Privacy Policy

Account information: When you sign up, we collect your name, email address, and password (stored as a one-way hash — never in plain text).

Family member profiles: Names, dates of birth, gender, relationship, and any health information you choose to add — vaccination records, doctor visit notes, prescriptions, medical reports, and vitals.

Health data you enter: Vaccination history, blood pressure readings, blood sugar levels, growth measurements, custom health trackers, doctor visit logs, prescriptions, and uploaded medical documents.

Usage data: Standard server logs including IP address, browser type, and pages visited — used only for security monitoring and improving the service.

We do not collect: Payment information (the service is free), location data, or any data from your device beyond what you voluntarily enter.

We use your information only to provide and improve the HealthAYF service:

• To store and display your family's health records securely
• To send vaccination and doctor follow-up reminder emails you have opted into by using the service
• To generate PDF health summaries when you request them
• To enable profile sharing with people you explicitly authorise
• To respond to support requests sent via our contact form
• To improve our service based on anonymised, aggregated usage patterns

We will never use your health data for advertising, profiling, or any commercial purpose.

All data is stored on Microsoft Azure enterprise-grade cloud infrastructure — the same technology trusted by hospitals, banks, and governments.

• Encryption in transit: All data between your device and our servers is encrypted using TLS/HTTPS
• Encryption at rest: Stored data is encrypted at the database level
• Passwords: Stored as irreversible hashes — even we cannot see your password
• Access control: Only authorised HealthAYF systems can access the database; no individual employee has direct access to your records

While we take every reasonable precaution, no system is 100% impenetrable. In the unlikely event of a data breach affecting your information, we will notify you within 72 hours as required by law.

We do not sell your data. Ever. We do not share your personal or health information with advertisers, data brokers, or any third party for commercial purposes.

We share data only in these specific circumstances:

• When you explicitly share: If you use the Profile Sharing feature to share a family member's records with a doctor, caregiver, or family member — only the information you choose to share is accessible to them
• Service providers: Microsoft Azure (infrastructure), Microsoft Graph API (transactional emails only). These providers are bound by strict data processing agreements and cannot use your data for their own purposes
• Legal requirements: If required by a valid court order or Indian law enforcement with proper legal authority

HealthAYF is designed for parents and caregivers to manage health records for their minor children. Children do not create their own accounts — a parent or guardian creates and controls all records for minor family members.

We treat health data for minors with the highest level of care. Records for children are:

• Accessible only to the account holder (parent/guardian) and people they explicitly authorise
• Subject to all the same encryption and security protections as adult records
• Deletable at any time by the parent/guardian account holder

If you believe a child's data has been added to our platform without appropriate parental consent, please contact us at support@healthayf.com and we will act immediately.

Under India's Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

• Right to access: You can view all data we hold about you and your family at any time within the app
• Right to correction: You can update or correct any information directly within the app
• Right to erasure: You can delete any health record, family member profile, or your entire account at any time. Deletion is permanent and irreversible
• Right to grievance redressal: You can raise a privacy concern with us and we will respond within 30 days
• Right to nominate: You may nominate another person to exercise your rights in the event of your incapacity, as permitted under DPDPA

To exercise any of these rights, email support@healthayf.com.

We retain your data for as long as your account is active. If you delete your account:

• All personal and health data is permanently deleted within 30 days
• Anonymised, aggregated usage statistics (which cannot identify you) may be retained for service improvement

Uploaded files (prescriptions, reports) stored on Azure Blob Storage are deleted at the same time as account deletion.

Our mobile app may request permission to send you push notifications. These are used exclusively to:

• Remind you of upcoming or overdue vaccinations for family members
• Alert you to upcoming doctor follow-up appointments
• Notify you of insurance policy renewal dates
• Send other health reminders you have set within the app

Notification data: We do not use push notification delivery to collect behavioural data. We do not track whether you open a notification.

How to opt out: You can disable notifications at any time through your device settings (iOS: Settings → Notifications → HealthAYF; Android: Settings → Apps → HealthAYF → Notifications) or within the app itself. Disabling notifications does not affect your access to any features.

We use enterprise-grade cloud infrastructure to host and protect your data. All third-party services we rely on are bound by strict data processing agreements and are used solely to operate the HealthAYF platform — never for advertising or profiling.

What we do not do:

• We do not integrate advertising SDKs into our app or website
• We do not use social media trackers (Facebook, TikTok, etc.)
• We do not use third-party behavioural analytics platforms to monitor how you use the app

Transactional emails (OTP, reminders, password reset) are sent via a trusted enterprise email provider. Your email address is used solely for delivery and is not shared with or used by the provider for any other purpose.

You have the right to permanently delete your account and all associated data at any time. This is required by both Google Play Store and Apple App Store policies.

How to delete your account:

• In the app: Go to Profile → Settings → Delete Account
• Via web: Log in at app.healthayf.com → Profile → Delete Account
• By email: Send a deletion request to support@healthayf.com — we will process it within 7 business days

What gets deleted: Your account, all family member profiles, all health records, all uploaded documents (prescriptions, reports, insurance documents), and all reminder settings.

What is retained: Anonymised, non-identifiable aggregate statistics only. No personal data is retained after account deletion. Deletion is permanent and cannot be undone.

The HealthAYF web and mobile application uses minimal session data:

• Session authentication: A secure token is stored on your device to keep you logged in. This token is used only to verify your identity with our servers and is never shared with third parties.
• No third-party tracking cookies: We do not use Google Analytics, Facebook Pixel, or any other third-party tracking on the app or website

No personal health data is ever stored in cookies or browser storage. No personal data is captured from the public site (healthayf.com) unless you fill in the contact form.

If we make material changes to this Privacy Policy, we will notify you by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of HealthAYF after changes take effect constitutes acceptance of the updated policy.

For any privacy-related questions, data requests, or concerns: