privacy-policy

Privacy Policy

Effective Date: October 10, 2025
Last Updated: October 10, 2025


1. Introduction

Welcome to Reisaan Health. Your privacy and the security of your health information are our highest priorities.

Who We Are:

  • Legal Entity: Aasaan Health Solutions LLP
  • Brand Name: Reisaan Health
  • Services: Virtual endocrinology consultations, diabetes reversal programs, weight management, PCOS treatment, and metabolic health coaching
  • Website: https://reisaanhealth.com
  • Contact: connect@aasaanhealth.com | +91 8291173280

This Privacy Policy explains how we collect, use, protect, and share your personal information and health data when you use our website, mobile application, and healthcare services.

By using our services, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services.


2. Information We Collect

We collect information that you provide directly, information collected automatically, and information from third-party sources.

2.1 Personal Information You Provide

Account Registration:

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Gender
  • Postal address
  • Country of residence

Health Information:

  • Medical history
  • Current medications and dosages
  • Allergies and adverse reactions
  • Family medical history
  • Previous diagnoses and treatments
  • Lab test results (HbA1c, lipid panel, thyroid function, etc.)
  • Vital signs (blood pressure, weight, height, BMI)
  • Symptoms and health concerns
  • Treatment goals and preferences

Lifestyle Information:

  • Diet and eating habits
  • Exercise and physical activity levels
  • Sleep patterns and quality
  • Stress levels and mental health
  • Alcohol and tobacco use
  • Work schedule and daily routine

Continuous Glucose Monitoring (CGM) Data:

  • Real-time glucose readings
  • Glucose trends and patterns
  • Time in range, highs, and lows
  • Meal timing and glucose response
  • Activity impact on glucose levels

Payment Information:

  • Billing name and address
  • Payment method details (processed securely by Stripe)
  • Transaction history
  • Refund requests and resolution

Communications:

  • Messages to Dr. Roshani and care team
  • Video consultation recordings (with consent)
  • Chat conversations
  • Email correspondence
  • Phone call records
  • Feedback and testimonials

Program Participation Data:

  • Course completion status
  • Video views and engagement
  • Community participation
  • Assignment submissions
  • Progress tracking metrics

2.2 Information Collected Automatically

Device and Browser Information:

  • IP address
  • Device type, model, and operating system
  • Browser type and version
  • Screen resolution
  • Time zone and language settings
  • Referring website
  • Pages visited and time spent

Usage Data:

  • Login frequency and duration
  • Features and services accessed
  • Button clicks and interactions
  • Search queries within our platform
  • Error messages and technical issues

Cookies and Similar Technologies:

  • See our Cookie Policy for detailed information
  • Essential cookies for site functionality
  • Analytics cookies to improve our services
  • Preference cookies to remember your settings

Location Data:

  • Approximate location based on IP address
  • City and country (not precise GPS location)
  • Used for compliance with regional laws

2.3 Information from Third-Party Sources

Healthcare Providers:

  • Medical records shared with your authorization
  • Lab results sent directly to us
  • Referral information from your physician

Payment Processors:

  • Transaction confirmation from Stripe
  • Payment status updates
  • Dispute and chargeback information

Technology Partners:

  • Video platform analytics (meeting attendance, duration)
  • Email delivery status
  • SMS delivery confirmations
  • App store analytics (downloads, ratings)

Continuous Glucose Monitors:

  • Data synced from CGM devices
  • Device manufacturer information
  • Calibration and sensor data

Social Media (if you connect accounts):

  • Profile information from Facebook, LinkedIn
  • Used only with your explicit permission

2.4 Information Collected Through Our Mobile Application

The Reisaan Health mobile app (available on iOS and Android) collects additional information to provide a comprehensive health tracking and management experience.

Mobile App Features and Data Collection

A. Health and Lifestyle Tracking

Daily Logging Features:

  • Meals and Nutrition: Photos of meals, meal times, food descriptions, carbohydrate estimates, portion sizes
  • Blood Glucose: Manual glucose readings, testing times, contextual notes (before/after meals, fasting)
  • Medications: Medication names, dosages, timing, adherence tracking, missed doses
  • Weight and Measurements: Body weight, waist circumference, blood pressure, other vitals
  • Physical Activity: Exercise type, duration, intensity, steps, active minutes
  • Sleep: Sleep duration, sleep quality ratings, wake times, sleep disruptions
  • Stress and Mood: Stress levels, mood indicators, emotional state, journal entries
  • Symptoms: Health symptoms, severity ratings, duration, triggers

How we use this data:

  • Generate personalized health insights
  • Track progress toward health goals
  • Identify patterns and correlations
  • Provide feedback to Dr. Roshani and your care team
  • Adjust treatment recommendations
  • Create progress reports and visualizations

