Privacy Policy

Last updated: October 18, 2025

Swasth Bharat ("we", "our", or "us") operates the Swasth Bharat mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the App.

By using the App, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

• Personal Identification Information (provided by you or created during onboarding): first name, middle name (optional), last name, date of birth, gender, height, weight, email, role, internal identifiers (including object_id, sbu_id).
• Authentication Information: authentication identifiers, email, email verification status, login timestamps.
• Health and Medical Information (when applicable in features you use):
  • Form data and responses (including answers and optional scores) associated with a form (form_id) and your sbu_id.
  • Prescriptions and related details, including diagnoses, prescribed medicines, dates, and follow-ups.
  • Investigations and related details, including questions, answers, created dates, and associations to prescriptions and clinicians (e.g., sbd_id).
• Device and Usage Information:
  • App-generated device identifier stored locally, used for correlation and debugging.
  • Correlation IDs for requests.
  • Network request metadata (timestamps, response status) and application logs for reliability and security.
• Local Storage Data: We may store limited session and profile data on your device to operate the App.

2. How We Use Your Information

We use your information to:

• Provide, operate, and maintain the App and its features (authentication, user profiles, forms, prescriptions, investigations).
• Authenticate users and manage sessions.
• Retrieve, create, update, and display your health-related data via our backend API.
• Improve reliability, security, and performance (including correlation and device identifiers, and rotating authorization tokens).
• Communicate with you about your account, security alerts, and important updates.
• Comply with legal obligations and enforce our terms and policies.

3. Legal Bases for Processing (where applicable)

• Your consent.
• Performance of a contract (providing the App and related services).
• Compliance with legal obligations.
• Legitimate interests (e.g., securing the App, preventing fraud, improving services).

4. How We Share Information

We may share information with:

• Service Providers: We use third-party providers to manage sign-in, sessions, hosting, and data processing. These providers process data on our behalf under appropriate contracts.
• Healthcare Professionals/Authorized Users (if the feature requires): Certain data (e.g., prescriptions, investigations) may be accessible to authorized clinicians or administrators affiliated with your account or organization.
• Legal and Compliance: We may disclose information to comply with applicable laws, lawful requests, and legal processes, or to protect rights, property, and safety.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred as permitted by law.

We do not sell your personal information.

5. Data Storage and Security

• Authentication and session data may be handled by third-party authentication services; limited session persistence may be stored securely on your device.
• API requests may set or rotate authorization tokens, which may be stored securely to authenticate subsequent requests.
• We apply technical and organizational measures designed to protect your information. However, no method of transmission or storage is 100% secure.

6. Data Retention

We retain information for as long as necessary to provide the App, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary by data category and legal requirements. We also support account deactivation and soft deletion for users as implemented by our backend.

7. Your Rights and Choices

Depending on your location, you may have rights to:

• Access, correct, update, or delete your information.
• Object to processing, or request restriction of processing.
• Withdraw consent (where processing is based on consent).
• Portability of certain information.

To exercise these rights, contact us using the details in Section 12. Where features are available in-app (e.g., updating profile details), you can manage some information directly.

8. Children’s Privacy

The App is not directed to children under the age where consent is required by local law without parental/guardian consent. If you believe we have collected personal information from a child in violation of applicable law, contact us so we can take appropriate action.

9. International Transfers

Your information may be processed and stored in countries other than your own, including where our service providers operate. We take steps to ensure appropriate safeguards for such transfers as required by applicable law.

10. Third-Party Services

The App may include links or integrations with third-party services. Your use of those services is governed by their privacy policies. Examples include:

• Authentication providers for sign-in and session management.
• Hosting and infrastructure providers.

11. Data Accuracy and Minimization

We aim to collect only what is necessary and keep it accurate and up to date. You can request corrections and update your information via supported App features.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact:

Email: privacy@swasthbharat.app
Subject: Privacy Request – Swasth Bharat

Please include sufficient information to verify your identity and process your request.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version in the App or repository and update the "Last updated" date. Your continued use of the App after changes become effective constitutes your acceptance of the revised policy.