Privacy Policy

Effective Date: October 10, 2025
Last Updated: October 10, 2025

1. Introduction

Welcome to Reisaan Health. Your privacy and the security of your health information are our highest priorities.

Who We Are:

Legal Entity: Aasaan Health Solutions LLP
Brand Name: Reisaan Health
Services: Virtual endocrinology consultations, diabetes reversal programs, weight management, PCOS treatment, and metabolic health coaching
Website: https://reisaanhealth.com
Contact: connect@aasaanhealth.com | +91 8291173280

This Privacy Policy explains how we collect, use, protect, and share your personal information and health data when you use our website, mobile application, and healthcare services.

By using our services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

2. Information We Collect

We collect information that you provide directly, information collected automatically, and information from third-party sources.

2.1 Personal Information You Provide

Account Registration:

Full name
Email address
Phone number
Date of birth
Gender
Postal address
Country of residence

Health Information:

Medical history
Current medications and dosages
Allergies and adverse reactions
Family medical history
Previous diagnoses and treatments
Lab test results (HbA1c, lipid panel, thyroid function, etc.)
Vital signs (blood pressure, weight, height, BMI)
Symptoms and health concerns
Treatment goals and preferences

Lifestyle Information:

Diet and eating habits
Exercise and physical activity levels
Sleep patterns and quality
Stress levels and mental health
Alcohol and tobacco use
Work schedule and daily routine

Continuous Glucose Monitoring (CGM) Data:

Real-time glucose readings
Glucose trends and patterns
Time in range, highs, and lows
Meal timing and glucose response
Activity impact on glucose levels

Payment Information:

Billing name and address
Payment method details (processed securely by Stripe)
Transaction history
Refund requests and resolution

Communications:

Messages to Dr. Roshani and care team
Video consultation recordings (with consent)
Chat conversations
Email correspondence
Phone call records
Feedback and testimonials

Program Participation Data:

Course completion status
Video views and engagement
Community participation
Assignment submissions
Progress tracking metrics

2.2 Information Collected Automatically

Device and Browser Information:

IP address
Device type, model, and operating system
Browser type and version
Screen resolution
Time zone and language settings
Referring website
Pages visited and time spent

Usage Data:

Login frequency and duration
Features and services accessed
Button clicks and interactions
Search queries within our platform
Error messages and technical issues

Cookies and Similar Technologies:

See our Cookie Policy for detailed information
Essential cookies for site functionality
Analytics cookies to improve our services
Preference cookies to remember your settings

Location Data:

Approximate location based on IP address
City and country (not precise GPS location)
Used for compliance with regional laws

2.3 Information from Third-Party Sources

Healthcare Providers:

Medical records shared with your authorization
Lab results sent directly to us
Referral information from your physician

Payment Processors:

Transaction confirmation from Stripe
Payment status updates
Dispute and chargeback information

Technology Partners:

Video platform analytics (meeting attendance, duration)
Email delivery status
SMS delivery confirmations
App store analytics (downloads, ratings)

Continuous Glucose Monitors:

Data synced from CGM devices
Device manufacturer information
Calibration and sensor data

Social Media (if you connect accounts):

Profile information from Facebook, LinkedIn
Used only with your explicit permission

2.4 Information Collected Through Our Mobile Application

The Reisaan Health mobile app (available on iOS and Android) collects additional information to provide a comprehensive health tracking and management experience.

Mobile App Features and Data Collection

A. Health and Lifestyle Tracking

Daily Logging Features:

Meals and Nutrition: Photos of meals, meal times, food descriptions, carbohydrate estimates, portion sizes
Blood Glucose: Manual glucose readings, testing times, contextual notes (before/after meals, fasting)
Medications: Medication names, dosages, timing, adherence tracking, missed doses
Weight and Measurements: Body weight, waist circumference, blood pressure, other vitals
Physical Activity: Exercise type, duration, intensity, steps, active minutes
Sleep: Sleep duration, sleep quality ratings, wake times, sleep disruptions
Stress and Mood: Stress levels, mood indicators, emotional state, journal entries
Symptoms: Health symptoms, severity ratings, duration, triggers

How we use this data:

Generate personalized health insights
Track progress toward health goals
Identify patterns and correlations
Provide feedback to Dr. Roshani and your care team
Adjust treatment recommendations
Create progress reports and visualizations

B. Device Sensors and Permissions

The app may request access to:

Camera:

Purpose: Photograph meals for food logging, document progress (body measurements, CGM readings)
Usage: Photos stored securely, analyzed for nutritional insights, included in medical record with consent
Control: You can deny camera access; manual text entry available as alternative

Photo Library:

Purpose: Upload existing photos of meals, progress photos, lab results, medical documents
Usage: Selected photos uploaded to secure servers, become part of your health record
Control: You choose which photos to upload; we only access photos you explicitly select

Health App Integration (iOS HealthKit):

Purpose: Sync data from Apple Health (steps, weight, blood glucose from connected devices, sleep, heart rate)
Data accessed: Only health metrics you authorize (step count, workouts, weight, glucose, sleep, heart rate variability)
Usage: Integrated into your Reisaan Health profile for comprehensive health tracking
Control: You control which data types to share; disable anytime in iOS Health app settings

Google Fit Integration (Android):

Purpose: Sync fitness and health data from Google Fit
Data accessed: Steps, activity, weight, nutrition data (with your authorization)
Usage: Combined with app data for holistic health insights
Control: Manage permissions in Google Fit settings; revoke access anytime

Location Services:

Purpose:
- Timezone detection for accurate meal/medication timing
- Find nearby healthcare facilities (if feature enabled)
- Provide location-specific health resources
Data collected: Approximate location (city/region), timezone
NOT collected: Precise GPS location, location history, movement tracking
Control: Optional; app functions without location access; manage in device settings

Notifications/Push Notifications:

Purpose: Send appointment reminders, medication alerts, health tips, chat messages from care team
Data collected: Device push token, notification preferences, interaction data (opened/dismissed)
Usage: Deliver timely health reminders and communications
Control: Manage in device settings; opt-out doesn’t affect core app functionality

Bluetooth (if CGM integration enabled):

Purpose: Connect to continuous glucose monitoring devices for automatic data sync
Data collected: Glucose readings, device information, connection status
Usage: Real-time glucose tracking and analysis
Control: Only used if you connect a CGM device; disable in app settings

Motion & Fitness (iOS) / Physical Activity (Android):

Purpose: Track steps and physical activity automatically
Data collected: Step count, distance, floors climbed, activity type
Usage: Understand activity patterns and their impact on health metrics
Control: Optional; manual activity logging available as alternative

Microphone (if voice features enabled):

Purpose: Voice notes for meal descriptions, symptom journaling
Data collected: Audio recordings (converted to text), voice memos
Usage: Transcribed and stored as text in your health record
Control: Optional feature; text entry always available

C. Device and Technical Information

Automatically Collected:

Device identifiers: Device ID, advertising ID (IDFA on iOS, AAID on Android)
Device information: Device model, manufacturer, operating system version, screen size, language settings
App information: App version, build number, install date, update history
Network information: IP address, mobile carrier, connection type (WiFi/cellular), network quality
Performance data: Crash reports, error logs, performance metrics, API response times
Usage analytics: Features used, screens viewed, button clicks, session duration, frequency of use

Advertising Identifiers:

IDFA (iOS): Used for analytics and attribution only; NOT used for advertising (we don’t serve ads)
AAID (Android): Used for analytics and attribution only
Purpose: Measure app performance, understand user engagement, track app installs
Reset: You can reset or disable in device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads)

How we use device data:

Troubleshoot technical issues
Improve app performance and stability
Understand feature usage and engagement
Optimize user experience
Detect and prevent fraud or abuse

D. Background Data Collection

When app is in background:

Health data sync: Syncs logged data when internet available
HealthKit/Google Fit sync: Automatically imports authorized health data
Push notifications: Delivers reminders and messages
Location (if enabled): Only for timezone detection; no continuous tracking
Analytics: App open/close events, session duration

Background data is:

Encrypted during transmission
Synced only when connected to WiFi (by default; configurable)
Minimized to preserve battery life
Subject to OS-level background restrictions

Battery optimization:

We implement efficient background syncing
Respect device battery saving modes
Allow users to control sync frequency

E. Third-Party SDKs and Services in Mobile App

Analytics and Performance:

Google Analytics for Firebase: App usage analytics, crash reporting, performance monitoring
- Data collected: Device info, app usage, crash logs
- Firebase Privacy Policy
Sentry (if used): Error tracking and crash reporting
- Data collected: Error logs, device context, app state at time of error
- Sentry Privacy Policy

Cloud Services:

AWS Mobile SDK / Google Cloud: Secure data storage and sync
- Data collected: All health data, authentication tokens
- Encrypted in transit and at rest

