Health Gennie – Privacy Policy

Fitkid Health Tech Private Limited
Effective Date: May 7, 2026 | Last Updated: May 7, 2026 | Version 2.0

1. Introduction

Fitkid Health Tech Private Limited (“we”, “us”, “our”, “Health Gennie”) is a company incorporated under the Companies Act, 2013, and is the creator and operator of the Health Gennie mobile application (iOS and Android), the website https://www.healthgennie.com/, the doctor/institution portal, and all related services (collectively, the “Platform”).

This Privacy Policy explains what Personal Data and Sensitive Personal Data we collect from you, why we collect it, how we use it, with whom we share it, and what rights you have over it. It applies to all users of the Platform — patients, students, corporate employees, doctors, institution administrators, and visitors.

Consent: By using the Platform, you confirm that you have read, understood, and agreed to this Privacy Policy. If you do not agree, please discontinue use immediately.

2. Scope & Applicable Law

This Policy is governed by and compliant with the following frameworks:

Information Technology Act, 2000 and IT (Amendment) Act, 2008 — India
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”)
Digital Personal Data Protection Act, 2023 (“DPDP Act”) — India
Google Play Developer Program Policies — Location Permissions Policy
Apple App Store Review Guidelines — Guideline 1.4.1 (Health & Medical Apps)
Telemedicine Practice Guidelines, 2020 — Ministry of Health & Family Welfare, India
National Digital Health Mission (ABDM) Framework

3. Information We Collect

3.1 Information You Provide Directly

Full name, date of birth, gender, profile photo
Contact details: mobile number, email address, residential address (city / pin code)
Login credentials (username, encrypted password, OTP)
Medical history, current medications, allergies, chronic conditions, lab reports, prescriptions, and doctor notes entered during consultation or onboarding
Mental health self-assessments, mood logs, and wellness journal entries
Dietary preferences, meal logs, and hydration records
Insurance details and billing / payment information
Feedback, reviews, support tickets, and communications with our team

3.2 Health & Fitness Data Collected When You Use Our Tracker

Steps & Movement: Step count, walking distance, and running distance — tracked via the in-app step counter and StepForegroundService (Android).
Vitals: Heart rate, SpO2, and respiratory rate — measured through an AI-powered face scan using your device camera.
Sleep: Sleep duration and quality — derived from your device’s motion sensors.
Hydration: Water intake logs entered manually by you.
Calories: Calorie burn estimates calculated based on your activity data and profile information.

3.3 Location Data

The Platform collects location data as described below. You will always be asked for explicit permission before any location data is accessed.

Permission	When Collected	Purpose
ACCESS_FINE_LOCATION (Precise GPS)	During an active user-initiated fitness session (walk, run, route map)	Calculate distance, display route on MapScreen, compute GPS-based step accuracy
ACCESS_COARSE_LOCATION (Approximate)	When precise GPS is unavailable or denied	Fallback location for activity tracking and nearby healthcare provider suggestions
ACCESS_BACKGROUND_LOCATION	Only when a fitness session is active AND the app is minimised by the user	Continue step and route tracking via StepForegroundService without interrupting the session

Important: Location data is stored locally on your device for the duration of the session and synced to our servers only to save your activity history in your personal health dashboard. Location data is never shared with advertisers, third parties, or used for marketing purposes.

3.4 Device & Technical Data

Device model, OS version, unique device identifier (for fraud prevention)
IP address, browser type, time zone
App version, crash logs, performance diagnostics
Cookies and similar tracking technologies on the Website (see Section 9)

3.5 Voice & AI Analysis Data

The Platform offers an optional AI-powered Voice Health Test. If you choose to use it:

A short voice recording is captured and processed to detect stress biomarkers
The recording is processed in real time and is not stored permanently on our servers
Only the derived result (e.g., “Low Stress” / “Red Flag”) is saved to your profile
Voice data is never shared with third parties

3.6 Institution / Corporate Dashboard Data

For institutional (college / corporate) deployments, anonymised, aggregated population-level metrics (e.g., campus mood index, cohort wellness scores) are shared with the institution administrator. Individual student / employee health records are never disclosed to the institution.

4. How We Use Your Information

Providing Healthcare Services: Scheduling and conducting teleconsultations, sharing records with your treating doctor, processing lab test bookings, sending appointment reminders.
Wellness & Fitness Features: Tracking steps, sleep, hydration, calories; generating wellness scores; powering the Insights and Wellness tabs with personalised recommendations cited from peer-reviewed sources.
AI & Predictive Analytics: Running the Voice Health Test, Vitals AI Analysis, and Early Risk Prediction models to flag potential health concerns early. Results are for informational purposes and are not a substitute for professional medical advice.
Location-Based Features: GPS route tracking during fitness sessions (foreground and background — see Section 3.3); suggesting nearby doctors, pharmacies, or diagnostic labs.
Institutional Reporting: Generating anonymised aggregate wellness reports for institution / corporate dashboards. No individually identifiable health data is included.
Payments & Subscriptions: Processing subscription fees, teleconsultation charges, and referral cashback via Razorpay / RazorpayX. We do not store full card numbers on our servers.
Safety & Security: Detecting fraudulent activity, verifying user identity, preventing unauthorised access.
Legal & Regulatory Compliance: Fulfilling obligations under the DPDP Act 2023, SPDI Rules 2011, Telemedicine Guidelines 2020, and the ABDM / ABHA framework.
Customer Support: Responding to queries, resolving complaints, and improving the Platform based on feedback.

