ExaHealth Logo
    For IndividualsFor DoctorsInsightsPricing
    Sign InStart Free Trial

    Privacy Policy

    Effective Date: 23 March 2026 • Version: 1.2

    1. Nature of Services

    ExaHealth is a digital SaaS platform that enables users to store, organize, and manage their personal health-related information. We do not provide medical advice, diagnosis, or treatment. We do not sell, trade, analyze, or share your personal or health data with external entities for advertising or marketing purposes.

    2. Information We Collect

    ExaHealth collects only the minimum information necessary to operate and improve our services.

    2.1 Personal Information

    Information you provide during registration or while using the platform:

    • Full name
    • Email address
    • Mobile number
    • Profile details voluntarily added by you

    This information is used strictly for authentication, communication, and account management.

    2.2 Health-Related Information (User-Provided Only)

    ExaHealth does not generate or modify medical data. We only store the information that you voluntarily upload, which may include:

    • Medical reports
    • Prescriptions
    • Notes
    • Health documents
    • Any files or observations you choose to store

    This data is stored securely and remains fully under your control.

    2.3 Technical & Log Information

    Collected automatically to secure the platform:

    • IP address
    • Device information
    • Browser type
    • Login timestamps
    • Access logs (for security monitoring)

    We do not collect information for advertising or behavior tracking.

    3. Lawful Basis for Processing

    We process your information based on the following legal grounds:

    • Consent: You provide explicit consent when creating an account and uploading data.
    • Contract Performance: Processing is necessary to provide the services you subscribed to.
    • Legal Obligation: We may process data to comply with applicable laws, court orders, or regulatory requirements.
    • Legitimate Interest: We process technical data to maintain platform security and prevent fraud.

    4. How We Use Your Information

    We use your information strictly for legitimate and essential purposes:

    • To create and secure your account
    • To store your uploaded health information
    • To ensure smooth functioning of platform features
    • To detect, prevent, and investigate security threats or misuse
    • To communicate important updates, alerts, or support responses
    • To comply with regulatory or legal obligations
    • To provide AI-powered features such as health plan generation, health insights, and the AI health assistant, using third-party AI services

    We never use your health information for advertising, marketing, profiling, or data monetization.

    5. Data Ownership

    • You are the exclusive owner of all information you store on ExaHealth.
    • ExaHealth does not claim any rights over your uploaded documents or health data.
    • You can download, export, edit, or delete your data at any time.
    • Our role is limited to providing secure digital storage and access tools.
    • ExaHealth does not claim ownership or modify your original data. When you opt in to AI features, your data is processed by third-party AI services to generate insights — your original records remain unchanged.

    6. Data Sharing Policy

    ExaHealth follows a strict no-selling, no-trading data policy. We do not share your data for advertising or marketing purposes.

    We do NOT share your information with:

    • Advertisers
    • Analytics platforms
    • External data brokers
    • Other users
    • Third parties for marketing or research

    We may share limited information only under these conditions:

    6.1 Legal Obligations

    We may disclose information if required by:

    • Court order
    • Government authority
    • Applicable law

    Even in such cases, only the minimum necessary information is provided.

    6.2 Service Providers

    Some trusted partners may receive minimal data for essential functions:

    • Payment gateways (billing information only)
    • OTP/verification services
    • Email/SMS providers
    • Cloud processing services (Amazon Web Services Textract) — to extract text from uploaded health documents
    • AI service providers (Anthropic, OpenAI) — to generate health insights, personalized health plans, and power the AI assistant when you use these features

    Document processing via AWS Textract is a core platform function used whenever you upload health documents. AI providers (Anthropic, OpenAI) process your health data only when you use AI features, solely for the purpose of generating your results. Your data is not used to train AI models, is encrypted in transit, and is not retained by providers beyond the processing session.

    6.3 AI Data Processing

    When you use AI-powered features (health plans, AI assistant), the following data may be shared with our AI providers (Anthropic, OpenAI):

    • Health profile: age, gender, conditions, allergies
    • Lab results: test values, reference ranges, status
    • Vital signs: blood pressure, heart rate, blood glucose, weight, SpO2
    • Medications: name, dosage, frequency
    • Health documents: extracted text for analysis

    Important safeguards:

    • AI processing only occurs when you actively use AI features
    • You provide explicit consent before any AI data sharing
    • Data is encrypted in transit (TLS 1.2+)
    • AI providers do not retain your data beyond the processing session
    • Your data is not used to train AI models
    • You can stop using AI features at any time

    7. Data Security & Protection Measures

    ExaHealth uses advanced, industry-standard security protocols designed to protect highly sensitive data.

    7.1 Encryption

    • Data in transit is protected using HTTPS/TLS 1.2+
    • Data at rest is encrypted using AES-256

    7.2 Zero-Trust Access Controls

    • No internal employee can access user health data without explicit authorization.
    • Access is strictly role-based and logged.