Video Consultations:

[Video SDK Name]: Powers video consultations
- Data collected: Video/audio during consultations, connection quality
- [SDK Privacy Policy]

Payment Processing (in-app):

Stripe Mobile SDK: Secure payment processing
- Data collected: Payment information (processed by Stripe, not stored by us)
- Stripe Privacy Policy

Authentication:

Firebase Authentication: Secure login and session management
- Data collected: Email, authentication tokens, login history

Push Notifications:

Firebase Cloud Messaging (FCM): iOS and Android push notifications
- Data collected: Device push tokens, message delivery status
Apple Push Notification Service (APNs): iOS notifications
- Data collected: Device tokens

ALL third-party SDKs:

Are carefully vetted for privacy and security
Receive only minimum data necessary
Comply with GDPR, CCPA, and applicable privacy laws
Are covered by Data Processing Agreements where required

App Permissions Summary Table




Permission
Platform
Required?
Purpose
Can Opt-Out?




Camera
iOS, Android
No
Meal photos, progress photos
Yes - use text entry


Photo Library
iOS, Android
No
Upload existing photos
Yes - no photo uploads


HealthKit/Health
iOS
No
Sync Apple Health data
Yes


Google Fit
Android
No
Sync fitness data
Yes


Location
iOS, Android
No
Timezone, facility finder
Yes


Notifications
iOS, Android
No
Reminders, messages
Yes


Bluetooth
iOS, Android
No
CGM device connection
Yes


Motion/Activity
iOS, Android
No
Step tracking
Yes - manual entry


Microphone
iOS, Android
No
Voice notes
Yes - text entry


Network
iOS, Android
Yes
Internet connectivity
No - required for sync

Permission	Platform	Required?	Purpose	Can Opt-Out?
Camera	iOS, Android	No	Meal photos, progress photos	Yes - use text entry
Photo Library	iOS, Android	No	Upload existing photos	Yes - no photo uploads
HealthKit/Health	iOS	No	Sync Apple Health data	Yes
Google Fit	Android	No	Sync fitness data	Yes
Location	iOS, Android	No	Timezone, facility finder	Yes
Notifications	iOS, Android	No	Reminders, messages	Yes
Bluetooth	iOS, Android	No	CGM device connection	Yes
Motion/Activity	iOS, Android	No	Step tracking	Yes - manual entry
Microphone	iOS, Android	No	Voice notes	Yes - text entry
Network	iOS, Android	Yes	Internet connectivity	No - required for sync

Important: All permissions are requested with clear explanation of purpose. You can manage permissions in device settings anytime.

Children’s Privacy (Mobile App)

Age Gate:

App requires users to confirm they are 18 or older
Age verification during registration
Parental consent required for users under 18

Compliance:

COPPA (Children’s Online Privacy Protection Act) – US
Age-appropriate design code – UK
We do not knowingly collect data from children under 13

2.5 Mobile App Data Storage and Security

Local Storage on Device

Data stored locally:

Login credentials (encrypted)
Cached health data for offline access (encrypted)
App preferences and settings
Temporary files during data entry
Draft entries not yet synced

Security measures:

iOS Keychain for sensitive data
Android Keystore for credentials
AES-256 encryption for local health data
Secure deletion when app uninstalled

Offline functionality:

Log data without internet connection
Data queued for sync when connection restored
Local data encrypted until synced
Automatic sync when WiFi available

Cloud Storage and Sync

Server storage:

HIPAA-compliant cloud infrastructure
Encrypted in transit (TLS 1.3)
Encrypted at rest (AES-256)
Geographic redundancy for reliability
Regular security audits

Data synchronization:

Real-time sync when internet available
Conflict resolution for multiple device edits
Version control for data integrity
Automatic backup of all data

Multi-Device Access

You can access your account on:

iOS app (iPhone, iPad)
Android app (phone, tablet)
Web browser (desktop, mobile)

Data synchronized across all devices:

Health logs and measurements
Chat messages and communications
Program progress and course completion
Appointments and reminders
Settings and preferences

Security:

Maximum 5 active devices per account
Can review and remove devices in settings
Automatic logout on inactive devices (90 days)
Login from new device requires verification

2.6 Mobile App Analytics and Tracking

In-App Analytics

We track:

Feature usage: Which features you use, how often
User flows: Navigation patterns, common user journeys
Engagement: Session duration, frequency, retention
Technical: Load times, errors, crashes
Content interaction: Videos watched, courses completed

