P4P CONSENT NOTICE

Issued pursuant to the Digital Personal Data Protection Act, 2023

Section 5 & Section 6 - Notice to Data Principal

A. WHO IS COLLECTING YOUR DATA

Pranik Technologies Private Limited, operating under the brand name Pranik.ai ("Company," "We"), with registered office at Plot No. 114-116, Gafoornagar, Hyderabad, Telangana - 500018, India, is the Data Fiduciary for the P4P (Pranik for People) mobile health application.

We are seeking your free, specific, informed, unconditional, and unambiguous consent to collect and process your Personal Data for the purposes listed below. Each purpose is listed separately so you can make an informed decision for each one individually.

B. HOW TO READ THIS NOTICE

This Consent Notice lists each purpose for which we collect your data. For each purpose you will see:

  • The data we need and why.

  • The legal basis under the DPDP Act, 2023.

  • Whether your consent is MANDATORY (needed to use the feature) or OPTIONAL (you can use the App without it).

  • A checkbox for you to grant or withhold consent for that purpose.

You may withdraw any consent you grant here at any time by going to Settings > Privacy > Consent Management within the App, or by contacting dpo@pranik.ai. Withdrawal of consent does not affect the lawfulness of processing already carried out before withdrawal.

This Notice is available in English. As required under the DPDP Act, 2023, it will also be made available in the 22 scheduled languages listed in the Eighth Schedule of the Constitution of India upon request.

C. CONSENT ITEMS - PLEASE READ AND INDICATE YOUR CHOICE FOR EACH

1. Account Creation and Authentication

MANDATORY

Purpose: To create and manage your Pranik.ai P4P account, verify your identity, and provide secure access to the App.

DataCollected

  • Full name, date of birth, gender

  • Email address and mobile phone number

  • Encrypted password

  • Profile photograph (optional at registration)

  • Device identifier (Device ID, OS version)

Legal Basis

Consent (DPDP Act, S.6). This processing is a precondition to using the App.

2. Identity Verification (KYC)

MANDATORY

Purpose: To verify your identity for services that require KYC compliance (including insurance-linked features, financial transactions, and regulatory requirements).

DataCollected

  • Government-issued photo ID type and number (Aadhaar [masked], Passport, Voter ID, or Driving Licence)

  • Date of birth

  • Proof of address (utility bill, rent agreement, or government ID with address)

  • Photograph (for KYC purposes)

Legal Basis

Consent; Legal Obligation under KYC regulations and applicable financial/health sector rules (DPDP Act, S.6 & S.7).

3. Health Records Management (Electronic Health Records - EHR)

MANDATORY

Purpose: To create, store, and manage your Electronic Health Records so healthcare providers can deliver accurate, continuous care.

DataCollected

  • Medical history: past diagnoses, chronic conditions, allergies, surgical history

  • Current prescriptions and medication lists

  • Diagnostic reports, laboratory test results, and radiology reports

  • Immunization and vaccination records

  • Doctor's notes and consultation summaries

Legal Basis

Consent (DPDP Act, S.6); Legitimate Use for healthcare delivery. This is Sensitive Personal Data and is processed only with your explicit consent.

4. Teleconsultation and Telemedicine Services

MANDATORY

Purpose: To facilitate remote medical consultations with licensed Registered Medical Practitioners (RMPs), including video/audio consultation, consultation transcription, and digital prescriptions.

DataCollected

  • Health history and pre-consultation SOAP summary (generated by PHA Avatar)

  • Video and audio data during the consultation session (with your in-session confirmation)

  • Chat messages exchanged during consultation

  • Doctor's notes and post-consultation prescription

Legal Basis

Consent (DPDP Act, S.6); Legal Obligation under Telemedicine Practice Guidelines, 2020.

5. PHA Avatar - AI Personal Health Assistant Interactions

OPTIONAL

Purpose: To provide you with a proactive, voice-first AI health companion that conducts health intake, provides wellness support, sends reminders, and assists in navigating healthcare services.

DataCollected

  • Voice input and text input to the PHA Avatar

  • Health intake responses (symptoms, conditions, concerns)

  • Interaction history with the PHA Avatar

  • Structured pre-consultation SOAP summary generated from your responses (shared with your consulting doctor)

Legal Basis

Consent (DPDP Act, S.6). Note: The PHA Avatar is an AI tool - it does not provide medical diagnosis or treatment. It is a navigational and wellness support tool.

6. Wearable Device and Health Platform Integration

OPTIONAL

Purpose: To connect your wearable health device or third-party health platform (e.g., Google Fit, Apple HealthKit, Fitbit) to the App for real-time health monitoring and personalised insights.

DataCollected

  • Vital signs: heart rate, blood pressure, blood oxygen (SpO2)

  • Sleep data and activity data (steps, exercise)

  • Calorie and nutrition data (where your device tracks this)

  • Device identity and sync timestamps

Legal Basis

Consent (DPDP Act, S.6). Data flows from third-party platforms are also governed by those platforms' own privacy policies.

7. Laboratory Test Booking and Report Access

OPTIONAL

Purpose: To book diagnostic laboratory tests on your behalf, facilitate home sample collection, and deliver digital test reports to your health record.

