← Sattva Care

Privacy Policy

Last updated: 1 July 2026

Your health data is the most personal data there is. This policy explains — in plain language — exactly what we collect, why, and the control you keep over it.

1. Who we are

Sattva Care Health Pvt. Ltd. ("Sattva Care", "we") operates an Ayurvedic telehealth platform connecting patients with BAMS-certified physicians, licensed pharmacies, and wellness services across India. This policy explains how we handle your personal data under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable telemedicine regulations.

2. What we collect

Account data: name, email, phone number, date of birth, addresses, and login credentials (passwords are stored only as salted hashes).

Health data you provide: assessment answers, symptoms, uploaded lab reports and medical documents, consultation notes, prescriptions, and daily-routine logs.

Transaction data: orders, payments (processed by Razorpay — we never store full card numbers), invoices, and refunds.

Technical data: device and browser information, IP address, and usage logs needed to secure and improve the service.

3. How we use your data

To deliver care: booking consultations, generating AI-assisted assessments and summaries that are always reviewed by a licensed physician, dispensing prescriptions, and delivering medicines.

To keep you informed: transactional notifications (bookings, orders, payments, refunds) via in-app messages and email. Marketing communication is optional and controlled from your notification preferences.

To operate safely: fraud prevention, audit trails required by medical regulations, and platform security.

We do not sell your personal data. Ever.

4. AI features and your health data

Our AI features (health assessments, report summaries, the AskSattva assistant) send anonymised content to our AI processing partners — your name, phone number, and government identifiers are stripped before any AI call, and only anonymised session identifiers are used.

AI outputs are wellness guidance, not diagnoses. Every AI-prepared treatment plan is reviewed and approved by a licensed BAMS physician before you see it.

5. Who we share data with

Your treating physician sees your assessments, reports, and consultation history — that is the point of the platform.

Pharmacy partners see only what is needed to fulfil an order: the medicines, your name, and the delivery address.

Service providers under contract: payment processing (Razorpay), cloud infrastructure (Supabase), file storage (Cloudinary), and email delivery. Each receives the minimum required data.

Authorities, only where Indian law requires it.

6. How we protect it

Encryption in transit (TLS) and at rest; bank details additionally encrypted with AES-256-GCM.

Role-based access control with mandatory two-factor authentication for physicians and administrators.

Immutable audit logs on every access to sensitive records.

7. Your rights

Access and correction: view and edit your profile and health records from your account at any time.

Erasure: request account deletion at care@sattvacare.in. Medical records are retained for the period mandated by Indian medical-record regulations (currently 3 years for outpatient records), then deleted.

Consent withdrawal: opt out of marketing at any time from Notification preferences; transactional messages about active care cannot be disabled.

Grievance: our Grievance Officer can be reached at care@sattvacare.in and responds within 7 days as required by the DPDP Act.

8. Cookies

We use only essential cookies: session authentication and security. No advertising trackers, no third-party analytics cookies.

9. Changes

We will notify you in-app and by email before any material change to this policy takes effect.

Questions about this policy? Write to care@sattvacare.in or visit the contact page.