USER AGREEMENT
Terms of Use · Privacy Policy · Consent Notice · Software Licence
This User Agreement ("Agreement") is a legally binding contract between you ("User," "You") and Pranik Technologies Private Limited, operating as Pranik.ai ("Company," "We," "Us"), having its registered office at Plot No. 114-116, Gafoornagar, Hyderabad, Telangana - 500018, India.
This single Agreement covers everything that governs your relationship with the P4P App: the terms under which you use our services, how we collect and protect your personal data, what you are consenting to, and the terms under which we licence the software to you. We have deliberately written it as one document so you only have to read and accept one thing.
BY TAPPING "I AGREE" OR CREATING AN ACCOUNT, YOU CONFIRM THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY THIS AGREEMENT IN ITS ENTIRETY. If you do not agree, please do not use the App.
Company
Pranik Technologies Private Limited
Brand
Pranik.ai
Registered Office
Plot No. 114-116, Gafoornagar, Hyderabad, Telangana - 500018, India
Support
support@pranik.ai
DPO
dpo@pranik.ai
Website
https://pranik.ai
PART 1 - TERMS OF USE
1. KEY DEFINITIONS
App
The P4P (Pranik for People) mobile application, including all features, AI functionalities, and associated services.
PHA Avatar
The voice-first AI Personal Health Assistant embedded in the App. The PHA Avatar is based on the likeness of a real individual and is protected by Personality Rights and Intellectual Property law.
Skin Analyser
The AI-powered image analysis feature that assesses user-uploaded skin photographs for informational dermatological purposes.
RMP
A Registered Medical Practitioner holding a valid registration with the NMC or any State Medical Council of India.
Teleconsultation
Remote medical consultation via the App between a User and a licensed RMP, in accordance with the Telemedicine Practice Guidelines, 2020.
Personal Data
Any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act, 2023.
Sensitive Personal Data
Personal Data relating to health, medical history, biometric data, and other prescribed categories under applicable law.
DPDP Act
The Digital Personal Data Protection Act, 2023, as amended, together with all rules framed thereunder.
Anonymized Data
Data from which all personally identifiable information has been irreversibly removed such that no individual can be identified.
2. DESCRIPTION OF SERVICES
2.1 Healthcare Access
Teleconsultation: Video, audio, and text consultations with licensed RMPs.
E-signed Prescriptions: Digital prescriptions reviewed, approved, and e-signed by the treating RMP.
Healthcare Locator: GPS-enabled search for nearby hospitals, clinics, diagnostic centres, and pharmacies.
2.2 AI-Powered Health Assistant (PHA Avatar)
Voice-first health companion providing personalised health guidance and wellness support.
Health intake and triage assistance prior to consultations - generating a structured pre-consultation summary for the treating RMP.
Post-consultation follow-up support and medication adherence reminders.
2.3 Skin Analyser
AI-powered analysis of user-uploaded skin photographs for informational dermatological assessment.
IMPORTANT: The Skin Analyser is NOT a diagnostic tool for skin cancer, melanoma, or any severe dermatological condition. All results are for general informational purposes only and must be reviewed and verified by a licensed RMP before any clinical reliance.
2.4 Vitals Collection
Manual entry of health vitals by the User (blood pressure, heart rate, weight, temperature, etc.).
Camera-based real-time vitals measurement where available (e.g., resting heart rate via optical sensor). No video of the user's camera feed is stored - processing is real-time only.
2.5 Health Records Management
Electronic Health Record (EHR): Storage of medical history, diagnoses, prescriptions, and diagnostic reports.
Consultation records, doctor's notes, and post-consultation summaries.
2.6 Emergency Disclaimer
THE APP IS NOT AN EMERGENCY MEDICAL SERVICE. In any medical emergency, call 112 or 108 immediately and go to the nearest emergency facility.
3. ELIGIBILITY AND ACCOUNT REGISTRATION
3.1 Eligibility
You must be at least 18 years of age. Users below 18 may use the App only with verifiable parental or guardian consent under the DPDP Act, 2023.
You must be legally capable of entering into a binding contract under the Indian Contract Act, 1872.
3.2 Account Registration
You agree to provide accurate, current, and complete information at registration and keep it updated.
You are solely responsible for maintaining the confidentiality of your account credentials.
