Legal

Privacy Policy

Live Gracious: Women's Health & Wellness Platform
Last Updated: 13-Jan-2026

This Privacy Policy is issued by LVGR Wellness Private Limited, a company incorporated under the Companies Act, 2013, having its registered office at Nagpur, Maharashtra.

1. Introduction

This Privacy Policy explains how Live Gracious collects, uses, processes, stores, and protects personal and sensitive personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and applicable Indian laws.

2. Scope

This Policy applies to all users of the Platform, including Patients and Healthcare Providers, and covers all personal and medical data processed through the Platform.

3. Legal Basis For Data Processing

For Patients, Live Gracious acts as a Data Fiduciary for platform operations.
For Doctors, Live Gracious acts as a Data Processor processing data strictly on documented instructions.
Data is processed based on consent, legal obligation, and lawful purposes permitted under DPDP Act, 2023.

4. Information We Collect

Personal details, contact information, health records, professional details of doctors and patients, technical and usage data.
Government-issued identity proof may be collected only where legally required and with explicit consent.

5. Use Of Your Information

5.1 Primary Purposes

Healthcare service delivery: facilitating consultations, treatment planning, and prescription management.
Appointment management: scheduling, reminders, and follow-up coordination.
Communication: secure messaging between patients and healthcare providers.
Medical record management: storage, retrieval, and sharing of medical information.
Use of practice-level data for doctors: Live Gracious may analyze aggregated and anonymized practice-level data to improve workflows, operational efficiency, and care quality. Such data will not be used for ranking, penalizing, or causing commercial disadvantage to healthcare providers.
Community features: discussion forums and health education content.
Community participation is optional. Users may choose pseudonyms. Community content is moderated and is not a substitute for professional medical advice.

5.2 Secondary Purposes

Platform improvement: analytics, feature development, and user experience enhancement.
Security: fraud prevention, account protection, and compliance monitoring.
Legal compliance: medical record maintenance and regulatory reporting.
Marketing: health education content and platform updates (with consent).
Personalized insights and recommendations for patients may be generated from health data. These are assistive, do not constitute automated medical decision-making, and do not replace professional medical advice. Users may opt out from settings in the application.

6. AI & Analytics

Anonymized and aggregated data may be used to improve platform services.
No automated medical decision-making with legal or clinical effect is carried out.

7. Data Sharing And Disclosure

Data is shared only with authorized parties and as required by law. Live Gracious does not sell or commercially trade personal or medical data.

Authorized Sharing

Authorized healthcare providers.
Service vendors under contract.
Authorities where required by law.

Service Providers

Payment processing (PCI DSS compliant).
Cloud storage services (ISO 27001 certified).
Communication services (end-to-end encrypted).
Technical support and maintenance.

8. Data Security Measures

Reasonable, industry-standard technical and administrative safeguards are implemented to protect data.

Encryption: end-to-end encryption for medical communications.
Data transmission: TLS 1.3 encryption for data in transit.
Data storage: AES-256 encryption for data at rest.
Access controls: multi-factor authentication and role-based access.
Network security: firewalls, intrusion detection systems, and regular security audits.

9. Data Retention

Data is retained only for the duration necessary to fulfill lawful purposes or as required by law.

10. User Rights

Users may access, correct, delete data, withdraw consent, and request portability, subject to legal obligations.

11. Cookies And Tracking Technologies

11.1 Types Of Cookies

Essential cookies: required for Platform functionality.
Performance cookies: anonymous analytics and performance monitoring.
Functional cookies: user preferences and settings.
Targeting cookies: personalized content (only with consent).

11.2 Cookie Management

Browser settings and preferences.
Platform cookie management tools.
Opt-out mechanisms for non-essential cookies.

12. Third-Party Integrations

12.1 Payment Processors

Razorpay / Paytm / other RBI-approved payment gateways.
PCI DSS compliance for payment security.
Minimal data sharing for transaction processing.

12.2 Communication Services

SMS gateway providers for appointment reminders.
Email service providers for notifications.
Video calling services for telemedicine consultations.

12.3 Analytics Services

Anonymous usage analytics for platform improvement.
No personal or medical data shared with analytics providers.
Aggregated, de-identified data only.

13. Children's Privacy

13.1 Age Restrictions

Platform usage is primarily designed for users 18 years and older.
Minors may use the Platform under parental/guardian supervision subject to necessary approvals.

14. Data Storage

User data is stored on servers hosted in the India region.

15. Data Breach Notification

15.1 Incident Response

Immediate containment and assessment of data breaches as per company policy.
Notification to relevant authorities within defined timeframes.
User notification for high-risk breaches.
Remedial actions and prevention measures.

15.2 User Notification

Users will be notified of data breaches involving:

Medical information exposure.
Identity theft risks.
Unauthorized access to accounts.
Any breach requiring immediate action.

16. Compliance And Governance

16.1 Regulatory Compliance

Digital Personal Data Protection Act, 2023.
Information Technology Act, 2000.
Medical Council of India guidelines.
Telemedicine Practice Guidelines, 2020.
Clinical Establishments Acts (state-specific).

16.2 Data Protection Officer

Designated Data Protection Officer for privacy matters.
Contact information provided for privacy-related queries.
Regular privacy impact assessments.
Compliance monitoring and reporting.

17. Updates To This Policy

17.1 Policy Changes

Material changes communicated in advance.
Email notifications to registered users.
Platform notifications for significant updates.
Version control and change history maintained.

17.2 Continued Use

Continued use of the Platform after policy updates constitutes acceptance of changes.

18. Contact Information

18.1 Privacy Officer Contact

Email: privacy@[platform-domain].com
Phone: [phone number]
Address: [complete address including PIN code]
Data Protection Officer: [name and contact details]

18.2 Grievance Redressal

Grievance Officer: __________________________
Email: grievances@[platform-domain].com
Response time: within 30 days.

19. Definitions

Personal Data: any information relating to an identified or identifiable individual.
Sensitive Personal Data: medical information, biometric data, financial information.
Processing: any operation performed on personal data.
Data Principal: individual to whom personal data relates.
Data Fiduciary: entity determining purpose and means of processing personal data.
Anonymized and De-identified Data: data processed so that individuals cannot be identified by Live Gracious or any third party using reasonable technical means. Live Gracious does not attempt to re-identify anonymized datasets.

20. Effective Date

This Privacy Policy is effective from 13-Jan-2026 and supersedes all previous versions.

By using our Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.