Legal · Privacy Policy

Privacy Policy

Your trust is what makes care possible. This Privacy Policy explains, in plain language and with the rigour of Indian law, what personal data we collect, why we collect it, how we use it, who we share it with, and the rights you have over it.

Last updated · 21 May 2026
On this page17 sections
  1. 01Introduction & Scope
  2. 02Definitions
  3. 03Information We Collect
  4. 04How We Use Your Data
  5. 05Legal Basis for Processing
  6. 06AI & Automated Processing
  7. 07Sharing & Disclosures
  8. 08Cross-Border Data Transfers
  9. 09Data Retention
  10. 10Data Security
  11. 11Your Rights as a Data Principal
  12. 12Children's Data
  13. 13Cookies & Tracking
  14. 14Third-Party Services
  15. 15Data Breach Notification
  16. 16Changes to this Policy
  17. 17Contact Us

This Privacy Policy (“Policy”) describes how the founders and promoters of ayusaathi, an early-stage venture currently operating under the brand name “ayusaathi” from Gurgaon, Haryana, India (collectively, “ayusaathi”, “we”, “us”, “our”), collect, use, disclose, retain, and protect personal data when you use the ayusaathi platform, mobile applications, websites, and services (collectively, the “Services”). ayusaathi is in the process of being formally incorporated as a private limited company; until then, the business is operated by its founders in their personal capacity, and the obligations set out in this Policy bind them in such capacity. Upon incorporation, the obligations under this Policy shall stand automatically transferred to the incorporated entity. This Policy is published in compliance with the Information Technology Act, 2000 (as amended), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the “SPDI Rules”), the Digital Personal Data Protection Act, 2023 (the “DPDP Act”), and other Applicable Law.

01Introduction & Scope

ayusaathi is a Data Fiduciary under the DPDP Act in respect of the personal data it processes through the Services. This Policy applies to all Users, Subscribers, Care Recipients (to the extent applicable), Saathis, and any other individual whose personal data is processed by ayusaathi in connection with the Services.

By using the Services, you confirm that you have read and understood this Policy. Where the processing is based on consent, your continued use of the Services constitutes your free, specific, informed, and unambiguous consent to such processing as described herein.

02Definitions

  • “Personal Data” means any data about an individual who is identifiable by or in relation to such data.
  • “Sensitive Personal Data” means personal data such as health information, financial information, biometric information, and other categories defined under the SPDI Rules.
  • “Health Data” includes vitals (such as blood pressure, pulse, oxygen saturation, blood sugar), medical conditions, medications, allergies, visit notes, and AI-generated health summaries.
  • “Data Principal” means the individual to whom Personal Data relates (under the DPDP Act).
  • “Data Fiduciary” means the entity that determines the purpose and means of processing Personal Data (under the DPDP Act); ayusaathi is the Data Fiduciary for the Services.
  • “Processing” means any operation or set of operations performed on Personal Data, including collection, recording, storage, use, disclosure, transfer, and deletion.
  • “Consent” means free, specific, informed, unconditional, and unambiguous consent with a clear affirmative action, as defined under the DPDP Act.

03Information We Collect

We collect the following categories of Personal Data, depending on how you interact with the Services:

3.1 Information you provide directly

  • Identity data: name, date of birth, gender, photograph (optional), and any government-issued ID where required by law.
  • Contact data: phone number(s), email address, residential address, and country of residence.
  • Care recipient data: name, age, relationship to the User, residential address, medical history, medications, allergies, treating physicians, family contacts, and any care preferences.
  • Account data: username, password (stored in hashed form), and account preferences.
  • Payment data: billing name and address, GST number (if applicable), and limited payment instrument identifiers. Full card numbers and CVVs are processed and stored exclusively by our PCI-DSS compliant payment gateway; ayusaathi does not store full card numbers.
  • Communications: messages, emails, chat logs (including with the Diksha AI assistant), call recordings (only where you are notified in advance), and support requests.

3.2 Information collected during care visits

  • Visit logs: time of arrival and departure, GPS-stamped location, visit notes captured by the Saathi.
  • Photographs:time-stamped photographs taken during a visit, only with the Care Recipient’s consent, for the purpose of providing proof of visit and reassurance to the family.
  • Health Data: vitals captured during the visit (blood pressure, pulse, SpO2, sugar, temperature, weight), medication administration logs, mobility notes, and other clinical observations.
  • AI outputs: AI-generated visit summaries, trend analyses, and alerts derived from the above data.