You must notify us immediately of any unauthorised access at support@pranik.ai.
4. AI FEATURES - TERMS, DISCLAIMERS, AND REGULATORY STATUS
4.1 PHA Avatar - What It Does
Provides wellness prompts, health reminders, and navigates you to appropriate healthcare.
Conducts health intake and generates a pre-consultation SOAP summary for the treating RMP. This summary is an assistive tool for the RMP - it does not constitute a medical opinion.
Responds to voice and text health queries for general informational purposes only.
4.2 PHA Avatar - What It Does NOT Do
The PHA Avatar is NOT a licensed medical professional. Nothing it says constitutes medical advice, clinical diagnosis, or a prescription.
The PHA Avatar does NOT make any clinical decision, issue or modify prescriptions, or replace consultation with a qualified RMP.
The PHA Avatar does NOT automatically dispatch emergency services. In an emergency, call 112 or 108 directly.
4.3 Avatar Likeness - Personality Rights
The PHA Avatar's visual and vocal likeness is based on a real individual and is protected by Personality Rights and Intellectual Property laws. You are strictly prohibited from:
Screen-recording, capturing, or manipulating the PHA Avatar's likeness for any purpose.
Using the Avatar's likeness to create deepfakes, misleading media, synthetic impersonations, or any unauthorized content.
Sharing, distributing, or publishing any recording or derivative of the Avatar's likeness.
Violation of this clause may constitute a criminal offence under applicable Indian law, including provisions relating to identity fraud and the Information Technology Act, 2000, and will result in immediate account termination.
4.4 Skin Analyser - Terms and Limitations
The Skin Analyser processes photographs you upload of your skin or body for informational dermatological assessment only.
The Skin Analyser is NOT a diagnostic tool for skin cancer, melanoma, psoriasis, or any severe dermatological condition. All results must be reviewed and verified by a licensed RMP before any clinical action is taken.
User-uploaded skin photographs are stored securely as part of your health record. If used for AI model improvement, they are passed through a strict anonymization pipeline where all personally identifiable features (face, body identifiers) are irreversibly masked before use.
You must not upload photographs of other individuals without their explicit consent.
4.5 AI Output Reliance - Critical Warning
AI outputs may be inaccurate and may contain material errors even where they appear specific and detailed.
You must not rely on any AI output in place of professional medical advice from a licensed RMP.
AI outputs may not reflect current clinical guidelines or up-to-date medical information.
AI outputs may occasionally be inconsistent with established medical practice. If you encounter such content, please report it to support@pranik.ai.
4.6 Regulatory Status of AI Features
The PHA Avatar, Skin Analyser, and all AI features of the App are NOT currently classified, cleared, or approved as medical devices or Software as a Medical Device (SaMD) by CDSCO under the Medical Devices Rules, 2017. They are offered as informational and assistive tools only. If CDSCO or any other regulatory authority reclassifies any feature, we will notify you and take all steps required by law.
5. TELEMEDICINE AND TELECONSULTATION
All teleconsultation services are provided by licensed RMPs operating independently through the platform. The Company acts solely as a technology intermediary. You acknowledge that:
All teleconsultations comply with the Telemedicine Practice Guidelines, 2020 issued by the Board of Governors of the NMC.
Digital prescriptions are reviewed, approved, and e-signed by the treating RMP. They are legally valid under applicable Indian law.
Teleconsultation does not involve physical examination, which may limit the scope of diagnosis. The RMP will advise in-person consultation where clinically necessary.
You must provide accurate and complete health information. Providing false information is solely your responsibility.
The RMP is solely and independently responsible for all clinical decisions and medical services.
6. USER RESPONSIBILITIES AND PROHIBITED CONDUCT
6.1 Your Responsibilities
Use the App only for lawful purposes in accordance with this Agreement.
Provide accurate, truthful, and complete information at all times.
Keep your account credentials confidential and secure.
Comply with all applicable laws, regulations, and guidelines.
6.2 Prohibited Conduct
Provide false, inaccurate, or misleading personal or medical information.
Use the App for any unlawful, fraudulent, or unauthorized purpose.
Attempt to gain unauthorized access to any part of the App or its systems.
Reverse-engineer, decompile, or attempt to extract the source code of the App.
