🏥 Privacy Policy for 1Heart App
Effective Date: November 24, 2025
Next Review Date: November 24 2026
Policy Version: 1.1
Applies to App Version: 6.0 (Play Store release November 2025)
Company: Rootlynk Technology Private Limited
📌 Summary: This policy explains how 1Heart (operated by Rootlynk) collects, uses, stores,
and protects personal, medical, and fitness data in compliance with India’s Digital
Personal Data Protection (DPDP) Act, 2023 and Google Play requirements. By using 1Heart,
you consent to these practices.
———
## 📋 Table of Contents
1. Who We Are (#1--who-we-are)
2. Data We Collect (#2--data-we-collect)
3. How We Use Your Data (#3--how-we-use-your-data)
4. Third-Party Services (#4--third-party-services)
5. Data Security (#5--data-security)
6. Data Breach Response (#6--data-breach-response)
7. Data Retention (#7--data-retention)
8. Your DPDP Rights (#8--your-dpdp-rights)
9. Account Deletion & Anonymization (#9--account-deletion--data-anonymization)
10. Children’s Privacy (#10--childrens-privacy-under-18-years)
11. Cross-Border Data Transfer (#11--cross-border-data-transfer)
12. Legal Basis Reference Table (#12--dpdp-legal-basis-reference)
13. Third-Party Health Integrations (#13--third-party-health-integrations)
14. Policy Updates (#14--privacy-policy-updates)
15. Contact & Grievance Redressal (#15--contact--grievance-redressal)
———
## 1. 👥 Who We Are
- Data Fiduciary / Controller: Rootlynk Technology Private Limited
- Registered Address: 16-9-1435, A S Reddy Nagar, Warangal, Telangana, India
- Application: 1Heart – Free Cardiology Hospital Management & Patient Care System
- Service: Electronic medical records and patient-care coordination for cardiac hospitals
serving Patients and Users.
Rootlynk acts as the Data Fiduciary (Controller) for patient data processed directly in
the 1Heart app and as a Data Processor on behalf of participating hospitals/clinics that
onboard their patients.
———
## 2. 📊 Data We Collect
### 2.1 Personal Information
| Category | Examples | Legal Basis |
| --- | --- | --- |
| Personal Identifiers | Name, phone, date of birth, address, optional ID card scan | User
Consent |
| Medical Records | Vitals, diagnoses, prescriptions, ECG, nursing notes | Legitimate
Purpose – Healthcare |
| Authentication Data | Phone OTP, Google Sign-In credentials | Service Provision |
| Financial Data | Voluntary payments, medication costs, donations | Billing & Accounting
Obligations |
| AI Chat History | Health questions, symptoms, AI responses, uploaded reports | User
Consent |
| Device & Usage Info | Device model, OS, IP, analytics, crash logs | Service Improvement |
### 2.2 Sensitive Personal Data
- Medical history, treatment notes, vitals
- ID card (if Uploaded)
- Financial transactions and billing records
Camera/Photo Library Access: Only when you upload profile images, ID card scans, ECGs, or
reports. Permissions are optional and revocable via device settings.
### 2.3 Activity & Fitness Data (Step Tracker)
- Data Collected: Daily steps, distance, calories (if provided by the platform)
- Source: Google Fit (Android) or Apple HealthKit (iOS), accessed only after explicit user
consent
- Usage: Display activity summaries for you and authorized staff to support cardiac rehab
and lifestyle tracking
- Legal Basis: User Consent + Legitimate Purpose (Health Monitoring)
- Retention: 1 year from collection or until account deletion (whichever comes first)
"The app does not write or modify data in Google Fit or Apple HealthKit; it only reads your activity metrics after you give consent."
"The app may access your device's built-in step counter to record daily activity without connecting Google Fit or Apple Health."
### 2.4 Reproductive Health Data (Period Tracking)
⚠️ HIGHLY SENSITIVE DATA – Extra protections apply
- Data Collected: Menstrual cycle dates, flow intensity (light/medium/heavy), symptoms (cramping, mood changes, etc.), notes
- Purpose: Help you track your reproductive health and menstrual cycle patterns for cardiac health monitoring (hormonal factors can affect heart health)
- Legal Basis: Explicit User Consent (DPDP Act – Sensitive Personal Data category)
- Storage: Encrypted Firestore database in India (Mumbai region)
- Retention: Until you delete it manually OR when you delete your account
- Third-Party Sharing: NONE – We never sell or share reproductive health data with third parties
#### Who Can View Your Period Data?
BY DEFAULT, your period tracking data is PRIVATE and only visible to you.