3.3 Saathi data

For Saathis, we additionally collect identity documents, address proofs, police-verification records, qualifications, training records, performance metrics, and bank-account details for payouts.

3.4 Automatically collected information

  • Device data: device model, operating system, unique device identifiers, mobile network information.
  • Usage data: pages visited, features used, click streams, session duration, IP address, approximate location derived from IP.
  • Log data: error logs, crash reports, diagnostic information.
  • Cookies and similar technologies: see Section 13.

04How We Use Your Data

We Process Personal Data for the following purposes:

  • Service delivery: to schedule and deliver care visits, match Saathis with Care Recipients, and provide the features of your subscribed plan.
  • Verification: to verify the identity, address, and background of Users, Subscribers, and Saathis.
  • AI Features: to generate visit summaries, vitals trends, alerts, and conversational responses through the Diksha AI assistant, in accordance with Section 6.
  • Family visibility: to provide the User, and any designated family members, with timely updates, dashboards, and visit reports.
  • Support and grievance redress: to respond to your queries, complaints, and grievances.
  • Payments and billing: to process subscription fees, GST, refunds, and Saathi payouts.
  • Safety and fraud prevention: to detect, prevent, and respond to fraud, abuse, safety incidents, and violations of our Terms.
  • Service improvement: to analyse usage, fix bugs, and improve the Services. Where AI models are trained, we do so only on data that has been de-identified or anonymised wherever feasible.
  • Communications: to send service-related notifications, important updates, and (with consent) marketing communications.
  • Compliance: to comply with Applicable Law, lawful requests by public authorities, audits, and to enforce our Terms.

06AI & Automated Processing

How AI uses your data

AI Features process visit data, vitals, photographs (where consented), and chat history to produce summaries, trends, alerts, and conversational responses. AI outputs are informational only and are not medical advice, please refer to the disclaimers in our Terms of Service.

6.1 Data inputs to AI

AI Features may use the Personal Data described in Section 3 (excluding raw payment data) as inputs. Where AI outputs are shown to family members, we apply minimisation principles so that only the data necessary for the user’s understanding is surfaced.

6.2 AI model training

We may use Personal Data, after appropriate de-identification or anonymisation, to train and improve our AI models. You may, at any time, request that your data not be used for AI training, subject to limits where the data is already irreversibly anonymised.

6.3 No fully automated decisions with significant effects

AI outputs are designed to assist humans, not to make consequential decisions about you without human involvement. We will not use AI Features to make fully automated decisions that produce legal or similarly significant effects on you or the Care Recipient.

07Sharing & Disclosures

We may share Personal Data with:

  • Saathis: on a need-to-know basis, limited to information necessary to deliver the scheduled visit (e.g., name of Care Recipient, address, key medical context, allergies, and care plan).
  • Family members designated by the User: in accordance with the visibility settings you configure.
  • Service providers (Data Processors): including cloud-hosting providers, communication providers (SMS, email, push), analytics providers, AI/ML infrastructure providers, payment gateways, and verification agencies, all under contractual obligations of confidentiality and data protection.
  • Professional advisers: lawyers, auditors, and insurers, where reasonably necessary.
  • Law-enforcement and regulatory authorities: in response to lawful requests, subpoenas, court orders, or to comply with Applicable Law.
  • In connection with a corporate transaction: including a merger, acquisition, or sale of all or part of our business, subject to standard confidentiality protections.
We do not sell your data

ayusaathi does not sell Personal Data to advertisers or data brokers. We do not share Health Data with third parties for advertising or marketing purposes.

08Cross-Border Data Transfers

Some of our service providers and cloud-hosting partners may be located outside India. Where Personal Data is transferred outside India, we shall do so only to jurisdictions not restricted by the Central Government under the DPDP Act, and shall apply appropriate safeguards (including contractual safeguards and encryption) to protect the data in transit and at rest.

09Data Retention

We retain Personal Data only for as long as necessary:

  • Active accounts: for as long as your account is active and the Services are being provided.
  • Care records: retained for a period of [X] years after closure of the account, to support continuity of care, regulatory compliance, dispute resolution, and audit. [Placeholder retention period, to be finalised based on regulatory guidance.]
  • Financial and tax records: retained for the period required under Applicable Law (typically 8 years).
  • Anonymised and aggregated data: may be retained indefinitely, as it is no longer Personal Data.

When the retention period ends, we will securely delete or anonymise the data, except where retention is required by law.

10Data Security

We implement reasonable security practices and procedures, including:

  • encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256 or equivalent);
  • role-based access controls, with the principle of least privilege;
  • multi-factor authentication for sensitive administrative access;
  • regular security testing, vulnerability scanning, and code review;
  • periodic third-party security audits;
  • employee and Saathi training on data protection and confidentiality;
  • documented incident response and breach notification procedures.

However, no method of transmission or storage is completely secure. While we strive to protect Personal Data, we cannot guarantee absolute security.

11Your Rights as a Data Principal

Under the DPDP Act, you have the following rights in respect of your Personal Data:

  • Right to access: to obtain a summary of the Personal Data being processed and the processing activities undertaken with respect to that data.
  • Right to correction and erasure: to request correction of inaccurate or misleading Personal Data, completion of incomplete data, updating of data, and erasure of data that is no longer necessary for the purpose for which it was collected.
  • Right to grievance redressal: to lodge a grievance with our Grievance Officer (Section 17).
  • Right to nominate: to nominate another individual to exercise your rights in the event of your death or incapacity.
  • Right to withdraw consent: to withdraw consent at any time, with effect from such withdrawal, without affecting the lawfulness of prior processing. Note: withdrawal of consent for certain data (e.g., identity verification) may prevent us from continuing to provide the Services.

11.1 How to exercise your rights

To exercise any of these rights, please write to support@ayusaathi.com with sufficient details to identify you and verify your identity. We will respond within the timelines prescribed under Applicable Law (typically within seven (7) days for grievances, and within thirty (30) days for other requests).

12Children's Data

The Services are intended for use by individuals who are 18 (eighteen) years of age or older. We do not knowingly collect Personal Data from children. Where a Care Recipient is a minor (e.g., in cases of new-mother care or post-operative care for a minor), we will Process such data only with the verifiable consent of a parent or lawful guardian, in accordance with Section 9 of the DPDP Act, and shall not undertake any tracking, behavioural monitoring, or targeted advertising directed at the child.

13Cookies & Tracking

We use cookies and similar technologies on our website and applications, including:

  • Strictly necessary cookies: required for the operation of the Platform (e.g., session management, authentication).
  • Analytics cookies: to understand how the Platform is used and to improve it (e.g., Google Analytics or equivalent).
  • Preference cookies: to remember your settings (e.g., theme, language).

You may control non-essential cookies through your browser settings or our in-app cookie preferences (where available).

14Third-Party Services

The Platform may link to or integrate with third-party services (e.g., payment gateways, communication providers, AI/ML infrastructure). This Policy does not govern the privacy practices of those third parties. We encourage you to review their privacy policies before using their services.

15Data Breach Notification

In the event of a personal-data breach that is likely to result in any harm to a Data Principal, we will, in accordance with the DPDP Act and rules made thereunder, notify the Data Protection Board of India and the affected Data Principals within the timelines prescribed by law. The notification will include the nature of the breach, the consequences, and the measures being taken to mitigate harm.

16Changes to this Policy

We may amend this Policy from time to time. Any amendment will be effective upon posting the revised Policy on the Platform with an updated “Last Updated” date. For material changes, we will provide reasonable notice by email or in-app notification. Your continued use of the Services after the effective date constitutes acceptance of the amended Policy.

17Contact Us

For any questions, concerns, requests, or grievances regarding this Policy or our data practices, please write to us at:

We aim to acknowledge written communications within a reasonable time and to work in good faith toward a fair resolution. As ayusaathi grows and is formally incorporated, we will publish dedicated Grievance Officer and Data Protection Officer contact details in accordance with the IT Rules, 2021 and the DPDP Act, 2023. If you are not satisfied with our response, you may approach the Data Protection Board of India constituted under the DPDP Act.

Hi, I'm Diksha 👋 How can I help you today?