B. Device Sensors and Permissions

The app may request access to:

Camera:

  • Purpose: Photograph meals for food logging, document progress (body measurements, CGM readings)
  • Usage: Photos stored securely, analyzed for nutritional insights, included in medical record with consent
  • Control: You can deny camera access; manual text entry available as alternative

Photo Library:

  • Purpose: Upload existing photos of meals, progress photos, lab results, medical documents
  • Usage: Selected photos uploaded to secure servers, become part of your health record
  • Control: You choose which photos to upload; we only access photos you explicitly select

Health App Integration (iOS HealthKit):

  • Purpose: Sync data from Apple Health (steps, weight, blood glucose from connected devices, sleep, heart rate)
  • Data accessed: Only health metrics you authorize (step count, workouts, weight, glucose, sleep, heart rate variability)
  • Usage: Integrated into your Reisaan Health profile for comprehensive health tracking
  • Control: You control which data types to share; disable anytime in iOS Health app settings

Google Fit Integration (Android):

  • Purpose: Sync fitness and health data from Google Fit
  • Data accessed: Steps, activity, weight, nutrition data (with your authorization)
  • Usage: Combined with app data for holistic health insights
  • Control: Manage permissions in Google Fit settings; revoke access anytime

Location Services:

  • Purpose:
    • Timezone detection for accurate meal/medication timing
    • Find nearby healthcare facilities (if feature enabled)
    • Provide location-specific health resources
  • Data collected: Approximate location (city/region), timezone
  • NOT collected: Precise GPS location, location history, movement tracking
  • Control: Optional; app functions without location access; manage in device settings

Notifications/Push Notifications:

  • Purpose: Send appointment reminders, medication alerts, health tips, chat messages from care team
  • Data collected: Device push token, notification preferences, interaction data (opened/dismissed)
  • Usage: Deliver timely health reminders and communications
  • Control: Manage in device settings; opt-out doesn’t affect core app functionality

Bluetooth (if CGM integration enabled):

  • Purpose: Connect to continuous glucose monitoring devices for automatic data sync
  • Data collected: Glucose readings, device information, connection status
  • Usage: Real-time glucose tracking and analysis
  • Control: Only used if you connect a CGM device; disable in app settings

Motion & Fitness (iOS) / Physical Activity (Android):

  • Purpose: Track steps and physical activity automatically
  • Data collected: Step count, distance, floors climbed, activity type
  • Usage: Understand activity patterns and their impact on health metrics
  • Control: Optional; manual activity logging available as alternative

Microphone (if voice features enabled):

  • Purpose: Voice notes for meal descriptions, symptom journaling
  • Data collected: Audio recordings (converted to text), voice memos
  • Usage: Transcribed and stored as text in your health record
  • Control: Optional feature; text entry always available

C. Device and Technical Information

Automatically Collected:

  • Device identifiers: Device ID, advertising ID (IDFA on iOS, AAID on Android)
  • Device information: Device model, manufacturer, operating system version, screen size, language settings
  • App information: App version, build number, install date, update history
  • Network information: IP address, mobile carrier, connection type (WiFi/cellular), network quality
  • Performance data: Crash reports, error logs, performance metrics, API response times
  • Usage analytics: Features used, screens viewed, button clicks, session duration, frequency of use

Advertising Identifiers:

  • IDFA (iOS): Used for analytics and attribution only; NOT used for advertising (we don’t serve ads)
  • AAID (Android): Used for analytics and attribution only
  • Purpose: Measure app performance, understand user engagement, track app installs
  • Reset: You can reset or disable in device settings (iOS: Settings > Privacy > Tracking; Android: Settings > Google > Ads)

How we use device data:

  • Troubleshoot technical issues
  • Improve app performance and stability
  • Understand feature usage and engagement
  • Optimize user experience
  • Detect and prevent fraud or abuse

D. Background Data Collection

When app is in background:

  • Health data sync: Syncs logged data when internet available
  • HealthKit/Google Fit sync: Automatically imports authorized health data
  • Push notifications: Delivers reminders and messages
  • Location (if enabled): Only for timezone detection; no continuous tracking
  • Analytics: App open/close events, session duration

Background data is:

  • Encrypted during transmission
  • Synced only when connected to WiFi (by default; configurable)
  • Minimized to preserve battery life
  • Subject to OS-level background restrictions

Battery optimization:

  • We implement efficient background syncing
  • Respect device battery saving modes
  • Allow users to control sync frequency

E. Third-Party SDKs and Services in Mobile App

Analytics and Performance:

  • Google Analytics for Firebase: App usage analytics, crash reporting, performance monitoring
  • Sentry (if used): Error tracking and crash reporting

Cloud Services:

  • AWS Mobile SDK / Google Cloud: Secure data storage and sync
    • Data collected: All health data, authentication tokens
    • Encrypted in transit and at rest

Video Consultations:

  • [Video SDK Name]: Powers video consultations
    • Data collected: Video/audio during consultations, connection quality
    • [SDK Privacy Policy]

Payment Processing (in-app):

  • Stripe Mobile SDK: Secure payment processing

Authentication:

  • Firebase Authentication: Secure login and session management
    • Data collected: Email, authentication tokens, login history

Push Notifications:

  • Firebase Cloud Messaging (FCM): iOS and Android push notifications
    • Data collected: Device push tokens, message delivery status
  • Apple Push Notification Service (APNs): iOS notifications
    • Data collected: Device tokens

ALL third-party SDKs:

  • Are carefully vetted for privacy and security
  • Receive only minimum data necessary
  • Comply with GDPR, CCPA, and applicable privacy laws
  • Are covered by Data Processing Agreements where required

App Permissions Summary Table

Permission Platform Required? Purpose Can Opt-Out?
Camera iOS, Android No Meal photos, progress photos Yes - use text entry
Photo Library iOS, Android No Upload existing photos Yes - no photo uploads
HealthKit/Health iOS No Sync Apple Health data Yes
Google Fit Android No Sync fitness data Yes
Location iOS, Android No Timezone, facility finder Yes
Notifications iOS, Android No Reminders, messages Yes
Bluetooth iOS, Android No CGM device connection Yes
Motion/Activity iOS, Android No Step tracking Yes - manual entry
Microphone iOS, Android No Voice notes Yes - text entry
Network iOS, Android Yes Internet connectivity No - required for sync

Important: All permissions are requested with clear explanation of purpose. You can manage permissions in device settings anytime.

Children’s Privacy (Mobile App)

Age Gate:

  • App requires users to confirm they are 18 or older
  • Age verification during registration
  • Parental consent required for users under 18

Compliance:

  • COPPA (Children’s Online Privacy Protection Act) – US
  • Age-appropriate design code – UK
  • We do not knowingly collect data from children under 13

2.5 Mobile App Data Storage and Security

Local Storage on Device

Data stored locally:

  • Login credentials (encrypted)
  • Cached health data for offline access (encrypted)
  • App preferences and settings
  • Temporary files during data entry
  • Draft entries not yet synced

Security measures:

  • iOS Keychain for sensitive data
  • Android Keystore for credentials
  • AES-256 encryption for local health data
  • Secure deletion when app uninstalled

Offline functionality:

  • Log data without internet connection
  • Data queued for sync when connection restored
  • Local data encrypted until synced
  • Automatic sync when WiFi available

Cloud Storage and Sync

Server storage:

  • HIPAA-compliant cloud infrastructure
  • Encrypted in transit (TLS 1.3)
  • Encrypted at rest (AES-256)
  • Geographic redundancy for reliability
  • Regular security audits

Data synchronization:

  • Real-time sync when internet available
  • Conflict resolution for multiple device edits
  • Version control for data integrity
  • Automatic backup of all data

Multi-Device Access

You can access your account on:

  • iOS app (iPhone, iPad)
  • Android app (phone, tablet)
  • Web browser (desktop, mobile)

Data synchronized across all devices:

  • Health logs and measurements
  • Chat messages and communications
  • Program progress and course completion
  • Appointments and reminders
  • Settings and preferences

Security:

  • Maximum 5 active devices per account
  • Can review and remove devices in settings
  • Automatic logout on inactive devices (90 days)
  • Login from new device requires verification

2.6 Mobile App Analytics and Tracking

In-App Analytics

We track:

  • Feature usage: Which features you use, how often
  • User flows: Navigation patterns, common user journeys
  • Engagement: Session duration, frequency, retention
  • Technical: Load times, errors, crashes
  • Content interaction: Videos watched, courses completed

We do NOT track:

  • Individual health data for analytics (only aggregate, anonymized)
  • Precise content of health logs in analytics tools
  • Personal messages or communications
  • Financial information

Purpose:

  • Improve app usability
  • Identify and fix bugs
  • Understand feature popularity
  • Optimize performance
  • Prioritize development

Analytics tools:

  • Google Analytics for Firebase (anonymized where possible)
  • Amplitude/Mixpanel (if used) – anonymized event tracking
  • Custom internal analytics

A/B Testing and Personalization

We may conduct A/B tests to:

  • Test new features and designs
  • Optimize user experience
  • Improve health outcomes
  • Refine recommendations

Testing uses:

  • Anonymous user segments
  • Random assignment to test groups
  • Statistical analysis of results
  • No individually identifiable data in test tools

Health Insights and AI/ML

Machine learning applications:

