Privacy Policy

We are committed to protecting your privacy and ensuring you have a positive experience on our site.

Last Updated: April 13, 2026

1. Introduction

HealthSurely Technologies Private Limited ("HealthSurely," "we," "us," "our," or "Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and otherwise process your information when you visit our website, mobile applications, and use our services (collectively, the "Services").

This Privacy Policy applies to all individuals who interact with HealthSurely, including patients, healthcare providers, laboratory technicians, pharmacists, and other users of our platform.

Please read this Privacy Policy carefully. If you do not agree with our privacy practices, you should not use our Services.

2. Information We Collect

We collect information directly from you, automatically through your use of our Services, and from third parties. The types of information we collect include:

2.1 Information You Provide Directly

  • Account Registration: Name, email address, phone number, date of birth, gender, and medical history.
  • Health Information: Lab reports, diagnostic results, medical records, medications, allergies, and other health-related data you upload or share.
  • Contact Information: Email, phone number, postal address, and other contact preferences.
  • Payment Information: Credit card, bank account, billing address, and transaction history (processed securely through third-party payment providers).
  • Communications: Messages, feedback, support requests, and correspondence with our team.
  • Profile Information: Photos, emergency contacts, insurance information, and healthcare provider details.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type, IP address, and device identifiers.
  • Usage Data: Pages visited, features used, time spent on our Services, and interaction patterns.
  • Location Data: Approximate location based on IP address (not precise GPS without your consent).
  • Cookies & Tracking: Information collected through cookies, pixels, and similar technologies (see Section 8).
  • Log Data: Server logs containing timestamps, error messages, and access patterns.

2.3 Information from Third Parties

  • Healthcare Providers: Information shared by your doctor, laboratory, or pharmacy.
  • Payment Processors: Transaction confirmation and fraud prevention data.
  • Insurance Companies: Claim and coverage information when you authorize us to retrieve it.
  • Public Records: Publicly available health information or professional credentials (where legally permitted).
  • Other Users: Information you are added to by family members or healthcare providers.

3. How We Use Your Information

We use the information we collect for various purposes:

3.1 Primary Uses

  • Service Delivery: Providing, maintaining, and improving our Services.
  • Health Analysis: Using AI to analyze lab reports, generate health insights, and provide personalized recommendations.
  • Medical Record Management: Storing, organizing, and retrieving your health records in FHIR R5-compliant systems.
  • Healthcare Coordination: Sharing relevant health information with your authorized healthcare providers.
  • Appointment Management: Scheduling, confirming, and reminding you of medical appointments and consultations.
  • Account Management: Creating accounts, verifying identity, resetting passwords, and managing user preferences.
  • Billing & Payment: Processing payments, issuing invoices, and managing subscription services.

3.2 Legal & Security Uses

  • Compliance: Meeting legal obligations under health data protection laws (DPDPA, ABDM, etc.).
  • Fraud Prevention: Detecting and preventing fraudulent or unauthorized activities.
  • Security: Protecting against security threats, cyberattacks, and unauthorized access.
  • Legal Proceedings: Responding to lawful requests from government agencies or courts.
  • Dispute Resolution: Investigating and resolving complaints or disputes.

3.3 Marketing & Communication

  • Notifications: Sending service-related alerts, health reminders, and test result notifications.
  • Educational Content: Sharing health tips, wellness articles, and educational materials (with your consent).
  • Research: Using anonymized, aggregated data to improve AI models and Services (you always remain unidentifiable).
  • Promotional Content: Sending newsletters and marketing information only if you opt in.

4. Information Sharing & Disclosure

We do not sell your personal health information to third parties. However, we may share your information in the following circumstances:

4.1 With Your Consent

  • Sharing health records with healthcare providers you authorize.
  • Connecting with insurance providers or government health schemes you specify.
  • Integrating with third-party health applications you choose to connect.

