Privacy Policy

1. Who we are

AaliClinic ("we", "us", "our") is a digital women's health platform operated in India. Our AI companion Aali provides health education, myth-busting, and care navigation — not medical diagnosis or treatment.

This Privacy Policy explains how we collect, use, and protect your personal data when you use our website (aali.clinic) and services.

2. What data we collect

Account data (when you sign up): name, email address, age range, preferred language, health interests you choose to share.

Chat data: conversations you have with Aali. Stored only for signed-in users who choose to save their history. Anonymous chats stay in your browser (localStorage) and are never sent to our servers beyond what's needed to generate a response.

Usage data: pages visited, features used, session length — collected in aggregate, never tied to your identity without consent.

Device data: browser type, operating system, IP address — used for security and abuse prevention only.

💡 Anonymous use is always available. You can chat with Aali, read all health content, and use every feature without creating an account. We only store your data when you explicitly sign up.

3. How we use your data

Provide personalised health guidance from Aali based on your saved history
Remember your language preference and health interests across sessions
Send account-related emails (email confirmation, password reset) — no marketing without explicit consent
Improve our AI responses and health content (using anonymised, aggregated data only)
Comply with legal obligations under Indian law

We do not use your data to train AI models, sell advertising, or share with insurance companies.

4. Who we share your data with

We share data only with the sub-processors necessary to run AaliClinic:

Supabase — database and authentication (servers in ap-south-1 / Singapore)
Anthropic — AI responses; your messages are processed to generate replies and are governed by Anthropic's Privacy Policy
Railway / hosting provider — server infrastructure

We never sell your personal data. We only disclose data to third parties outside of sub-processors when required by a valid legal order.

5. Health data — special protections

Health information is sensitive personal data under Section 2(t) of the DPDP Act 2023. We treat it with extra care:

Health interests and chat history are stored only with your explicit, informed consent
You can withdraw consent and delete all health data at any time from your profile settings
Health data is never shared with employers, insurers, advertisers, or government bodies unless compelled by a court order
All health data is encrypted at rest and in transit (TLS 1.2+)

⚕️ Medical disclaimer: Aali provides health education only. Nothing on AaliClinic constitutes medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional for your health concerns.

6. How long we keep your data

Account data: kept while your account is active + 30 days after deletion request
Chat history: kept until you delete individual sessions or your account
Consent audit log: kept for 3 years as required by DPDP Act 2023
Anonymised analytics: kept indefinitely (no personal data)

7. Your rights under DPDP Act 2023

As a Data Principal, you have the following rights (Sections 11–16 of the DPDP Act 2023):

📋

Access

Get a summary of your personal data we hold

✏️

Correction

Correct inaccurate or incomplete data

🗑️

Erasure

Request deletion of all your personal data

🚫

Grievance

Raise a complaint with our Grievance Officer

📤

Portability

Export your data in machine-readable format

👤

Nominee

Designate someone to exercise rights on your behalf

To exercise any of these rights, email [email protected] or use the Account Settings page. We will respond within 72 hours.

8. Cookies & analytics

We use only essential cookies required for authentication (Supabase session token). We do not use third-party advertising cookies.

If we add analytics (e.g. PostHog), we will ask for your consent first and only collect anonymised, aggregated data.

9. Minors (under 18)

AaliClinic is open to users aged 16 and above. Users aged 16–17 must have parental or guardian consent to create an account. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us data, please contact us immediately and we will delete it.

10. Security

We implement industry-standard measures including TLS encryption in transit, AES-256 encryption at rest (via Supabase), Row Level Security (RLS) so you can only access your own data, and regular security reviews. No system is 100% secure — if you suspect a breach, contact us immediately at [email protected].

11. Changes to this policy

We will notify you of material changes via email (if you have an account) or a prominent banner on the site, at least 14 days before changes take effect. Continued use after the effective date constitutes acceptance.

12. Contact & Grievance Officer

🌸 We're here to help

Data Protection / Grievance Officer

AaliClinic

Email: [email protected]

Response time: within 72 hours · Grievance resolution: within 30 days

Contents