DataCollected

  • Name, contact details, and address for sample collection

  • Health records relevant to the tests ordered (shared with the lab)

  • Lab test results and diagnostic reports (received from the lab and stored in your EHR)

Legal Basis

Consent (DPDP Act, S.6); Contract (for processing the booking).

9. Emergency Features - Emergency Button and Fall Detection

OPTIONAL

Purpose: To activate the Emergency Button feature and Fall Detection sensor monitoring, enabling automatic alerts to your designated emergency contacts and/or emergency services in the event of an emergency or fall.

DataCollected

  • Emergency contact names and phone numbers (designated by you)

  • Real-time GPS location (at the time of an emergency event only)

  • Device accelerometer and gyroscope data (for fall detection)

  • Emergency event log (timestamp, location, contacts alerted)

Legal Basis

Consent (DPDP Act, S.6); Vital Interests of the Data Principal.

10. Location Services - Hospital and Clinic Locator

OPTIONAL

Purpose: To use your GPS location to identify nearby hospitals, clinics, diagnostic centres, and pharmacies.

DataCollected

  • Real-time GPS location (used only while you are actively using the locator feature)

  • Location search history within the App

Legal Basis

Consent (DPDP Act, S.6). Location is accessed only when you actively use the locator feature unless emergency features are enabled.

11. Payment Processing - Medical Bills and Insurance Claims

MANDATORY

Purpose: To securely process payments for consultations, lab tests, and other services, and to process insurance claims on your behalf.

DataCollected

  • Payment method details (processed via PCI-DSS compliant payment gateway - card details not stored by Pranik.ai)

  • Billing address

  • Transaction history and receipts

  • Insurance policy number and insurance provider details (for claims processing)

Legal Basis

Consent; Contract (DPDP Act, S.6 & S.7). Payments are processed through PCI-DSS compliant third-party gateways.

12. Use of Anonymized Data for AI Model Training and Health Analytics

OPTIONAL

Purpose: To improve the accuracy, empathy, and clinical quality of our AI models - including the PHA Avatar - by training them on anonymized, aggregate health data derived from your interactions with the App.

DataCollected

  • Health interaction data (anonymized - all personally identifiable information removed before use)

  • PHA Avatar interaction logs (anonymized)

  • Aggregate usage patterns (anonymized)

Legal Basis

Consent (DPDP Act, S.6). Your Personal Data is irreversibly anonymized before use. Anonymized data is not Personal Data under the DPDP Act and cannot identify you.

13. Marketing and Promotional Communications (Opted-In Only)

OPTIONAL

Purpose: To send you personalised health-related marketing communications (email, SMS, push notifications) about products, services, and offers relevant to your health and wellness.

DataCollected

  • Name and contact details (email, phone number)

  • Health interests and wellness goals (to personalise offers)

  • Communication preferences

Legal Basis

Consent (DPDP Act, S.6 - opt-in only). You will receive marketing only if you actively consent here.

D. PARENTAL / GUARDIAN CONSENT (Complete only if registering on behalf of a Minor)

This section applies if the App is being used by or registered on behalf of a person under 18 years of age. In accordance with Section 9 of the DPDP Act, 2023, we require verifiable parental or guardian consent before processing any Personal Data of a minor.

14. Parental / Guardian Consent for Minor's Data Processing

MANDATORY

Purpose: To verify that a parent or legal guardian is providing informed consent for the collection and processing of the minor's Personal Data through the P4P App.

DataCollected

  • Parent/Guardian: Full name, government-issued photo ID, mobile phone number, email address

  • Minor: Full name, date of birth, government-issued ID (if available)

  • Relationship between guardian and minor

Legal Basis

Legal Obligation under Section 9, DPDP Act, 2023. Verifiable parental consent is mandatory before any minor's data is processed.

⚠️  This consent is required for any user under 18 years of age. The minor cannot use the App without this verified parental consent.

☐  I GRANT consent for this purpose          ☐  I WITHHOLD / WITHDRAW consent for this purpose

Note: Withholding consent for mandatory items will prevent access to the relevant feature or the App.

E. YOUR RIGHTS AS A DATA PRINCIPAL

As the Data Principal under the DPDP Act, 2023, you have the right to:

  • Access a summary of your Personal Data held by us and how it is processed.

  • Correct or update inaccurate or incomplete Personal Data.

  • Erase your Personal Data (subject to applicable legal retention obligations).

  • Obtain your Personal Data in a portable, machine-readable format (Data Portability).

  • Withdraw any consent granted in this Notice at any time, without affecting the lawfulness of prior processing.

  • Seek redressal of grievances by contacting our Data Protection Officer at dpo@pranik.ai.

  • Nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, contact us at dpo@pranik.ai or through Settings > Privacy in the App. We will acknowledge your request within 72 hours and resolve it within 30 days.

F. HOW TO WITHDRAW CONSENT

You may withdraw your consent for any individual processing purpose at any time by:

  • Navigating to Settings > Privacy > Consent Management within the App.

  • Emailing dpo@pranik.ai with the subject line: "Consent Withdrawal - P4P".

Withdrawal of consent is prospective - it does not affect processing already lawfully carried out. Withdrawal of certain mandatory consents will result in loss of access to the relevant App feature or, if it is a core consent, the App itself. We will notify you of any such consequences before processing your withdrawal.