4.2 Service Providers

We share information with trusted service providers who assist us in operating our Services, including:

  • Cloud hosting providers (Couchbase Server, AWS, Azure)
  • Payment processors and payment gateways
  • Email delivery services
  • Analytics providers
  • Security and fraud prevention vendors

These service providers are contractually obligated to use your information only as necessary to provide services to HealthSurely and are required to maintain the confidentiality and security of your data.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, or legal process, including:

  • Responding to lawful government requests (law enforcement, courts, health authorities).
  • Protecting the rights, property, and safety of HealthSurely, our users, or the public.
  • Detecting, investigating, and preventing fraud, security incidents, or illegal activities.

4.4 Business Transfers

If HealthSurely is involved in a merger, acquisition, bankruptcy, or asset sale, your information may be transferred as part of that transaction. You will be notified of any such change and any choices you may have regarding your information.

4.5 Anonymized & Aggregated Data

We may use and share anonymized, aggregated data for research, analytics, marketing, and service improvement purposes. This data cannot identify you individually and is not subject to this Privacy Policy.

5. Data Security

HealthSurely implements industry-standard technical, administrative, and physical security measures to protect your personal information against unauthorized access, alteration, disclosure, and destruction.

5.1 Security Measures

  • Encryption: 256-bit AES encryption for data in transit (HTTPS/TLS) and at rest.
  • Access Controls: Role-based access control (RBAC) limiting access to authorized personnel only.
  • Authentication: Strong password requirements, multi-factor authentication (MFA) options, and session management.
  • Audit Logging: Comprehensive audit trails tracking all access to personal health information.
  • Network Security: Firewalls, intrusion detection systems, and regular security monitoring.
  • Data Segregation: Separation of data by scope (customer, lab, doctor, pharmacy) with strict access boundaries.
  • Secure Development: Regular security code reviews and vulnerability assessments.

5.2 Security Limitations

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security against all types of attacks or breaches. You are responsible for maintaining the confidentiality of your account credentials and notifying us immediately of any suspected unauthorized access.

5.3 Reporting Security Issues

If you discover a security vulnerability, please contact our security team at security@healthsurely.com rather than publicly disclosing the issue.

6. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy.

6.1 Retention Periods

  • Active Accounts: Data is retained while your account is active.
  • Inactive Accounts: Accounts inactive for 24 months may be subject to deletion.
  • Health Records: Lab reports and medical records are retained for 7 years (or as legally required) after the last access.
  • Legal/Compliance: Data retained as required by applicable laws and regulations.
  • Backup Data: Backups may be retained longer for disaster recovery purposes.

6.2 Account Deletion

You may request deletion of your account and associated data at any time. We will delete your personal information within 30 days, except where:

  • Retention is required by law.
  • Data is needed to resolve disputes or complete transactions.
  • Data has been anonymized and aggregated.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 India - DPDPA Rights

Under the Digital Personal Data Protection Act (DPDPA), you have the right to:

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your data (right to be forgotten).
  • Data Portability: Request your data in a portable format.
  • Withdraw Consent: Withdraw consent for data processing.

7.2 ABDM Compliance

As per Ayushman Bharat Digital Mission (ABDM) guidelines, you control your health records and can authorize or revoke access from healthcare providers at any time.

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Data Protection Officer

Email: info@healthsurely.com

Phone: +1-800-555-0123

We will respond to your request within 30 days (or as required by applicable law) and may ask for verification of your identity.

7.4 Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

8. Cookies & Tracking Technologies

HealthSurely uses cookies, web beacons, pixels, and similar tracking technologies to enhance your experience and understand how you use our Services.

8.1 Types of Cookies

  • Essential Cookies: Required for authentication, security, and basic functionality.
  • Performance Cookies: Track usage patterns to improve site performance and user experience.
  • Analytics Cookies: Collect anonymized data about how you use our Services (Google Analytics, Mixpanel).
  • Preference Cookies: Remember your settings and preferences.
  • Marketing Cookies: Track your activity to show relevant ads (only with your consent).

