Privacy Policy

Last updated: June 18, 2026

Swasth ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how the Swasth mobile application and related services (collectively, the "Service") collect, use, disclose, and safeguard your information when you use our Service.

Please read this Privacy Policy carefully. By using the Swasth application, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Personal Information

When you create an account and use Swasth, we may collect the following personal information:

• Identity Information: Name, date of birth, gender, profile photograph
• Contact Information: Email address, phone number
• Authentication Data: Login credentials, OAuth tokens (Google, Apple, email/phone)
• Account Preferences: Language preference, notification settings, theme preferences

1.2 Health Information

Swasth is a health and wellness application. We may collect the following health-related data that you voluntarily provide:

• Vital Signs: Blood pressure, heart rate, blood glucose levels, body temperature, oxygen saturation
• Body Metrics: Height, weight, BMI, body measurements
• Medication Data: Medication names, dosages, schedules, adherence records
• Appointment Data: Doctor appointments, consultation notes, prescriptions
• Health Goals: Fitness goals, wellness targets, tracking preferences
• Medical History: Conditions, allergies, medical notes you choose to record

Important: Health information is treated with the highest level of protection. We do not use your health data for advertising purposes.

1.3 Device and Usage Information

• Device type, operating system version, unique device identifiers
• App version and crash reports
• Usage patterns within the application (features used, session duration)
• IP address and approximate location (country/region level only)

1.4 Third-Party Authentication

If you sign in using Google, Apple, or other third-party services, we receive basic profile information as authorized by you during the authentication process (e.g., name, email address, profile picture). This data is governed by the respective third party's privacy policy in addition to this one.

2. How We Use Your Information

We use the collected information for the following purposes:

• To Provide the Service: Process your health data, manage your account, and deliver features you have requested.
• To Personalize Your Experience: Customize health insights, recommendations, and interface based on your preferences and data.
• To Improve the Service: Analyze aggregated, anonymized usage patterns to improve features, fix bugs, and enhance performance.
• To Communicate With You: Send service-related notifications, appointment reminders, medication alerts, and respond to support requests.
• To Ensure Security: Detect and prevent fraud, unauthorized access, and other malicious activity.
• To Comply With Legal Obligations: Respond to legal requests, enforce our terms, and comply with applicable laws.

3. How We Share Your Information

We do not sell your personal information or health data to third parties. We may share information in the following limited circumstances:

3.1 With Your Consent

We share data when you explicitly authorize sharing, such as sharing health reports with a healthcare provider.

3.2 Service Providers

We use third-party service providers who assist in operating our Service. These providers are contractually obligated to protect your data and use it solely for the purposes we specify. These include:

• Cloud Hosting: Supabase (database and authentication), Firebase (analytics and push notifications)
• Analytics: Firebase Analytics (anonymized usage data only)
• Email Services: Amazon SES (transactional emails)

3.3 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.

4. Data Security

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS/SSL
• Sensitive data is encrypted at rest
• Authentication uses secure OAuth 2.0 with PKCE flow
• Regular security audits and vulnerability assessments
• Access controls and monitoring on all internal systems

While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data: Retained while your account is active
• Health Data: Retained until you delete it or close your account
• Usage Analytics: Aggregated data retained up to 24 months in anonymized form
• After Account Deletion: We delete or anonymize personal data within 30 days, except where retention is required by law

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal retention requirements)
• Portability: Request your data in a structured, machine-readable format
• Restriction: Request restriction of processing of your data
• Objection: Object to processing of your data for certain purposes
• Withdraw Consent: Where processing is based on consent, withdraw it at any time

To exercise these rights, contact us at privacy@swasth.health. We will respond within 30 days.

7. Children's Privacy

Swasth is not intended for use by children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us.

8. International Data Transfers

Your information may be processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place, including Standard Contractual Clauses where required.

9. Third-Party Links and Services

Swasth may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. Google Sign-In

If you use Google Sign-In to authenticate with Swasth, we receive your Google profile information (name, email, profile picture) as authorized by you. This data is used solely for account creation and authentication purposes. We do not access your Google contacts, emails, or any other Google services data. Google's use of your information is governed by Google's Privacy Policy.

11. Push Notifications

We use Firebase Cloud Messaging to send push notifications for medication reminders, appointment alerts, and service updates. You can disable notifications at any time through the app settings or your device settings.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights:

• Email: privacy@swasth.health
• Developer: MyAdsMantra
• Address: See Contact Us page for current address