Back to Platform
Prana Health AI.

Privacy Policy.

Prana Health Intelligence Pvt. Ltd. ("Prana Health AI") is committed to protecting your privacy and sovereign health data.

Last Updated: May 4, 2026

1. Introduction & Applicability

This Privacy Policy applies to the use of the Prana Health AI platform, applications, and services operated by Prana Health Intelligence Pvt. Ltd., a company registered under the Companies Act, 2013, with its principal place of business in Pune, Maharashtra, India.

We operate in strict compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), the Digital Personal Data Protection Act, 2023 (DPDP Act), and the guidelines set forth by the Ayushman Bharat Digital Mission (ABDM).

2. Collection of Information

We collect information to provide sovereign, AI-driven health analytics. The data collected falls into the following categories:

  • Personal Identifiable Information (PII): Name, email address, phone number, and demographic data.
  • Sensitive Personal Data or Information (SPDI): Medical history, biometric data, lab reports, physiological conditions, and prescriptions uploaded directly by the user or fetched via ABDM-compliant Health Information Providers (HIPs).
  • Usage Data: IP address, device telemetry, browser type, and interaction metrics on our platform.

3. Sovereign Data Storage & Security

Prana Health AI acts strictly as a Health Information User (HIU) and processor. We do not claim ownership of your health records.

  • Encryption: All SPDI is secured using AES-256 encryption at rest and TLS 1.3 in transit.
  • Data Localization: In compliance with Indian law, all sensitive health data is hosted exclusively on secure, ISO 27001 compliant cloud infrastructure located physically within the borders of India.
  • Zero-Knowledge Architecture: Our AI analysis nodes process data in isolated environments. Human personnel do not have access to unencrypted raw clinical data.

4. Data Sharing & Third Parties

We strictly do not sell or lease your personal health data to third-party data brokers, insurance agencies, or pharmaceutical companies.

We may share data only under the following circumstances:

  • Verified Providers: When you explicitly consent to share your Prana clinical vault with a doctor, lab, or healthcare vendor connected to our ecosystem.
  • Legal Obligation: If legally mandated by an Indian court of law, law enforcement agency, or regulatory body acting under valid jurisdiction.

5. User Rights & Consent (DPDP Act Compliance)

Under the Digital Personal Data Protection Act, 2023, you hold absolute rights over your data:

  • Right to Withdraw Consent: You may revoke access to your data at any time via your Dashboard Settings.
  • Right to Erasure (Right to be Forgotten): You may request permanent deletion of your account and associated clinical vaults. Deletion is executed within 72 hours, excluding data legally required to be retained for audit purposes.
  • Right to Nomination: You can nominate an individual to exercise your data rights in the event of death or incapacity.

6. Grievance Redressal

In compliance with the Information Technology Act, 2000 and SPDI Rules, 2011, we have appointed a Grievance Officer to address your concerns.

Name: The Grievance Officer, Legal

Email: connect@pranahealth.app

Address: Prana Health Intelligence Pvt. Ltd., Pune, Maharashtra, India.

Any grievances will be acknowledged within 24 hours and resolved within 15 days of receipt.