Transmit malicious code, viruses, or harmful data.
Use the App to stalk, harass, or harm any other person.
Use any automated tool - bots, scrapers, scripts - to access the App.
Use the App to develop or train any competing AI or health technology product.
Screen-record, capture, or manipulate the PHA Avatar's likeness to create deepfakes, misleading media, or unauthorized content. The Avatar's visual likeness is based on a real person and is protected by Personality Rights and Intellectual Property laws.
Use the App outside India unless the Company has expressly confirmed such use complies with local law.
7. INTELLECTUAL PROPERTY AND SOFTWARE LICENCE
7.1 Ownership
All intellectual property in the App - including its software, AI models, PHA Avatar design and likeness, Skin Analyser algorithms, trademarks, and content - is owned by the Company or its licensors. The Avatar's likeness is additionally protected by the Personality Rights of the individual on whose likeness it is based.
7.2 Licence Grant
Subject to your compliance with this Agreement, the Company grants you a limited, non-exclusive, personal, non-transferable, revocable licence to install and use the App on your personal Device solely for your personal, non-commercial health and wellness purposes.
7.3 Restrictions
You may not copy, modify, distribute, sell, or sublicense the App or any part of it.
You may not reverse-engineer or decompile the App except as expressly permitted by applicable law.
You may not use the App to develop, train, or improve any competing product.
You may not remove or alter any proprietary notices, trademarks, or copyright markings.
7.4 Open Source Components
The App may incorporate open-source software components. Their respective licences take precedence over this Agreement for those components. A list of material open-source components is available at Settings → Legal → Open Source Notices.
7.5 Your Content
You retain ownership of health data and content you input into the App. By submitting it, you grant the Company a limited licence to process it to operate the App and provide services, and - in irreversibly anonymized form - for AI model improvement as described in Part 2 of this Agreement.
8. THIRD-PARTY SERVICES AND INTERMEDIARY STATUS
The App integrates with third-party services including mapping services, diagnostic centre locators, and pharmacy locators. For facilitated connections to third-party healthcare providers, the Company acts as a technology intermediary under Section 79 of the Information Technology Act, 2000.
8.1 Healthcare Locator
The App enables you to search for nearby hospitals, diagnostic centres, and pharmacies. The Company is not responsible for the quality, availability, pricing, or conduct of any third-party healthcare provider listed. Use of any third-party service is subject to that provider's own terms.
8.2 ABDM / NDHM Integration
The App may integrate with ABDM and NDHM infrastructure including ABHA IDs and health lockers. Where enabled, ABDM data flows are additionally governed by the NHA's ABDM Data Policy. Until ABDM integration is activated, no data is transmitted to ABDM infrastructure.
9. FEES, PAYMENTS, AND REFUNDS
When payment features are activated: all fees will be communicated clearly before any transaction; payments will be processed through PCI-DSS-compliant third-party payment gateways; the Company will not store your payment card details; refunds will be governed by the applicable Refund Policy published at that time.
10. DISCLAIMERS AND LIMITATION OF LIABILITY
THE FOLLOWING DISCLAIMERS APPLY TO THE FULLEST EXTENT PERMITTED BY APPLICABLE INDIAN LAW.
10.1 Disclaimer of Warranties
THE APP IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND. THE COMPANY EXPRESSLY DISCLAIMS ALL WARRANTIES INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY OF AI OUTPUTS, AND UNINTERRUPTED OR ERROR-FREE OPERATION.
10.2 Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE COMPANY SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM YOUR USE OF THE APP OR RELIANCE ON AI-GENERATED OUTPUTS.
THE COMPANY'S TOTAL AGGREGATE LIABILITY SHALL NOT EXCEED THE GREATER OF: (A) FEES PAID BY YOU IN THE SIX (6) MONTHS BEFORE THE CLAIM; OR (B) INR 1,000. NOTHING IN THIS AGREEMENT LIMITS LIABILITY FOR DEATH OR PERSONAL INJURY CAUSED BY OUR GROSS NEGLIGENCE OR WILFUL MISCONDUCT, OR ANY LIABILITY THAT CANNOT BE EXCLUDED UNDER THE CONSUMER PROTECTION ACT, 2019 OR OTHER MANDATORY INDIAN LAW.
