Privacy policy

Last updated: 11 May 2026. This policy explains how RAYAN AI HEALTHTECH PRIVATE LIMITED (“Nirmala Health”, “we”, “us”) collects, uses, shares and protects your personal and health information when you use our website, clinics, app and AI assistant.

⚠ Draft. This template is provided for review by your legal counsel. Do not deploy without sign-off. Replace every field marked TODO in app/privacy/page.jsx before publication.

1. Who we are

RAYAN AI HEALTHTECH PRIVATE LIMITED, with registered office at R U Plaza, Shop Number A1-A2, Insaaf Nagar, Panigaon, Indra Nagar, Lucknow 226016. You can contact our Data Protection Officer at info@nirmala.health for any privacy-related questions.

2. What we collect

Contact information you give us — your name, phone number, email, address — when you book an appointment, request a callback, or message our AI assistant.
Health information — symptoms you describe, conditions, prescriptions, lab results and any other clinical data — created during your care with us.
Technical information automatically collected by your browser — IP address, device type, pages visited, approximate location — to keep the site secure and improve it.
Communications — call logs, chat transcripts and WhatsApp messages — kept for quality and continuity of care.

3. How we use your information

To book and confirm your appointment, deliver care and follow-ups.
To send appointment reminders, medicine reminders and lab-result notifications.
To improve the website, the AI assistant and our services in aggregate, never tied to your identity.
To comply with applicable laws including the Clinical Establishments (Registration and Regulation) Act, the Drugs and Cosmetics Act, and the Digital Personal Data Protection Act, 2023.

4. Legal basis

We process your data on one or more of these grounds under DPDPA, 2023: (a) your consent given before processing; (b) performance of the care you have asked us to deliver; (c) compliance with legal and regulatory obligations; (d) legitimate medical interest where lawfully permitted.

5. Who we share your information with

Treating doctors, nurses, lab technicians and pharmacists involved in your care.
Service providers who help us operate — cloud hosting, SMS/email delivery, payment processors — all bound by confidentiality agreements.
Government or regulatory authorities when required by law (e.g., notifiable disease reporting, court orders).
We do not sell your personal or health data to anyone. Ever.

6. AI assistant and chat

The Nirmala AI assistant is a conversational tool — not a doctor. Conversations are logged so a clinician can step in if needed and so we can improve the model. The AI never makes treatment decisions on its own. Anything urgent is routed to a human within minutes.

7. How long we keep your data

Medical records are retained as required under Indian law and good clinical practice — typically a minimum of 3 years from the date of last interaction, longer for paediatric records. Booking and chat data not linked to a medical record is deleted after 24 months.

8. Your rights

Under DPDPA, 2023 you have the right to: access the personal data we hold about you; correct it; ask us to erase it (subject to legal retention); withdraw consent at any time; and nominate someone to exercise these rights on your behalf. To exercise any of these rights, email info@nirmala.health and we will respond within 30 days.

9. Children

We provide paediatric care. Personal data of a child is collected only with verifiable consent from a parent or lawful guardian.

10. Security

We use encryption in transit and at rest, role-based access for staff, and audit logs. No system is perfectly secure — if you ever suspect your account or records have been accessed without your permission, email info@nirmala.health immediately.

11. Grievances

If you have a complaint about how we handle your data, contact our Grievance Officer at info@nirmala.health. If you are not satisfied, you may approach the Data Protection Board of India under DPDPA, 2023.

12. Changes

We will update this policy when our practices change. The “Last updated” date at the top reflects the most recent version. Material changes will be highlighted with a banner for at least 30 days.