  • Glucose pattern recognition
  • Meal impact predictions
  • Activity recommendations
  • Sleep quality analysis
  • Personalized health tips

How it works:

  • Models trained on aggregated, de-identified data
  • Personal predictions based only on your data
  • No sharing of individual data for training
  • Models run securely on our servers
  • Human review (Dr. Roshani) for medical decisions

You control:

  • Whether to receive AI-generated insights (opt-in)
  • Whether your data contributes to model improvement (de-identified)
  • All medical decisions reviewed by healthcare provider

2.7 Mobile App-Specific Rights and Controls

Data Portability (Mobile App)

Export your data:

  • Request export in app settings
  • Receive comprehensive data file (JSON/CSV format)
  • Includes all health logs, measurements, communications
  • Available within 30 days of request

Format options:

  • Machine-readable JSON
  • Human-readable PDF report
  • CSV for spreadsheet import
  • Compatible with other health apps

App-Specific Deletion

Delete app data:

  • Uninstalling app does NOT delete account or cloud data
  • To delete all data, must request account deletion
  • Account deletion removes all data (subject to legal retention)

Delete specific data:

  • Individual health logs can be deleted in app
  • Deletions sync across all devices
  • Cannot delete medical records created by healthcare team

Device-Level Privacy Controls

iOS Privacy Settings:

  • Settings > Privacy & Security > [Permission Type]
  • Review which apps have access to Health data, camera, location, etc.
  • Revoke permissions for Reisaan Health app
  • [Settings > Reisaan Health > Allow Tracking] – Disable ad tracking

Android Privacy Settings:

  • Settings > Privacy > Permission Manager
  • Review and manage app permissions
  • Settings > Google > Ads > Opt out of Ads Personalization
  • Settings > Apps > Reisaan Health > Permissions

Your choices respected:

  • App adapts to permission denials
  • Alternative input methods provided
  • Core functionality preserved
  • Can re-enable permissions anytime

2.8 Mobile App Updates and Changes

App updates may:

  • Add new features or tracking
  • Change data collection practices
  • Update third-party SDKs
  • Modify permissions required

How you’ll be notified:

  • In-app notification of significant changes
  • App store update notes
  • Email notification for material privacy changes
  • Required re-consent for new sensitive data collection

Review before updating:

  • Check App Store/Google Play update notes
  • Review permission changes
  • Read updated Privacy Policy if referenced

2.9 App Store Privacy Labels

iOS App Privacy Label (App Store):
Our app’s privacy label shows:

  • Data types collected
  • Whether data is linked to you
  • Whether data is used for tracking
  • Full details viewable in App Store listing

Google Play Data Safety Section:
Our data safety section shows:

  • Types of data collected and shared
  • Security practices
  • Whether data is optional
  • Full details in Google Play listing

These labels are updated:

  • With each app release
  • When data practices change
  • To reflect current privacy policies

3. How We Use Your Information

3.1 Primary Healthcare Purposes

Medical Care and Treatment:

  • Conduct virtual consultations with Dr. Roshani Sanghani
  • Develop personalized treatment and lifestyle plans
  • Monitor your health progress and outcomes
  • Adjust medications and treatment protocols
  • Provide ongoing health coaching and support
  • Respond to your health questions and concerns

Care Coordination:

  • Communicate with your other healthcare providers (with authorization)
  • Share treatment plans with your local physician
  • Coordinate lab testing and results review
  • Arrange specialist referrals when needed

Program Delivery:

  • Provide access to educational content and courses
  • Track your program completion and engagement
  • Deliver personalized health insights
  • Facilitate community support and peer connection
  • Measure program effectiveness and outcomes

3.2 Operational Purposes

Account Management:

  • Create and maintain your patient account
  • Authenticate your identity and prevent fraud
  • Process payments and manage billing
  • Handle refund requests and disputes
  • Send appointment reminders and notifications

Communication:

  • Respond to your inquiries and support requests
  • Send service updates and important notices
  • Provide appointment confirmations and reminders
  • Share health tips and educational content
  • Deliver program materials and resources

Service Improvement:

  • Analyze usage patterns to improve our platform
  • Develop new features and services
  • Conduct quality assurance and training
  • Gather feedback on patient satisfaction
  • Optimize website and app performance

3.3 Legal and Safety Purposes

Compliance:

  • Comply with applicable healthcare regulations
  • Meet tax and accounting requirements
  • Respond to legal requests and court orders
  • Enforce our Terms of Service
  • Maintain records per legal requirements

Safety and Security:

  • Prevent fraud and unauthorized access
  • Protect against security threats
  • Detect and prevent abuse of our services
  • Monitor for suspicious activity
  • Maintain audit logs for accountability

3.4 Research and Analytics (De-identified)

Medical Research:

  • Study treatment effectiveness and outcomes
  • Identify trends in metabolic health
  • Contribute to medical literature (anonymized)
  • Improve diabetes reversal protocols
  • Develop new treatment approaches

Important: We only use de-identified or aggregated data for research. Your individual identity is protected and cannot be linked back to you without your explicit consent.

