Privacy Policy

Last updated 2 May 2026

Privacy Policy

Welcome to Gemi Health, a technology-enabled digital healthcare platform owned, operated, and managed by Blanket Health Technologies Private Limited, a company incorporated under the Companies Act, 2013, having Corporate Identification Number (CIN) U62011MH2026PTC468421 and its registered office at Flat-26, Bldg-B, Home CHS Ltd, Near Sadhana School, Santacruz (West), Mumbai, Maharashtra, India – 400054 (hereinafter referred to as the “Company”, “we”, “our”, or “us”).

This Privacy Policy (“Policy”) sets out the manner in which the Company collects, receives, uses, processes, stores, discloses, transfers, and protects Personal Data and Sensitive Personal Data of individuals who access, browse, register on, or otherwise use the website, mobile application, or any associated services made available by the Company (collectively, the “Platform”).

For the purposes of this Policy, the expressions “User”, “you”, or “your” shall mean any individual or entity accessing or using the Platform in any capacity, including but not limited to patients, medical practitioners, healthcare professionals, authorized representatives, or visitors.

This Policy is issued in compliance with Applicable Law, including but not limited to the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and any rules, regulations, or guidelines framed thereunder. By accessing or using the Platform, or by providing your Personal Data to the Company, you acknowledge that you have read, understood, and agreed to the terms of this Policy, and you expressly consent to the collection, use, processing, and disclosure of your Data in accordance with this Policy.

This Policy shall be read in conjunction with the Terms of Use and any other policies, notices, or disclosures published on the Platform from time to time, all of which together constitute a binding legal framework governing your use of the Platform.

The Gemi Health Platform is a technology-enabled system designed to facilitate patient onboarding, appointment management, and pre-consultation clinical data capture. The Platform enables patients to provide health-related information through structured digital intake tools, which is processed to generate a summary of the patient’s medical history and symptoms for review by the treating medical practitioner prior to an in-person consultation at a physical healthcare facility. The Platform does not provide medical advice, diagnosis, treatment, or consultation services and does not participate in or facilitate teleconsultation.

Definitions

For the purposes of this Privacy Policy, unless the context otherwise requires, the following terms shall have the meanings assigned to them below. The definitions shall apply equally to the singular and plural forms of the terms and to all grammatical variations thereof:

“Personal Data” means any data or information relating to an identified or identifiable natural person, whether directly or indirectly, including any information which, either alone or in combination with other information, is capable of identifying such individual.

“Sensitive Personal Data” means such Personal Data which is classified as sensitive in nature under Applicable Law and includes, without limitation, health-related data, medical records, clinical information, financial information, authentication credentials, and any other category of data designated as sensitive under applicable regulatory frameworks.

“Health Data” means any data or information relating to the physical or mental health condition of an individual, including but not limited to medical history, symptoms, diagnoses, prescriptions, treatment plans, clinical observations, laboratory results, and any healthcare-related information generated or recorded through the Platform.

“Processing” means any operation or set of operations performed on Personal Data or Sensitive Personal Data, whether by automated means or otherwise, including but not limited to collection, recording, organization, structuring, storage, adaptation, retrieval, use, analysis, disclosure, dissemination, alignment, restriction, anonymisation, pseudonymisation, erasure, or destruction.

“User” means any individual or entity that accesses, browses, registers on, interacts with, or otherwise uses the Platform or Services in any manner whatsoever, including but not limited to patients, medical practitioners, healthcare professionals, administrative personnel, representatives of healthcare establishments, and any visitor to the Platform.

Applicability And Scope

This Privacy Policy (“Policy”) applies to all individuals and entities who access, browse, register on, interact with, or otherwise use the Platform or Services in any manner whatsoever.

Without limitation, this Policy shall apply to:
Patients, being individuals who access or use the Platform for the purpose of seeking or receiving healthcare-related services;
Doctors / Healthcare Professionals, being duly qualified and licensed medical practitioners or other healthcare providers who use the Platform to facilitate clinical workflows, or related services; and
Visitors and other Users, including any individual or entity that accesses or interacts with the Platform without necessarily registering for an account, including casual visitors, administrative personnel, or authorized representatives.

This Policy governs the collection, use, processing, storage, disclosure, transfer, and protection of all Personal Data and Sensitive Personal Data processed by the Company in connection with the use of the Platform, irrespective of the mode, medium, or device through which such access or interaction occurs.