10.3 Medical Liability Exclusion
THE COMPANY IS A TECHNOLOGY PLATFORM. IT IS NOT A HEALTHCARE PROVIDER. ALL CLINICAL LIABILITY FOR MEDICAL ADVICE, DIAGNOSIS, AND PRESCRIPTIONS RESTS EXCLUSIVELY WITH THE TREATING RMP.
11. INDEMNIFICATION
You agree to indemnify and hold harmless the Company, its affiliates, officers, employees, and agents from all claims, liabilities, damages, and expenses arising from: (a) your breach of this Agreement; (b) your use of the App in violation of applicable law; (c) your User Content; or (d) your wilful misconduct or gross negligence.
12. PARENTAL CONSENT AND MINORS
The App is not directed to individuals below 18. If a minor wishes to use the App, a parent or legal guardian must complete the verifiable parental consent process in accordance with Section 9 of the DPDP Act, 2023. The guardian is responsible for reviewing this Agreement on the minor's behalf. The Company will not process a minor's Personal Data for behavioural monitoring or targeted advertising.
13. TERMINATION
The Company may suspend or terminate your access immediately for any breach of this Agreement or conduct the Company determines to be harmful or unlawful. You may terminate at any time by deleting your account through App settings.
13.1 Health Records After Termination
Account termination does NOT result in immediate deletion of your health records. Clinical records, prescriptions, and consultation records are retained for the mandatory statutory period (minimum 7 years for health records; minimum 5 years for prescriptions) under applicable law. Raw audio is deleted within 24 hours of processing. Raw video is never stored. You may request a copy of your health records at any time by contacting dpo@pranik.ai.
13.2 Inactivity
If your account is inactive for 24 consecutive months with no activity, the Company may deactivate it after providing 30 days' prior notice to your registered email. Health records are retained regardless of account status as described above.
14. GOVERNING LAW AND DISPUTE RESOLUTION
14.1 Governing Law
This Agreement is governed by the laws of India, without regard to conflict of law principles.
14.2 Dispute Resolution
Disputes shall first be attempted to be resolved amicably within 30 days of written notice. If unresolved, they shall be referred to binding arbitration under the Arbitration and Conciliation Act, 1996. Seat and venue: Hyderabad, Telangana. Language: English. The award is final and binding.
14.3 Jurisdiction
Subject to arbitration, the courts at Hyderabad, Telangana shall have exclusive jurisdiction.
15. GENERAL PROVISIONS
15.1 Amendments
The Company may amend this Agreement. For material changes, 30 days' prior notice will be given via in-app notification or email. Continued use after the notice period constitutes acceptance. For changes to or discontinuation of core features (Teleconsultation), we will provide 30 days' advance notice except where required otherwise by law or security.
15.2 Severability
If any provision is held invalid, the remaining provisions continue in full force.
15.3 No Waiver
No failure by the Company to enforce any provision constitutes a waiver.
15.4 Entire Agreement
This Agreement, including all Parts, constitutes the entire agreement between you and the Company regarding the App and supersedes all prior agreements.
15.5 Force Majeure
The Company is not liable for failure caused by events beyond its reasonable control, including acts of God, pandemic, government orders, or telecommunications failure.
15.6 Language
This Agreement is in English. In case of inconsistency with any translation, the English version prevails. We are progressively making key legal notices available in major Indian languages where reasonably practicable. Contact support@pranik.ai to request a specific language version.
PART 2 - PRIVACY POLICY
This Part explains how Pranik Technologies Private Limited collects, uses, stores, and protects your Personal Data. It is prepared in compliance with the Digital Personal Data Protection Act, 2023, the IT-SPDI Rules, 2011, and the Telemedicine Practice Guidelines, 2020.
16. PERSONAL DATA WE COLLECT
16.1 Identity and Contact Data
Full name, date of birth, gender.
Email address, mobile phone number, encrypted password.
Government-issued photo ID reference (Aadhaar last 4 digits, Passport, Voter ID - full Aadhaar numbers are not stored).
16.2 Health and Medical Data (Sensitive Personal Data)
Medical history, current diagnoses, chronic conditions, allergies, surgical history.
Prescriptions, medication lists, and prescription refill information.
Diagnostic reports, lab test results, and radiology reports (where uploaded).
