Privacy Policy for IndiSanté

Effective Date: June 19, 2025

IndiSanté ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our website, mobile applications, and services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect various types of information in connection with the Services, including:

Personal Identifiable Information (PII):

• Contact Information: Name, email address, phone number, physical address.
• Demographic Information: Date of birth, gender, nationality.
• Account Credentials: Usernames, passwords, and similar security information.

Health Information (Sensitive):

• Medical History: Symptoms, diagnoses, treatments, medications, family medical history.
• Consultation Data: Records of telemedicine consultations (video, audio, chat transcripts).
• Documents: Uploaded prescriptions, lab results, medical reports.

Technical Data:

• Device Information: IP address, browser type, operating system, unique device identifiers.
• Usage Data: Pages visited, features used, time spent on Services, referring URLs, interaction patterns.

• Location Data: General location (e.g., country based on IP address) or precise location if enabled by you for certain services.
• Communication Data: Records of your communications with us (e.g., customer support inquiries).

2. How We Use Your Information

We use the collected information for the following purposes:

• To Provide and Maintain Services:
  • Facilitate telemedicine consultations.
  • Enable communication between patients and healthcare providers.
  • Manage appointments and prescriptions.
  • Provide AI-powered translation and cultural context (where applicable and consented).
  • Process payments for services.
• To Improve and Personalize Services:
  • Analyze usage patterns to enhance user experience.
  • Develop new features and services.
  • Personalize content and recommendations.
• For Communication:
  • Send appointment reminders, confirmations, and updates.
  • Respond to your inquiries and support requests.
  • Send marketing communications (with your consent).
• For Security and Compliance:
  • Detect, prevent, and address technical issues and fraudulent activity.
  • Comply with legal obligations, including GDPR, French healthcare regulations, and cross-border telemedicine laws.
  • Enforce our Terms of Service.
• For Research and Development:
  • Conduct research and analysis to improve healthcare outcomes and service efficiency (using anonymized and aggregated data where possible).

3. How We Share Your Information

We may share your information with third parties only in the following circumstances:

• With Healthcare Providers: Your health information is shared with the specific doctors and medical professionals you choose to consult with via our Services.
• With Your Consent: We may share your information with other third parties when we have your explicit consent to do so.
• For Legal Reasons: If required by law, court order, or governmental request, or to protect our rights, property, or safety, or the rights, property, or safety of others.
• For Service Providers: We may share information with third-party service providers who perform services on our behalf (e.g., cloud hosting, payment processing, analytics, customer support). These providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
• Anonymized/Aggregated Data: We may share de-identified, aggregated data that cannot reasonably be used to identify you, for research, analytical, or marketing purposes.

4. Data Security

We implement robust technical and organizational measures to protect your personal and health information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:

• Encryption: Data is encrypted both in transit (e.g., SSL/TLS) and at rest.
• Access Controls: Strict access controls and authentication mechanisms are in place to limit access to sensitive data.
• Regular Security Audits: We conduct regular security assessments and penetration testing.
• Employee Training: Our staff receives regular training on data privacy and security best practices.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

5. Data Retention

We retain your personal information only for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Health records are retained in accordance with applicable medical and regulatory requirements in France and India.

6. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), you have certain data protection rights:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
• Right to Erasure ("Right to be Forgotten"): You have the right to request that we erase your personal data under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
• Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at contact@indisante.com.

7. Third-Party Links

Our Services may contain links to other websites that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• By email: contact@indisante.com