3.5 Marketing (With Consent)

If you opt-in, we may:

  • Send newsletters with health tips and success stories
  • Share information about new services or programs
  • Invite you to webinars and educational events
  • Request testimonials or case studies (separately authorized)
  • Conduct patient satisfaction surveys

You can opt-out anytime via unsubscribe links in emails or by contacting us.


4. Legal Bases for Processing (GDPR)

If you are in the EU, UK, or other GDPR-compliant regions, we process your data based on:

Contract Performance:

  • Providing healthcare services you’ve enrolled in
  • Processing payments
  • Delivering your treatment plan

Consent:

  • Marketing communications
  • Non-essential cookies
  • Testimonials and case studies
  • Research participation

Legal Obligation:

  • Complying with healthcare regulations
  • Tax and accounting requirements
  • Responding to legal requests

Legitimate Interests:

  • Fraud prevention and security
  • Service improvement and analytics
  • Internal administrative purposes
  • Direct marketing (where permitted by law)

Vital Interests:

  • Emergency medical situations
  • Protecting life and health

5. How We Share Your Information

We do not sell your personal information to anyone. We only share your information in the following limited circumstances:

5.1 Healthcare Team Members

Within Reisaan Health:

  • Dr. Roshani Sanghani (Medical Director)
  • Licensed health coaches
  • Registered dietitians
  • Support staff assisting with your care
  • Technical support (limited access as needed)

All team members:

  • Are bound by strict confidentiality agreements
  • Receive privacy and security training
  • Access only information necessary for your care
  • Are monitored for appropriate access

5.2 Your Other Healthcare Providers

With Your Authorization:

  • Your primary care physician
  • Endocrinologists or specialists
  • Laboratory facilities
  • Pharmacies (for prescription coordination)
  • Insurance providers (if applicable)

We will ask for your written consent before sharing with external providers.

5.3 Service Providers (Business Associates)

Technology Partners:

  • Cloud hosting (secure, HIPAA-compliant servers)
  • Video conferencing platforms (for consultations)
  • Email and SMS delivery services
  • Payment processing (Stripe)
  • Customer support tools
  • Analytics platforms (anonymized data only)

All service providers:

  • Sign Business Associate Agreements (BAAs)
  • Meet strict security and privacy standards
  • Can only use data to provide services to us
  • Cannot use your data for their own purposes

Current Service Providers:

  • Hosting: Kinsta, https://kinsta.com/
  • Video: YouTube
  • Payments: Stripe, Razorpay
  • Email: Google
  • Analytics: Google Analytics (anonymized)

5.4 Legal Requirements

We may disclose information when required by law:

  • Court orders or subpoenas
  • Government investigations
  • Healthcare regulatory audits
  • Law enforcement requests (when legally obligated)
  • Protection of rights, property, or safety

Emergency Situations:

  • To prevent serious harm to you or others
  • In medical emergencies requiring immediate intervention
  • When necessary to protect public health

5.5 Business Transfers

If Reisaan Health merges with, is acquired by, or sells assets to another entity:

  • Your information may be transferred
  • We will notify you before transfer
  • The new entity must honor this Privacy Policy
  • You will have the right to delete your data

5.6 Alumni Community (With Your Consent)

If you choose to participate:

  • Your first name and success story (if you share)
  • Progress photos (only with explicit permission)
  • Before/after metrics (anonymized unless you agree otherwise)

You control:

  • What information you share in the community
  • Your profile visibility
  • Whether to participate at all

6. Data Security

We implement comprehensive security measures to protect your information.

6.1 Technical Safeguards

Encryption:

  • SSL/TLS encryption for all data transmission
  • Encryption of data at rest (stored data)
  • End-to-end encryption for sensitive communications
  • Encrypted backups

Access Controls:

  • Multi-factor authentication for staff
  • Role-based access permissions
  • Regular access reviews and audits
  • Automatic logout after inactivity
  • Strong password requirements

Security Monitoring:

  • 24/7 security monitoring
  • Intrusion detection systems
  • Regular vulnerability scans
  • Penetration testing (annually)
  • Security incident response plan

Infrastructure:

  • HIPAA-compliant cloud hosting
  • Regular security updates and patches
  • Redundant systems and backups
  • Disaster recovery procedures

6.2 Physical Safeguards

Facilities:

  • Secure office locations with restricted access
  • Surveillance systems
  • Visitor logs and escort policies
  • Secure disposal of physical records (shredding)

