Request Invite
Request Invite

Privacy Policy

Effective Date: 12th June, 2025

We, Purna Biotech Lifesciences Private Limited, having our registered office at B-33, B Block, Anant Raj Estate, Sector 63A, Gurugram – 122102, recognize the importance of safeguarding your personal information and are dedicated to upholding the highest standards of privacy and data protection in accordance with applicable laws.

This Privacy Policy governs your access to and use of Purna.ai (“Purna”, “Company”, “we”, “us”, or “our”), a technology-driven healthcare platform offering personalized and preventive health solutions through genomics, biotechnology, diagnostics, artificial intelligence, and digital health technologies. By accessing or using the website https://purna.ai/, digital applications, products, and services (collectively, the “Platform”), you agree to be bound by this Privacy Policy, which constitutes a legally binding agreement (“Agreement”) between You (“You”, “your”, “user” or “Participant”) and Purna.

This Privacy Policy is framed in compliance with the Digital Personal Data Protection Act, 2023 (as and when applicable), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and any other applicable rules or regulations, as amended from time to time.

This Policy governs the collection, use, storage, processing, and disclosure of your Personally Identifiable Information (“PII”) and Sensitive Personal Data or Information (“SPDI”) both collectively referred to as “Personal Data”, when you access or use our services, website that is https://purna.ai/ , or Purna.ai mobile application (collectively, the “Platform”). This Privacy Policy forms an integral and legally binding component of the Agreement between you and the Company and shall be construed in conjunction with our Terms of Service.

By accessing, browsing, or using the Platform, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy as well as the Terms of Service. Continued use of the Platform will constitute your explicit, informed, and voluntary consent to the collection, use, storage, and processing of your personal data in accordance with the provisions outlined herein.

SCOPE
This Privacy Policy applies to all personal data collected, received, stored, processed, or otherwise handled by us in connection with the services we offer through:
Our official website.
Our mobile application.
Our official social media handles and digital marketing campaigns.
Any form of online or offline interactions with you, including, but not limited to, those conducted through our authorized partners such as laboratories, healthcare professionals, wellness consultants, or any third parties engaged in delivering our services.

This Privacy Policy governs the manner in which we handle your PII and SPDI collected in the course of providing our services, and applies to all individuals who access, use, or interact with our Platform, regardless of their mode or medium of access. By accessing or using our website, mobile application, or any of our services, you voluntarily and expressly consent to the collection, use, storage, processing, and disclosure of your personal data by us in accordance with the terms set out in this Privacy Policy.

If, at any time, you wish to withdraw your consent, you may do so by writing to our Grievance Officer at: [email protected]. Please note that the withdrawal of consent may affect our ability to provide you with certain services or functionalities, to the extent such services require your data for lawful processing.