Role Of The Company

The Company acts as a Data Fiduciary in respect of Personal Data processed through the Platform for the purposes set out in this Policy.
Medical practitioners accessing the Platform may independently process patient data for clinical purposes and shall be responsible for compliance with applicable healthcare and data protection laws in relation to such processing.
The Company does not control or determine clinical decision-making and processes data primarily for facilitating technological and operational functions of the Platform.

Information We Collect

The Company may collect, receive, generate, record, or otherwise process various categories of data from Users in connection with their access to and use of the Platform and Services. Such data shall be collected strictly for lawful, specific, and legitimate purposes in accordance with Applicable Law. The categories of data that may be collected and processed include the following:

The Company may collect Personal Data voluntarily provided by the User or generated in the course of registration and use of the Platform, including but not limited to:
identification and contact details, including name, email address, and mobile number;
demographic information, including date of birth, age, and gender; and
account-related information, including login credentials, authentication data, and unique user identifiers.

Subject to Applicable Law and appropriate safeguards, the Company may collect and process Sensitive Personal Data in the nature of health and clinical information, including but not limited to:
symptoms, medical history, and patient-reported information;
consultation records, clinical notes, and examination findings; and
prescriptions, treatment details, diagnostic reports, and other healthcare-related documentation.

In the case of healthcare professionals, the Company may collect and process professional and regulatory information, including but not limited to:
qualifications, certifications, and areas of specialization;
professional registration details, license numbers, and regulatory credentials; and
practice-related information, including clinic location, consultation schedules, and associated operational details.

The Company may automatically collect certain technical and usage-related data when a User accesses or interacts with the Platform, including but not limited to:
Internet Protocol (IP) address and device identifiers;
device type, operating system, and browser type; and
usage logs, access timestamps, session duration, and interaction patterns.

The Company may collect and maintain records of communications between the User and the Company, including but not limited to:
emails, messages, and correspondence;
customer support interactions; and
feedback, inquiries, or requests submitted through the Platform or other communication channels.

In the course of providing AI-enabled functionalities, the Company may collect and process data relating to User interactions with AI systems, including but not limited to:
inputs, responses, and information provided by Users during AI-assisted intake or interaction workflows; and
structured outputs, summaries, or representations generated by AI systems based on such inputs.

Such AI interaction data shall be processed solely for assistive, operational, and system improvement purposes and shall remain subject to appropriate safeguards and Applicable Law.

The Company does not use Personal Data or Health Data in identifiable form to train or improve general-purpose artificial intelligence models. Any use of data for system improvement or analytics shall be undertaken in anonymised or de-identified form in accordance with Applicable Law

Purpose Of Data Collection And Processing

The Company shall collect and process Personal Data and Sensitive Personal Data strictly for lawful, specific, and legitimate purposes directly connected with the operation of the Platform and the provision of Services, and in accordance with Applicable Law. All processing activities shall be limited to what is necessary, proportionate, and relevant to such purposes.

The Company may process Data for the following purposes:

to enable patient registration, onboarding, and appointment scheduling through the Platform;

to collect and structure patient-provided health information through AI-assisted intake mechanisms for the purpose of generating pre-consultation summaries;

to provide such summaries to the relevant medical practitioner prior to an in-person consultation at a physical healthcare facility;

to support administrative and operational workflows of healthcare providers;

to improve system performance, analytics, and user experience; and

to comply with Applicable Law.

The Company shall not process Data for any purpose that is incompatible with the purposes set out herein, except where such processing is permitted or required under Applicable Law or based on valid Consent obtained from the User.

How Data Flows Through The Platform

Personal Data and Health Data provided by Users is processed through structured workflows on the Platform, including:

collection of patient-provided information through digital intake interfaces;

processing and structuring of such information using automated systems;

generation of structured summaries for review by medical practitioners; and

use of such information by medical practitioners for independent clinical evaluation.

The Company does not use such data to independently determine diagnosis or treatment.

Legal Basis For Processing

The Company shall process Personal Data and Sensitive Personal Data only on lawful and valid grounds in accordance with Applicable Law, including but not limited to the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023.

