Privacy Policy

1. Introduction

ANSR HealthAI ("ANSR," "we," "us," or "our") is a family health platform that helps NRI (Non-Resident Indian) families remotely monitor and coordinate care for their aging parents in India.

We provide our services through a web dashboard, a mobile application, and WhatsApp-based notifications via the WhatsApp Business API. This Privacy Policy explains what data we collect, how we use it, how we protect it, and what rights you have.

By using our platform, you agree to the practices described here. If you do not agree, please do not use the services.

2. Information we collect

2.1 Information you provide

• Account information: Name, email address, phone number, and authentication credentials when you create an account.
• Profile details: Relationship to the elderly person (son, daughter, caregiver), location, and language preferences.
• Health records: Prescriptions, lab reports, medical history, doctor visit notes, and health documents you upload or enter.
• Medication details: Medication names, dosages, schedules, and adherence records.
• Feedback and communications: Messages you send to us, survey responses, and feedback form submissions.

2.2 Information collected automatically

• Device information: Device type, operating system, browser type, and app version.
• Usage data: Pages visited, features used, time spent, and interaction patterns.
• Wearable and sensor data: Heart rate, SpO2, sleep patterns, activity levels, and other vitals collected through connected devices.
• Location data: General region (city or metro area) for service delivery — not precise GPS tracking.

2.3 Information from third parties

• WhatsApp: When you interact with us via WhatsApp, we receive your phone number, message content, and delivery/read status through the WhatsApp Business API.
• Healthcare providers: With your explicit consent, we may receive health data from doctors, labs, or hospitals you connect to your account.

3. How we use your information

We use your data to:

• Deliver our services: Monitor vitals, send medication reminders, generate health summaries, and power family dashboards.
• Send notifications: Health alerts, daily wellness updates, medication reminders, and care coordination messages via our app, web dashboard, and WhatsApp.
• Improve the platform: Analyse usage patterns to enhance features, fix issues, and develop new capabilities.
• Provide AI-assisted insights: Detect trends, identify early warning signs, and generate personalised wellness recommendations — always reviewed by clinicians before release.
• Communicate with you: Respond to inquiries, send service updates, and share important announcements.
• Ensure safety and security: Prevent fraud, detect abuse, and maintain the integrity of the platform.

4. WhatsApp and Meta Platform data

We use the WhatsApp Business API (a Meta Platform product) to send health notifications, medication reminders, wellness updates, and one-time password (OTP) verification codes to users who have opted in.

4.1 Data we receive via WhatsApp

• Phone numbers of users who message us or opt in to receive notifications.
• Message content sent to our WhatsApp Business number.
• Message delivery and read receipts.

4.2 How we handle Meta Platform data

• We do not sell, license, or transfer any data received from Meta Platform (including WhatsApp) to any third party.
• We do not use Meta Platform Data for advertising, marketing to third parties, or building advertising profiles.
• We do not share Meta Platform Data with data brokers, ad networks, or any monetization services.
• We use WhatsApp data only to provide and improve our elderly care services — OTP verification, health reminders, wellness updates, and urgent alerts.
• If a user opts out of WhatsApp messaging, we stop sending messages and delete their WhatsApp-specific interaction data within 30 days.
• We store Meta Platform Data with encryption at rest and in transit.

4.3 Opting out of WhatsApp messages

You can stop receiving WhatsApp messages at any time by:

• Replying "STOP" to any WhatsApp message from us.
• Updating your notification preferences in the app or web dashboard.
• Contacting us at hello@ansrhealthai.com.

5. How we share your information

We share data only in these limited circumstances:

• With your care circle: Family members and caregivers you explicitly add to your care network can view shared health data through role-based access controls.
• With healthcare providers: Only with your explicit consent, we may share health summaries or records with doctors, hospitals, or labs you designate.
• Service providers: We use trusted third-party services (cloud hosting, analytics, communication tools) that process data on our behalf under strict contractual obligations.
• Legal requirements: We may disclose data if required by law, court order, or to protect the safety of our users.
• Emergency situations: In life-threatening emergencies, we may share relevant health data with emergency responders to protect the elderly person's safety.

6. Data security

We take data security seriously and implement industry-standard measures:

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access controls: Role-based access ensures only authorised personnel and users can view specific data.
• Infrastructure: Secure cloud infrastructure with regular security audits and monitoring.
• Authentication: Multi-factor authentication available for all accounts.
• Employee access: Our team members access personal data only on a need-to-know basis, under confidentiality obligations.

While we implement robust security measures, no system is 100% secure. If we become aware of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

7. Data retention

We retain your data as follows:

• Account data: Retained as long as your account is active. After account deletion, we remove personal data within 90 days, except where required by law.
• Health records: Retained for the duration of your account plus 7 years after deletion, in line with Indian medical record-keeping requirements.
• Usage and analytics data: Retained in anonymised form for up to 3 years for service improvement.
• WhatsApp interaction data: Retained for 1 year for service delivery, then deleted unless required for legal compliance.
• Feedback submissions: Retained for 2 years or until the purpose of collection is fulfilled.

8. Your rights

8.1 Under GDPR (users in the European Economic Area)

If you are located in the EEA, you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request that we limit how we process your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Withdraw previously given consent at any time.

8.2 Under the Information Technology Act, 2000 (India)

If you are located in India, you have the right to:

• Review: Review the personal information we hold about you.
• Correct: Request correction of inaccurate personal information.
• Withdraw consent: Withdraw consent for data processing at any time (note: this may affect service availability).
• Grievance redressal: File a complaint with our Grievance Officer (details below).

To exercise any of these rights, contact us at hello@ansrhealthai.com. We will respond within 30 days.

9. Children's privacy

Our services are designed for adults and elderly individuals. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

10. International data transfers

Your data may be processed in India and other countries where our service providers operate. When we transfer data outside your country of residence, we ensure appropriate safeguards are in place:

• Standard contractual clauses approved by relevant authorities.
• Data processing agreements with all third-party providers.
• Encryption of data in transit and at rest.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Update the "Effective Date" at the top of this page.
• Notify you via email or in-app notification.
• Post a notice on our website.

We encourage you to review this page periodically.

12. Contact us

If you have questions about this Privacy Policy or want to exercise your rights, reach out:

For grievances under the Information Technology Act, 2000, contact our Grievance Officer at the same email. We acknowledge complaints within 48 hours and resolve them within 30 days.