Immunization and vaccination records.
Vitals: manually entered health measurements (blood pressure, heart rate, weight, temperature, blood oxygen).
Real-time camera-based vitals measurements - processed in real-time only; no video is stored.
Photographs and images of skin or body parts uploaded by the User for the Skin Analyser feature.
16.3 Consultation and Interaction Data
Pre-consultation SOAP summaries generated by the PHA Avatar from your health intake responses.
Voice audio recordings of interactions with the PHA Avatar and consultations with RMPs - retained only for the duration of processing through the anonymization pipeline, then permanently deleted. See Section 20 (Data Retention).
Text interaction logs with the PHA Avatar.
Live video feeds during teleconsultations - processed in real-time only; no video files are stored on our servers.
Doctor's notes and post-consultation summaries.
E-signed prescriptions.
16.4 Location Data
Device location (with your consent) used for the healthcare locator feature (nearby hospitals, diagnostic centres, pharmacies).
16.5 Device and Usage Data
Device type, operating system, IP address, app version.
Session logs, feature usage patterns, and crash reports (anonymized).
16.6 Data We Do NOT Collect
Full Aadhaar numbers - we use masked or partial references only.
Raw biometric authentication data (fingerprints, iris scans).
Payment card numbers - tokenized by payment gateway; not stored by us.
Video recordings of any kind - all video is real-time and never stored.
17. HOW WE COLLECT YOUR DATA
Directly from you: registration, health intake forms, manual vitals entry, Skin Analyser uploads, consultations.
Through the PHA Avatar: voice and text interactions.
From healthcare providers: diagnostic reports and records transmitted with your consent.
From your device: location (with consent), camera for real-time vitals (no storage), microphone for consultations.
Automatically: session logs, crash reports, and device metadata.
18. PURPOSES OF PROCESSING AND LEGAL BASIS
Processing Activity
Data Involved
Purpose
Legal Basis
Justification
Account creation and authentication
Identity and contact data
Create and manage your account
Contract; Consent
Necessary to perform the service contract.
Delivering teleconsultation services
Health data, consultation records, SOAP summaries
Facilitate RMP consultations and issue prescriptions
Contract; Consent
Inseparable from the core service. Explicit consent obtained at registration.
PHA Avatar health assistance
Voice audio, text interactions, SOAP summaries
Provide AI health guidance and pre-consultation triage
Consent
Explicit consent required. Voice audio deleted after processing pipeline completes.
Skin Analyser
User-uploaded skin photographs
Informational dermatological assessment
Consent
Explicit consent. Images anonymized before any AI training use.
Healthcare locator
Device location
Find nearby hospitals, diagnostics, pharmacies
Consent
Location collected only at time of search, with explicit permission.
Health records management
All health and medical data
Maintain EHR; enable continuity of care
Contract; Consent; Legal Obligation
Required for clinical record-keeping under applicable health regulations.
AI model improvement
Irreversibly anonymized audio transcripts and text
Train and improve PHA Avatar and clinical AI models
Consent (for anonymization step); Legitimate Use (post-anonymization)
Opt-in only. Once anonymized, data is no longer Personal Data under DPDP Act.
Fraud prevention and security
Device signals, login data
Detect unauthorized access; protect accounts
Legitimate Use
Directly protects User accounts. Limited to anomaly detection - not profiling.
Legal and regulatory compliance
Identity, medical, and financial data as required
Satisfy statutory obligations; maintain audit trails
Legal Obligation
Required under Clinical Establishments Act, Telemedicine Guidelines 2020, DPDP Act.
Service communications
Name, email, phone
Appointment confirmations, prescription alerts, platform updates
Contract
Transactional - not marketing. Cannot be opted out without affecting service.
Marketing communications
Name, email, phone
Health-related offers and App updates
Consent (opt-in only)
Fully optional. Opt out at any time.
'Legitimate Use' under the DPDP Act, 2023 is functionally analogous to 'Legitimate Interests' under GDPR. Where relied upon, a balancing test confirms our interest does not override the Data Principal's fundamental rights.
19. SHARING AND DISCLOSURE
We do not sell your Personal Data. We never have and we never will. We share your data only as follows:
With your treating RMP: your health summary and consultation data, solely to facilitate your consultation.