Without prejudice to the generality of the foregoing, such processing may be undertaken on one or more of the following legal bases:
Consent: Where the User has provided free, specific, informed, unconditional, and unambiguous consent for the processing of their Personal Data for defined purposes. Consent for core data processing may be mandatory for access to and use of the Platform, and may be withdrawn at any time, subject to Applicable Law and the consequences set out in this Policy.
Contractual Necessity: Where processing is necessary for the performance of obligations arising out of the use of the Platform and Services, including but not limited to enabling access to the Platform, facilitating consultations, managing appointments, generating clinical documentation, and providing related functionalities requested by the User.
Legal Obligation: Where processing is necessary to comply with Applicable Law, regulatory requirements, or lawful orders of competent authorities, including obligations relating to record retention, audit, reporting, and compliance with healthcare and data protection regulations.
Compliance and Security Purposes: Where processing is necessary to ensure the security, integrity, and proper functioning of the Platform, prevention of fraud or misuse, and protection of legal rights, in accordance with Applicable Law.

The Company shall ensure that all processing activities are conducted in a fair, transparent, and proportionate manner, and are limited to what is necessary for the purposes specified in this Policy.

Consent

The Company shall obtain and rely upon valid, informed, and verifiable consent from Users for the collection and processing of Personal Data and Sensitive Personal Data, in accordance with Applicable Law

The User expressly acknowledges and agrees that explicit, informed, and affirmative consent shall be required for the processing of Sensitive Personal Data, including Health Data and Clinical Data. Such consent shall be obtained prior to or at the time of collection and shall constitute a condition precedent to the User’s access to and use of the Platform and Services.
In the absence of such consent, the Company reserves the right to restrict or deny access to the Platform or any part thereof.

In addition to mandatory consent, the Company may seek the User’s separate and specific consent for non-essential purposes, including but not limited to:
receipt of marketing, promotional, or informational communications; and
participation in surveys, feedback programs, or product improvement initiatives.

The grant or refusal of such optional consent shall not affect the User’s ability to access core functionalities of the Platform.

The User shall have the right to withdraw consent, in whole or in part, at any time, by using the mechanisms made available on the Platform or by contacting the Company.
Notwithstanding the foregoing:
such withdrawal shall not affect the lawfulness of any processing carried out prior to the withdrawal of consent;
the Company may continue to retain and process certain Data where required under Applicable Law or for legitimate purposes such as compliance, audit, or dispute resolution; and
withdrawal of mandatory consent may result in suspension, restriction, or termination of access to the Platform or certain Services, to the extent such Services cannot be provided without such consent.

The Company may maintain records of consent provided by Users, including timestamps, versioning, and associated metadata, for the purposes of audit, compliance, and evidentiary requirements under Applicable Law.

Data Sharing And Disclosure

The Company shall not sell, rent, or commercially exploit Personal Data of Users. Any sharing or disclosure of Data shall be undertaken strictly on a need-to-know basis, for legitimate purposes, and in accordance with Applicable Law. Without prejudice to the generality of the foregoing, the Company may share or disclose Data in the following circumstances:

Data may be shared with duly authorized medical practitioners or healthcare establishments solely for the purpose of enabling review of patient-provided information and AI-generated summaries prior to an in-person consultation conducted independently by such practitioners.

The Company may engage third-party service providers, including but not limited to cloud hosting providers, infrastructure partners, authentication services, analytics providers, communication service providers, and AI/ML vendors, for the purpose of operating and improving the Platform. Such third parties shall process Data strictly on behalf of the Company, in accordance with contractual obligations, confidentiality requirements, and appropriate data protection safeguards.

Where applicable, Data may be shared with authorized payment gateway providers and financial institutions for the purpose of processing payments, transactions, and related financial operations. The Company shall not store sensitive financial information beyond what is necessary and permitted under Applicable Law.

The Company may disclose Data where such disclosure is required under Applicable Law, including in response to lawful requests, court orders, or directions issued by governmental, regulatory, or law enforcement authorities, or where necessary to protect legal rights, prevent fraud, or ensure security.

In the event of a merger, acquisition, restructuring, or transfer of business or assets, Data may be transferred to the relevant successor entity, subject to the condition that such entity shall be bound by obligations consistent with this Policy and Applicable Law.

Data may be shared with third parties where the User has provided explicit consent for such disclosure.

The Company shall ensure that any disclosure of Data is limited to what is necessary for the intended purpose and is subject to appropriate technical, contractual, and organizational safeguards to ensure confidentiality, integrity, and security.

Anonymized And Aggregated Data

The Company may process, use, and analyse Data in anonymized, aggregated, or de-identified form for legitimate business and operational purposes, in accordance with Applicable Law.

Such anonymized or aggregated data may be utilized for purposes including, without limitation:
research, statistical analysis, and data modelling;
evaluation and improvement of the Platform, Services, and system performance;
development of new features, products, or technological capabilities; and
generation of business insights, trends, and commercial analytics.

