Privacy Policy

1. Introduction

SV Global Pvt Ltd ("we", "us", "our", "SV Global"), operating as Arogyam.ai, is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, share, and protect information when you access or use the Arogyam.ai platform ("Platform", "Service"), our website at arogyam.ai, and any related services, including communications sent via WhatsApp or other messaging channels.

This Privacy Policy forms an integral part of our Terms & Conditions and should be read together with them.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of the Platform immediately.

2. Who We Are

Arogyam.ai is a cloud-based, AI-powered healthcare practice management platform developed and operated by SV Global Pvt Ltd, a company incorporated under the laws of India.

For the purposes of applicable data protection law, SV Global Pvt Ltd is the data processor with respect to Patient Data entered by healthcare providers (who are the data controllers). For data we collect directly from our users (account information, usage data, etc.), SV Global Pvt Ltd acts as the data fiduciary / data controller.

3. Information We Collect

3.1 Information You Provide Directly

• Account Registration Data: Name, email address, phone number, professional qualifications, healthcare practice or organisation name, and login credentials.
• Profile Information: Professional licence details, clinic or hospital address, specialisation, and profile photograph (if provided).
• Billing Information: Payment method details, billing address, and transaction history. Note: full payment card numbers are processed by our third-party payment processor and are not stored on our servers.
• Support Communications: Information you provide when contacting us for support, including email correspondence and in-platform messages.

3.2 Patient Data (Processed on Behalf of Healthcare Providers)

Healthcare providers using the Platform may enter data relating to their patients ("Patient Data"), which may include:

• Patient names, contact details, date of birth, and demographic information;
• Medical history, diagnoses, treatment plans, prescriptions, and clinical notes;
• Lab results, medical reports, and imaging records;
• Appointment records and scheduling information; and
• Insurance and billing details related to patient care.

3.3 Automatically Collected Information

• Device & Browser Data: Device type, operating system, browser type and version, screen resolution, and language preference.
• Usage Data: Pages visited, features used, clickstream data, session duration, and interaction patterns within the Platform.
• Log Data: IP address, access timestamps, referring URLs, and error logs.
• Location Data: Approximate location derived from IP address (we do not collect precise GPS location unless you explicitly use a location-based feature such as hospital search).

3.4 Information from Third-Party Services

If you use single sign-on (SSO) or link a third-party account (e.g., Google) for authentication, we may receive your name, email address, and profile information from that provider, in accordance with the permissions you grant.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: To create and manage your account, deliver Platform features, process Patient Data on your behalf, and facilitate appointment scheduling and clinical workflow management.
• Communications: To send transactional notifications (e.g., account verification, password resets, billing receipts), service announcements, and — where you have opted in — appointment reminders and operational messages via email, SMS, WhatsApp, or in-platform notifications.
• AI-Powered Features: To process medical reports, generate AI-assisted summaries, and deliver intelligent workflow suggestions using third-party AI services (see Section 8).
• Improvement & Analytics: To analyse usage patterns, diagnose technical issues, improve Platform performance, and develop new features.
• Security: To detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
• Billing: To process payments, manage subscriptions, and send invoices.

We will not use your personal data for purposes materially different from those described above without notifying you and, where required by law, obtaining your consent.

5. Legal Basis for Processing

We process personal data on one or more of the following legal bases, as applicable under the Digital Personal Data Protection Act, 2023 (India) and other relevant data protection laws:

• Consent: Where you have provided explicit consent, such as opting in to receive WhatsApp messages or marketing communications. You may withdraw consent at any time (see Section 11).
• Contractual Necessity: Processing necessary for the performance of our contract with you (i.e., providing the Platform and its features as described in our Terms & Conditions).
• Legitimate Interests: Processing necessary for our legitimate business interests (such as improving the Service, ensuring security, and preventing fraud), provided these interests are not overridden by your rights and freedoms.
• Legal Obligation: Processing required to comply with applicable laws, regulations, court orders, or governmental requests.

6. Sharing & Disclosure of Information

We do not sell your personal data. We may share information in the following limited circumstances:

6.1 Third-Party Service Providers

We engage trusted third-party service providers to help us operate and improve the Platform. These providers process data on our behalf and are contractually obligated to protect your information. Key providers include:

• Firebase (Google Cloud Platform) — Authentication, database hosting, cloud functions, and analytics. Firebase Privacy Information
• Google Gemini AI — AI-powered medical report analysis and intelligent features. Data sent to Gemini is limited to what is necessary for the specific AI function. Gemini API Terms
• WhatsApp Business API (Meta Platforms, Inc.) — Delivery of appointment reminders and operational messages. WhatsApp Business Data Processing Terms
• Leaflet / OpenStreetMap — Hospital and clinic location services. OpenStreetMap Privacy Policy

6.2 Legal & Regulatory Disclosures

We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a lawful request.