With Data Processors (service providers): cloud hosting, payment gateways, KYC providers, communication platforms - all bound by data processing agreements restricting use to the stated purpose only.
With healthcare providers you book through the App: name, date of birth, and booking details only.
For legal and regulatory compliance: to government authorities, courts, or regulators when required by applicable law.
In a business transfer: if Pranik is acquired or merges, your data may transfer to the successor entity subject to equivalent privacy obligations. You will be notified.
With your explicit consent: no other sharing without your prior, specific consent.
19.1 No Sale of Data - Explicit Confirmation
We do not sell, rent, or barter your Personal Data or Sensitive Personal Data to any third party for any commercial purpose. We do not use your data to build advertising profiles. We do not allow third-party advertisers to target you based on your health data.
19.2 Third-Party AI Infrastructure
Third-party AI infrastructure providers used for model training receive only anonymized or synthetic data. No identifiable Personal Data or Sensitive Personal Data is transmitted to any third-party foundation model provider. All personal data is stored on servers in India.
20. DATA RETENTION - THE FIVE DATA BUCKETS
We retain different categories of data for different periods, based on their nature, legal requirements, and the privacy impact of retention. The table below sets out our retention architecture:
Data Bucket
What It Covers
Retention Period
Legal Basis and Notes
Bucket 1: Clinical Records
EHR, prescriptions, e-signed prescriptions, consultation notes, SOAP summaries, diagnostic reports
Health records: minimum 7 years. Prescriptions: minimum 5 years. Both from last consultation.
Clinical Establishments Act; Telemedicine Guidelines 2020; Drugs and Cosmetics Act. Retained even after account deletion.
Bucket 2: Raw Audio
Voice recordings of PHA Avatar interactions and teleconsultations
Deleted within 24 hours of processing through anonymization pipeline completing. Not retained beyond pipeline.
Collected only to generate anonymized transcripts. Deletion is automatic once processing is confirmed. This is not a clinical record.
Bucket 3: Raw Video
Live teleconsultation video feeds; camera-based real-time vitals; Skin Analyser live camera feed
Never stored. Real-time processing only. No video files are written to our servers at any point.
Video is processed frame-by-frame in real-time. No recording capability exists in the system architecture.
Bucket 4: User-Uploaded Images
Skin photographs and medical images uploaded by the User
Stored as part of EHR - retained with clinical records (Bucket 1). Anonymized before any AI training use.
User retains the right to request deletion of uploaded images outside mandatory clinical record periods. Anonymization is irreversible once applied.
Bucket 5: Anonymized AI Data
Irreversibly de-identified audio transcripts and text used for AI model training
Indefinite - no longer Personal Data once anonymized.
Post-anonymization data is outside the scope of the DPDP Act. Cannot be traced to any individual. Cannot be extracted or reversed.
Upon expiry of applicable retention periods, Personal Data is securely deleted or irreversibly anonymized. Financial records are retained for a minimum of 8 years under the Income Tax Act, GST regulations, and PMLA.
21. YOUR RIGHTS AS A DATA PRINCIPAL
Under the DPDP Act, 2023, you have the following rights. Exercise them by contacting dpo@pranik.ai or through the App's Privacy Settings:
Right
What It Means
Right of Access
Request a summary of Personal Data we hold about you and how it is used.
Right to Correction
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your data. Subject to mandatory retention obligations (Bucket 1 above).
Right to Data Portability
Receive your data in a machine-readable format for transfer to another service.
Right to Withdraw Consent
Withdraw consent for any optional processing at any time. Does not affect lawfulness of prior processing.
Right to Grievance Redressal
Lodge a complaint with our DPO at dpo@pranik.ai. We acknowledge within 72 hours and resolve within 30 days.
Right of Nomination
Nominate another individual to exercise your rights in the event of your death or incapacity.
Escalation
If unresolved, escalate to the Data Protection Board of India (once constituted under DPDP Act, 2023).
22. SECURITY OF YOUR DATA
Encryption in transit (TLS 1.2+) and at rest (AES-256).
Role-based access controls with least-privilege principles.
Multi-factor authentication for all personnel accessing Personal Data.
Regular third-party security audits and penetration testing.
Automated secure deletion of raw audio within 24 hours of pipeline completion.