For the avoidance of doubt, anonymized or aggregated data shall be processed in a manner such that it does not identify, and cannot reasonably be used to identify, any individual User, directly or indirectly. The Company may share or disclose such anonymized or aggregated data with third parties for the aforesaid purposes, provided that such data does not constitute Personal Data under Applicable Law.

Cookies And Tracking Technologies

The Company may use cookies and similar tracking technologies to facilitate the efficient operation, functionality, and performance of the Platform.
Cookies are small text files or identifiers stored on a User’s device that enable the Platform to recognize the User’s device and retain certain information relating to usage and preferences.

Without prejudice to the generality of the foregoing, the Company may use cookies for the following purposes:
to enable essential Platform functionalities, including authentication, session management, and secure access;
to analyse usage patterns, monitor performance, and generate analytical insights regarding User interaction with the Platform; and
to improve the functionality, reliability, and overall user experience of the Platform.

Users may, at their discretion, control, restrict, or disable the use of cookies through their browser or device settings. However, disabling certain cookies may affect the availability, functionality, or performance of certain features of the Platform.
To the extent required under Applicable Law, the Company shall obtain User consent prior to deploying non-essential cookies.

Data Retention

The Company shall retain Personal Data and Sensitive Personal Data only for such period as is necessary to fulfil the purposes for which such Data was collected, or as required under Applicable Law. All retention practices shall be lawful, proportionate, and aligned with applicable regulatory and healthcare requirements.

Without prejudice to the generality of the foregoing:
Personal Data shall be retained for as long as necessary to provide the Services, maintain User accounts, and fulfil legitimate business and legal obligations;
Clinical and Health Data may be retained for a period of up to three (3) years, or such longer duration as may be required under Applicable Law or applicable healthcare standards, following which such data shall be anonymised or pseudonymised to remove identifiable elements;
Audit logs, consent records, and system logs may be retained for a period of up to seven (7) years, or such longer duration as may be required under Applicable Law, for compliance, audit, dispute resolution, or evidentiary purposes; and
upon expiry of the applicable retention period, Data shall be securely deleted, anonymised, or irreversibly destroyed in a manner that prevents reconstruction or re-identification.

Notwithstanding the foregoing, the Company may retain certain Data for longer periods where required to comply with Applicable Law, enforce legal rights, prevent fraud, or resolve disputes.

Data Breach Response

In the event of a data breach or security incident affecting Personal Data, the Company shall take reasonable steps to investigate, contain, and mitigate such incident. Where required under Applicable Law, the Company shall notify affected Users and relevant authorities in accordance with prescribed timelines and procedures.

Data Security

The Company implements and maintains reasonable and appropriate technical and organizational measures to safeguard Personal Data and Sensitive Personal Data against unauthorized access, use, disclosure, alteration, loss, or destruction, having regard to the nature, scope, volume, and sensitivity of such Data.

Such measures include, without limitation:
encryption of Data in transit and at rest using industry-standard protocols;
implementation of access controls, including role-based and least-privilege access mechanisms; and
deployment of secure cloud infrastructure and systems designed to ensure confidentiality, integrity, and availability of Data.

The Company also maintains internal policies, procedures, and monitoring mechanisms to detect, prevent, and respond to potential security incidents.

Notwithstanding the foregoing, the User acknowledges that no system, network, or method of transmission over the internet is entirely secure. Accordingly, while the Company endeavours to protect Data using commercially reasonable measures, it does not warrant or guarantee absolute security of Data and shall not be liable for any unauthorized access, loss, or breach arising from events beyond its reasonable control.

User Rights

Subject to Applicable Law, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, Users shall have certain rights in relation to their Personal Data processed by the Company. Such rights may be exercised in accordance with applicable procedures, conditions, and limitations.
Without prejudice to the generality of the foregoing, Users shall have the following rights:

Users may request confirmation as to whether their Personal Data is being processed by the Company and, subject to verification and legal limitations, may request access to such Personal Data or a summary thereof.

Users may request the correction, rectification, or updating of inaccurate, incomplete, or outdated Personal Data. The Company shall take reasonable steps to effect such corrections, subject to verification and feasibility.

Users may request the deletion or erasure of their Personal Data. The Company shall comply with such requests, subject to Applicable Law, including any obligations relating to data retention, legal compliance, audit, or dispute resolution.