Devices:

  • Encrypted laptops and mobile devices
  • Remote wipe capabilities for lost devices
  • Automatic screen locks
  • Secure device disposal procedures

6.3 Administrative Safeguards

Policies and Procedures:

  • Comprehensive privacy and security policies
  • Data handling protocols
  • Incident response procedures
  • Regular policy reviews and updates

Training:

  • Mandatory privacy training for all staff
  • Annual security awareness training
  • HIPAA compliance training
  • Regular privacy reminders and updates

Oversight:

  • Designated Privacy Officer
  • Security Officer
  • Regular risk assessments
  • Compliance audits

6.4 Limitations

Important Notice: No system is 100% secure. While we implement industry-leading security measures, we cannot guarantee absolute security. You also play a role:

Your Responsibilities:

  • Keep your password confidential
  • Don’t share your account credentials
  • Use secure internet connections (avoid public WiFi for sensitive activities)
  • Log out when finished
  • Report any suspected security issues immediately

7. Data Retention

We keep your information only as long as necessary for the purposes described in this policy.

7.1 Retention Periods

Medical Records:

  • Active Patients: Duration of relationship + 6 years (minimum)
  • Former Patients: 10 years from last treatment
  • Longer if: Required by law or ongoing legal matters

Account Information:

  • Duration of relationship + 2 years
  • Payment records: 7 years (tax requirements)

Communications:

  • Medical-related: Same as medical records
  • Marketing: Until you opt-out + 30 days
  • Support tickets: 3 years

Analytics Data:

  • Anonymized data: Indefinitely (no longer personally identifiable)
  • Individual analytics: 26 months (Google Analytics default)

Consent Records:

  • 5 years minimum (GDPR requirement)
  • Longer for medical consents

7.2 Deletion Process

When we delete data:

  • Secure deletion (data overwritten, not just marked as deleted)
  • Backups purged within 90 days
  • Physical documents shredded
  • Devices securely wiped before disposal

Exceptions (we may retain):

  • As required by law
  • To resolve disputes or enforce agreements
  • For legitimate business purposes (anonymized)
  • In backup systems for up to 90 days

7.3 Mobile App Data Retention

App-specific data:

  • Local cached data: Cleared when app uninstalled or after 90 days of inactivity
  • Sync queue data: Deleted after successful sync
  • Crash logs: Retained for 90 days for debugging
  • Analytics data: Anonymized after 26 months
  • Device tokens: Deleted when device removed from account

Inactive accounts:

  • Mobile app access disabled after 12 months of inactivity
  • Notification sent before deactivation
  • Data retained per medical record requirements
  • Can reactivate account by contacting us

8. Your Privacy Rights

You have significant rights over your personal information and health data.

8.1 Rights for All Users

Right to Access:

  • Request a copy of your information
  • Receive it in a commonly used format
  • Response within 30 days (may extend to 60 days)

Right to Correction:

  • Request correction of inaccurate information
  • Add supplementary information to your records
  • We’ll notify others if we’ve shared the corrected information

Right to Deletion:

  • Request deletion of your information
  • Subject to legal retention requirements
  • Medical records may need to be retained per regulations

Right to Restrict Processing:

  • Limit how we use your information
  • While we verify accuracy
  • When processing is unlawful but you don’t want deletion

Right to Object:

  • Object to processing based on legitimate interests
  • Opt-out of marketing at any time
  • Object to automated decision-making

Right to Data Portability:

  • Receive your data in machine-readable format
  • Request transfer to another provider (where technically feasible)

8.2 Additional Rights for EU/UK Residents (GDPR)

Right to Withdraw Consent:

  • Withdraw consent at any time (doesn’t affect past processing)
  • Simple withdrawal process

Right to Lodge a Complaint:

  • File complaint with supervisory authority in your country
  • We’ll also work to resolve your concerns directly

Automated Decision-Making:

  • We don’t use fully automated decision-making for medical care
  • Human review is always involved in treatment decisions

8.3 Additional Rights for California Residents (CCPA/CPRA)

Right to Know:

  • Categories of information collected
  • Sources of information
  • Business purposes for collection
  • Third parties with whom we share

Right to Delete:

  • Request deletion of personal information
  • Subject to legal exceptions

Right to Opt-Out:

  • We do not sell personal information
  • If this changes, you’ll have the right to opt-out

Right to Non-Discrimination:

  • We won’t discriminate for exercising your rights
  • Same quality of service regardless

Right to Correct:

  • Request correction of inaccurate information

Right to Limit Use of Sensitive Information:

  • Control use of sensitive personal information
  • We only use for disclosed purposes

8.4 How to Exercise Your Rights

Submit a Request:

Email: connect@aasaanhealth.com
Subject Line: “Privacy Rights Request – [Your Name]”

Phone: +91 8291173280

Mail:
Reisaan Health – Privacy Officer
Aasaan Health Solutions LLP
[Your Business Address]

Online Portal: [If you create one]

What to Include:

  • Your full name
  • Email address used for your account
  • Phone number
  • Specific right you’re exercising
  • Description of your request
  • Proof of identity (for security)

Our Response:

  • Acknowledge receipt within 5 business days
  • Verify your identity
  • Respond within 30 days (may extend to 60 days with notice)
  • No charge for first request (may charge for excessive requests)

9. Children’s Privacy

Age Restriction: Our services are intended for adults aged 18 and older. We do not knowingly collect information from children under 18.

If you are under 18:

  • Do not use our services without parental consent
  • Do not provide any personal information
  • Have a parent/guardian contact us if interested in our services

If we discover we’ve collected information from a child under 18:

  • We will delete it promptly
  • Parents can contact us to request deletion

Teen Services (16-18 with parental consent): If we offer services for teens in the future:

  • Parental consent will be required
  • Parents will have access to their teen’s information
  • Special privacy protections will apply

10. International Data Transfers

Primary Data Location: Your data is primarily stored in [India/United States/EU – specify based on your hosting].

If you’re in a different country:

  • Your data may be transferred internationally
  • We ensure appropriate safeguards are in place

Transfer Mechanisms:

For EU/UK Patients:

  • Standard Contractual Clauses (SCCs) with service providers
  • Adequacy decisions (where applicable)
  • Your explicit consent (where required)

For Other Regions:

  • Compliance with local data protection laws
  • Appropriate contracts with international service providers
  • Security measures for cross-border transfers

Your Rights:

  • You can request information about international transfers
  • You can object to transfers (may limit service availability)

11. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and app.

What We Use:

  • Essential cookies (required for functionality)
  • Analytics cookies (with consent)
  • Preference cookies (with consent)
  • Marketing cookies (with consent, if applicable)

Your Choices:

  • Manage cookie preferences via our cookie banner
  • Change settings anytime via “Cookie Settings” button
  • Browser settings to control cookies

For Complete Information: See our detailed Cookie Policy.


12. Third-Party Links and Services

Our website may contain links to third-party websites, services, or content.

Important:

  • We are not responsible for third-party privacy practices
  • Third-party sites have their own privacy policies
  • Review their policies before providing information

Examples:

  • Google/YouTube (embedded videos)
  • Social media platforms
  • External health resources
  • Partner services

Our Responsibility:

  • We carefully select partners
  • We require partners to respect privacy
  • We cannot control their practices once you leave our site

13. Telehealth-Specific Privacy

Video Consultations:

  • Conducted via secure, encrypted platforms
  • May be recorded (only with your explicit consent)
  • Recordings stored securely and encrypted
  • Deleted per retention schedule unless medical record
  • You can request non-recording

Chat and Messaging:

  • All messages encrypted in transit and at rest
  • Become part of your medical record
  • Accessible by your care team
  • Retained per medical record retention schedule

Screen Sharing:

  • Used only when helpful for care (e.g., reviewing CGM data)
  • You control what you share
  • Not recorded unless part of consultation recording (with consent)

Waiting Rooms:

  • Virtual waiting rooms use secure unique links
  • Links expire after use
  • No information shared before appointment starts

14. Email and SMS Communications

Email:

  • Not considered secure for highly sensitive information
  • We use secure patient portal for sensitive communications
  • You can request paper mail instead

SMS/Text Messages:

  • Used for appointment reminders and brief updates
  • Not secure for detailed health information
  • You can opt-out of SMS anytime (reply STOP)

Best Practice:

  • Use patient portal for sensitive communications
  • Call us for urgent matters
  • Email for general inquiries only

15. Data Breach Notification

Our Commitment: If a data breach occurs affecting your information:

We will:

  • Contain and investigate the breach immediately
  • Assess the risk to your information
  • Notify you without undue delay (within 72 hours if required by law)
  • Notify regulatory authorities as required
  • Provide information about the breach and steps you should take
  • Offer credit monitoring or identity protection if appropriate

You will receive:

  • Description of the breach
  • Types of information involved
  • Steps we’re taking to address it
  • Steps you should take to protect yourself
  • Contact information for questions

How we’ll notify:

  • Email to address on file
  • Posted notice on website
  • Phone call for serious breaches
  • Letter if email unavailable

16. Social Media and User-Generated Content

If you interact with us on social media:

  • Your posts are public (per platform settings)
  • We may respond publicly or privately
  • Don’t share sensitive health information publicly
  • Use our secure portal for private health questions

Testimonials and Success Stories:

  • Always require your explicit written consent
  • You can specify what information to include/exclude
  • You can revoke permission at any time
  • We’ll remove or anonymize your testimonial upon request

Community Forums (Alumni Community):

  • You control what you share
  • Other members can see what you post
  • We moderate for privacy and safety
  • Report inappropriate content to us

17. Marketing and Communication Preferences

You control the communications you receive:

Opt-In (we’ll only send with permission):

  • Promotional emails and newsletters
  • Educational webinars and events
  • New program announcements
  • Success stories and tips

Essential Communications (you’ll receive even if opted-out):

  • Appointment confirmations and reminders
  • Service updates affecting your care
  • Billing and payment information
  • Legal notices and policy changes
  • Security alerts

How to Manage Preferences:

  • Click “unsubscribe” in any marketing email
  • Update preferences in your account settings
  • Contact us: connect@aasaanhealth.com
  • Reply STOP to SMS messages

18. California-Specific Disclosures (CCPA/CPRA)

Information We Collect (Categories):

  • Identifiers (name, email, phone, IP address)
  • Health information (medical records, CGM data, lifestyle information)
  • Commercial information (payment history, program enrollment)
  • Internet activity (website usage, app interactions)
  • Geolocation (approximate based on IP)
  • Audio/visual (consultation recordings with consent)

Sources:

  • Directly from you
  • Automatically through technology
  • From third parties (healthcare providers, payment processors)

Business Purposes:

  • Providing healthcare services
  • Processing payments
  • Improving our services
  • Security and fraud prevention
  • Legal compliance

Sharing:

  • Healthcare team members
  • Service providers (with BAAs)
  • Your authorized healthcare providers
  • As required by law

Sale of Information: We do NOT sell your personal information and have not sold it in the past 12 months.

Right to Limit Sensitive Information: We only use your sensitive personal information (health data) for the purposes you’d reasonably expect (providing healthcare services).

Retention: See Section 7 (Data Retention) for specific timeframes.

Contact for CCPA Requests: Email: connect@aasaanhealth.com
Subject: “CCPA Request”


19. Changes to This Privacy Policy

Updates: We may update this Privacy Policy to reflect:

  • Changes in our practices
  • New technologies or services
  • Legal requirements
  • User feedback

Material Changes: If we make significant changes:

  • We’ll update the “Last Updated” date
  • We’ll notify you via email (to address on file)
  • We’ll post a prominent notice on our website
  • We may require re-consent for certain uses

Your Choices:

  • Continued use after changes means acceptance
  • You can request account deletion if you disagree
  • We’ll honor prior version for data collected under it

Version History: Previous versions available upon request.


20. Contact Us

Privacy Questions or Concerns:

Privacy Officer:
Email: connect@aasaanhealth.com
Phone: +91 8291173280
Address: Aasaan Health Solutions LLP
Mumbai, India

Response Time: We aim to respond within 5 business days.

For EU/UK Residents: You also have the right to contact your local Data Protection Authority.

For California Residents: You can also contact the California Attorney General’s Office.


21. Special Notices

For Indian Patients

Compliance: We comply with the Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Upcoming Regulations: We are preparing for compliance with the Digital Personal Data Protection Act, 2023 (once implemented).

For US Patients

HIPAA Notice: If you are a US patient, you should also review our separate HIPAA Notice of Privacy Practices, which provides additional information about your rights under US federal health privacy law.

State-Specific Rights: Residents of certain US states may have additional privacy rights. Contact us for information specific to your state.

For EU/UK Patients

Data Protection Officer: [Name, if you designate one]
Email: [DPO email if separate]

Lead Supervisory Authority: [Specify if you have an EU establishment]

EU Representative: [If required under GDPR, specify]


22. Definitions

Personal Information: Information that identifies you individually.

Health Information: Information about your physical or mental health, healthcare services, or payment for healthcare.

De-identified Information: Information where identifying details have been removed and cannot reasonably be linked back to you.

Business Associate: Third-party service provider who handles your information on our behalf under contract.

Consent: Your freely given, specific, informed, and unambiguous agreement.

Processing: Any operation performed on your data (collection, storage, use, sharing, deletion).


23. Your Privacy Matters

At Reisaan Health, protecting your privacy is not just a legal obligation—it’s fundamental to the trust you place in us with your health journey.

Our Promise:

  • Transparency in how we use your information
  • Security measures to protect your data
  • Respect for your privacy choices
  • Responsiveness to your concerns

Your Voice: We welcome your feedback on our privacy practices. If you have suggestions for improvement or questions about this policy, please reach out.


Thank you for trusting Reisaan Health with your care.


This Privacy Policy was last updated on October 09, 2025. Please check back periodically for updates.

Scroll to Top