Incident response and breach notification procedures.
In the event of a data breach likely to harm you, we will notify you and the Data Protection Board as required by applicable law.
23. SUBPROCESSORS
We engage third-party organisations to process data on our behalf. All are bound by written data processing agreements. We maintain a public Subprocessor List at pranik.ai/subprocessors, updated whenever a subprocessor is added or removed. We provide 30 days' prior notice of new subprocessors.
Cloud Infrastructure (India-based data centres)
KYC and Identity Verification Providers
Communication Service Providers (SMS, email, push notifications)
Analytics and Crash Reporting (anonymized data only)
AI and ML Compute Infrastructure (anonymized data only)
No identifiable Personal Data is transmitted to any third-party AI infrastructure provider. Only anonymized or synthetic data is used for model training on third-party compute.
24. ABDM INTEGRATION, DATA LOCALISATION, AND FUTURE COMPLIANCE
24.1 Data Localisation
All Personal Data is stored on servers within India. Only anonymized data may be processed on infrastructure outside India, under the contractual safeguards described in our Subprocessor agreements.
24.2 ABDM / NDHM Integration
Where ABDM integration is enabled, data flows are additionally governed by the NHA's ABDM Data Policy. Until activated, no data flows to ABDM infrastructure. We will update this section with specifics when ABDM integration is launched.
24.3 Cross-Border Transfer - Future Compliance
We will comply with any future notifications, adequacy decisions, or transfer restrictions issued by the Central Government under the DPDP Act, 2023 as and when published.
24.4 Data Protection Impact Assessment
The Company conducts Data Protection Impact Assessments (DPIAs) for high-risk processing activities - including AI-assisted health services, processing of Sensitive Personal Data, and children's data - in accordance with the DPDP Rules, 2025. DPIAs are reviewed annually and whenever a significant new processing activity is introduced.
25. CHILDREN'S PRIVACY
We do not knowingly process Personal Data of children under 18 without verifiable parental consent under Section 9 of the DPDP Act, 2023. Where a minor uses the App, a parent or guardian must complete the parental consent process. We will not process a minor's data for behavioural monitoring, profiling, or targeted advertising.
26. MARKETING COMMUNICATIONS
We send marketing communications only where you have opted in. You may opt out at any time by unsubscribing from emails, replying STOP to SMS, or adjusting notification preferences in the App. Withdrawal of marketing consent does not affect transactional communications (appointment confirmations, prescription alerts).
27. CHANGES TO THIS AGREEMENT
We may update this Agreement from time to time. For material changes, we will provide at least 30 days' prior notice via in-app notification or email. The updated Agreement will be published at pranik.ai/legal. Your continued use after the notice period constitutes acceptance.
28. CONTACT AND GRIEVANCE REDRESSAL
Company
Pranik Technologies Private Limited
Address
Plot No. 114-116, Gafoornagar, Hyderabad, Telangana - 500018, India
Support
support@pranik.ai
Data Protection Officer
[Name of DPO to be inserted]
DPO Email
dpo@pranik.ai
DPO Response SLA
Acknowledgement within 72 hours; Resolution within 30 days
Escalation
Data Protection Board of India (once constituted under DPDP Act, 2023)
Website
https://pranik.ai
PART 3 - CONSENT NOTICE
Issued under Sections 5 and 6 of the Digital Personal Data Protection Act, 2023
This Part tells you exactly what data we collect and why, and gives you control over optional processing. Required items are needed to use the App. Optional items are your choice - declining them does not affect core features.
We never sell your data. Every piece of data listed below is used only for the purpose stated.
What we do and what data we collect
Your choice
Effect of declining
1. Account Creation and Profile [ REQUIRED ]
Required to create your account and authenticate your identity. Data: full name, date of birth, gender, email, mobile number.
Required to use the App
Can you say No?
No - core service
2. Identity Verification (KYC) [ REQUIRED ]
Required for regulated services. Data: government ID reference (last 4 digits only - full Aadhaar never stored), date of birth.
Required to use the App
Can you say No?
No - core service
3. Health Records and EHR [ REQUIRED ]
Core purpose of the App. Data: medical history, diagnoses, allergies, medications, prescriptions, lab reports, doctor's notes, e-signed prescriptions.