DATA WHICH WE MAY COLLECT
We may collect the following categories of data in order to provide our services to you:
A. Personal Information: This includes your name, age, sex, date of birth, height, weight, marital status, government-issued identification (if required), and any other personal information necessary for the provision of our services.
B. Contact Information: This includes your mobile number, email address, residential or correspondence address, fax number (if applicable), or any other similar contact details.
C. Sensitive Data: This includes, but is not limited to, credit or debit card details, UPI ID, bank account information, transaction ID, transaction history, or any other financial information that may be considered sensitive personal data or information and is required by us for the fulfillment of services and facilitation of transactions.
D. Health Information and Genetic Data: This includes all health-related information required for the provision of our healthcare or wellness services, including but not limited to your past and current medical history, medication, treatment records, family medical background, ongoing health conditions, pathology and diagnostic test results, medical prescriptions, external lab reports, and consultation notes. It further includes genetic data such as Whole Exome Sequencing (WES), Whole Genome Sequencing (WGS) results, Single Nucleotide Polymorphisms (SNPs), variant reports, and other genetic assessments. Additionally, we may collect data from wearable devices or user inputs, including but not limited to vitals, symptoms, lifestyle habits, diet logs, photographs, and nutrition details necessary for personalized wellness or medical recommendations.
E. Product or Service Specific Details: This refers to information pertaining to the products or services you use, including your preferences, interaction history, and service usage patterns.
F. Survey, Opinion, and Feedback Data: This includes any information you voluntarily provide in the form of surveys, reviews, suggestions, or feedback which we use to enhance our services and user experience.
G. Automatically Collected Data: This includes technical information such as your IP address, device type, browser type and version, operating system, date and time of access, interaction logs, in-app behaviour, geolocation data (where permitted), and other metadata or online identifiers that may be collected through cookies or similar technologies. For the avoidance of doubt, such information is generally not classified as Personally Identifiable Information PII or Sensitive Personal Data or Information SPDI under the applicable law and may accordingly be processed by us for legitimate operational, analytical, or service enhancement purposes, in compliance with this Privacy Policy.
COOKIE CONSENT
We may use cookies and similar tracking technologies to enable certain features and functionalities on our Platform, enhance user experience, and analyse site usage. Cookies allow us to recognize your device, store your preferences, and deliver a more personalized service experience.
You may choose to disable or restrict the use of cookies through your browser settings; however, please note that doing so may impact the availability or functionality of certain features of our website. For example, disabling cookies may prevent you from staying logged in, remembering preferences, or completing certain transactions seamlessly.
Most browsers provide options to manage cookie preferences. You can typically configure your browser to notify you when a cookie is being placed or to block some or all cookies. For more information, please refer to your browser’s help documentation. By continuing to use our Platform without modifying your cookie settings, you consent to our use of cookies in accordance with this Privacy Policy.
COLLECTION OF DATA
We may collect your personal data through the following sources and means:
A. Information provided by you on our Platform, including but not limited to details submitted during registration, profile creation, purchase of products or services, filling of health questionnaires, feedback forms, or participation in surveys.
B. Information shared by you through Phone, E-mail, WhatsApp, or any other written or recorded communication medium, including queries, complaints, service requests, or any documentation voluntarily submitted for the purpose of availing of our services.
C. Information provided by you during online or offline consultations with our healthcare professionals or wellness consultants, which may include your medical history, ongoing health conditions, diagnostic results, prescriptions, treatment preferences, or lifestyle-related disclosures necessary for delivering personalized care or wellness services.
D. Information from other sources: We may also collect information through external sources, including third-party websites, mobile applications, or partner platforms that redirect or refer you to our Platform. For example, if you access our services via a partner healthcare portal, e-commerce platform, wellness app, or affiliate link, certain personal or usage data may be shared with us by such third parties in accordance with their respective privacy policies and your consent granted therein. We use such data solely for purposes including but not limited to user authentication, service enablement, analytics, or personalization, in strict accordance with this Privacy Policy and applicable laws.
E. Automatically collected data, which may include technical and usage information such as your IP address, device information, browser type and version, operating system, referring URLs, access date and time, geolocation (where permitted), and other identifiers or metadata collected via cookies or similar technologies. For the avoidance of doubt, such information may not constitute PII or SPDI under applicable law and may be used by us accordingly, as permitted.

