Effective Date: 27 Nov 2015
Last Updated: 27 Nov 2025

Welcome to GlycoSense ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data in compliance with applicable laws including the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

By using our AI-powered healthcare application, you acknowledge that you have read and understood this Privacy Policy.

• Full name, date of birth, gender, and contact details (email, phone number, address)
• Government-issued identification numbers (Aadhaar, PAN, etc.) where legally required
• Emergency contact information
• Profile photographs (optional)

• Medical history, diagnoses, and treatment records
• Medication lists and prescription information
• Laboratory test results and diagnostic reports
• Vital signs and biometric data (heart rate, blood pressure, glucose levels, etc.)
• Doctor's notes and consultation records
• Health insurance information

• Device information (IP address, device type, operating system, unique device identifiers)
• App usage patterns and interaction data
• Location data (with your explicit consent)
• Cookies and similar tracking technologies
• Log files and crash reports

• AI-powered health insights, risk assessments, and predictions
• Symptom analysis and preliminary diagnostic suggestions
• Personalized health recommendations

We process your personal data based on the following legal grounds:

• Consent: You have provided explicit consent for specific processing activities
• Contractual Necessity: Processing is necessary to provide our healthcare services
• Legal Obligation: We must process data to comply with legal requirements
• Vital Interests: Processing is necessary to protect your life or health
• Legitimate Interests: We have legitimate business interests that don't override your rights

• Providing AI-powered health consultations, diagnostics, and recommendations
• Facilitating communication with healthcare providers
• Maintaining your electronic health records
• Scheduling appointments and sending reminders
• Processing payments and insurance claims
• Improving our AI algorithms and service quality

• Sending health tips, wellness content, and promotional materials
• Conducting research and analytics to improve healthcare outcomes
• Participating in clinical studies (anonymized data only)

We share your health information with doctors, specialists, laboratories, and pharmacies involved in your care, subject to your consent and strict confidentiality agreements.

We engage third-party vendors for: - Cloud storage and data hosting (AWS, Google Cloud, Azure with BAA/DPA agreements) - Payment processing and billing services - AI/ML model training (using de-identified data only) - Customer support and communication services

All service providers are bound by data protection agreements and must comply with HIPAA, GDPR, and DPDPA requirements.

We may disclose your information when required by law, court orders, or government authorities, or to: - Prevent fraud or security threats - Protect our legal rights - Respond to public health emergencies

If we transfer data outside India or the EEA, we ensure adequate safeguards through Standard Contractual Clauses (SCCs), adequacy decisions, or other approved mechanisms.

We will never sell your personal or health information to third parties.

We implement robust security measures including:

• Encryption: End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Audit Logs: Comprehensive logging of all data access and modifications
• Regular Security Audits: Penetration testing and vulnerability assessments
• HIPAA-Compliant Infrastructure: Business Associate Agreements with all relevant vendors
• ISO 27001 Certification: Adherence to international information security standards
• Data Minimization: Collection of only necessary information
• Pseudonymization/Anonymization: For research and AI training purposes

• Right to Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate information
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: At any time, without affecting prior processing
• Right to Lodge a Complaint: With your local data protection authority

• Right to Access: Obtain information about personal data processing
• Right to Correction: Correct or complete inaccurate data
• Right to Erasure: Request deletion (subject to legal retention requirements)
• Right to Grievance Redressal: File complaints with our Data Protection Officer
• Right to Nominate: Designate another person to exercise rights in case of death or incapacity

• Right to Access: View and obtain copies of your health records
• Right to Amend: Request corrections to your medical records
• Right to an Accounting: Know who accessed your health information
• Right to Request Restrictions: Limit certain disclosures
• Right to Confidential Communications: Choose how we contact you

We retain your data only as long as necessary for the purposes outlined in this policy:

• Active Account Data: Duration of account activity plus 3 years
• Health Records: As required by Indian medical record retention laws (minimum 5 years, certain records up to 10 years)
• Billing Records: 7 years for tax and legal compliance
• De-identified Research Data: May be retained indefinitely

After retention periods expire, we securely delete or anonymize your data.

Our services are not intended for individuals under 18 years of age without parental/guardian consent. For minors: - We require verifiable parental consent before collecting data - Parents have the right to review, modify, or delete their child's information - Special protections apply under applicable child protection laws

Our app uses AI algorithms to: - Analyze symptoms and suggest potential conditions - Predict health risks based on your medical history - Personalize treatment recommendations - Optimize appointment scheduling

Important Disclosures: - AI recommendations are not a substitute for professional medical advice - You have the right to request human review of AI-generated decisions - We conduct regular bias audits to ensure fairness and accuracy - You can opt-out of automated decision-making where legally permitted

We use cookies and similar technologies to: - Maintain your session and preferences - Analyze app usage and performance - Provide personalized content

You can manage cookie preferences through your device settings. Essential cookies required for app functionality cannot be disabled.

Name: Balakrishnan Chittor Rajagopal
Email: balakrishnan@glycosense.com
Phone: +91-8861304411
Address: 31AG, Asset Gardenia, Whitefield, Benagaluru 560066, INDIA

Name: Balakrishnan Chittor Rajagopal
Email: balakrishnan@glycosense.com
Phone: +91-8861304411 

We will respond to your requests within: - GDPR: 30 days (extendable by 60 days for complex requests) - DPDPA: As prescribed by the Data Protection Board

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will: - Notify you via email or in-app notification of material changes - Update the "Last Updated" date at the top of this policy - Obtain your consent where required by law

TBD: - We maintain a Notice of Privacy Practices as required - Business Associate Agreements are in place with all vendors - Breach notification procedures comply with HIPAA requirements

TBD: - We have appointed an EU representative: [Name/Contact if applicable] - Data Protection Impact Assessments (DPIAs) conducted for high-risk processing - Records of processing activities maintained

TBD: - Registered with the Data Protection Board of India - Consent Management Platform for transparent data processing - Significant Data Fiduciary obligations met (if applicable)

For any privacy concerns or complaints:

1. Contact our Data Protection Officer or Grievance Officer
2. We will investigate and respond within the statutory timeframe
3. If unresolved, you may escalate to:
   • India: Data Protection Board of India
   • EU/EEA: Your local Data Protection Authority
   • US: Department of Health and Human Services (HHS) for HIPAA complaints

By using GlycoSense, you consent to: - Collection and processing of your personal and health data as described - Use of cookies and tracking technologies - Cross-border data transfers with appropriate safeguards - AI-powered analysis of your health information

You may withdraw consent at any time by contacting us or using in-app settings. Withdrawal does not affect the lawfulness of prior processing.

Acknowledgment: This Privacy Policy complies with the Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and Digital Personal Data Protection Act, 2023 (DPDPA) of India.

The compliances are work in progress and will be obtained soon

Telestratum Networks Pvt Ltd
Registered Office: Awfis Gold, 12th Floor, CR3, Prestige Shantiniketan, ITPL Main Road, Bangalore 560048, KA, INDIA CIN: U72200KA2013PTC068026
Email: support@glycosense.com
Website: www.glycosense.com