Consent Management
Effective Date: December 2024 | Last Updated: December 2024
At Swasth, you control your data. This page explains how we obtain, manage, and respect your consent for data processing, and how you can manage your preferences.
1. Our Consent Philosophy
We believe in transparent, granular consent. You should understand exactly what data is being collected, why, and have meaningful control over these choices. We follow the principles of the Digital Personal Data Protection Act, 2023 (DPDPA).
2. Types of Consent
2.1 Account Creation Consent
When you create a Swasth account, you consent to:
- Collection of account information (name, email)
- Essential data processing for platform operation
- Our Terms of Service and Privacy Policy
2.2 Health Data Consent
Health data is considered sensitive personal data under DPDPA. We obtain explicit consent before collecting:
- Vital signs (blood pressure, heart rate, etc.)
- Body metrics (weight, BMI, etc.)
- Medical conditions and medications
- Mental health assessments
- Reproductive health data
- Baby and child health data
2.3 Professional Sharing Consent
When you connect with healthcare professionals, you control exactly what data they can access through granular privacy settings.
2.4 Third-Party Service Consent
Separate consent is required for:
- AI features (using your own API keys)
- Google Fit integration
- Location-based services
- Analytics and usage tracking
3. How We Obtain Consent
3.1 Clear and Affirmative Action
We obtain consent through:
- Checkboxes that are not pre-checked
- Clear "I Agree" or "Enable" buttons
- Toggle switches for feature activation
- Explicit confirmation dialogs for sensitive features
3.2 Informed Consent
Before obtaining consent, we provide:
- Clear description of what data will be collected
- Purpose of data collection
- Who will have access to the data
- How long data will be retained
- Your rights regarding the data
3.3 Specific Consent
We obtain separate consent for different processing activities rather than bundling multiple consents together.
4. Managing Your Consent
4.1 Privacy Settings
In the Swasth app, go to Settings → Privacy to manage:
- Data sharing with professionals
- Analytics and usage tracking
- Marketing communications
- Third-party integrations
4.2 Professional Data Sharing
For each connected professional, you can toggle:
| Setting | Data Included | Default |
|---|---|---|
| Health Profile | BMI, weight, goals | On |
| Weight Logs | Weight measurements | On |
| Nutrition Logs | Meals, calories | On |
| Meal Plans | Meal templates | On |
| Workout Logs | Exercise tracking | On |
| Fitness Data | Workout programs | On |
| Medical Data | Conditions, medications | Off |
4.3 Family Circle Sharing
For family circles, you control:
- Health data sharing
- Meal and nutrition data sharing
- Fitness data sharing
- Medical data sharing (opt-in)
4.4 AI Features
AI features are opt-in and require:
- Your own API keys (BYOK model)
- Explicit feature activation
- Understanding that data is sent to AI providers
5. Withdrawing Consent
5.1 How to Withdraw
You can withdraw consent at any time by:
- Toggling off specific settings in Privacy preferences
- Disconnecting professional relationships
- Disabling third-party integrations
- Deleting specific data or your entire account
- Contacting us at [email protected]
5.2 Effect of Withdrawal
When you withdraw consent:
- We stop processing data for that purpose immediately
- Previously processed data may be retained where legally required
- Withdrawal does not affect lawfulness of prior processing
- Some features may become unavailable
5.3 No Penalty
You will not be penalized for withdrawing consent. However, features requiring that consent will no longer be available.
6. Consent for Children's Data
For baby care features and data about minors, we require:
- Consent from parent or legal guardian
- Verification of parental relationship
- Additional protections for child data
See our Children's Privacy Policy for details.
7. Consent Records
We maintain records of your consent choices, including:
- What you consented to
- When consent was given or withdrawn
- The version of terms you agreed to
You can request a copy of your consent records.
8. Updates to Consent
If we need to change how we process your data, we will:
- Notify you of the change
- Explain what's different
- Obtain fresh consent where required
- Give you option to opt-out
9. Your Rights
Under DPDPA 2023, you have the right to:
- Be Informed: Know what data we collect and why
- Access: Get a copy of your data
- Correction: Fix inaccurate data
- Erasure: Delete your data
- Withdraw Consent: Change your mind at any time
- Grievance Redressal: Complain if unhappy with our practices
10. Contact Us
For consent-related questions:
- Email: [email protected]
- Data Protection Officer: [email protected]
Quick Actions
- Review your privacy settings in Settings → Privacy
- Manage professional sharing per relationship
- Contact us to exercise your data rights