 year for security and debugging

Secure Deletion

When data is deleted, it is securely erased from all systems including backups within 90 days, using industry-standard data destruction methods.

Essential Cookies

We use essential cookies for authentication, security, and basic functionality. These cannot be disabled without affecting service operation.

Analytics Cookies

With your consent, we use analytics cookies to understand usage patterns and improve our services. You can opt-out at any time.

No Third-Party Tracking

We do not use third-party advertising cookies or tracking pixels that could compromise your health data privacy.

Data Stays in India

All personal and health data is processed and stored exclusively within India. We do not transfer data outside Indian borders.

AI Processing

AI processing is done using Indian cloud infrastructure. Any AI models are deployed locally to ensure data never leaves India.

Age Restrictions

Our services are not intended for children under 18. We require verifiable parental consent for users under 18 as per Indian law.

Parental Controls

Parents can request access to or deletion of their child's data by contacting our privacy team with proper verification.

Internal Grievance Officer

External Authorities

If unsatisfied with our response, you can approach the Data Protection Board of India or Karnataka State Consumer Disputes Redressal Commission.

Notification Process

We will notify users of material changes via email and in-app notifications at least 30 days before changes take effect.

Continued Use

Continued use of services after notification constitutes acceptance of updated privacy practices.