Required to use the App
Can you say No?
No - core service
4. Teleconsultation with a Doctor [ REQUIRED ]
Facilitates video/audio/text consultation with a licensed RMP. Data: pre-consultation SOAP summary, consultation transcript (text only - raw audio deleted after pipeline), doctor's notes, prescription.
Required to use the App
Can you say No?
No - core service
5. PHA Avatar - AI Health Assistant [ OPTIONAL ]
Voice-first AI health companion. Data: voice audio recordings and text interactions with the Avatar (raw audio permanently deleted after anonymization pipeline completes - not retained). Anonymized transcripts may be used for AI improvement. We never sell your data.
☐ I consent
Can you say No?
Yes - no effect on core features
6. Skin Analyser [ OPTIONAL ]
AI analysis of skin photographs for informational dermatological assessment (not diagnostic). Data: photographs and images of skin/body parts you upload. Images anonymized before any AI training use. We never sell your data.
☐ I consent
Can you say No?
Yes - no effect on core features
7. Vitals Collection [ OPTIONAL ]
Manual entry of health measurements (blood pressure, heart rate, weight, etc.). Camera-based real-time measurements - no video stored. Data: vitals measurements; no video recording.
☐ I consent
Can you say No?
Yes - no effect on core features
8. Healthcare Locator [ OPTIONAL ]
Find nearby hospitals, diagnostic centres, and pharmacies. Data: your device location at time of search - used only for proximity search, not stored beyond the session.
☐ I consent
Can you say No?
Yes - no effect on core features
9. Anonymized AI Model Training [ OPTIONAL ]
Improving the PHA Avatar and clinical AI. Data: irreversibly anonymized audio transcripts and text - no personally identifiable information remains. Cannot be traced back to you. We never sell your data. Note: even if you opt out, safety-flagged interactions may still be used for trust and safety purposes only.
☐ I consent
Can you say No?
Yes - no effect on core features
10. Service Notifications [ REQUIRED ]
Appointment confirmations, prescription alerts, and platform updates. Data: name, email, phone number.
Required to use the App
Can you say No?
No - core service
11. Marketing Communications [ OPTIONAL ]
Health tips, new features, and relevant health service offers. Data: name, email, phone number. Opt out at any time.
☐ I consent
Can you say No?
Yes - no effect on core features
Parental Consent (for Users under 18)
If you are registering on behalf of a minor, the parental consent process must be completed before the minor's account is activated. The method of verifiable guardian verification (OTP, Aadhaar-based, or other) is determined at the point of registration. The guardian accepts all applicable consents above on the minor's behalf.
How to Withdraw Consent
You may withdraw consent for any optional processing activity at any time through the App's Privacy Settings (Settings → Privacy → Manage Consents) or by contacting dpo@pranik.ai. Withdrawal does not affect the lawfulness of processing already carried out before withdrawal.
PART 4 - SOFTWARE LICENCE
This Part sets out the terms under which the App software is licensed to you. It covers what you may and may not do with the software itself.
29. SOFTWARE LICENCE TERMS
29.1 Grant of Licence
Subject to your compliance with this Agreement, the Company grants you a limited, non-exclusive, personal, non-transferable, revocable licence to install and use the App on your personal device for personal, non-commercial health purposes.
29.2 App Store Terms
The App is distributed through Google Play Store and Apple App Store. App Store terms govern your download and installation. This Agreement governs your use of the App once installed. Apple Inc. is a third-party beneficiary of this Agreement for use on Apple devices.
29.3 Updates
Updates may be delivered automatically (especially for security patches) or manually. Some updates may be required for continued access. For removal of core features, 30 days' advance notice will be given except where immediate action is required by law or security.
29.4 Termination of Licence
Your licence terminates immediately upon termination of your account or breach of this Agreement. You must delete the App from all your devices upon termination. Sections 7 (IP), 10 (Liability), 11 (Indemnification), and 14 (Governing Law) survive termination.
ACCEPTANCE
I Agree
By tapping "I Agree" or creating an account, you confirm that you have read, understood, and agree to this entire User Agreement - including all four Parts - as of the Effective Date stated on the cover.
This Agreement is effective as of the date published at pranik.ai/legal/user-agreement. Pranik Technologies Private Limited.