  1. PURPOSE / USAGE OF DATA
    We may use the data provided by you for various purposes necessary to fulfill our services, comply with legal and regulatory obligations, and discharge our contractual responsibilities. The specific purposes for which your data may be processed are detailed in the list provided herein.
    A. To perform our contractual obligations with you, including enabling the use of our products and services, and managing your account on the Platform.
    B. To provide and deliver our products and services to you, including consultations, diagnostics, health and wellness programs, and related customer support.
    C. To provide personalized test and supplement recommendations based on your health data, genetic profile, and lifestyle information.
    D. To provide facilitation of bookings, consultations with healthcare or wellness professionals, and delivery of diagnostic or medical reports.
    E. To provide AI-driven insights, predictive health analytics, and customized health improvement plans aligned with your personal health objectives.
    F. To comply with applicable legal and regulatory requirements, including obligations imposed by competent authorities under relevant healthcare, tax, consumer protection, and data protection laws.
    G. To fulfill our contractual obligations with third parties such as diagnostic laboratories, healthcare professionals, wellness consultants, and other service providers or partners involved in delivering services to you.
    H. To personalize and enhance your experience on our Platform, including providing tailored content, recommendations, and services best suited to your preferences and usage patterns.
    I. To facilitate secure and efficient financial transactions and payment processing through authorized banks, payment gateways, and financial service providers.
    J. To conduct service quality assessments, user satisfaction surveys, and other feedback mechanisms aimed at improving our offerings and user experience.
    K. To address your queries, respond to complaints, and evaluate feedback submitted through any communication channel, whether online or offline.
    L. To communicate with you via SMS, email, WhatsApp, or any other medium regarding appointments, service updates, order confirmations, or promotional offers, subject to your communication preferences and applicable law.
    M. To prevent, detect, and investigate fraud, data breaches, unauthorized access, or other malicious or unlawful activities that may affect you or the integrity of our Platform.
    N. For internal business operations, including audits, system maintenance, platform security, data backups, and overall business continuity planning.
  2. CHILDREN’S PRIVACY
    Children under the age of 18 years are not permitted to access or use our Platform independently. However, our services may be availed for the benefit of such minors by their parents or legal guardians. You hereby acknowledge and agree that any request or access initiated on behalf of a minor must be made with the explicit and verifiable consent of the parent or guardian. We do not knowingly collect or process personal data from children under 18 years of age without such consent, and any such requests or interactions shall not be entertained in its absence.
    DISCLOUSRE OF DATA
    We may disclose your personal data to the extent necessary for the provision of services, fulfilment of legal and contractual obligations, and in accordance with applicable laws. Such data may be shared with the following categories of recipients:
    A. Our internal teams and authorized personnel for assessing your requirements, processing your requests, and delivering the services.
    B. Diagnostic and genetic laboratory partners for the purpose of collecting, analysing, and reporting your sample test results.
    C. Healthcare professionals and wellness consultants for the purpose of providing medical consultations, recommendations, and ongoing care.
    D. Third-party service providers for activities such as data analytics, user experience optimization, service personalization, platform maintenance, and processing of payments or financial transactions.
    E. Government authorities, regulatory bodies, courts, or tribunals, when disclosure is required under applicable law or pursuant to legal proceedings, orders, or investigations.
    F. Contractual partners or affiliates to the extent necessary to fulfill our obligations under any existing contract or agreement including affiliate partners, banks and payment gateways.
    G. Business affiliates, including subsidiaries, holding companies, or entities involved in mergers, acquisitions, restructurings, or corporate reorganizations, where such data transfer is necessary for legitimate business purposes.
    H. Technology or logistics providers that enable core platform services
    I. Any other third party:
    when expressly authorized or requested by you, or
    when necessary to maintain the security, integrity, or protection of our Platform from unauthorized access, data breaches, or cyber threats.
    All third parties to whom we disclose your data shall be bound to use such data only in accordance with applicable laws, solely for the purposes for which it was shared, and to the extent as limited under this Policy. Such parties are also contractually obligated to implement appropriate technical, organizational, and security measures to protect the personal data from unauthorized access, disclosure, alteration, or misuse.
    While we exercise due diligence in selecting and engaging with such third parties, we shall not be liable for any acts or omissions on their part that result in a breach of your data, unless directly attributable to our negligence or wilful misconduct. Our liability in such cases shall be limited as defined under this Privacy Policy.
    DATA SECURITY MEASURES AND SAFEGUARDS
    Your personal data may be stored on secure third-party cloud infrastructure providers such as Amazon Web Services (AWS), Google Cloud, or other similar platforms. While these third-party service providers implement industry-standard security measures, we shall not be liable for any data breach or unauthorized access attributable to such third-party servers and beyond our reasonable control.
