SwasthOne SwasthOne
Home Contact

Privacy Policy

Last updated: July 2025

SwasthOne ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights over it. It applies to the SwasthOne mobile app and this website.

By using SwasthOne, you agree to the collection and use of information as described in this policy.

1. Who We Are

SwasthOne is operated by [Company Name], registered in India. If you have any questions about this policy, contact us at privacy@swasthone.in.

2. What Data We Collect

Account Information

  • Phone number (required for login via OTP)
  • Name (provided by you during setup)
  • Email address (optional, only if you choose email login)

Family Member Profiles

  • Name, relationship, age, gender, blood group, allergies
  • Phone number (optional, used to invite members)

Medical Records

  • Documents you upload: lab reports, prescriptions, X-rays, discharge summaries, and other medical files (PDF or image)
  • Metadata: document title, type, category, date, doctor name, patient name
  • AI-generated summaries and extracted data from your documents

Medications

  • Medication name, dosage, frequency, start/end dates, notes

Identity Verification (Optional)

  • Masked Aadhaar number (last 4 digits only), name, date of birth, and gender — collected only if you choose to verify your identity via Aadhaar. We do not store your full Aadhaar number.

Device & Technical Data

  • Device type, operating system version
  • Push notification token (FCM) — used only to send you notifications
  • Crash reports via Firebase Crashlytics (includes device info and error stack traces)
  • App usage analytics via Firebase Analytics (screen views, feature usage — no health data)

3. How We Use Your Data

  • To provide the service: Store and display your medical records and family profiles
  • To power AI insights: Your documents are sent to Google Vertex AI (Gemini) for analysis. See Section 5 for details.
  • To send notifications: Join requests, record updates, medication reminders
  • To verify identity: Aadhaar-based verification for family admins (optional)
  • To improve the app: Anonymised crash and usage data
  • To comply with law: As required under Indian law

4. Data Storage

Your data is stored on Supabase (PostgreSQL database and file storage), hosted on servers in the region configured for your account. Medical document files are stored in a secure cloud storage bucket and are accessible only to your family group.

We use industry-standard HTTPS encryption for all data in transit. Data at rest is encrypted by our storage provider.

5. Third-Party Services

We use the following third-party services. Each has its own privacy policy:

  • Supabase — Database, authentication, and file storage
  • Google Vertex AI (Gemini 2.5 Flash) — Document analysis and AI health chat. Your document contents and health context are sent to Google's API for processing. Google's data processing terms apply.
  • Firebase (Google) — Push notifications (FCM), crash reporting (Crashlytics), and usage analytics
  • Twilio (via Supabase) — OTP SMS delivery. Your phone number is sent to Twilio to deliver the login OTP.
  • Meta (WhatsApp) — Optional WhatsApp notifications for record confirmations and reminders
  • Sandbox.co.in — Aadhaar OTP-based KYC verification (only if you choose to verify)

We do not use any advertising SDKs. We do not sell your data to any third party.

6. Data Sharing

We share your data only in these cases:

  • With doctors you choose: When you initiate a sharing session, the doctor receives your records for that session only. No permanent link is created.
  • Within your family group: The family admin can see records for all members they manage.
  • With service providers: As listed in Section 5, strictly to provide the service.
  • As required by law: If required by a court order or applicable Indian law.

7. Children's Data

SwasthOne allows you to create profiles for minor family members (under 18). When you add a minor's profile, you are confirming that you are their parent or legal guardian and are providing consent on their behalf. We do not knowingly collect data directly from minors.

8. Your Rights (DPDP Act 2023)

Under India's Digital Personal Data Protection Act, you have the right to:

  • Access — request a copy of your personal data
  • Correction — update or correct inaccurate data
  • Erasure — delete your account and all associated data
  • Withdraw consent — at any time, for any specific purpose
  • Nominate — nominate a person to exercise your rights in case of death or incapacity
  • Grievance redressal — raise a complaint with our Grievance Officer

To exercise any of these rights, contact us at privacy@swasthone.in or use the account deletion feature in the app.

9. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • All your personal data, family member profiles, medical records, and medications are permanently deleted
  • Uploaded files are removed from storage
  • Deletion is processed within 30 days
  • Anonymised, aggregated analytics data (not linked to you) may be retained

See our full Data Deletion Policy for details.

10. Cookies

The SwasthOne mobile app does not use cookies. This website may use essential cookies for basic functionality only. We do not use tracking or advertising cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the app or email. The "Last updated" date at the top of this page reflects the most recent version.

12. Contact & Grievance

Privacy enquiries: privacy@swasthone.in

Grievance Officer: View Grievance Officer details →

SwasthOne SwasthOne

Your family's health, all in one place.

Privacy Policy Terms of Service Refund Policy Data Deletion Grievance Contact
© 2025 SwasthOne. All rights reserved. Made in India 🇮🇳