Privacy Policy

Last Updated: March 18, 2026

1. Introduction

Bharat Swasth ("we", "our", "us"), operated by TechSpeak Solutions, is committed to protecting your privacy and ensuring the security of your personal and medical information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical report analysis platform, including our mobile applications (iOS and Android), website (bharatswasth.com), and WhatsApp/Telegram bots.

By using Bharat Swasth, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you create an account:

  • Account Information: Name, email address, phone number
  • Authentication Data: Passwords (encrypted), two-factor authentication settings
  • Profile Information: User preferences, language settings

2.2 Health Profile Information

When you create a health profile, we collect:

  • Demographics: Age, gender, blood group
  • Body Measurements: Height, weight, BMI (calculated)
  • Medical History: Chronic conditions, past surgeries, family history of diseases
  • Current Medications: Names, dosages, and frequency of medications you take
  • Allergies: Known drug or food allergies
  • Lifestyle Factors: Smoking status, alcohol consumption, exercise frequency, diet type
  • Vitals: Blood pressure, heart rate (when provided)
  • Location: State, district, pincode (for regional health recommendations)

2.3 Medical Reports and Analysis Data

When you upload medical reports, we collect and process:

  • Uploaded Documents: Medical report images (JPG, PNG) and PDFs
  • Extracted Text: Text extracted from your reports via OCR (optical character recognition), including test names, values, reference ranges, and lab information
  • Analysis Results: AI-generated interpretations, risk scores, and health insights
  • Health Trends: Longitudinal tracking of your test parameters over time
  • Risk Assessments: Calculated risk scores for diabetes, cardiovascular disease, kidney disease, and metabolic syndrome
  • Chat Conversations: Your questions and AI responses about medical reports

2.4 Technical Information

We automatically collect:

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP addresses, access times, error logs
  • Cookies: Session cookies, preference cookies, analytics cookies

3. How We Collect Your Data

  • Directly from you: When you create an account, fill in your health profile, upload reports, or interact with the chat feature
  • From uploaded documents: We use OCR (optical character recognition) technology to extract text from medical report images and PDFs you upload
  • Generated by our systems: Risk scores, health trends, action plans, and screening reminders are calculated by our proprietary Nidan AI™ engine based on the data you provide and established medical guidelines
  • From third-party AI analysis: When you upload a report for analysis, extracted text and your health profile data are sent to OpenAI's API, which returns an AI-generated interpretation (see Section 5 for full details)
  • Automatically: Technical data such as IP addresses, device information, and usage analytics are collected automatically when you use our platform

4. How We Use Your Information

4.1 Service Provision

  • Analyze your medical reports using AI technology
  • Calculate personalized risk scores for chronic diseases
  • Track your health parameters over time and detect trends
  • Generate preventive screening reminders based on medical guidelines
  • Check drug interactions between your medications
  • Create personalized action plans and recommendations
  • Generate PDF reports for sharing with your doctor
  • Enable chat-based interactions about your reports
  • Maintain your account and user preferences

4.2 Platform Improvement

  • Improve our AI analysis accuracy (with anonymized data only, and only with your consent)
  • Enhance user experience and platform functionality
  • Monitor platform performance and security

4.3 Communication

  • Send health reminders and screening notifications
  • Provide customer support and respond to inquiries
  • Share important updates about our services
  • Send marketing communications (only with your consent)

5. Third-Party AI Service: Data Sharing with OpenAI

Important: This section describes how your data is shared with OpenAI, a third-party AI service, for medical report analysis. Your explicit consent is required before any data is shared with OpenAI.

5.1 What Data Is Sent to OpenAI

When you upload a medical report for AI analysis, the following data is sent to OpenAI (openai.com) via their API:

  • Extracted text from your medical report (test names, values, reference ranges)
  • Your age, gender, and BMI
  • Blood group, chronic conditions, and current medications
  • Allergies and family history of diseases
  • Lifestyle factors (smoking, exercise, diet type)
  • Recent health trends (last 5 values per parameter)

5.2 What Data Is NEVER Sent to OpenAI

The following personal identifiers are automatically removed by our PII (Personally Identifiable Information) redaction service before any data is transmitted to OpenAI:

  • Your name, email address, or phone number
  • Your physical address
  • Aadhaar number, PAN number, or any government-issued ID
  • Hospital names or doctor names
  • Original report images or PDF files (only extracted text is sent)

5.3 How OpenAI Uses Your Data

  • OpenAI processes your data solely to generate the analysis response
  • OpenAI does not use data submitted via their API to train their models (per their API data usage policy)
  • Data sent to OpenAI is encrypted in transit
  • OpenAI retains API data for up to 30 days for abuse and misuse monitoring, after which it is deleted

5.4 Your Consent

During onboarding, the app presents a detailed disclosure of exactly what data is and is not sent to OpenAI. You must provide explicit consent by checking the consent checkbox before any data is shared. You can withdraw this consent at any time from the Settings screen, which will disable AI-powered report analysis.

5.5 OpenAI's Data Protection

OpenAI maintains industry-standard security practices including SOC 2 Type 2 compliance, data encryption at rest and in transit, and regular security audits. For full details, see OpenAI's Security page and their Privacy Policy.

6. Other Data Sharing and Disclosure

6.1 Doctor Sharing (User-Initiated)

You can choose to share specific reports with your doctor via a secure, time-limited link. This sharing is entirely under your control — you initiate it, choose which reports to share, and can revoke access at any time.