5. Medical Disclaimer & Information Sources

In compliance with Apple App Store Guideline 1.4.1, all health recommendations, wellness scores, calculations, and diagnostic insights displayed in the Insights and Wellness tabs of the Health Gennie app are:

For general informational and wellness guidance purposes only
NOT a substitute for professional medical advice, diagnosis, or treatment
Derived from peer-reviewed research, WHO guidelines, and nationally recognised clinical frameworks

Key citation sources used in the Platform include:

World Health Organization (WHO) — Mental Health Guidelines: https://www.who.int/health-topics/mental-health
Pittsburgh Sleep Quality Index (PSQI) — Buysse et al.: https://www.sleep.pitt.edu/
Physical Activity Guidelines — Ministry of Health & Family Welfare, India: https://www.mohfw.gov.in/
Yerkes-Dodson Law & Cognitive Performance Research — American Psychological Association
Telemedicine Practice Guidelines 2020 — MoHFW India: https://www.mohfw.gov.in/

Important: Always consult a qualified and registered medical practitioner before making any healthcare decisions.

6. Sharing & Disclosure of Your Information

We do NOT sell your Personal Data. We share it only in the following limited circumstances:

Your Treating Doctors / Practitioners: Health records are shared with the doctor you book a consultation with, solely for the purpose of providing care.
Diagnostic Labs & Pharmacies: Test requisitions and prescriptions are shared with labs or pharmacies you select.
Payment Processors: Billing data is processed by Razorpay (PCI-DSS compliant). We share only what is necessary to complete the transaction.
Cloud & Technology Partners: We use AWS (Amazon Web Services) for hosting. Data stored on AWS EC2 / RDS instances is encrypted at rest and in transit. AWS is contractually bound to our data protection terms.
ABDM / ABHA Integration: With your explicit consent, health records may be linked to your Ayushman Bharat Health Account (ABHA) on the National Digital Health Mission infrastructure.
Institutions / Corporates (Aggregated Only): Only anonymised population-level data is shared with institution / corporate dashboard administrators. Individual records are never disclosed.
Legal Requirements: We may disclose information if required by law, court order, or to protect the safety of users or the public, in accordance with applicable Indian law.
Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred with prior notice to users.

7. Data Retention

We retain your data only for as long as necessary:

Data Type	Retention Period
Medical / health records	7 years from last consultation (Telemedicine Guidelines 2020)
Fitness & activity logs	3 years or until account deletion, whichever is earlier
Location data (GPS routes)	Session duration + 90 days for activity history, then permanently deleted
Voice analysis recordings	Processed in real time; not stored beyond the session
Account & billing data	Duration of account + 5 years for tax / audit compliance

8. Your Rights Under the DPDP Act, 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

Right to Access: Request a copy of the Personal Data we hold about you.
Right to Correction: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your Personal Data, subject to legal retention obligations.
Right to Grievance Redressal: Raise a complaint with our Grievance Officer (see Section 12). If unresolved, you may approach the Data Protection Board of India.
Right to Nominate: Nominate another individual to exercise your rights in the event of death or incapacity.
Right to Withdraw Consent: Withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal. Contact support@healthgennie.com to withdraw consent.

To exercise any of these rights, email support@healthgennie.com with the subject line “Data Rights Request”. We will respond within 30 days as required under the DPDP Act.

9. Cookies & Tracking Technologies

The Health Gennie website (https://www.healthgennie.com/) uses cookies and similar technologies for the following purposes:

Session management and authentication (strictly necessary)
Analytics — understanding how visitors use the website (Google Analytics, anonymised)
Performance — page load optimisation

Mobile App: The Health Gennie mobile app does not use advertising cookies or third-party tracking SDKs. You can manage cookie preferences via your browser settings for the website.

10. Data Security

We implement industry-standard technical and organisational measures to protect your data:

All data is encrypted in transit using TLS 1.2 / 1.3
Data at rest is encrypted using AES-256 on AWS EC2 and RDS instances
Role-based access controls — only authorised personnel can access health records
Regular security audits and vulnerability assessments
OTP-based two-factor authentication for sensitive operations
Payment data processed by PCI-DSS compliant Razorpay — card numbers are never stored on our servers

Despite our best efforts, no system is 100% secure. In the event of a data breach affecting your Sensitive Personal Data, we will notify you and the appropriate authorities as required by law within 72 hours of becoming aware of the breach.

11. Children’s Privacy

The Platform is not directed to children under 18 years of age without verifiable parental or guardian consent. For institutional deployments (e.g., colleges, schools) where minors may be users, the institution is responsible for obtaining parental consent before onboarding students under 18. We do not knowingly collect Personal Data from children under 13 without such consent. If you believe we have inadvertently collected data from a minor, please contact us immediately at support@healthgennie.com.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have appointed a Grievance Officer:

Name	Sudhanshu Goyal
Designation	Director — Health Gennie
Company	Fitkid Health Tech Private Limited
Email	support@healthgennie.com
Phone	+91 8929920932
Response Time	Within 30 days of receipt of complaint

If your grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India (once constituted under the DPDP Act, 2023).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. For material changes — particularly those affecting how we handle Sensitive Personal Data — we will:

Send a push notification and / or email at least 14 days before the change takes effect
Display a prominent in-app banner with a summary of what changed
Update the “Last Updated” date at the top of this document

Continued use of the Platform after the effective date of a change constitutes your acceptance of the updated Policy.

14. Contact Us

For any questions, requests, or concerns about this Privacy Policy:

Company	Fitkid Health Tech Private Limited
Brand	Health Gennie
Website	https://www.healthgennie.com
Email	support@healthgennie.com
Phone	+91 8929920932
Registered Address	BHIVE Workspace Near Trinity Metro Station Mahalakshmi Chambers, 29 MG Road, Bengaluru, Karnataka 560001, India

Order Summary

0 Test