Privacy Policy
Last Updated: June 4, 2026This Privacy Policy outlines how Jeevant AI Technologies Pvt. Ltd. ("we", "us", or "our") collects, uses, stores, and protects your personal and health information when you use the CureNet application. This policy is designed in strict compliance with the Digital Personal Data Protection (DPDP) Act, 2023, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Ayushman Bharat Digital Mission (ABDM) Health Data Management Policy.
1. Definitions
- Data Fiduciary: Refers to Jeevant AI Technologies Pvt. Ltd., as we determine the purpose and means of processing personal data.
- Data Principal: Refers to you, the individual to whom the personal data relates.
- Personal Data: Any data about an individual who is identifiable by or in relation to such data.
- ABDM: Ayushman Bharat Digital Mission.
- ABHA: Ayushman Bharat Health Account.
2. Data We Collect
We collect only the minimum data necessary to provide our services:
- Identity Information: Name, Date of Birth, Gender, Mobile Number (collected via ABHA creation/linking).
- Health Information: Prescriptions, lab reports, discharge summaries, and structured FHIR R4 clinical data extracted from your uploaded documents.
- ABDM Credentials: ABHA Address, ABHA Number, and associated tokens required for ABDM network communication.
Note on Biometrics: Any biometric data used to unlock the app or Health Locker is processed entirely on your device's secure enclave (Android Keystore / iOS Keychain). We do not collect, transmit, or store biometric data on our servers.
3. Purpose of Processing
Under Section 4 of the DPDP Act 2023, we process your data solely for the following lawful purposes:
- To create and manage your ABHA ID and link your health records.
- To extract structured clinical data (medications, diagnoses, lab values) from uploaded documents using AI (OCR and NLP).
- To provide real-time translation of health records into your preferred Indian language.
- To facilitate the secure sharing of your health records with healthcare providers on the ABDM network, subject to your explicit consent artifact.
- To generate your Emergency Digital Pass.
4. Legal Basis for Processing
We process your Personal Data based on your explicit, clear, and affirmative Consent (Section 6, DPDP Act). For ABDM-related health data exchanges, processing is based on a standard electronic Consent Artifact governed by the National Health Authority (NHA).
5. How Data Is Stored (Local-First Architecture)
We employ a privacy-by-design architecture to maximize data security:
- Local Storage: Your primary health records, extracted AI data, and the contents of your "Health Locker" are stored locally on your mobile device.
- Encryption at Rest: Local data is encrypted using AES-256-GCM. The decryption keys are securely managed by your device's hardware-backed keystore.
- No Central Repository: We do not maintain a central database of your health records. Our backend acts merely as a secure conduit for AI processing and ABDM gateway routing.
6. Third-Party Data Processors
To provide advanced features, we use authorized Data Processors. Under Section 8(1) of the DPDP Act, we ensure these processors adhere to strict data protection standards through binding contracts:
- NVIDIA NIM: For processing document images via Vision LLMs to extract text. Images are processed ephemerally and are not used for model training.
- Bhashini (Govt. of India): For translating text between Indian languages.
- ABDM Gateway: For routing health information requests and ABHA creation.
7. ABDM Consent Framework
When sharing data with hospitals or doctors:
- We operate strictly as a Health Information Provider (HIP) and Health Information User (HIU) under ABDM.
- No data leaves your device without a digitally signed Consent Artifact.
- Consents are time-bound (e.g., expire in 30 minutes) and purpose-specific.
8. Data Retention and Deletion
- Since your health data is stored locally, deleting the app will delete the local database.
- Ephemeral data processed by our AI servers (e.g., document images for OCR) is deleted immediately from RAM after processing. It is never written to disk.
- You may request the deletion of your account and any associated server-side identity routing data at any time through the app settings.
9. Cross-Border Data Transfer
In compliance with the DPDP Act and ABDM policies, all Personal Data and Health Data of Indian citizens is stored and processed exclusively on servers located within the territorial borders of the Republic of India.
10. Children's Data
Under Section 9 of the DPDP Act, processing data of individuals under 18 years of age requires verifiable parental consent. Parents or legal guardians may link a child's ABHA ID to their CureNet account and manage the child's health records. We do not use children's data for tracking, behavioral monitoring, or targeted advertising.
11. Data Breach Notification
In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals in the manner prescribed by the DPDP Act (Section 8(6)).
12. Rights of Data Principals
Under Sections 11-14 of the DPDP Act, you have the right to:
- Right to Access: Request a summary of personal data being processed.
- Right to Correction & Erasure: Correct inaccurate data and request erasure of your data.
- Right of Grievance Redressal: Register complaints regarding data processing.
- Right to Nominate: Nominate another individual to exercise your rights in the event of death or incapacity.
- Right to Withdraw Consent: Withdraw your consent at any time, which will cease further processing of your data by us (though it will not affect the legality of processing prior to withdrawal).
13. Duties of Data Principals
As a user, you agree to not impersonate another person, not suppress any material information, and not register false grievances or complaints (Section 15, DPDP Act).
14. Grievance Officer
For any queries, complaints, or requests regarding this Privacy Policy or your data rights, please contact our Data Protection Officer / Grievance Officer:
Name: Privacy Officer, Jeevant AI
Email: contact@jeevant.com
Address: Jeevant AI Technologies Pvt. Ltd., Jaipur, Rajasthan, India
15. Changes to This Privacy Policy
We may update this policy periodically. We will notify you of any significant changes via the app or email. Continued use of the app after such notice constitutes your acceptance of the revised policy.