We do NOT track:

Individual health data for analytics (only aggregate, anonymized)
Precise content of health logs in analytics tools
Personal messages or communications
Financial information

Purpose:

Improve app usability
Identify and fix bugs
Understand feature popularity
Optimize performance
Prioritize development

Analytics tools:

Google Analytics for Firebase (anonymized where possible)
Amplitude/Mixpanel (if used) – anonymized event tracking
Custom internal analytics

A/B Testing and Personalization

We may conduct A/B tests to:

Test new features and designs
Optimize user experience
Improve health outcomes
Refine recommendations

Testing uses:

Anonymous user segments
Random assignment to test groups
Statistical analysis of results
No individually identifiable data in test tools

Health Insights and AI/ML

Machine learning applications:

Glucose pattern recognition
Meal impact predictions
Activity recommendations
Sleep quality analysis
Personalized health tips

How it works:

Models trained on aggregated, de-identified data
Personal predictions based only on your data
No sharing of individual data for training
Models run securely on our servers
Human review (Dr. Roshani) for medical decisions

You control:

Whether to receive AI-generated insights (opt-in)
Whether your data contributes to model improvement (de-identified)
All medical decisions reviewed by healthcare provider

2.7 Mobile App-Specific Rights and Controls

Data Portability (Mobile App)

Export your data:

Request export in app settings
Receive comprehensive data file (JSON/CSV format)
Includes all health logs, measurements, communications
Available within 30 days of request

Format options:

Machine-readable JSON
Human-readable PDF report
CSV for spreadsheet import
Compatible with other health apps

App-Specific Deletion

Delete app data:

Uninstalling app does NOT delete account or cloud data
To delete all data, must request account deletion
Account deletion removes all data (subject to legal retention)

Delete specific data:

Individual health logs can be deleted in app
Deletions sync across all devices
Cannot delete medical records created by healthcare team

Device-Level Privacy Controls

iOS Privacy Settings:

Settings > Privacy & Security > [Permission Type]
Review which apps have access to Health data, camera, location, etc.
Revoke permissions for Reisaan Health app
[Settings > Reisaan Health > Allow Tracking] – Disable ad tracking

Android Privacy Settings:

Settings > Privacy > Permission Manager
Review and manage app permissions
Settings > Google > Ads > Opt out of Ads Personalization
Settings > Apps > Reisaan Health > Permissions

Your choices respected:

App adapts to permission denials
Alternative input methods provided
Core functionality preserved
Can re-enable permissions anytime

2.8 Mobile App Updates and Changes

App updates may:

Add new features or tracking
Change data collection practices
Update third-party SDKs
Modify permissions required

How you’ll be notified:

In-app notification of significant changes
App store update notes
Email notification for material privacy changes
Required re-consent for new sensitive data collection

Review before updating:

Check App Store/Google Play update notes
Review permission changes
Read updated Privacy Policy if referenced

2.9 App Store Privacy Labels

iOS App Privacy Label (App Store):
Our app’s privacy label shows:

Data types collected
Whether data is linked to you
Whether data is used for tracking
Full details viewable in App Store listing

Google Play Data Safety Section:
Our data safety section shows:

Types of data collected and shared
Security practices
Whether data is optional
Full details in Google Play listing

These labels are updated:

With each app release
When data practices change
To reflect current privacy policies

3. How We Use Your Information

3.1 Primary Healthcare Purposes

Medical Care and Treatment:

Conduct virtual consultations with Dr. Roshani Sanghani
Develop personalized treatment and lifestyle plans
Monitor your health progress and outcomes
Adjust medications and treatment protocols
Provide ongoing health coaching and support
Respond to your health questions and concerns

Care Coordination:

Communicate with your other healthcare providers (with authorization)
Share treatment plans with your local physician
Coordinate lab testing and results review
Arrange specialist referrals when needed

Program Delivery:

Provide access to educational content and courses
Track your program completion and engagement
Deliver personalized health insights
Facilitate community support and peer connection
Measure program effectiveness and outcomes

3.2 Operational Purposes

Account Management:

Create and maintain your patient account
Authenticate your identity and prevent fraud
Process payments and manage billing
Handle refund requests and disputes
Send appointment reminders and notifications

Communication:

Respond to your inquiries and support requests
Send service updates and important notices
Provide appointment confirmations and reminders
Share health tips and educational content
Deliver program materials and resources

Service Improvement:

Analyze usage patterns to improve our platform
Develop new features and services
Conduct quality assurance and training
Gather feedback on patient satisfaction
Optimize website and app performance

3.3 Legal and Safety Purposes

Compliance:

Comply with applicable healthcare regulations
Meet tax and accounting requirements
Respond to legal requests and court orders
Enforce our Terms of Service
Maintain records per legal requirements

Safety and Security:

Prevent fraud and unauthorized access
Protect against security threats
Detect and prevent abuse of our services
Monitor for suspicious activity
Maintain audit logs for accountability

3.4 Research and Analytics (De-identified)

Medical Research:

Study treatment effectiveness and outcomes
Identify trends in metabolic health
Contribute to medical literature (anonymized)
Improve diabetes reversal protocols
Develop new treatment approaches

Important: We only use de-identified or aggregated data for research. Your individual identity is protected and cannot be linked back to you without your explicit consent.

3.5 Marketing (With Consent)

If you opt-in, we may:

Send newsletters with health tips and success stories
Share information about new services or programs
Invite you to webinars and educational events
Request testimonials or case studies (separately authorized)
Conduct patient satisfaction surveys

You can opt-out anytime via unsubscribe links in emails or by contacting us.

4. Legal Bases for Processing (GDPR)

If you are in the EU, UK, or other GDPR-compliant regions, we process your data based on:

Contract Performance:

Providing healthcare services you’ve enrolled in
Processing payments
Delivering your treatment plan

Consent:

Marketing communications
Non-essential cookies
Testimonials and case studies
Research participation

Legal Obligation:

Complying with healthcare regulations
Tax and accounting requirements
Responding to legal requests

Legitimate Interests:

Fraud prevention and security
Service improvement and analytics
Internal administrative purposes
Direct marketing (where permitted by law)

Vital Interests:

Emergency medical situations
Protecting life and health

5. How We Share Your Information

We do not sell your personal information to anyone. We only share your information in the following limited circumstances:

5.1 Healthcare Team Members

Within Reisaan Health:

Dr. Roshani Sanghani (Medical Director)
Licensed health coaches
Registered dietitians
Support staff assisting with your care
Technical support (limited access as needed)

All team members:

Are bound by strict confidentiality agreements
Receive privacy and security training
Access only information necessary for your care
Are monitored for appropriate access

5.2 Your Other Healthcare Providers

With Your Authorization:

Your primary care physician
Endocrinologists or specialists
Laboratory facilities
Pharmacies (for prescription coordination)
Insurance providers (if applicable)

We will ask for your written consent before sharing with external providers.

5.3 Service Providers (Business Associates)

Technology Partners:

Cloud hosting (secure, HIPAA-compliant servers)
Video conferencing platforms (for consultations)
Email and SMS delivery services
Payment processing (Stripe)
Customer support tools
Analytics platforms (anonymized data only)

All service providers:

Sign Business Associate Agreements (BAAs)
Meet strict security and privacy standards
Can only use data to provide services to us
Cannot use your data for their own purposes

Current Service Providers:

Hosting: Kinsta, https://kinsta.com/
Video: YouTube
Payments: Stripe, Razorpay
Email: Google
Analytics: Google Analytics (anonymized)

5.4 Legal Requirements

We may disclose information when required by law:

Court orders or subpoenas
Government investigations
Healthcare regulatory audits
Law enforcement requests (when legally obligated)
Protection of rights, property, or safety

Emergency Situations:

To prevent serious harm to you or others
In medical emergencies requiring immediate intervention
When necessary to protect public health

5.5 Business Transfers

If Reisaan Health merges with, is acquired by, or sells assets to another entity:

Your information may be transferred
We will notify you before transfer
The new entity must honor this Privacy Policy
You will have the right to delete your data

5.6 Alumni Community (With Your Consent)

If you choose to participate:

Your first name and success story (if you share)
Progress photos (only with explicit permission)
Before/after metrics (anonymized unless you agree otherwise)

You control:

What information you share in the community
Your profile visibility
Whether to participate at all

6. Data Security

We implement comprehensive security measures to protect your information.