    At our end, we maintain appropriate physical, managerial, operational, technical, and organizational safeguards to ensure the confidentiality, integrity, and security of your data. These measures include, but are not limited to:
    Access control protocols to ensure that only authorized personnel access your data.
    Regular internal audits and security assessments to evaluate our data protection practices.
    Encryption of data in transit and at rest where applicable; and
    Implementation of industry best practices in compliance with applicable laws and regulatory standards.
    While we undertake all reasonable and necessary steps to safeguard your data, we do not guarantee or warrant the absolute security of data. However, we make best efforts within our control to prevent any unauthorized access, misuse, or breach of your personal data.
    All communications initiated by you via our Platform, including those made through E-mail or WhatsApp, are protected with end-to-end encryption and are accessible only by authorized personnel for legitimate purposes. You agree and acknowledge that you shall refrain from sharing any personal data or sensitive information via unsecured or unencrypted communication channels, and we shall not be liable for any unauthorized access or data loss resulting from such non-secure communications.
    DATA RETENTION
    We retain your personal data only for as long as it is necessary to fulfil the purposes for which it was collected, as outlined in this Privacy Policy, and to comply with applicable legal, regulatory, contractual, and operational requirements.
    The criteria we use to determine retention periods include:
    The duration for which the data is required to provide you with our services.
    The existence of a legal obligation to retain certain types of data (e.g., under tax or health-related regulations).
    The necessity to retain data in relation to legal claims or proceedings.
    The nature and sensitivity of the data;
    Your continued relationship with us and your usage of our Platform or services.
    Once the data is no longer required for the purposes stated above, or upon the withdrawal of your consent (where applicable), we will ensure that such personal data is deleted, anonymized, or otherwise disposed of in a secure manner, unless retention is mandated under applicable law.
    You may also request the deletion of your personal data by writing to us at [email protected]. Such requests will be honored in accordance with applicable legal obligations and retention requirements.
    YOUR RIGHTS OF DATA PROTECTION
    You may exercise the following rights with respect to your Personal Data, in accordance with the applicable laws:
    A. Right to Access, Review, or Modify:
You may, at any time, access, review, or modify the personal information provided by you on our Platform.
    B. Right to Correction:
If you believe that any data provided by you is inaccurate, incomplete, or has been incorrectly recorded, you have the right to request correction or rectification of such data.
    C. Right to Withdraw Consent:
You may withdraw your consent for the processing of your personal data at any time by following the procedure on our Platform or by writing to us at [email protected]. Please note that withdrawal of consent may affect our ability to provide you with certain services.
    D. Right to Deletion (Erasure):
You may request full deletion of your personal data upon withdrawal of consent, and partial deletion at any time. However, we may be required to retain certain data for a limited period to comply with legal or regulatory obligations, after which such data shall be securely deleted.
    E. Right to Nominate:
You may nominate another individual who shall be entitled to exercise your rights under this Privacy Policy in the event of your death or incapacity.
    F. Right to Be Informed:
You have the right to be informed about the purpose and nature of the data being collected, the type of data, the identity of third parties with whom your data may be shared, and the rights available to you in this regard.
    G. Right to Data Portability:
Subject to technical feasibility and applicable legal provisions, you may request the transfer of your personal data to another data fiduciary or service provider in a structured, commonly used, and machine-readable format.
    H. Right to Keep Data Accurate and Updated:
You are encouraged to notify us of any changes to your personal information so that we may keep our records accurate and up to date. You may exercise any of the above rights by contacting us through the procedure specified on our Platform or by writing to us at [email protected].
    PROCESSING OF DATA:
    We process your personal data strictly to the extent necessary for the provision of our services and in accordance with applicable laws and regulations.
    To safeguard the integrity, confidentiality, and security of your data, we implement appropriate technical, operational, and managerial security measures, as detailed in this Privacy Policy. Furthermore, we ensure that all third parties, including service providers and contractual partners who may have access to your data, are bound by legally enforceable obligations to implement adequate data protection measures. These parties are permitted to use your data solely for the purposes explicitly authorized and are required to maintain appropriate safeguards to prevent any unauthorized access, disclosure, or misuse of your data.
    IN-APP PERMISSIONS
    While accessing our Platform, particularly through our mobile application, we may request certain in-app permissions to ensure optimal functionality, enhance user experience, and enable effective delivery of our services. These permissions include, but may not be limited to, the following:
    A. Location Access:
To provide location-based services such as identifying nearby partner laboratories, enabling accurate service delivery, and dispatching reports or personnel to your location.
    B. Camera Access:
To capture images during video consultations or to upload prescriptions, medical records, or other required documentation directly through the app.
    C. Photos, Media, and Files Access:
To allow you to upload images of prescriptions, test reports, or any other relevant documents necessary for the provision of our services.
    D. SMS Access (Send and Receive):
To facilitate automatic OTP verifications and to receive service-related messages including payment confirmations, booking and appointment updates, and other transactional communications.
    E. Microphone and Speaker Access:
To enable seamless two-way communication during teleconsultations or video interactions with healthcare professionals or wellness consultants.
    F. Bluetooth Access:
To support the use of audio devices such as wireless headsets or earbuds during consultations for better audio quality.
    G. Internet Access (Wi-Fi and Mobile Data):
To ensure uninterrupted access to our services and enable smooth operation of the application, particularly during consultations, uploads, and real-time communication.
    All permissions requested are limited to what is necessary for the functioning of our services and will not be used for any other purpose without your prior explicit consent. You may choose to manage or revoke these permissions at any time through your device settings; however, doing so may affect your ability to use certain features of the application.
    INDEMNITY & LIABILITY
    The indemnity and liability provisions applicable to the parties shall be strictly governed by, and construed in accordance with, the Terms of Use Agreement as acknowledged and accepted by you. You expressly agree that such provisions shall remain binding and enforceable at all times, including during and after any collection, processing, or use of your data by us, as permitted under the Terms of Use. No additional indemnities, limitations, or exclusions of liability shall apply other than those expressly stated therein, and all rights and obligations relating to indemnification and liability shall be interpreted solely in accordance with the said Terms of Use Agreement.
    You further agree to indemnify, defend, and hold us harmless to the fullest extent permitted under law against any third-party claims, losses, or liabilities arising in connection with your use of the platform, your data submissions, or any breach of your representations, warranties, or obligations under the Privacy Policy or Terms of Use. Notwithstanding anything to the contrary contained herein, our total aggregate liability, whether in contract, tort, or otherwise, arising out of or in connection with this Privacy Policy, shall not exceed INR 10,000.
    DISCLIAMER OF LIABILITY
    We disclaim all liabilities, whether direct, indirect, consequential, or punitive, arising from your use of the Platform or from the conduct of other users. By using the Platform, you accept full responsibility and risk for your actions, the information you access or share, and your behavior both on and off the Platform. We do not guarantee the accuracy or reliability of any content and shall not be held liable for any loss or damage resulting from your use of the Platform.
    ENFOREABILITY
    This Privacy Policy applies solely to the information collected by us through the scope of data as mentioned and outlined in Clause 1 of this Privacy Policy. It does not cover any information that you provide to us unsolicited, whether through the Platform or by any other means. All unsolicited information shall be considered non-confidential, and we shall have the unrestricted right to use and disclose such information without limitation.
    The rights and remedies provided under this Privacy Policy are cumulative and may be exercised as often as necessary, in addition to any rights or remedies available under applicable law. Any waiver of rights under this Policy must be made in writing. A delay or failure to exercise any right or remedy shall not be deemed a waiver of that or any other right or remedy.
    WAIVER & SURVIVAL
    No failure or delay by us in exercising any right, power, or remedy under this Privacy Policy shall operate as a waiver of that right or any other right, nor shall any single or partial exercise preclude any other or further exercise thereof. All provisions of this Privacy Policy which by their nature are intended to survive termination shall so survive, notwithstanding any such waiver or termination.
    SEVERABILITY
    If any provision or part of this Privacy Policy is determined to be invalid, unenforceable, or unlawful by a competent authority, or is affected by any amendment to laws or enactment of new laws, the remaining provisions shall continue to be valid, enforceable, and binding to the fullest extent permitted by law.
    AMENDMENT
    We may update or amend this Privacy Policy periodically to reflect changes in our business practices or to comply with legal requirements, such as court orders or changes in applicable laws. Regardless of any amendments, our commitment to protecting your privacy will remain steadfast.
    We encourage you to review this Privacy Policy regularly to stay informed of any updates. Your continued use of the Platform after such changes will be deemed your acceptance of the amended Privacy Policy, unless you explicitly notify us otherwise.
    GRIEVANCE REDRESSAL
    In compliance with applicable laws, including the Information Technology Act 2000, read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, a Grievance Redressal Officer has been appointed to address any concerns related to your personal data and privacy. The details of the Grievance Redressal Officer are as follows:
    Name: Ayush Jain
Email: [email protected] 
Phone: 7021825903
Address: B-33, B Block, Anant Raj Estate, Sector 63A, Gurugram – 122102
    You may submit your complaints or grievances in writing at any time by contacting the Grievance Redressal Officer through the above channels. The Officer will acknowledge your complaint within 15 working days and endeavors to resolve the matter within 60 days.
    Please note that any suggestions or guidance provided by the Company regarding the use of its services shall not be construed as a warranty. For any privacy-related concerns, grievances, or questions, you may also contact us by email at [email protected].
    GOVERNING LAW, JURISDICTION AND DISPUTE RESOLUTION
    This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts at Gurugram, Haryana.