OPTIONAL STAFF ACCESS:
- You can choose to share your period data with authorized clinic staff (doctors, nurses) for comprehensive cardiac care
- This is OPTIONAL and requires explicit consent
- You can REVOKE staff access at any time from Settings → Privacy & Consent → Period Tracking
- When you revoke access, staff immediately lose ability to view your period data
#### Your Control & Rights:
✅ You can DELETE all period data anytime from the Period Tracker screen
✅ You can STOP tracking periods without deleting existing data
✅ You can REVOKE staff access without deleting data (keep it private)
✅ You can EXPORT your period data as PDF for personal records
#### Why We Offer This Feature:
Cardiovascular health research shows hormonal cycles can affect heart health. Tracking periods helps our cardiac care team provide better personalized care when you choose to share this data.
#### Compliance Certifications:
- Google Play Sensitive Health Data Policy: Compliant
- India DPDP Act Section 9 (Sensitive Personal Data): Compliant
- HIPAA Reproductive Health Standards: Equivalent compliance
- Post-Roe v Wade Data Protection: Enhanced privacy safeguards
"Your reproductive health data is stored separately with additional encryption layers and access controls."
———
## 3. 🎯 How We Use Your Data
### Healthcare & Treatment
- Maintain EMR for comprehensive patient history
- Log nursing activities and medications
- Alert doctors to critical conditions
- Generate patient journey timelines
- NEW: Monitor daily physical activity (steps, distance) to assist with cardiac
rehabilitation
### AI-Powered Assistance
- Provide AI chat guidance (OpenRouter models)
- Analyze uploaded scans via Google Cloud Vision OCR
- Produce anonymized summaries for staff (auto-purged after 24 hrs)
- AI Transparency: AI recommendations are advisory only and do not constitute diagnosis
or treatment
### Service Administration
- Authenticate users, manage roles/permissions
- Process clinic onboarding, staff approvals
- Manage team assignments and camp rosters
### Communication
- Send push notifications for critical alerts via Firebase Cloud Messaging (FCM)
- Notify staff of approvals, corrections, or escalations
- Optional SMS notifications for family (when requested)
### Financial & Compliance
- Track voluntary payments and donations
- Generate financial reports for admins
- Maintain audit trails for DPDP compliance
### Analytics & Improvement
- Monitor performance, crashes, usage
- Produce anonymized statistics for donors
- NEW: Aggregate step-tracking trends (anonymized) to improve health programs
———
## 4. 🔗 Third-Party Services
| Service | Purpose | Data Shared | Location |
| --- | --- | --- | --- |
| Firebase (Firestore, Auth, Storage) | Database, auth, files, analytics | All application
data | India (Mumbai – asia-south1) |
| Firebase Cloud Messaging (FCM) | Push notifications for alerts | Device token +
notification payload (no medical content) | Google global servers |
| Cloud Scheduler (Google) | Automated jobs (e.g., weekly AI counter reset) | Metadata only
| India (asia-south1) |
| OpenRouter (AI Chat) | AI health assistant | Chat prompts, anonymized context | USA (SCCs
applied) |
| Google Cloud Vision | OCR (ID Card, ECG, reports) | Uploaded images | India (Mumbai) |
| Firebase Crashlytics | Crash/error logging | Device info, logs (no medical data) | Google
global servers |
User-Initiated Sharing: Exported reports you send via WhatsApp/email fall under those
services’ policies.
———
## 5. 🔒 Data Security
- Encryption in Transit & At Rest: HTTPS/TLS + AES-256
- Firebase Auth: Secure OTP and Google Sign-In with MFA support
- Role-Based Access Control: granular permissions
- Multi-Tenancy: Clinic data separated by clinicId
- Operational Safeguards: Staff approval workflow, immutable nursing logs after 30 minutes,
alert acknowledgments
### App Check Verification
1Heart is rolling out Firebase App Check (from Q4 2025) to ensure only legitimate,
untampered app builds access backend services. Enforcement will progressively cover
Android, iOS, and web clients.
Play Store Data Safety Update (when enforced): Once App Check is fully deployed across all clients, our Google Play Data Safety form will include the new “App Integrity” flag to confirm that only verified builds can access backend services.
### Activity Data Protection
Google Fit / Apple Health tokens use secure OAuth. Step data is encrypted at rest; you can
revoke access via Google Fit or Apple Health settings at any time.
