Privacy Policy — HealthApp Services

This Privacy Policy describes how HealthApp Services Private Limited ("HealthApp Services", "we", "us", or "our") collects, uses, and protects information when you visit healthapp.co.in (the "Website").

1. Information We Collect

1.1 Information you provide voluntarily

When you submit our contact form, we collect:

Full name
Work email address
Company name
Role or title (optional)
Company type (Bank, Insurer, Wealth Platform, or Other)
Message (optional)

You may also contact us directly via email at partners@healthapp.co.in, in which case we receive whatever information you choose to include.

1.2 Information collected automatically

When you visit the Website, we and our service providers may automatically collect certain information, including:

IP address (anonymised where supported)
Browser type and version
Operating system
Pages visited, time spent on pages, and navigation paths
Referring URL
Device type and screen resolution

1.3 Analytics and tag management

We use the following services to understand how visitors use our Website:

Google Tag Manager (GTM), provided by Google LLC, is a tag management system that loads and manages third-party scripts on the Website, including Google Analytics. GTM itself does not collect personal data, but the tags it deploys may do so as described below.

Google Analytics (loaded via GTM) uses cookies and similar technologies to collect and analyse information about Website usage. This data is processed in aggregate to help us improve our Website and services. Google may transfer and store this data on servers outside India. Google's use of this data is governed by Google's Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Cloudflare Web Analytics (provided by Cloudflare, Inc.) collects aggregate, privacy-focused metrics such as page views, visits, referrers, and country of origin. It does not use cookies, does not track individual users, and does not collect personal data. All data is processed on Cloudflare's edge network. See Cloudflare Web Analytics for details.

1.4 Bot protection

Our contact form uses Cloudflare Turnstile, a privacy-focused challenge service, to prevent automated abuse. Turnstile may process your IP address and browser signals to verify you are a real visitor. It does not use cookies for tracking and does not collect personal data beyond what is necessary for the challenge. See Cloudflare's Privacy Policy for details.

1.5 Health insurance policy information uploaded by you

If you choose to upload your health insurance policy or related insurance documents through our Website, online form, or any linked upload mechanism, we may collect and process the information contained in those documents.

This may include:

Name of the policyholder and insured members
Age, date of birth, gender, and relationship details of insured members
Contact details, address, and other identifying information
Policy identifiers — policy number, customer ID, member ID, insurer name, and plan name
Coverage terms — sum insured, premium, policy term, renewal date, exclusions, waiting periods, room-rent limits, co-payment terms, deductibles, and sub-limits
Claims and history — claims history and other policy terms
Health-related declarations or medical information included in the policy document or proposal-related documents
Nominee details, dependent details, and family-member details, where included in the document
Any other information contained in the document that you voluntarily upload

Health insurance policy documents typically contain sensitive personal data or information as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and personal data under the Digital Personal Data Protection Act, 2023 (DPDPA). We handle this information accordingly.

Please upload only documents that you are authorised to share. If your policy includes personal data of family members, dependents, nominees, employees, or other individuals, you should ensure that you have the necessary authority or consent to share their information with us.

2. How We Use Your Information

We use the information you provide through the contact form solely to:

Respond to your inquiry
Communicate with you about our services
Evaluate potential business partnerships

We do not use your information for unrelated advertising, profiling, direct marketing, or automated decision-making that produces legal or similarly significant effects, unless we separately notify you and obtain consent where required by law.

2.1 Use of health insurance policy information

Extraction and analysis of your uploaded documents is performed by HIPA, our internal AI-powered policy analysis engine, operated by HealthApp Services Private Limited. HIPA uses third-party large language model (LLM) and AI service providers to read and extract structured information from your uploaded documents. We require these providers to handle your data in accordance with applicable data protection law.

We use uploaded health insurance policy information only for the specific purposes explained to you at or before the time of collection, including to:

Review and analyse your existing health insurance coverage
Identify possible coverage gaps, exclusions, waiting periods, limits, sub-limits, co-payments, deductibles, or other policy conditions
Help you understand your existing policy benefits and limitations
Provide insurance-related assistance, advisory support, or service recommendations
Connect you with a licensed insurance broker, insurer, distribution partner, or authorised representative where necessary to fulfil your request
Maintain records of your inquiry, consent, and our response
Comply with applicable law, regulatory obligations, dispute-resolution requirements, or lawful requests

2.2 Legal basis and consent for policy uploads

By uploading a health insurance policy or related document, you provide your consent for HealthApp Services Private Limited to collect and process the personal data contained in that document for the specific purposes described in this Privacy Policy and in the upload notice shown to you at the time of collection.

Your consent is voluntary. You may choose not to upload your policy document; however, in that case, we may not be able to provide policy analysis, coverage-gap identification, insurance advisory support, or related services.

