1. Introduction and Scope

Welcome to LivSync, a digital wellness platform operated by Livness Health Care. We are deeply committed to protecting the privacy and sanctity of your personal health information. This Privacy Policy serves as a comprehensive guide on how we collect, process, manage, store, and safeguard your data when you interact with the LivSync mobile application and our official website.

LivSync is meticulously designed for the Indian market and is built to comply with the Digital Personal Data Protection Act (DPDP Act) 2023, the Information Technology Act, 2000, and global best practices for mobile health data privacy.

2. Data Fiduciary and Grievance Redressal

Under the DPDP Act 2023, Livness Health Care acts as the Data Fiduciary. We have appointed a dedicated Grievance Officer to ensure your data rights are respected and to address any concerns regarding the processing of your personal information.

3. Information We Collect

To provide accurate health tracking, trend visualizations, and a secure user experience, we collect the following categories of data:

• Personal Identity Data: Legal name, date of birth (used to calculate age-appropriate health benchmarks), and gender.
• Contact Information: Mobile phone number and email address, primarily used for secure account verification (OTP) and critical service notifications.
• Sensitive Personal Data (Health Logs): Blood Glucose levels, Blood Pressure (BP) readings, Body Height, and Body Weight.
• Technical & Device Data: IP address, unique device identifiers (UUID), operating system version, and application performance logs to ensure stability and prevent unauthorized access.
• Payment Metadata: For users on paid tiers, we facilitate transactions via RBI-authorized third-party payment aggregators. LivSync does not store or process your sensitive financial data such as credit card numbers, CVVs, or UPI PINs.

4. Legal Basis and Purpose of Processing

We process your digital personal data strictly based on your explicit, informed, and unambiguous consent.

• Primary Purpose: The data is used solely to provide wellness visualizations, historical trend analysis, and health logging for your personal reference.
• Purpose Limitation: We do not use automated algorithms to “read” or analyze your health logs for the purpose of serving targeted advertisements or making commercial suggestions.
• Consent Withdrawal: You may withdraw your consent at any time via the application settings, which will lead to the immediate cessation of data processing and the deletion of your account.

5. Data Security and Safeguards

We implement “Security by Design” to ensure your health information remains strictly confidential:

• Encryption in Transit: All data moving between your mobile device and our servers is shielded using TLS 1.3 protocols.
• Encryption at Rest: Your data is stored on secure, siloed servers using AES-256 industrial-grade encryption.
• Access Control: We employ strict Role-Based Access Control (RBAC). No employee or third party has access to your raw health logs without a documented technical necessity and your specific, time-bound authorization.

6. Data Residency and Cross-Border Flow

• Health Data Residency: In compliance with local data sovereignty preferences, all sensitive health logs (Glucose, BP, Height, Weight) are stored exclusively on secure servers located within the territory of India (Mumbai Region).
• Authentication Metadata: We utilize Firebase Authentication for secure account management. Please note that basic account metadata (email/phone number) may be processed in global data centers to facilitate secure, low-latency logins. By using LivSync, you provide consent for this limited cross-border flow required for authentication purposes only.

7. Your Rights (Data Principal Rights)

Under the DPDP Act 2023, you hold the following rights over your data:

• Right to Access: You can request a summary of the personal data we hold and the processing activities undertaken.
• Right to Correction: You have the provision to update or correct any inaccurate data entry at any time.
• Right to Erasure (Right to Delete): You can delete individual log entries or your entire account through the app settings.
• The “No-Trace” Commitment: Upon account deletion, all personal and health data is purged from our active production databases immediately. Encrypted backups maintained for disaster recovery are permanently overwritten within a 30-day cycle, ensuring no digital residue remains.

8. Medical Disclaimer

LivSync is a wellness tracking application and is NOT a medical device. The insights, charts, and data provided are for informational and self-monitoring purposes only. This application does not diagnose, treat, or cure any medical condition. Always seek the advice of a qualified healthcare professional (such as Dr. Hima or your primary physician) before making any changes to your medication, diet, or lifestyle.

9. Children’s Privacy

LivSync is not intended for unsupervised use by individuals under the age of 18. We do not knowingly collect or process the data of minors without the verifiable consent of a parent or legal guardian.

10. Data Retention and Deletion

We retain your information only for the duration that your account is active. If an account remains inactive for a period exceeding two years (or as otherwise required by law), we will undertake a permanent deletion of all associated data unless a specific request for retention is received.

11. Cookies and Tracking

We do not use third-party marketing or tracking cookies. We use essential local storage tokens to maintain your login session and ensure application stability. These are strictly necessary for the technical operation of the service.