1. Introduction
CheckIn Health ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website checkin.health and related services (collectively, the "Services").
This policy is published in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
By using our Services, you consent to the collection, use, and processing of your data as described in this policy.
2. Data We Collect
We collect the following categories of information:
a) Personal Information
- Full name
- Email address
- Phone number
- Date of birth and age
- Gender
- Address (for home sample collection)
b) Health and Medical Data
- Blood test results and biomarker values
- Health scores and category-wise analysis
- Health reports generated by our platform
- Any health-related information you voluntarily provide
c) Payment Information
- Payment transactions are processed by our payment gateway partner, Cashfree Payments. We do not store your credit/debit card numbers, UPI PINs, or net banking credentials on our servers.
- We retain transaction IDs, payment status, and order amounts for record-keeping purposes.
d) Technical and Usage Data
- IP address and browser type
- Device information and operating system
- Pages visited, time spent, and navigation patterns
- Referral source (including QR campaign tracking data)
- Firebase Analytics data (anonymised usage metrics)
3. How We Use Your Data
We use the collected data for the following purposes:
- Service delivery: Processing your test orders, scheduling home sample collection, generating health reports and scores.
- Communication: Sending order confirmations, test updates, report notifications, and responding to your queries.
- Payment processing: Facilitating secure payments and processing refunds through our payment gateway.
- Service improvement: Analysing usage patterns to improve our platform, reports, and user experience.
- Legal compliance: Meeting obligations under applicable Indian laws and regulations.
- Marketing: Sending promotional communications about our services (only with your consent; you may opt out at any time).
4. Legal Basis for Processing
Under the Digital Personal Data Protection Act, 2023, we process your data based on:
- Consent: You provide explicit consent when you sign up and use our Services.
- Contractual necessity: Processing required to fulfil our service obligations to you.
- Legal obligation: Processing required to comply with applicable laws.
- Legitimate interest: Improving our services and preventing fraud.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal or health data. We may share your data only in the following circumstances:
- Laboratory partners: Your sample and relevant personal details are shared with NABL-accredited partner laboratories for the purpose of conducting blood tests.
- Payment gateway: Transaction details are shared with Cashfree Payments for processing payments securely.
- Phlebotomy services: Your name, address, and scheduled time are shared with our collection partners for home sample collection.
- Cloud infrastructure: Your data is stored on secure cloud servers (Google Cloud Platform / Firebase) with industry-standard encryption.
- Legal requirements: We may disclose your data if required by law, court order, or government authority.
All third-party service providers are contractually obligated to handle your data securely and only for the purposes specified.
6. Data Storage and Security
- Your data is stored on secure servers hosted on Google Cloud Platform with data centres that comply with international security standards.
- We use encryption (TLS/SSL) for data in transit and encryption at rest for sensitive health data.
- Access to personal and health data is restricted to authorised personnel on a need-to-know basis.
- We conduct regular security reviews and follow industry best practices to safeguard your data.
- Payment data is handled by PCI-DSS compliant payment processors. We do not store card details on our servers.
7. Data Retention
- Your personal and health data is retained for as long as your account is active or as needed to provide our Services.
- Health reports and test results are retained to enable you to track your health over time.
- Transaction records are retained for a minimum period as required by applicable tax and financial regulations in India.
- If you request account deletion, we will delete or anonymise your data within 30 days, except where retention is required by law.
8. Cookies and Tracking
We use the following technologies on our website:
- Firebase Analytics: To understand how users interact with our website (page views, section visibility, button clicks). This data is anonymised and aggregated.
- Local Storage: To store QR campaign attribution data (partner referral codes) for up to 7 days.
- Essential cookies: For session management and authentication when you are logged in.
We do not use third-party advertising cookies or trackers. You may clear your browser cookies and local storage at any time through your browser settings.
9. Your Rights
Under the Digital Personal Data Protection Act, 2023, you have the following rights:
- Right to access: You may request a summary of the personal data we hold about you.
- Right to correction: You may request correction of inaccurate or incomplete personal data.
- Right to erasure: You may request deletion of your personal data, subject to legal retention requirements.
- Right to withdraw consent: You may withdraw your consent for data processing at any time. This may affect our ability to provide certain Services to you.
- Right to grievance redressal: You may raise concerns about data handling with our Grievance Officer.
- Right to nominate: You may nominate another individual to exercise your data rights in the event of your death or incapacity, as provided under the DPDPA.
To exercise any of these rights, please contact us at hello@checkin.health. We will respond within 30 days.
10. Children's Privacy
Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If a parent or guardian wishes to use our Services on behalf of a minor, they must provide verifiable consent and assume full responsibility for the minor's data.
11. Third-Party Links
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services you access through our Platform.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of our Services after changes constitutes acceptance of the updated policy.
13. Grievance Officer
In accordance with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and rules made thereunder, the Grievance Officer for the purpose of this Privacy Policy is:
CheckIn Health
Mumbai, Maharashtra, India
Email: hello@checkin.health
Phone: +91 7721857698
We shall address your grievance within 30 days of receipt.
14. Governing Law
This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000. Any disputes shall be subject to the exclusive jurisdiction of the courts of Mumbai, Maharashtra.
Also see: Terms and Conditions · Refund and Cancellation Policy