6.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

6.4 With Your Consent

We may share information for other purposes with your explicit consent.

7. WhatsApp & Messaging Privacy

8. AI-Powered Features & Data Processing

The Platform incorporates artificial intelligence and machine learning capabilities ("AI Features") provided through third-party services, including Google Gemini. When you use AI Features:

• Data submitted for AI processing (such as medical report images or text) is transmitted to the third-party AI service provider;
• We limit the data sent to what is strictly necessary for the specific AI function;
• AI outputs are generated for informational and assistive purposes only — they do not constitute medical advice;
• We maintain data processing agreements with AI service providers that impose confidentiality and security obligations; and
• We do not use Patient Data submitted through AI Features to train or improve third-party AI models beyond what is specified in the AI provider's data processing terms.

For details on Google Gemini's data handling, please refer to the Gemini API Terms of Service and Google Privacy Policy.

9. Cookies & Tracking Technologies

The Platform and our website use cookies and similar technologies to enhance your experience, analyse usage, and improve our services. The types of cookies we use include:

• Strictly Necessary Cookies: Required for the Platform to function (e.g., authentication tokens, session management). These cannot be disabled.
• Analytics Cookies: Used to understand how users interact with the Platform (e.g., Firebase Analytics). These help us improve performance and features.
• Functional Cookies: Used to remember your preferences and settings (e.g., language, display preferences).

We do not use advertising or behavioural targeting cookies. We do not sell data collected through cookies to third parties.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Platform.

10. Data Security

We implement industry-standard technical and organisational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest;
• Role-based access controls and authentication mechanisms (Firebase Authentication);
• Regular security assessments and monitoring;
• Secure cloud infrastructure (Google Cloud Platform / Firebase); and
• Employee access restrictions on a need-to-know basis.

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your data. If you become aware of any security vulnerability or breach, please contact us immediately at support@arogyam.ai.

In the event of a data breach affecting personal data, we will notify affected users and relevant authorities as required by applicable law, including the Digital Personal Data Protection Act, 2023.

11. Your Rights

Depending on your location and applicable law (including the Digital Personal Data Protection Act, 2023 for users in India), you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time. This does not affect the lawfulness of processing carried out before withdrawal.
• Right to Grievance Redressal: Lodge a complaint with our Grievance Officer or, where applicable, the Data Protection Board of India.

To exercise any of these rights, please contact us at support@arogyam.ai or write to our Grievance Officer (see Section 16). We will respond within the timeframe required by applicable law.

12. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specific retention periods include:

• Account Data: Retained for the duration of your active subscription, plus a reasonable period after termination to allow for data export and resolve any outstanding matters.
• Patient Data: Retained as directed by the healthcare provider (data controller) and in accordance with applicable medical records retention laws.
• Billing Records: Retained as required by Indian tax and financial regulations.
• Usage & Log Data: Retained for up to 24 months for analytics and security purposes, then anonymised or deleted.
• WhatsApp Message Logs: Message metadata (delivery status, timestamps) may be retained for up to 12 months for service quality and dispute resolution. Message content is not stored beyond what is necessary for delivery.

Upon termination of a subscription, we will make your data available for export for a period as specified in our Terms & Conditions, after which it may be permanently deleted.

13. Data Transfers

The Platform is hosted on Google Cloud Platform infrastructure. Your data may be stored and processed in India and other jurisdictions where Google Cloud operates data centres. Some of our third-party service providers (including Google and Meta) may process data outside of India.

Where data is transferred outside of India, we ensure that appropriate safeguards are in place, including data processing agreements with contractual protections consistent with applicable data protection law. By using the Platform, you consent to the transfer and processing of your data as described in this section.

14. Children's Privacy

The Platform is designed for use by licensed healthcare professionals and is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. Patient Data relating to minors may be entered by healthcare providers in the course of providing clinical care; in such cases, the healthcare provider is responsible for obtaining appropriate parental or guardian consent as required by law.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Where changes are material, we will notify registered users via email or an in-platform notice at least 14 days before the changes take effect. The current version of this Privacy Policy is always available at this page. Your continued use of the Platform after the effective date of any update constitutes your acceptance of the revised policy.

16. Contact Information & Grievance Officer

For questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

Grievance Officer

In accordance with the Information Technology Act, 2000 and rules made thereunder, and the Digital Personal Data Protection Act, 2023, the details of our Grievance Officer are as follows:

The Grievance Officer shall acknowledge your complaint within 48 hours and endeavour to resolve it within 30 days, or such other timeframe as prescribed under applicable law. If you are not satisfied with the resolution, you may lodge a complaint with the Data Protection Board of India.

17. Applicable Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, as amended from time to time. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts of Visakhapatnam, A.P, India.