8.2 Google Analytics

We use Google Analytics on our Site to collect usage data and improve our Services. For more information on how Google uses data, visit Google's Partner Sites Privacy Policy. You can opt out using Google Analytics Opt-Out Tool.

8.3 Your Cookie Preferences

  • Most browsers allow you to refuse cookies or alert you when a cookie is being set.
  • You can adjust privacy settings in your browser to limit cookie tracking.
  • Disabling essential cookies may impair some Services functionality.
  • You can opt out of marketing cookies in your account settings.
  • HealthSurely respects browser do-not-track requests where legally applicable, but functionality may be limited.

8.4 Third-Party Tracking

Third-party analytics and advertising partners may set their own cookies or tracking pixels. Please review their privacy policies to understand how they process your data.

9. Third-Party Services

Our Services may contain links to third-party websites, applications, and services not operated by HealthSurely, including:

  • Healthcare provider websites
  • Insurance company portals
  • Lab and diagnostic center websites
  • Pharmacy platforms
  • Social media services

HealthSurely is not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before sharing any personal information with them.

9.1 Social Media Integration

If you connect your HealthSurely account with social media platforms (Facebook, Google, Apple), we may collect information from your social media profile. You can disconnect these integrations at any time in your account settings.

10. Children's Privacy

HealthSurely Services are not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

10.1 Guardian Responsibility

If you are a parent or guardian and permit your child (age 13+) to use HealthSurely, you are fully responsible for their use and agree to this Privacy Policy on their behalf.

10.2 Underage User Data

If we become aware that a child under 13 has provided us with personal information, we will promptly delete such information. Please contact us at info@healthsurely.com if you believe your child has shared information with us.

11. International Data Transfers

Your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States, India, and other jurisdictions where HealthSurely or its service providers operate.

11.1 Data Transfer Safeguards

When we transfer personal data internationally, we implement appropriate safeguards, including:

  • Standard contractual clauses with service providers.
  • Adequacy decisions where recognized by relevant authorities.
  • Your explicit consent where required.

11.2 Privacy Standards

We ensure that data transfers maintain the same level of protection required under applicable data protection laws, including DPDPA and ABDM standards.

12. Evaluation, Quality Improvement & Surveys

HealthSurely periodically collects feedback from users to evaluate and improve our Services. We may conduct surveys asking about your experience with features of our platform.

12.1 Survey Information

  • Surveys may ask for demographic information such as age, gender, and education level.
  • Surveys will not request specific information about medical conditions without explicit consent.
  • Survey data is used for evaluation and quality improvement purposes only.
  • You may be individually contacted for follow-up regarding concerns you raise in surveys.

12.2 Feedback & Messages

Comments, questions, or feedback sent to us via email or secure messaging forms are shared with HealthSurely staff and healthcare professionals best able to address your concerns. We may archive your messages once we provide a complete and satisfactory response.

When you use secure messaging to communicate with healthcare professionals, some information you provide may be documented in your medical record and used to guide your healthcare treatment.

12.3 Data Usage

Demographic information and usage data collected through surveys and feedback may be stored for future evaluation, quality improvement, and research purposes (always in anonymized form).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, law, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website with a new "Last Updated" date.
  • Sending you an email notification if the change affects how we handle your sensitive health information.
  • Requiring you to accept the updated policy before continuing to use our Services.

Your continued use of our Services after changes become effective constitutes your acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

HealthSurely Technologies Private Limited

P.O. Box 98765
Austin, TX 78701
United States

General Inquiries: info@healthsurely.com

Data Protection Authority

If you believe your privacy rights have been violated and we have not satisfactorily resolved your concern, you may file a complaint with the relevant data protection authority in your jurisdiction.

Response Timeline

We commit to responding to all privacy inquiries and data subject requests within 30 days or as required by applicable law.