Privacy Policy

Last Updated: September 27, 2025

This Privacy Policy ("Policy") describes the manner in which Aayu ("we", "our", "us") collects, uses, processes, stores, discloses, and protects personal data of users ("you", "your") in connection with its application, website, platform, and related services (collectively, the "Services"). By accessing or using the Services, you acknowledge that you have read and understood this Policy and consent to the practices described herein.

This Policy is issued in compliance with applicable data protection frameworks, including the Digital Personal Data Protection Act, 2023 (India) and the Federal Decree-Law No. 45 of 2021 Regarding the Protection of Personal Data (United Arab Emirates), together with any rules or regulations made thereunder.

1. Collection of Personal Data

Aayu may collect and process the following categories of personal data:

  • Identification and account data: including your name, contact number, email address, login credentials, and related information.
  • Sensitive personal data (health data): including medical history, diagnostic results, treatment details, prescriptions, laboratory records, and other health-related information voluntarily uploaded or provided by you.
  • Technical and usage data: including device identifiers, IP address, operating system, browser type, geolocation data (if enabled), and analytics relating to your interaction with the Services.
  • Communication data: including inquiries, feedback, and records of interactions with Aayu for support or service-related purposes.

2. Legal Basis and Consent

Processing of personal data is carried out in accordance with the DPDP Act, the UAE PDPL, and other applicable laws. Aayu may process data based on one or more of the following grounds:

  • Consent: Your explicit, informed consent, particularly for sensitive personal data such as medical records.
  • Contractual necessity: Where processing is required to provide the Services you have requested.
  • Legal obligation: Where processing is required to comply with applicable laws.
  • Legitimate interests: Where processing is necessary for security, fraud prevention, and service improvement, provided such interests are not overridden by your fundamental rights.

Consent, once given, may be withdrawn at any time by contacting us at the details below, without affecting the lawfulness of processing carried out before such withdrawal.

3. Purpose of Processing

Personal data is collected and processed strictly for the following purposes:

  • • Registering, authenticating, and managing your account.
  • • Structuring, securing, storing, and retrieving your medical records.
  • • Enabling authorized access to your data, subject to your consent.
  • • Improving, personalizing, and developing the Services.
  • • Ensuring system security, fraud detection, and misuse prevention.
  • • Providing customer service, communication, and notifications regarding the Services.
  • • Complying with legal, regulatory, or judicial obligations.

4. Retention of Data

Aayu shall retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required under applicable law. Health and medical data shall be retained strictly for the duration required to provide the Services or comply with legal obligations. Upon account deletion or a valid request for erasure, Aayu shall delete or anonymize personal data, except where continued retention is mandated by law.

5. Disclosure and Transfer of Data

Aayu may disclose personal data in limited circumstances, including to:

  • • Third-party service providers engaged for hosting, storage, analytics, communication, or technical support, subject to strict contractual safeguards.
  • • Healthcare professionals or institutions, but only with your explicit consent.
  • • Governmental, regulatory, or judicial authorities, where disclosure is required by applicable law.

Where data is transferred outside India or the United Arab Emirates, Aayu shall ensure that appropriate safeguards, including standard contractual clauses or equivalent measures, are in place to guarantee adequate protection.

6. Security of Processing

Aayu employs appropriate organizational and technical measures to ensure a level of security appropriate to the risk, including encryption in transit and at rest, strict access controls, regular monitoring and audits, and adherence to the principles of privacy by design and privacy by default. Sensitive personal data is processed with enhanced safeguards to protect confidentiality, integrity, and availability.

7. Your Rights

You retain the following rights under applicable laws:

  • • Right to access and obtain a copy of your personal data.
  • • Right to correct inaccurate or incomplete data.
  • • Right to deletion of personal data, subject to legal limitations.
  • • Right to restrict or object to processing in certain circumstances.
  • • Right to withdraw consent at any time, where processing is based on consent.
  • • Right to data portability, where technically feasible.
  • • Right to lodge a complaint with the competent data protection authority in India or the United Arab Emirates.

8. Amendments

Aayu reserves the right to amend or update this Policy at its discretion and at any time. Any material changes will be communicated by appropriate means, including publication on our website or in-app notifications. Continued use of the Services following such changes shall constitute your acceptance of the revised Policy.

9. Contact

For all questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, you may contact Aayu at:

Email: info@DrAayu.com

Phone: +1 (123) 463-2748

Have questions about our Privacy Policy or data practices?

Contact Us