Where the processing of Personal Data is based on consent, Users shall have the right to withdraw such consent at any time. Upon withdrawal, the Company may cease processing the relevant Data, except where such processing is permitted or required under Applicable Law. Withdrawal of consent may affect the User’s ability to access or use certain Services.

Users may raise complaints, concerns, or grievances relating to the processing of their Personal Data or the implementation of this Policy. Such grievances shall be addressed in accordance with the Company’s grievance redressal mechanism and within the timelines prescribed under Applicable Law.

All rights set out herein shall be subject to:
verification of the User’s identity;
compliance with Applicable Law; and
limitations where processing is necessary for legal obligations, protection of rights, fraud prevention, or legitimate business purposes.

The Company shall respond to valid requests within a reasonable timeframe in accordance with Applicable Law.

Communications

The Company may communicate with Users in connection with the provision, administration, and operation of the Platform and Services.

Without prejudice to the generality of the foregoing:
the Company may send essential service-related communications, including but not limited to appointment confirmations, check-in notifications, intake progress updates, system alerts, security notifications, and other transactional or operational messages necessary for the use of the Platform. Such communications are integral to the Services and cannot be opted out of, except by discontinuing use of the Platform;
the Company may also send administrative communications, including account-related notifications, policy updates, compliance-related notices, and other information required for the effective functioning of the Platform; and
the Company may send marketing, promotional, or informational communications only where the User has provided explicit and informed consent for such communications.

Users shall have the right to withdraw consent for marketing communications at any time by using the opt-out mechanisms provided or by contacting the Company. The Company shall take reasonable steps to give effect to such requests within a reasonable timeframe.

Communications may be delivered through various channels, including email, SMS, in-app notifications, or other electronic means, as permitted under Applicable Law.

Children’S Privacy

The Platform is not intended for independent use by individuals under the age of eighteen (18) years. However, Personal Data of minors may be processed where provided by a parent or lawful guardian for the purpose of receiving healthcare-related services.

The Company does not knowingly collect, receive, or process Personal Data of minors without the verifiable consent of a parent or lawful guardian, as may be required under Applicable Law.
In the event that the Company becomes aware, or has reason to believe, that Personal Data of a minor has been collected or processed without such consent, the Company shall take reasonable steps to:
suspend or restrict access to the relevant account, where applicable; and
delete, erase, or anonymise such Personal Data in accordance with Applicable Law.

If a parent or lawful guardian becomes aware that a minor has provided Personal Data to the Company without appropriate consent, they may contact the Company to request review and deletion of such data. The Company shall take appropriate action upon verification of the requestor’s identity and authority.

The Company shall not be liable for any collection or processing of Personal Data of minors arising from misrepresentation of age or provision of inaccurate information by Users.

Cross-Border Data Transfer

The Company primarily stores and processes Personal Data within the territory of India in accordance with Applicable Law. However, in certain circumstances, Data may be transferred to, stored in, or processed in jurisdictions outside India for the purpose of enabling specific functionalities of the Platform, including but not limited to cloud infrastructure services, analytics, or AI-enabled processing. This may include processing through AI or analytics service providers where required for Platform functionality.

Any such cross-border transfer of Data shall be undertaken strictly in compliance with Applicable Law and subject to appropriate safeguards to ensure an adequate level of data protection. Such safeguards may include:
transfer of Data only to jurisdictions permitted under Applicable Law;
implementation of contractual obligations requiring recipients to maintain confidentiality and adhere to data protection standards;
application of appropriate technical and organizational measures, including encryption, access controls, and secure transmission protocols; and
limitation of Data transferred to what is strictly necessary for the intended purpose.

By accessing or using the Platform and providing Personal Data, the User expressly acknowledges and consents to such transfer, storage, or processing of Data outside India in accordance with this Policy and Applicable Law.

The Company shall not be liable for any acts or omissions of third-party recipients located outside India, provided that such transfer has been carried out in compliance with Applicable Law and reasonable safeguards have been implemented.

Third-Party Services

The Platform may integrate with, rely upon, or utilize services provided by third parties in order to enable, support, and enhance its functionalities. Such third-party services may include, without limitation, cloud hosting providers, artificial intelligence and machine learning service providers, payment gateway operators, communication service providers, analytics tools, and other infrastructure or technology partners (collectively, “Third-Party Services”).

The Company may share limited Data with such Third-Party Services strictly to the extent necessary for the provision, operation, maintenance, and improvement of the Platform and Services. All such third parties shall be contractually bound to process Data in accordance with the Company’s instructions and to implement appropriate confidentiality, security, and data protection measures consistent with Applicable Law.