    7.3 Continuous Monitoring

    • All system access is monitored for suspicious activity
    • Unauthorized attempts trigger automatic alerts

    7.4 Secure Infrastructure

    • Hosted on reputable cloud providers with strong physical and network security
    • Redundant backups with encrypted storage

    7.5 Regular Security Audits

    • Internal audits
    • Third-party penetration testing
    • Vulnerability management

    7.6 Data Isolation

    • Each user's data is stored in a logically isolated manner to prevent cross-access.

    8. Data Breach Notification

    In the unlikely event of a data breach that affects your personal or health information:

    • We will notify affected users via email within 72 hours of becoming aware of the breach.
    • We will provide details about the nature of the breach, the data affected, and steps being taken to mitigate harm.
    • We will report the breach to relevant regulatory authorities as required by applicable law.
    • We will offer guidance on protective measures you can take.

    9. Data Retention & Deletion

    • Your data remains stored securely as long as you maintain an active subscription or account.
    • After you cancel your subscription or become inactive, your data will be preserved for 30 days to allow reactivation or export.
    • After the 30-day retention period, all personal and health-related data will be permanently deleted.
    • Deleted data is removed from active systems, backups, and logs (where applicable).
    • Deletion is irreversible.
    • You may request immediate deletion at any time by contacting support.

    10. User Rights

    As the owner of your data, you have the right to:

    • Access: View or download all information stored in your account.
    • Rectification: Update or correct personal information.
    • Deletion: Permanently delete your account and stored data.
    • Portability: Export your data in standard formats.
    • Withdraw Consent: Stop using the service or request deletion at any time.
    • Restriction: Limit processing of your information.

    How to exercise your rights:

    • Access, rectification, deletion, and export can be done directly through your ExaHealth account settings.
    • For consent withdrawal or data restriction requests, email support@exahealth.com with the subject line "Privacy Rights Request."
    • We will respond to all valid requests within 30 days.

    11. Cookies & Tracking

    ExaHealth uses only essential cookies for:

    • Session management
    • Authentication
    • Security
    • Preventing unauthorized access

    We do not use:

    • Advertising cookies
    • Behavioral tracking
    • Third-party marketing cookies

    This ensures privacy-first browsing.

    12. Third-Party Services

    ExaHealth may integrate with essential third-party services such as:

    • Payment gateways
    • SMS/OTP verification systems
    • Email delivery providers
    • Cloud processing (Amazon Web Services Textract) — for health document text extraction
    • AI service providers (Anthropic, OpenAI) — for health insights and AI assistant

    These partners receive only the minimum information required to perform their role. AWS Textract is used as a core service for processing uploaded documents. AI providers (Anthropic, OpenAI) process health data only when you use AI features and do not retain data beyond the session.

    We conduct background checks and compliance reviews before onboarding any third-party vendor.

    13. Children's Privacy

    • ExaHealth is not intended for users under the age of 18.
    • If we discover that a minor has created an account without guardian supervision, the account may be restricted or removed.
    • Parents or guardians may request deletion of such data by contacting support.

    14. Updates to Privacy Policy

    We may revise this Privacy Policy periodically to reflect:

    • Changes in law
    • New features
    • Security improvements
    • Company policy updates

    When changes occur:

    • The updated version will be posted with a new Effective Date and Version number.
    • Users will be notified of significant changes via email or dashboard notifications at least 15 days before they take effect.
    • Continued use of the platform after changes take effect constitutes acceptance.

    15. Governing Law & Jurisdiction

    This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Hyderabad, India.

    16. Grievance Officer

    In accordance with the Information Technology Act, 2000 and the rules made thereunder, the contact details of the Grievance Officer are:

    Name: Jagadishwar Balla

    Email: grievance@exahealth.com

    Address: Dwaraka Pride – The Headquarters Coworking Space,Huda Techno Enclave, Madhapur,HITEC City, Hyderabad, Telangana – 500081

    The Grievance Officer will acknowledge complaints within 48 hours and resolve them within 30 days.

    17. Contact Information

    For privacy concerns, data deletion, or rights requests, contact:

    General Support: support@exahealth.com

    ExaHealth

    Your Health. Finally Understood. AI-powered health intelligence for families.

    Mobile Apps Coming Soon

    Coming to

    App Store

    Q2 2026

    Coming to

    Google Play

    Q2 2026

    Product

    • For Individuals
    • For Doctors
    • Pricing
    • Health Insights

    Connect

    • ABHA Health ID
    • WhatsApp
    • Contact Us

    Company

    • About Us
    • Our Science
    • Security

    © 2025 ExaHealth. Owned and operated by DATASPEAKS SERVICES PRIVATE LIMITED.

    Privacy PolicyTerms & ConditionsRefund & Cancellation