Create Next App

← Back to Home

🔒 Our Privacy Promise to You

🚫We NEVER sell your health data to anyone, ever.

🚫We NEVER use your health data for advertising.

✅Your data is encrypted AES-256-GCM at all times.

✅You can delete all your data anytime by email.

✅We are GDPR & DPDP Act 2023 compliant.

✅Zero-knowledge GPS — location never sold.

1. Who We Are

BioAg€sis Technologies Pvt Ltd ("BioAg€sis," "we," "us") is the data controller for personal data collected through our platform. We operate globally and comply with applicable data protection laws in all jurisdictions where we operate.

Data Protection Officer: privacy@bioagesis.com

Company Address: BioAg€sis Technologies Pvt Ltd, India (registration pending)

2. What Data We Collect

Data Type	What We Collect	Why
Account Data	Name, email, phone number, password (hashed)	Account creation and authentication
Health Data	Symptoms described, AI report results, age, gender	Providing medical advisory service
Emergency Data	Emergency contacts, GPS location (during SOS)	SOS notification and emergency response
Device Data	Device ID, OS version, app version	Security, anti-misuse enforcement, bug fixing
Payment Data	Payment reference IDs only (no card numbers stored)	Payment processing via Razorpay/Stripe
Usage Data	Features used, session timestamps	Platform improvement and security

We do NOT collect: government ID numbers, financial account details, biometric data beyond what you voluntarily provide, or any data not listed above.

3. How We Use Your Data

Providing services: AI medical advisory, SOS emergency notifications, doctor advisory sessions
Security: Fraud prevention, anti-misuse enforcement, account security
Legal compliance: IT Act 2000, DPDP Act 2023, GDPR, HIPAA-aligned requirements
Platform improvement: Anonymized, aggregated analytics only
Communications: Service updates, security alerts, subscription notices

We NEVER use your health data for advertising, marketing profiling, or selling to third parties. This is an absolute rule with no exceptions.

4. Legal Basis for Processing

Contract: Processing necessary to provide the services you signed up for
Vital Interests (GDPR Article 6(1)(d)): Emergency SOS data processed to protect life
Legal Obligation: Compliance with IT Act 2000, DPDP Act 2023
Legitimate Interests: Platform security and fraud prevention
Consent: For optional features; you may withdraw consent at any time

5. Data Security

Encryption: AES-256-GCM at rest and TLS 1.3 in transit
Access Control: Role-based access; minimal data exposure principle
Infrastructure: ISO/IEC 27001:2022 certified practices
GPS Data: Zero-knowledge GPS — encrypted and never transmitted unencrypted
Payment Security: PCI-DSS Level 1 compliant via Razorpay / Stripe
Breach Response: 72-hour notification to affected users and authorities per GDPR Article 33

6. Data Sharing

We share your data ONLY in these limited circumstances:

Your emergency contacts: Name and GPS location during active SOS only
Registered hospitals (Guardian plan): GPS and basic health profile during active SOS — informational relay only
Advisory doctors: Symptoms and health data you provide for advisory sessions only
Payment processors: Razorpay/Stripe — transaction data only, governed by their privacy policies
Legal requirements: When required by court order or applicable law

We NEVER share data with: advertisers, data brokers, marketing companies, insurance companies, employers, government agencies (without court order), or any other third party.

7. Data Retention

Data Type	Retention Period
Account data	Until account deletion + 30 days
Health/AI report data	12 months from creation, then auto-deleted
SOS/Emergency logs	90 days (security and anti-misuse), then deleted
Payment records	7 years (legal/tax requirement)
Security logs	12 months

8. Your Rights

📋

Access

Request a copy of all data we hold about you

✏️

Rectify

Correct inaccurate personal data

🗑️

Delete

Request deletion of your data ("right to be forgotten")

📦

Portability

Receive your data in a machine-readable format

🚫

Object

Object to processing of your personal data

⏸️

Restrict

Restrict how we process your data

To exercise any right: email privacy@bioagesis.com. We respond within 30 days. EU users may also contact their national Data Protection Authority. Indian users may contact the Data Protection Board of India (when operational).

9. Cookies & Tracking

Our website uses minimal, essential cookies only:

Session cookies: Required for login and security
Preference cookies: Remember your region and language settings

We do NOT use: advertising cookies, third-party tracking pixels, social media tracking, or behavioral profiling cookies. You may disable non-essential cookies in your browser settings.

10. International Data Transfers

BioAg€sis processes data in India and may use cloud infrastructure in other regions. All international transfers comply with GDPR Chapter V requirements (Standard Contractual Clauses where applicable) and DPDP Act 2023 cross-border transfer provisions.

11. Children's Privacy

BioAg€sis is not intended for users under 18. We do not knowingly collect data from minors. If a parent or guardian registers on behalf of a minor, the adult is the account holder and data controller for the minor's use. If you believe we have inadvertently collected a minor's data, contact privacy@bioagesis.com immediately.

12. Contact Our Privacy Team

PRIVACY OFFICER

privacy@bioagesis.com

Data requests, deletion, GDPR/DPDP queries

DATA PROTECTION

dpo@bioagesis.com

EU GDPR — Data Protection Officer

SECURITY

security@bioagesis.com

Security concerns, breach reporting

COMPLIANCE

compliance@bioagesis.com

Legal and regulatory inquiries

Privacy Policy