Notwithstanding the foregoing, Third-Party Services operate independently and are governed by their own terms of use and privacy policies. The Company does not control and shall not be responsible or liable for:
the data handling practices, policies, or procedures of such third parties;
the availability, performance, or reliability of such Third-Party Services; or
any loss, damage, or unauthorized access arising from the use of or reliance on such Third-Party Services.

Users are encouraged to review the terms and privacy policies of such third-party providers prior to engaging with or relying upon their services.

Public Domain Data

The Company may collect, use, process, and disclose information that is lawfully available in the public domain without obtaining the consent of the User, to the extent permitted under Applicable Law.

For the purposes of this Policy, “public domain” shall include any information that is freely available or accessible to the public through lawful means, including but not limited to publicly available registries, professional listings, official records, or other sources not subject to confidentiality restrictions.

Notwithstanding the foregoing, the Company shall ensure that the use of such information is undertaken for legitimate purposes and in a manner consistent with Applicable Law.

External Links

The Platform may contain links to external websites, applications, or resources operated by third parties (“External Links”), which are provided solely for convenience and informational purposes.

The Company does not control, endorse, or assume any responsibility for the content, policies, or practices of such third-party platforms, including their privacy practices or handling of Personal Data.

Users acknowledge and agree that access to and use of such External Links shall be at their own risk. The Company shall not be liable for any loss, damage, or consequences arising from the User’s interaction with or reliance upon such third-party platforms.

Users are encouraged to review the privacy policies and terms of use of any third-party websites or services prior to providing any Personal Data or engaging with such platforms.

Account Termination And Data Consequences

Users may request termination or deletion of their account at any time, subject to applicable procedures specified by the Company.

Upon termination or deletion of the account:
the User’s access to the Platform and Services shall cease with immediate effect; and
the Company may retain certain Personal Data and associated records to the extent required for compliance with Applicable Law, regulatory obligations, audit requirements, dispute resolution, enforcement of legal rights, or prevention of fraud.

Any retained Data shall continue to be protected in accordance with this Privacy Policy and Applicable Law, and shall be securely deleted, anonymised, or irreversibly destroyed upon expiry of the applicable retention period.

No-Spam Policy

The Company is committed to maintaining a strict no-spam policy. The Company shall not sell, rent, lease, or otherwise disclose Users’ Personal Data to third parties for the purpose of sending unsolicited marketing or promotional communications.

Any marketing or promotional communications shall be sent only in accordance with Applicable Law and based on the User’s explicit consent, where required. Users shall have the right to opt out of receiving such communications at any time through the mechanisms provided by the Company.

Updates To This Policy

The Company reserves the right, at its sole discretion, to amend, modify, update, or replace this Privacy Policy, in whole or in part, at any time.

Any such updates shall be effective upon publication on the Platform or as otherwise communicated to Users. The Company may, but is not obligated to, notify Users of material changes through appropriate means, including electronic communication or in-platform notifications.

Users are encouraged to periodically review this Privacy Policy to remain informed of any updates. Continued access to or use of the Platform following the publication of any changes shall constitute the User’s acknowledgment and acceptance of the revised Policy.

Limitation Of Liability

To the fullest extent permitted under Applicable Law, the Company shall not be liable for any loss, damage, or liability arising out of or in connection with:
any unauthorized access to, or alteration, disclosure, or destruction of Data that occurs beyond the reasonable control of the Company;
any act, omission, or breach attributable to third-party service providers, including but not limited to cloud infrastructure providers, payment gateways, or other integrated services; or
any loss or damage resulting from the User’s own negligence, failure to maintain the confidentiality of account credentials, or misuse of the Platform.

Nothing in this Clause shall limit or exclude liability to the extent such limitation or exclusion is not permissible under Applicable Law.

Contact Information And Grievance Redressal

For any queries, concerns, complaints, or grievances in relation to this Privacy Policy, the processing of Personal Data, or the use of the Platform and Services, Users may contact the Company through the details provided below:
Email:
Registered Address: Flat-26, Bldg-B, Home CHS Ltd, Near Sadhana School, Santacruz (West), Mumbai, Maharashtra, India – 400054

The Company shall designate a Grievance Officer in accordance with Applicable Law, whose details shall be made available on the Platform. All grievances shall be acknowledged and addressed within the timelines prescribed under applicable law.