6.2 Service Providers

We use the following service providers who may process limited data:

  • Cloud Infrastructure: OVH (server hosting) — encrypted data storage
  • Email Services: For transactional emails (account verification, password reset)
  • Payment Processors: Razorpay, PhonePe, Cashfree — for subscription payments (we do not store payment card details)

6.3 Legal Requirements

We may disclose information when required by:

  • Court orders or legal subpoenas
  • Government investigations or regulatory compliance
  • Protection of our rights, property, or safety
  • Prevention of fraud or abuse

6.4 No Sale of Data

We do not sell, rent, or trade your personal or medical data to any third party for marketing, advertising, or any other purpose.

7. Data Security Measures

7.1 Encryption

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256 encryption
  • Database connections use encrypted channels
  • Passwords are hashed using industry-standard algorithms (bcrypt)

7.2 PII Redaction

Our dedicated PII redaction service automatically detects and removes personal identifiers (Aadhaar numbers, PAN numbers, phone numbers, names, addresses) from uploaded documents before they are sent to any third-party service for analysis.

7.3 Access Controls

  • Multi-factor authentication available for all accounts
  • Role-based access controls for different user types
  • Regular access reviews and permission audits
  • Secure API authentication using JWT tokens

7.4 Infrastructure Security

  • Secure cloud hosting with SSL/TLS certificates
  • Regular security updates and vulnerability patches
  • Network firewalls and intrusion detection
  • Containerized application architecture for isolation

8. Your Privacy Rights

8.1 Data Access and Portability

  • Request a copy of all your personal data
  • Export your data in standard formats (JSON, PDF, FHIR R4)
  • View a complete overview of your stored data from the Privacy settings in the app

8.2 Data Correction

  • Update your personal and health profile information at any time
  • Correct inaccuracies in your data
  • Modify your privacy and consent preferences

8.3 Data Deletion

  • Delete individual reports or conversations
  • Request complete account deletion
  • Set automatic data retention periods
  • Anonymize old data while preserving aggregate health insights

8.4 Consent Withdrawal

  • Withdraw consent for AI-powered analysis at any time from Settings
  • Opt out of data usage for platform improvement
  • Opt out of marketing communications
  • Withdrawing consent does not affect the lawfulness of processing done before withdrawal

9. Data Retention Policy

9.1 Active Accounts

For active accounts, we retain your data as long as your account remains active and as necessary to provide our services.

9.2 Inactive Accounts

Accounts inactive for more than 2 years may have their data archived or deleted after appropriate notice to the user.

9.3 User-Controlled Retention

  • Set custom data retention periods (30 days to 7 years)
  • Enable automatic deletion of old reports
  • Choose to anonymize data instead of deletion

9.4 Third-Party Retention

Data sent to OpenAI via their API is retained by OpenAI for up to 30 days for abuse monitoring, after which it is automatically deleted. We do not control OpenAI's retention schedule — for details, refer to OpenAI's Privacy Policy.

10. International Data Transfers

Your data is stored on servers located in France (OVH). When you upload a report for AI analysis, the extracted text is transmitted to OpenAI's servers in the United States. We ensure appropriate safeguards are in place to protect your data during these transfers, including encryption in transit and contractual obligations with our service providers.

11. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will promptly delete such information.

12. Cookies and Tracking Technologies

12.1 Types of Cookies

  • Essential Cookies: Required for platform functionality (authentication, session management)
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how you use our platform

12.2 Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may affect platform functionality.

13. Medical Disclaimer

Bharat Swasth provides AI-generated health insights powered by Nidan AI™ (Patent Pending) for informational purposes only. This app is not a medical device. It is not intended to diagnose, treat, cure, or prevent any disease. It has not been evaluated or approved by the FDA, CDSCO, or any regulatory body.

Risk assessments are based on published medical guidelines including ICMR Guidelines for Management of Type 2 Diabetes, Indian Diabetes Risk Score (IDRS), Framingham Heart Study CVD Risk Score, CKD-EPI 2021 GFR Equation, IDF Metabolic Syndrome Criteria, AHA/ACC Cardiovascular Risk Guidelines, and USPSTF Preventive Screening Recommendations.

Always consult a qualified healthcare provider before making any medical decisions. Never disregard professional medical advice or delay seeking it because of information provided by this app. If you think you may have a medical emergency, call your doctor or emergency services (108/102 in India) immediately.

14. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify affected users within 72 hours of discovery
  • Report to relevant regulatory authorities as required
  • Provide details about the breach and mitigation steps
  • Offer assistance and monitoring services if appropriate

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the app
  • Updating the "Last Updated" date at the top of this policy

16. Contact Information

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us:

Data Protection Officer: shashank@techspeak.com

General Inquiries: hello@techspeak.com

Website: https://bharatswasth.com

Address: 8/264, Malviya Nagar, Jaipur, Rajasthan 302017, India

17. Regulatory Compliance

This Privacy Policy is designed to comply with:

  • India's Digital Personal Data Protection Act, 2023 (DPDPA)
  • EU General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Apple App Store Guidelines 5.1.1 and 5.1.2 (Data Collection and Use)

Your Trust Matters: We are committed to maintaining the highest standards of data protection and transparency. Your medical information is precious, and we treat it with the utmost care and respect.