———
## 6. 🚨 Data Breach Response
If a data breach occurs, Rootlynk will:
- Notify affected users and the Data Protection Board of India within 72 hours (DPDP
Section 8)
- Inform you via in-app + email notices about corrective actions
- Provide remediation guidance and mitigate exposure
———
## 7. ⏳ Data Retention
| Data Type | Retention | Legal Basis |
| --- | --- | --- |
| Medical Records | 3 years from last visit | Indian Medical Council Act |
| Financial Records | 7 years | Income Tax Act |
| AI Chat Logs | Until deletion (or 3 years if anonymized) | Service Improvement |
| Usage Analytics | 2 years | Service Improvement |
| Audit Trails | 3 years | DPDP compliance |
| Activity/Fitness Data | 1 year or account deletion | User Consent |
| Reproductive Health Data (Period Tracking) | Until manual deletion or account deletion (IMMEDIATE purge) | Explicit User Consent |
Expired data is permanently deleted and unrecoverable.
———
## 8. ✊ Your DPDP Rights
1. Access: Receive a copy of your data within 30 days
2. Correction: Update profile info; medical corrections via staff workflow
3. Erasure: Delete account anytime (see Section 9)
4. Data Portability: Export medical PDFs & financial XLSX reports
5. Grievance Redressal: File complaints via our DPO
6. Nomination: Assign someone to exercise your rights if needed
———
## 9. 🗑️ Account Deletion & Data Anonymization
How: Settings → Account → “Delete My Account” → Confirm
Immediate:
- Personal identifiers anonymized (e.g., "Patient-DELETED-XXXX")
- Firebase Auth account removed
- Step-tracking data deleted and unrecoverable
- Period tracking data (reproductive health) deleted IMMEDIATELY and permanently
- App access revoked immediately
Retained (Legal Minimum):
- Anonymized medical + financial records kept for statutory periods (no identifiers)
- Required for audits and regulators only
Final: All retained data is deleted after statutory retention lapses.
Alternative: Update profile fields without deleting your account.
“When you delete your account, connected fitness integrations (Google Fit / Apple Health) are automatically disconnected, and all synced activity data in our servers is deleted.”
———
## 10. 👶 Children’s Privacy (Under 18 Years)
- Parental/guardian consent is required only when a minor registers directly in-app
- Clinics adding minors through staff workflows must gather and log consent offline
- Parents can exercise all DPDP rights on behalf of the child
———
## 11. 🌍 Cross-Border Data Transfer
- Primary Storage: India (Firebase Mumbai region)
- AI Processing: OpenRouter (USA) used only when you engage AI chat
- Safeguards: Standard Contractual Clauses, encryption, pseudonymization, data minimization
- Crashlytics may process device logs globally (no medical data included)
We transfer data across borders only for AI features; standard medical record usage stays
within India.
———
## 12. 📜 DPDP Legal Basis Reference
| Purpose | Legal Basis |
| --- | --- |
| Medical Care & Treatment | Legitimate Purpose – Healthcare Service |
| Activity & Step Tracking | User Consent + Legitimate Purpose (Health Monitoring) |
| Reproductive Health Data (Period Tracking) | Explicit User Consent – Sensitive Personal Data (DPDP Section 9) |
| AI Chat & OCR | User Consent |
| Financial/Billing | Legal Obligation (Income Tax Act) |
| Usage Analytics | Legitimate Purpose – Service Improvement |
| Push Notifications | Legitimate Purpose – Healthcare Alerts |
———
## 13. 🏃 Third-Party Health Integrations
| Integration | Purpose | Data Shared | Storage |
| --- | --- | --- | --- |
| Google Fit (Android) | Import steps/activity with consent | Steps, distance, calories |
Encrypted Firestore (user-scoped) |
| Apple HealthKit (iOS) | Same as above | Steps, distance | Encrypted Firestore |
- Access is opt-in and can be revoked anytime
- Revoking access stops new data sync but does not delete existing records (delete account
to purge)
———
## 14. 🔄 Privacy Policy Updates
We may update this policy to reflect new features, legal changes, or third-party services.
- Major changes: In-app modal requesting re-consent
- Minor updates: Banner with “View Changes” link
- “Last Updated” date reflects the latest revision; continued use signifies acceptance
———
## 15. 📞 Contact & Grievance Redressal
General Support
- Email: support@rootlynk.com
- Phone: +91-6305267118 (Mon–Sat, 9 AM–6 PM IST)
- Website: https://rootlynk.com
Data Requests (Access / Correction / Deletion)
- Email: contact@rootlynk.com
- Response Time: ≤30 days (DPDP requirement)
Grievance Officer (DPDP Section 13)
- Name: Data Protection Officer, Rootlynk Technology Private Limited
- Email: contact@rootlynk.com
- Address: 16-9-1435, A S Reddy Nagar, Warangal, Telangana, India
- Response Time: 30 days
- Grievance Officer Registration ID: to be added post DPDP Board registration
© 2025 Rootlynk Technology Private Limited. All rights reserved. 1Heart is built to empower
cardiac hospitals across India.
———