Last updated: May 14, 2026
This Privacy Policy describes 4P Healthcare Pvt Ltd (hereinafter referred to as the "Company") policies and procedures on the collection, use, and disclosure of the Information provided by the Users and visitors of this Website (together referred to as the "Users"). The Company shall not use the User's information in any manner except as provided under this Privacy Policy. Every User who accesses the Website agrees to be bound by the terms of this Privacy Policy.
Interpretation: In this Privacy Policy, references to "You", "Your", "User" shall mean the end user accessing the Website or the Services and "We", "Us" and "Our" shall mean the Company, its affiliates and partners.
This Privacy Policy is published in compliance of:
"Personal information" is defined under the SPI Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such a natural person. Information that is freely available in the public domain or accessible under the Right to Information Act, 2005 or any other law will not be regarded as sensitive personal data or information.
The SPI Rules further define "sensitive personal data or information" of a person to mean personal information about that person relating to:
We collect Information through our Website to provide better services and results to our Users. Information is collected by the details provided by User and the data collected by the usage of the services. Details provided by User shall include Personal Information like name, address (residential or email), contact number, and other such data which is required for the efficient use of the services provided by the Company.
In general, the user can browse the Website without revealing any Personal Information. Although once Personal Information is provided, the identity of the User is not anonymous anymore.
Where possible, we indicate which fields are required and which fields are optional. Our User always has the option of not providing Information by choosing not to use a particular service or feature. Other Information collected includes device information i.e. from which device is the services being used. This shall include the hardware model, operating system, unique identification number associated with the device etc.
The Information collected is constantly used to provide personally relevant features and improve the services for our Users. With such pool of information, it is easier for us to understand the current trends in the market, according to which we cater our services. Such information helps us to come up with content that provides a better User experience, thereby creating better satisfaction and increasing the user base of our Website. User discretion is asked before using such information for any other purposes than those set out in this Policy. Although the information which is shared by the User themselves through us shall not be considered as making private information public.
Disclosure may be necessary to provide Users access to our Services, to comply with our legal obligations, to enforce our User Agreement, to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to our Services. Such Personal Information, when shared with third parties, shall be subject to strict confidentiality agreements.
We may disclose personal information if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal process. We may disclose Personal Information to law enforcement offices, third party rights owners, or others in the good faith belief that such disclosure is reasonably necessary to enforce our Terms or Privacy Policy. We and our affiliates will share/sell some or all of your personal information with another business entity should we (or our assets) plan to merge with, or be acquired by that business entity, or re-organization, amalgamation, restructuring of business. Should such a transaction occur that other business entity (or the new combined entity) will be required to follow this Privacy Policy with respect to your Personal Information.
In order to secure the information provided to us by our users, we review the processing and storage practices along with the information collected to guard against unauthorized access into the data collected in our systems. Furthermore, user information is protected by subjecting our Employees and Agents who process such information to strict confidentiality agreements, where if they fail to comply with it, such non-compliance shall lead to heavy penalties or legal proceedings, depending upon the gravity of the situation.
HelloKidney.ai is a clinical point-of-care application used by trained healthcare workers to record and manage patient kidney health screening data. We retain different categories of data for different periods, based on operational needs, legal obligations under Indian law, and healthcare record-keeping regulations.
Patient health data entered by healthcare workers into the Platform is retained in accordance with applicable medical record retention laws and the policies of the partnering healthcare organization, which acts as the data controller.
We retain personal and health data in compliance with:
Upon expiry of the applicable retention period, personal data is securely deleted from our active systems, and backup copies are purged within 90 days. Where complete deletion is not feasible due to legal hold or audit requirements, data is anonymized and stripped of all personally identifiable information.
HelloKidney.ai is designed for use by trained healthcare workers, not by patients directly. As such, data deletion rights operate differently depending on whether you are an app user (healthcare worker) or a data subject (patient).
You may request deletion of your HelloKidney.ai account and associated personal data at any time using either of the following methods:
Upon receiving your request, we will verify your identity and permanently delete your personal account information (name, login credentials, contact details, device identifiers) from our active systems within 30 days. Backup copies are purged within an additional 90 days.
Please note that patient health records you entered into the Platform during your use of the app are not deleted along with your account. These records belong to the partnering healthcare organization (data controller) and are subject to medical record retention laws as described in the Data Retention section above.
HelloKidney.ai processes patient data on behalf of partnering healthcare organizations and clinics, which act as the data controllers under the Digital Personal Data Protection Act, 2023.
Patients who wish to access, correct, or request deletion of their health records should contact the healthcare organization or clinic where their data was originally collected. The healthcare organization will verify the request in accordance with applicable medical record protocols and forward the verified request to us for processing.
If a patient contacts us directly at contact@hellokidney.ai, we will forward the request to the relevant healthcare organization for verification. We will assist the data controller in fulfilling any verified deletion request in accordance with applicable law.
In certain circumstances, we may be required to retain some data even after a deletion request. These include:
In such cases, we will inform the requester of the specific reason and the period for which the data must be retained. Once the legal basis for retention expires, the data will be deleted in accordance with this policy.
The Platform allows you to integrate your account with other applications such as Google Fit and Apple Health etc.
If you decide to integrate your account with any external application, you may be required to provide personal information to the third-party application as part of such integration.
If you access or submit personal information to any of those applications, such access and information will be governed by the terms of use and privacy policies of such third party application and the Company disclaims all responsibility or liability with respect to the terms, policies or the third party applications. The users are encouraged to carefully read the terms and privacy policy of any third party application that they intend to integrate with the Platform.
By using the Website and by providing personal information, the user consents to the collection and use of the information disclosed by them in accordance with this Privacy Policy, including but not limited to their consent for sharing their information as per this Privacy Policy. Our Website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.
This document is an electronic record in terms of existing and applicable Information Technology laws and the amended provisions thereto pertaining to electronic records in various allied statutes as amended pursuant to the Information Technology laws. This electronic record has been generated by a computer system and does not require any authentication. From time to time, the Company may change this Privacy Policy. The effective date of this policy, as stated below, indicates the last time this policy was revised or materially changed.
Effective date of this policy: March 1, 2019
This policy was last updated on: May 14, 2026