6.1 Technical Safeguards

Encryption:

SSL/TLS encryption for all data transmission
Encryption of data at rest (stored data)
End-to-end encryption for sensitive communications
Encrypted backups

Access Controls:

Multi-factor authentication for staff
Role-based access permissions
Regular access reviews and audits
Automatic logout after inactivity
Strong password requirements

Security Monitoring:

24/7 security monitoring
Intrusion detection systems
Regular vulnerability scans
Penetration testing (annually)
Security incident response plan

Infrastructure:

HIPAA-compliant cloud hosting
Regular security updates and patches
Redundant systems and backups
Disaster recovery procedures

6.2 Physical Safeguards

Facilities:

Secure office locations with restricted access
Surveillance systems
Visitor logs and escort policies
Secure disposal of physical records (shredding)

Devices:

Encrypted laptops and mobile devices
Remote wipe capabilities for lost devices
Automatic screen locks
Secure device disposal procedures

6.3 Administrative Safeguards

Policies and Procedures:

Comprehensive privacy and security policies
Data handling protocols
Incident response procedures
Regular policy reviews and updates

Training:

Mandatory privacy training for all staff
Annual security awareness training
HIPAA compliance training
Regular privacy reminders and updates

Oversight:

Designated Privacy Officer
Security Officer
Regular risk assessments
Compliance audits

6.4 Limitations

Important Notice: No system is 100% secure. While we implement industry-leading security measures, we cannot guarantee absolute security. You also play a role:

Your Responsibilities:

Keep your password confidential
Don’t share your account credentials
Use secure internet connections (avoid public WiFi for sensitive activities)
Log out when finished
Report any suspected security issues immediately

7. Data Retention

We keep your information only as long as necessary for the purposes described in this policy.

7.1 Retention Periods

Medical Records:

Active Patients: Duration of relationship + 6 years (minimum)
Former Patients: 10 years from last treatment
Longer if: Required by law or ongoing legal matters

Account Information:

Duration of relationship + 2 years
Payment records: 7 years (tax requirements)

Communications:

Medical-related: Same as medical records
Marketing: Until you opt-out + 30 days
Support tickets: 3 years

Analytics Data:

Anonymized data: Indefinitely (no longer personally identifiable)
Individual analytics: 26 months (Google Analytics default)

Consent Records:

5 years minimum (GDPR requirement)
Longer for medical consents

7.2 Deletion Process

When we delete data:

Secure deletion (data overwritten, not just marked as deleted)
Backups purged within 90 days
Physical documents shredded
Devices securely wiped before disposal

Exceptions (we may retain):

As required by law
To resolve disputes or enforce agreements
For legitimate business purposes (anonymized)
In backup systems for up to 90 days

7.3 Mobile App Data Retention

App-specific data:

Local cached data: Cleared when app uninstalled or after 90 days of inactivity
Sync queue data: Deleted after successful sync
Crash logs: Retained for 90 days for debugging
Analytics data: Anonymized after 26 months
Device tokens: Deleted when device removed from account

Inactive accounts:

Mobile app access disabled after 12 months of inactivity
Notification sent before deactivation
Data retained per medical record requirements
Can reactivate account by contacting us

8. Your Privacy Rights

You have significant rights over your personal information and health data.

8.1 Rights for All Users

Right to Access:

Request a copy of your information
Receive it in a commonly used format
Response within 30 days (may extend to 60 days)

Right to Correction:

Request correction of inaccurate information
Add supplementary information to your records
We’ll notify others if we’ve shared the corrected information

Right to Deletion:

Request deletion of your information
Subject to legal retention requirements
Medical records may need to be retained per regulations

Right to Restrict Processing:

Limit how we use your information
While we verify accuracy
When processing is unlawful but you don’t want deletion

Right to Object:

Object to processing based on legitimate interests
Opt-out of marketing at any time
Object to automated decision-making

Right to Data Portability:

Receive your data in machine-readable format
Request transfer to another provider (where technically feasible)

8.2 Additional Rights for EU/UK Residents (GDPR)

Right to Withdraw Consent:

Withdraw consent at any time (doesn’t affect past processing)
Simple withdrawal process

Right to Lodge a Complaint:

File complaint with supervisory authority in your country
We’ll also work to resolve your concerns directly

Automated Decision-Making:

We don’t use fully automated decision-making for medical care
Human review is always involved in treatment decisions

8.3 Additional Rights for California Residents (CCPA/CPRA)

Right to Know:

Categories of information collected
Sources of information
Business purposes for collection
Third parties with whom we share

Right to Delete:

Request deletion of personal information
Subject to legal exceptions

Right to Opt-Out:

We do not sell personal information
If this changes, you’ll have the right to opt-out

Right to Non-Discrimination:

We won’t discriminate for exercising your rights
Same quality of service regardless

Right to Correct:

Request correction of inaccurate information

Right to Limit Use of Sensitive Information:

Control use of sensitive personal information
We only use for disclosed purposes

8.4 How to Exercise Your Rights

Submit a Request:

Email: connect@aasaanhealth.com
Subject Line: “Privacy Rights Request – [Your Name]”

Phone: +91 8291173280

Mail:
Reisaan Health – Privacy Officer
Aasaan Health Solutions LLP
[Your Business Address]

Online Portal: [If you create one]

What to Include:

Your full name
Email address used for your account
Phone number
Specific right you’re exercising
Description of your request
Proof of identity (for security)

Our Response:

Acknowledge receipt within 5 business days
Verify your identity
Respond within 30 days (may extend to 60 days with notice)
No charge for first request (may charge for excessive requests)

9. Children’s Privacy

Age Restriction: Our services are intended for adults aged 18 and older. We do not knowingly collect information from children under 18.

If you are under 18:

Do not use our services without parental consent
Do not provide any personal information
Have a parent/guardian contact us if interested in our services

If we discover we’ve collected information from a child under 18:

We will delete it promptly
Parents can contact us to request deletion

Teen Services (16-18 with parental consent): If we offer services for teens in the future:

Parental consent will be required
Parents will have access to their teen’s information
Special privacy protections will apply

10. International Data Transfers

Primary Data Location: Your data is primarily stored in [India/United States/EU – specify based on your hosting].

If you’re in a different country:

Your data may be transferred internationally
We ensure appropriate safeguards are in place

Transfer Mechanisms:

For EU/UK Patients:

Standard Contractual Clauses (SCCs) with service providers
Adequacy decisions (where applicable)
Your explicit consent (where required)

For Other Regions:

Compliance with local data protection laws
Appropriate contracts with international service providers
Security measures for cross-border transfers

Your Rights:

You can request information about international transfers
You can object to transfers (may limit service availability)

11. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and app.

What We Use:

Essential cookies (required for functionality)
Analytics cookies (with consent)
Preference cookies (with consent)
Marketing cookies (with consent, if applicable)

Your Choices:

Manage cookie preferences via our cookie banner
Change settings anytime via “Cookie Settings” button
Browser settings to control cookies

For Complete Information: See our detailed Cookie Policy.

12. Third-Party Links and Services

Our website may contain links to third-party websites, services, or content.

Important:

We are not responsible for third-party privacy practices
Third-party sites have their own privacy policies
Review their policies before providing information

Examples:

Google/YouTube (embedded videos)
Social media platforms
External health resources
Partner services

Our Responsibility:

We carefully select partners
We require partners to respect privacy
We cannot control their practices once you leave our site

13. Telehealth-Specific Privacy

Video Consultations:

Conducted via secure, encrypted platforms
May be recorded (only with your explicit consent)
Recordings stored securely and encrypted
Deleted per retention schedule unless medical record
You can request non-recording

Chat and Messaging:

All messages encrypted in transit and at rest
Become part of your medical record
Accessible by your care team
Retained per medical record retention schedule

Screen Sharing:

Used only when helpful for care (e.g., reviewing CGM data)
You control what you share
Not recorded unless part of consultation recording (with consent)

Waiting Rooms:

Virtual waiting rooms use secure unique links
Links expire after use
No information shared before appointment starts

14. Email and SMS Communications

Email:

Not considered secure for highly sensitive information
We use secure patient portal for sensitive communications
You can request paper mail instead

SMS/Text Messages:

Used for appointment reminders and brief updates
Not secure for detailed health information
You can opt-out of SMS anytime (reply STOP)

Best Practice:

Use patient portal for sensitive communications
Call us for urgent matters
Email for general inquiries only

15. Data Breach Notification

Our Commitment: If a data breach occurs affecting your information:

We will:

Contain and investigate the breach immediately
Assess the risk to your information
Notify you without undue delay (within 72 hours if required by law)
Notify regulatory authorities as required
Provide information about the breach and steps you should take
Offer credit monitoring or identity protection if appropriate

You will receive:

Description of the breach
Types of information involved
Steps we’re taking to address it
Steps you should take to protect yourself
Contact information for questions

How we’ll notify:

Email to address on file
Posted notice on website
Phone call for serious breaches
Letter if email unavailable

16. Social Media and User-Generated Content

If you interact with us on social media:

Your posts are public (per platform settings)
We may respond publicly or privately
Don’t share sensitive health information publicly
Use our secure portal for private health questions

