Privacy Policy

Last updated: April 2026

Compliant with: Digital Personal Data Protection Act, 2023 (DPDP Act) and Information Technology Act, 2000

1. Introduction

GoDavaii ("we", "us", "our") is committed to protecting your personal data and health information. This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our AI health information platform, mobile app, website, or any related service. We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

2. Data We Collect

2.1 Information you provide directly:

  • Account data: Name, email address, mobile number, date of birth, gender
  • Location data: Pincode, city (for localized health information and language detection)
  • Health data: Symptoms you describe, questions you ask the AI, medical history, conditions, allergies, current medicines, prescriptions, lab reports, health records uploaded to your Health Vault
  • Payment data: Payment method details (processed securely by payment gateway partners; we do not store full card/account details)
  • Communication data: Messages you send to our support team

2.2 Information collected automatically:

  • Device data: Device type, OS version, app version, unique device identifier
  • Usage data: Features used, interaction patterns, session duration, crash reports
  • Location data: Approximate location (city/pincode level) for regional language detection and localized health content — only when you grant permission
  • Log data: IP address, browser type, timestamps, pages visited

3. Legal Basis for Processing (DPDP Act Compliance)

Under the DPDP Act 2023, we process your personal data on the following lawful grounds:

  • Consent: You provide explicit, informed consent before first use of AI features and account creation
  • Contract performance: To provide the services you request (AI health information, medicine database access)
  • Legal obligation: To comply with Indian laws including the Drugs and Cosmetics Act, IT Act, and tax regulations
  • Legitimate interest: To improve services, ensure platform safety, and prevent abuse

4. How We Use Your Data

We use your personal and health data to:

  • Provide personalized AI health information responses based on your stated conditions, allergies, and medicines (cross-safety checks)
  • Provide AI-powered health information, medicine details, and drug interaction checks
  • Store your health records securely in your personal Health Vault
  • Facilitate lab test bookings and health service appointments
  • Send health reminders, feature updates, and service-related communications
  • Improve the AI model's quality and safety (aggregated, anonymized data only)
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal and regulatory obligations
  • Respond to your queries and provide customer support

We do NOT use your data to: sell to advertisers, share with third-party data brokers, train public AI models, or send unsolicited marketing without your consent.

5. AI Processing and Data Retention

Your messages to the GoDavaii AI are processed by our AI systems to generate educational medical responses. The AI does not "remember" your data between sessions unless you choose to save conversations to your account.

Retention periods:

  • Chat sessions: Saved to your account until you delete them
  • Health Vault records: Retained until you delete them or close your account
  • Usage history: Retained for 7 years to comply with tax and regulatory requirements
  • Account data: Retained while your account is active + 90 days after deletion for legal/audit purposes
  • Backup data: Automatically purged within 30 days of deletion

6. Data Sharing and Third Parties

We share your data only in the following limited circumstances:

  • Healthcare information providers: To enhance medicine database accuracy and drug interaction data
  • Lab partners: To process test bookings you initiate (test details, contact info)
  • Payment gateways: Razorpay, Paytm, or similar processors for payment processing (they operate under their own privacy policies)
  • AI service providers: Your messages are processed by AI service providers for generating responses. All processing is governed by enterprise data processing agreements
  • Cloud infrastructure: Render, MongoDB Atlas, AWS, or similar providers for secure hosting and storage
  • Legal compliance: When required by law, court order, or government request

We never sell your personal or health data.

7. Your Rights Under DPDP Act 2023

As a Data Principal under the Digital Personal Data Protection Act 2023, you have the following rights:

  • Right to access: Request a copy of the personal data we hold about you
  • Right to correction: Request correction of inaccurate or outdated data
  • Right to erasure: Request deletion of your data and account (subject to legal retention requirements)
  • Right to data portability: Export your health records and chat history in a machine-readable format
  • Right to grievance redressal: File a complaint with our Data Protection Officer or the Data Protection Board of India
  • Right to withdraw consent: Withdraw previously given consent at any time (may affect service availability)
  • Right to nominate: Nominate another individual to exercise these rights on your behalf in case of death or incapacity

To exercise these rights, contact us at [email protected] or use the in-app account settings. We will respond within 30 days of receiving a verified request.

8. Data Security

We implement technical and organizational security measures appropriate to the sensitivity of your data:

  • TLS/SSL encryption for all data in transit
  • Encryption at rest for stored health data
  • Secure password hashing (bcrypt)
  • JWT-based authentication with token expiration
  • Rate limiting and abuse prevention
  • Regular security audits and penetration testing
  • Role-based access control for internal systems
  • Secure cloud infrastructure (ISO 27001 certified providers)
  • Incident response procedures for potential breaches

In the event of a data breach affecting your personal data, we will notify you and the Data Protection Board of India within the timeline specified by the DPDP Act 2023.

9. Children's Privacy

GoDavaii is not intended for independent use by children under 18 years of age. We do not knowingly collect personal data from children under 18 without parental consent. Parents or legal guardians may use GoDavaii to seek health information on behalf of their minor children, and any such data entered by the parent/guardian is treated as the parent's/guardian's data, processed with their consent.

If you believe we have collected data from a child under 18 without parental consent, please contact us immediately at [email protected] and we will delete the data promptly.

10. Cookies and Tracking Technologies

Our website uses essential cookies for authentication and session management. We may also use analytics cookies (Google Analytics or similar) to understand usage patterns. You can manage cookie preferences through your browser settings. Our mobile app uses secure device storage for authentication tokens and user preferences.

11. International Data Transfers

Some of our service providers (including Google Cloud for AI processing and cloud hosting) may process data outside India. We ensure that such transfers are subject to adequate safeguards and contractual protections consistent with Indian data protection requirements. Data is only transferred to countries that provide an adequate level of protection.

12. Data Protection Officer (DPO)

In compliance with the DPDP Act 2023, GoDavaii has designated a Data Protection Officer to oversee data protection compliance:

Email: [email protected]

Grievance Officer (IT Rules 2021): [email protected]

Response time: Acknowledgment within 24 hours; resolution within 15 days for grievances, 30 days for data rights requests.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or industry practices. We will notify you of material changes via email or in-app notification. Significant changes will require renewed consent. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact Us

For privacy-related questions, concerns, or to exercise your rights under the DPDP Act:

Privacy/DPO: [email protected]

Grievance Officer: [email protected]

General support: [email protected]

By using GoDavaii, you consent to the collection, processing, and use of your personal and health data as described in this Privacy Policy. You have the right to withdraw consent at any time through your account settings or by contacting our Data Protection Officer.