Consent Management

Effective Date: February 2026 | Last Updated: February 2026

1. Our Consent Philosophy

We believe in transparent, granular consent. You should understand exactly what data is being collected, why, and have meaningful control over these choices. We follow the principles of the Digital Personal Data Protection Act, 2023 (DPDPA).

2. Types of Consent

2.1 Account Creation Consent

When you create a Swasth account, you consent to:

• Collection of account information (name, email)
• Essential data processing for platform operation
• Our Terms of Service and Privacy Policy

2.2 Health Data Consent

Health data is considered sensitive personal data under DPDPA. We obtain explicit consent before collecting:

• Vital signs (blood pressure, heart rate, etc.)
• Body metrics (weight, BMI, bone density, etc.)
• Medical conditions and medications
• Mental health assessments
• Reproductive health data
• Baby and child health data
• Symptom and diagnostic data (body part selections, symptom descriptions, condition match results)
• Recovery data (substance use tracking, quit dates, craving logs, relapse logs — enhanced consent required as stigmatized health data)
• Injury and surgery recovery data (injury details, recovery phase tracking, rehab assignments)
• Beauty and dermatological data (skin/hair conditions, product reactions)
• Ayurveda data (dosha assessments, herb tracking, dinacharya routine logs)
• Disability and disorder data (disability types, functional limitations — explicit consent required as protected category)

2.3 Professional Sharing Consent

When you connect with healthcare professionals, you control exactly what data they can access through granular privacy settings.

2.4 Third-Party Service Consent

Separate consent is required for:

• AI features (using your own API keys or free-tier providers)
• Google Fit integration
• Location-based services
• Analytics and usage tracking

Note on free-tier AI providers: When using free-tier AI providers (Groq, OpenRouter, Together AI, Cerebras), your health data is processed through shared infrastructure rather than your personal API key. This represents a different privacy model from BYOK providers — data may be subject to the provider's standard retention and processing policies. We recommend using BYOK for sensitive health queries.

3. How We Obtain Consent

3.1 Clear and Affirmative Action

We obtain consent through:

• Checkboxes that are not pre-checked
• Clear "I Agree" or "Enable" buttons
• Toggle switches for feature activation
• Explicit confirmation dialogs for sensitive features

3.2 Informed Consent

Before obtaining consent, we provide:

• Clear description of what data will be collected
• Purpose of data collection
• Who will have access to the data
• How long data will be retained
• Your rights regarding the data

3.3 Specific Consent

We obtain separate consent for different processing activities rather than bundling multiple consents together.

4. Managing Your Consent

4.1 Privacy Settings

In the Swasth app, go to Settings → Privacy to manage:

• Data sharing with professionals
• Analytics and usage tracking
• Marketing communications
• Third-party integrations

4.2 Professional Data Sharing

For each connected professional, you can toggle:

4.3 Family Circle Sharing

For family circles, you control:

• Health data sharing
• Meal and nutrition data sharing
• Fitness data sharing
• Medical data sharing (opt-in)

4.4 AI Features

AI features are opt-in and require:

• Your own API keys (BYOK model) or selection of a free-tier provider
• Explicit feature activation
• Understanding that data is sent to AI providers
• Acknowledgment of the different privacy models between BYOK and free-tier providers

5. Withdrawing Consent

5.1 How to Withdraw

You can withdraw consent at any time by:

• Toggling off specific settings in Privacy preferences
• Disconnecting professional relationships
• Disabling third-party integrations
• Deleting specific data or your entire account
• Contacting us at [email protected]

5.2 Effect of Withdrawal

When you withdraw consent:

• We stop processing data for that purpose immediately
• Previously processed data may be retained where legally required
• Withdrawal does not affect lawfulness of prior processing
• Some features may become unavailable

5.3 No Penalty

You will not be penalized for withdrawing consent. However, features requiring that consent will no longer be available.

6. Consent for Children's Data

For baby care features and data about minors, we require:

• Consent from parent or legal guardian
• Verification of parental relationship
• Additional protections for child data

See our Children's Privacy Policy for details.

7. Consent Records

We maintain records of your consent choices, including:

• What you consented to
• When consent was given or withdrawn
• The version of terms you agreed to

You can request a copy of your consent records.

8. Updates to Consent

If we need to change how we process your data, we will:

• Notify you of the change
• Explain what's different
• Obtain fresh consent where required
• Give you option to opt-out

9. Your Rights

Under DPDPA 2023, you have the right to:

• Be Informed: Know what data we collect and why
• Access: Get a copy of your data
• Correction: Fix inaccurate data
• Erasure: Delete your data
• Withdraw Consent: Change your mind at any time
• Grievance Redressal: Complain if unhappy with our practices

10. Contact Us

For consent-related questions:

• Email: [email protected]
• Data Protection Officer: Ridam Phule — [email protected]