Information We Collect
Account Data
Name, email, mobile, date of birth provided at registration.
Health Data
Appointments, prescriptions, lab reports, vitals, medical records.
Fitness Data
Steps, workouts, sleep, heart rate, nutrition, mood check-ins.
Usage Data
Pages visited, features used, device type, IP — for security.
Payment Data
Billing name & order history. Card details processed by Cashfree — never stored by us.
How We Use Your Data
- Provide core services: booking, record sharing, prescriptions.
- Show health history, vitals trends, and fitness progress to you and your care team.
- Send appointment reminders, medication alerts, and service notifications via SMS, WhatsApp, or email.
- Improve platform reliability, investigate security incidents, and prevent fraud.
- Comply with legal obligations under Indian healthcare and data protection laws.
We never sell your personal or health data to advertisers or third-party marketers.
Data Sharing
We share your data only in these limited circumstances:
Your Care Team
Doctors, trainers, dietitians, lab partners, gym staff — only data relevant to your care.
Service Providers
AWS (cloud), 2Factor (SMS/OTP), Cashfree (payments), Google Meet (video) — under strict DPAs.
Legal Requirements
If compelled by Indian law, court order, or government authority.
Business Transfers
In the event of a merger or acquisition, you will be notified 30 days in advance.
Health Data & DPDP Compliance
Health data is Sensitive Personal Data under Indian law. Additional protections apply:
AES-256 at rest
All health records encrypted at rest and in transit (TLS 1.3).
Role-based access
Gym trainer sees only fitness data — never clinical records.
Full audit trail
Complete log of who accessed your records and when.
Data stays in India
AWS Asia Pacific (Mumbai) — your data does not leave India.
Cookies & Tracking
We use only essential session cookies required for authentication. We do not use third-party advertising cookies or cross-site tracking pixels. Analytics (if any) are first-party only and anonymised.
Data Retention
Account & Health Records
From last active session — per Indian healthcare regulations.
Fitness Tracking Logs
Steps, sleep, nutrition, mood check-ins.
After account deletion
All personal data permanently purged from systems and backups.
Your Rights
Under the DPDP Act 2023 you have the right to:
Access
Request a copy of all personal data we hold about you.
Correction
Update incorrect or incomplete information at any time.
Erasure
Request deletion of your account and associated data. See our Data Deletion page.
Portability
Export your health records in PDF or JSON format.
Grievance
File a complaint with our Data Protection Officer.
To exercise these rights, email privacy@fittoria.in. We respond within 30 days.
Children's Privacy
Fittoria is not intended for children under 18. We do not knowingly collect data from minors without verifiable parental consent. Family member profiles for dependents under 18 require the primary account holder to provide consent.
Security
Despite these measures, no online system is 100% secure. Please use a strong, unique password and keep your credentials private.
Changes to This Policy
We may update this policy periodically. We will notify you by email and in-app notification at least 15 days before material changes take effect. Continued use after changes constitutes acceptance.