Skip to main content
Back to Home

Privacy Policy

Last updated: March 23, 2026

1. Introduction

Aarogya Assist ("we", "us", or "our") is an AI-powered health report analysis platform designed to help users understand their medical reports, track health trends, and receive actionable health insights. This Privacy Policy explains how we collect, use, store, and protect your personal and health data in compliance with the Digital Personal Data Protection (DPDP) Act, 2023 (India).

2. Data We Collect

We collect the following categories of data:

  • Profile Information: Name, email address, phone number, date of birth, gender, blood group
  • Health Data: Uploaded medical reports (PDFs, images), lab test results, health conditions, allergies, current medications, emergency contacts
  • AI Interaction Data: Chat messages with our AI assistant, AI-generated insights and summaries
  • Device & Usage Data: Browser type, IP address, pages visited, feature usage patterns
  • Authentication Data: Email-based OTP verification records, JWT session tokens

3. How We Use Your Data

  • AI-Powered Analysis: We process your health reports using large language models (Google Gemini, OpenAI) to generate insights, extract lab results, and provide health summaries. All data is de-identified (PII removed) before being sent to AI providers.
  • Health Trend Tracking: Lab test results are stored and analyzed over time to identify health trends.
  • Personalized Insights: Your health data is used to generate contextual recommendations and doctor-ready summaries.
  • Communication: OTP verification emails via SendGrid for authentication.
  • Service Improvement: Anonymized usage data may be used to improve our platform.

4. Third-Party Services

  • AI/LLM Providers (Google Gemini, OpenAI): Process de-identified health report text only. No personally identifiable information is shared with AI providers.
  • SendGrid: Email delivery for OTP verification.
  • Cloud Infrastructure: Application and data hosting with encryption at rest and in transit.

5. Data Storage & Security

  • All data is encrypted at rest and in transit (TLS 1.2+).
  • Health reports are stored securely with authenticated access controls.
  • PII is removed from health report text before AI processing.
  • JWT tokens have a 15-minute access lifetime and 7-day refresh lifetime.
  • Rate limiting and brute-force protection are enforced on all authentication endpoints.

6. Your Rights Under DPDP Act, 2023

As a Data Principal under the DPDP Act, you have the following rights:

  • Right to Access: Request a copy of all your personal data we hold (via Settings → Data Export).
  • Right to Correction: Update your profile information at any time.
  • Right to Erasure: Request deletion of your account and anonymization of personal data (via Settings → Delete Account).
  • Right to Data Portability: Export your data in JSON or CSV format.
  • Right to Withdraw Consent: Withdraw consent for specific data processing purposes at any time (via Settings → Consent Management).
  • Right to Grievance Redressal: Submit a grievance ticket for any privacy concern (via Settings → Grievances).

7. Data Retention

  • Active accounts: Data is retained as long as your account is active.
  • Data exports: Export files are available for 7 days after generation, then automatically deleted.
  • Deleted accounts: Personal data is anonymized. Health reports are retained in de-identified form for research purposes as permitted under DPDP Act provisions.
  • Audit logs: Retained for 1 year for security and compliance purposes.

8. Cookies & Local Storage

We use browser local storage to maintain your authentication session and store consent preferences. We do not use third-party tracking cookies. Essential storage is required for the service to function.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated through in-app notifications. Your continued use of the service after changes constitutes acceptance.

10. Contact & Data Protection Officer

For privacy-related queries or to exercise your DPDP rights, contact our Data Protection Officer:

Email: dpo@aarogyaassist.com

You may also submit a formal grievance through the Grievance Redressal section in your account Settings.