Privacy Policy

Your privacy is important to us. Learn how we protect your data.

Effective Date: January 2026

1. PREAMBLE AND COMMITMENT

WELLBEING INTELLIGENCE PRIVATE LIMITED (hereinafter referred to as the “Company”, “We”, “Us”, or “Our”) operates an advanced Clinical Reasoning and Analytics System (the “Platform”). We are committed to protecting the privacy and security of the data shared by our users, including Individual Users, Hospitals, Clinics, and Research Institutions (collectively, “Users” or “Data Principals”).

This Privacy Policy constitutes a legal agreement between You and the Company. It is published in strict compliance with:

  • The Digital Personal Data Protection Act, 2023 (DPDP Act)
  • Section 43A of the Information Technology Act, 2000
  • Rule 4 of the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

By accessing or using our Platform, You expressly consent to the data practices described in this Policy.

2Definitions

Personal Data: Any data about an individual who is identifiable by or in relation to such data.

Sensitive Personal Data or Information (SPDI): Includes health records, medical history, biometric information, and financial information.

Clinical Reasoning Output: The generated analytics, case studies, or triage suggestions derived from the input data.

Anonymized Data: Data from which all personal identifiers have been removed, making it impossible to identify the specific Data Principal.

3Data We Collect

To provide our specialized clinical reasoning services, we collect the following categories of data:

👤A. Information You Provide Voluntarily

  • Account Data: Name, Professional Designation (for Doctors), Email Address, Phone Number, and Medical Council Registration Number (for B2B verification)
  • Health & Clinical Data: Symptoms, medical history, lab reports, vitals, and demographic details entered into the system for analysis
  • Note for B2B Users: When Hospitals/Clinics input patient data, they act as the “Data Fiduciary” regarding the patient, and we act as the “Data Processor.” You warrant that you have the patient's consent to share this data with us.

📱B. Automatically Collected Data

  • Technical Data: IP address, device type, browser type, and operating system
  • Usage Data: Interaction logs, feature usage patterns, and time spent on specific modules (used to optimize our AI logic)
  • Session duration, time zone, language
  • Crash logs, performance diagnostics

🍪C. Cookies and Tracking Technologies

We may use cookies, pixels, tags, and similar technologies for operational, functional, analytics, and security purposes.

4Purpose of Data Processing

We process your data only for the following specific purposes:

  • Service Delivery: To run inputs through our Clinical Reasoning Architecture to generate triage assessments, case studies, and educational reports.
  • System Improvement (R&D): We use Anonymized Data to train, refine, and improve the accuracy of our algorithms and machine learning models.
  • Communication: To send you administrative information, system updates, and security alerts.
  • Legal Compliance: To comply with legal obligations, court orders, or requests from law enforcement agencies under Indian Law.
  • Security: To detect, prevent, and address technical issues, fraud, or abuse of the Platform.

Safety Clause: We do not process your data for any purpose incompatible with these specified purposes without obtaining your fresh consent.

5Consent Architecture

In compliance with the DPDP Act, 2023:

✓ Affirmative Consent

Processing begins only after you provide free, specific, informed, unconditional, and unambiguous consent (via a "tick box" or digital signature).

✓ Right to Withdraw

You may withdraw your consent at any time via the Platform settings.

Consequence: Upon withdrawal, we will cease processing your personal data. However, this may result in our inability to provide the Clinical Reasoning services to you.

Legacy Data: Data that has already been anonymized and aggregated for research/system training cannot be withdrawn as it no longer constitutes "Personal Data."

6Data Sharing and Disclosure

✓ We do not sell your Personal Data. We operate a "closed ecosystem" regarding sensitive health data.

Disclosure is limited to:

  • Service Providers: Trusted third-party cloud infrastructure providers (e.g., AWS/Google Cloud) located within India, bound by strict Non-Disclosure Agreements (NDAs).
  • Legal Requirements: If required by law (e.g., under the IT Act 2000) to disclose information to Government agencies for verification of identity, or for prevention, detection, investigation of cyber incidents.
  • Business Transfer: In the event of a merger, acquisition, or sale of assets, user data may be transferred as a business asset, subject to the acquirer honoring this Privacy Policy.

7Data Storage & Localization

Location: All Sensitive Personal Data (Health Data) is stored on secure, encrypted servers physically located within the territory of India.

Cross-Border Transfer: We do not transfer sensitive health data outside India unless explicitly permitted by the Central Government and with your specific consent.

8Data Security

We implement robust security measures aligned with ISO 27001 standards and Rule 8 of the SPDI Rules, 2011:

🔐

Encryption

Data is encrypted in transit (SSL/TLS) and at rest (AES-256)

🛡️

Access Control

Strict Role-Based Access Control (RBAC) ensures only authorized personnel can access backend systems

🔍

Security Audits

Regular security audits and vulnerability assessments

Disclaimer: While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9User Rights

As a Data Principal, you have the right to:

Access

Request a summary of your personal data being processed

Correction

Request correction of inaccurate or misleading personal data

Erasure

Request deletion from active database ("Right to be Forgotten"), subject to data retention laws

Grievance Redressal

Seek remedy for any violation of these rights

10Data Retention Policy

Active Accounts: We retain data as long as your account is active to provide the Service.

Deleted Accounts: Upon account termination, we retain data for a period mandated by applicable laws (e.g., for tax or legal disputes). After this period, data is permanently deleted or anonymized.

Anonymized Data: We may retain de-identified, non-personal data indefinitely for research, statistical analysis, and system training purposes.

11Children's Privacy

Our Platform is not directed at minors. We do not knowingly collect data from children.

B2B Context: If a Hospital inputs data regarding a minor, they represent that they have obtained verifiable parental consent as per the DPDP Act.

B2C Context: Parents/Guardians must manage accounts for minors.

12Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Significant changes will be notified to you via email or a prominent notice on the Platform. Your continued use of the Platform after such changes constitutes acceptance of the new Policy.

13Grievance Officer

In accordance with the Information Technology Act, 2000 and rules made there under, the contact details of the Grievance Officer are provided below:

Name: PRABHAT SINGH

Designation: Grievance Officer

Company: WELLBEING INTELLIGENCE PRIVATE LIMITED

Email: prabhatsingh1prs@gmail.com

We will acknowledge your grievance within 24 hours and resolve it within the timeline prescribed by applicable laws.

Questions About Privacy?

If you have any questions about how we handle your data, please contact our Grievance Officer at prabhatsingh1prs@gmail.com

Effective Date: January 2026

© 2026 WellBeing Intelligence Private Limited. All rights reserved.