Testimonials and Success Stories:

Always require your explicit written consent
You can specify what information to include/exclude
You can revoke permission at any time
We’ll remove or anonymize your testimonial upon request

Community Forums (Alumni Community):

You control what you share
Other members can see what you post
We moderate for privacy and safety
Report inappropriate content to us

17. Marketing and Communication Preferences

You control the communications you receive:

Opt-In (we’ll only send with permission):

Promotional emails and newsletters
Educational webinars and events
New program announcements
Success stories and tips

Essential Communications (you’ll receive even if opted-out):

Appointment confirmations and reminders
Service updates affecting your care
Billing and payment information
Legal notices and policy changes
Security alerts

How to Manage Preferences:

Click “unsubscribe” in any marketing email
Update preferences in your account settings
Contact us: connect@aasaanhealth.com
Reply STOP to SMS messages

18. California-Specific Disclosures (CCPA/CPRA)

Information We Collect (Categories):

Identifiers (name, email, phone, IP address)
Health information (medical records, CGM data, lifestyle information)
Commercial information (payment history, program enrollment)
Internet activity (website usage, app interactions)
Geolocation (approximate based on IP)
Audio/visual (consultation recordings with consent)

Sources:

Directly from you
Automatically through technology
From third parties (healthcare providers, payment processors)

Business Purposes:

Providing healthcare services
Processing payments
Improving our services
Security and fraud prevention
Legal compliance

Sharing:

Healthcare team members
Service providers (with BAAs)
Your authorized healthcare providers
As required by law

Sale of Information: We do NOT sell your personal information and have not sold it in the past 12 months.

Right to Limit Sensitive Information: We only use your sensitive personal information (health data) for the purposes you’d reasonably expect (providing healthcare services).

Retention: See Section 7 (Data Retention) for specific timeframes.

Contact for CCPA Requests: Email: connect@aasaanhealth.com
Subject: “CCPA Request”

19. Changes to This Privacy Policy

Updates: We may update this Privacy Policy to reflect:

Changes in our practices
New technologies or services
Legal requirements
User feedback

Material Changes: If we make significant changes:

We’ll update the “Last Updated” date
We’ll notify you via email (to address on file)
We’ll post a prominent notice on our website
We may require re-consent for certain uses

Your Choices:

Continued use after changes means acceptance
You can request account deletion if you disagree
We’ll honor prior version for data collected under it

Version History: Previous versions available upon request.

20. Contact Us

Privacy Questions or Concerns:

Privacy Officer:
Email: connect@aasaanhealth.com
Phone: +91 8291173280
Address: Aasaan Health Solutions LLP
Mumbai, India

Response Time: We aim to respond within 5 business days.

For EU/UK Residents: You also have the right to contact your local Data Protection Authority.

For California Residents: You can also contact the California Attorney General’s Office.

21. Special Notices

For Indian Patients

Compliance: We comply with the Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Upcoming Regulations: We are preparing for compliance with the Digital Personal Data Protection Act, 2023 (once implemented).

For US Patients

HIPAA Notice: If you are a US patient, you should also review our separate HIPAA Notice of Privacy Practices, which provides additional information about your rights under US federal health privacy law.

State-Specific Rights: Residents of certain US states may have additional privacy rights. Contact us for information specific to your state.

For EU/UK Patients

Data Protection Officer: [Name, if you designate one]
Email: [DPO email if separate]

Lead Supervisory Authority: [Specify if you have an EU establishment]

EU Representative: [If required under GDPR, specify]

22. Definitions

Personal Information: Information that identifies you individually.

Health Information: Information about your physical or mental health, healthcare services, or payment for healthcare.

De-identified Information: Information where identifying details have been removed and cannot reasonably be linked back to you.

Business Associate: Third-party service provider who handles your information on our behalf under contract.

Consent: Your freely given, specific, informed, and unambiguous agreement.

Processing: Any operation performed on your data (collection, storage, use, sharing, deletion).

23. Your Privacy Matters

At Reisaan Health, protecting your privacy is not just a legal obligation—it’s fundamental to the trust you place in us with your health journey.

Our Promise:

Transparency in how we use your information
Security measures to protect your data
Respect for your privacy choices
Responsiveness to your concerns

Your Voice: We welcome your feedback on our privacy practices. If you have suggestions for improvement or questions about this policy, please reach out.

Thank you for trusting Reisaan Health with your care.

This Privacy Policy was last updated on October 09, 2025. Please check back periodically for updates.