You may withdraw your consent at any time by emailing us at partners@healthapp.co.in. Withdrawal of consent will not affect processing already carried out before withdrawal. After receiving a withdrawal request, we will stop processing your uploaded policy data for the relevant purpose unless retention or further processing is required or permitted under applicable law.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share it with the following categories of recipients:

3.1 Service providers

Service Provider	Purpose
Cloudflare, Inc.	Website hosting, content delivery, bot protection (Turnstile), and privacy-focused web analytics
Email delivery service provider	Delivering contact form submissions to our team via email
Customer relationship management (CRM) provider	Storing and managing contact form submissions and related business communications
Adobe Inc.	Serving web fonts (Adobe Typekit) — no personal data is shared
Google LLC	Tag management (Google Tag Manager) and website analytics (Google Analytics) — collects anonymised usage data via cookies
LLM / AI service providers	AI-powered extraction and analysis of uploaded policy documents, operated as part of HIPA, our internal policy-analysis engine

3.2 Partners

From time to time, we may share your information with trusted partners — such as licensed insurance brokers and distribution partners — for the purpose of fulfilling service inquiries and connecting you with relevant insurance products. We only share information that is necessary to address your inquiry and require our partners to handle it in accordance with applicable data protection law.

3.3 Sharing of uploaded policy information

Where necessary to fulfil your request, we may share uploaded health insurance policy information with:

Licensed insurance brokers
Insurance companies
Corporate agents, distribution partners, or authorised insurance intermediaries
Technology, document-processing, storage, email, CRM, analytics, or customer-support service providers
Legal, compliance, audit, accounting, or regulatory advisors

We share only the information reasonably necessary for the relevant purpose. We do not sell uploaded policy documents or health insurance data.

Where we engage service providers to process uploaded documents on our behalf, we take reasonable steps to ensure that they process such data only under our instructions, maintain appropriate confidentiality and security safeguards, and comply with applicable data protection law.

We may also disclose information if required by law, regulation, or legal process, or to protect our rights, safety, or the rights of others.

4. Data Storage, Retention and Security

This Website is fully static and does not store contact-form submissions in a Website database. When you submit the contact form, your information is transmitted to our team via a third-party email delivery service and may also be added to our customer relationship management (CRM) system for record-keeping, follow-up, and business communications.

If you upload a health insurance policy or related document, the document is processed by HIPA, our internal AI policy analysis engine. Uploaded documents are stored in cloud object storage hosted in India (ap-south-1 region), and extracted information is stored in a managed cloud database. Both are encrypted at rest using server-side encryption provided by our cloud and database providers and transmitted over encrypted connections (TLS). The document and extracted information may also be transmitted to and stored in systems used by us or our service providers for document intake, review, communication, CRM, email, or customer-support purposes.

We retain uploaded policy documents and related personal data only for as long as necessary to fulfil the purpose for which the data was collected, including responding to your request, providing policy analysis or insurance-related support, maintaining business records, resolving disputes, complying with legal or regulatory obligations, and establishing or defending legal claims.

If the uploaded policy data is no longer necessary for the purpose for which it was collected, and retention is not required by law or for legitimate record-keeping, dispute-resolution, compliance, or legal purposes, we will delete or anonymise it in accordance with applicable law.

We implement reasonable security practices and procedures consistent with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and applicable data protection law, to protect your information from unauthorised access, disclosure, alteration, loss, misuse, or destruction.

Because health insurance policies may contain sensitive personal information, we use reasonable access controls and restrict access to uploaded policy information to personnel, partners, and service providers who need access for the purposes described in this Privacy Policy.

5. Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian law, you have the right to:

Access — request confirmation of whether we hold your personal data and obtain a summary of it
Correction and erasure — request correction of inaccurate data or erasure of data that is no longer necessary
Grievance redressal — raise concerns about how your data is handled
Nominate — nominate another person to exercise your rights in the event of your death or incapacity

5.1 Requests relating to uploaded policy documents

The rights described above also apply to uploaded policy documents. In addition, you may:

Request a summary of your uploaded policy data
Request deletion of uploaded documents or extracted information where retention is not legally required
Withdraw consent for further processing of uploaded policy data

Before processing a rights request relating to a policy document, we may need to verify your identity and authority to act in relation to that document.

To exercise any of these rights, please email us at partners@healthapp.co.in. We will respond within a reasonable timeframe and in accordance with applicable law.

6. Cookies

The Website uses a limited number of cookies. We do not use cookies for advertising or cross-site tracking.

Cookie	Provider	Purpose	Duration
`_ga`	Google Analytics	Distinguishes unique visitors	2 years
`_ga_*`	Google Analytics	Maintains session state	2 years
`__cf_bm`	Cloudflare	Bot management (strictly necessary)	30 minutes

You can control or delete cookies through your browser settings. You can also opt out of Google Analytics specifically by installing the Google Analytics Opt-out Browser Add-on. Disabling cookies will not affect your ability to browse the Website, but the contact form may require the Cloudflare bot management cookie to function.

7. Third-Party Links

Our Website may contain links to third-party websites (such as LinkedIn). We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy policies of any third-party site you visit.

8. Children's Privacy

This Website is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised effective date. We encourage you to review this page periodically.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: partners@healthapp.co.in
Entity: HealthApp Services Private Limited