Last updated: July 2, 2025
Introduction
Welcome to Curiezon.com (“Curiezon,” “we,” “us,” or “our”). Your privacy is critically important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and health-related data when you visit our website, use our mobile apps, or otherwise interact with our services (collectively, the “Services”). By using our Services, you consent to the practices described below.
Scope
This Policy applies to all personal data we process, including:
- Personal Identifiers: Name, email, phone, address
- Health & Clinical Data: Symptoms, medical history, prescriptions, lab reports
- Usage Data: Browsing activity, cookies, device identifiers, IP address
- Payment Data: Transaction history, billing address, payment method details
Data We Collect
Category
Examples
Source
Account Information
Full name, email, mobile number, password
You during sign-up
Device & Usage
Device model, OS version, IP address, page views
Automatically via cookies
Health Data
Symptom inputs, selfie vitals (HR, SpO₂), e-Prescriptions
You, Integrated providers
Transactions
Booking details, payment amount, escrow status
You, Razorpay/Stripe APIs
Communications
Chat transcripts, support tickets, email correspondence
You, Customer support system
Location Data
Geo-coordinates (if you enable location services)
Your device (optional)
How We Use Your Data
- Service Delivery: Enable symptom triage, booking, tele-consultation, lab scheduling, and post-care alerts.
- Payments & Escrow: Process transactions securely; hold and release funds via escrow.
- Account Management: Authenticate and manage your profile, preferences, and notification settings.
- Personalization & Improvements: Tailor product recommendations, content, and offers; conduct A/B testing.
- Regulatory Compliance: Meet legal and audit requirements under India’s DPDP Act, GDPR, HIPAA (where applicable).
- Marketing & Communications: Send newsletters, promotional offers, and service updates (with your consent).
Legal Bases for Processing
- Consent: For health data, marketing communications, and optional features.
- Contractual Necessity: To fulfill your booking, payment, and service requests.
- Legal Obligation: To comply with financial, healthcare, and data-protection laws.
- Legitimate Interests: For fraud prevention, platform security, and service improvement.
Data Sharing & Disclosure
- Service Providers: Razorpay, Stripe, AWS, Cloudflare, Mixpanel, Sentry—under data-processing agreements.
- Healthcare Partners: Hospitals, labs, pharmacies—only the minimum data needed to deliver care.
- Regulatory Authorities: Where required by law or ordered by a competent court.
- Business Transfers: In the event of a merger, acquisition, or asset sale, with confidentiality safeguards.
- Anonymized Analytics: Aggregated data that cannot be re-identified, used for product and research insights.
Cookies & Tracking Technologies
- Essential Cookies: To authenticate users, manage sessions, and secure the platform.
- Functional Cookies: To remember preferences (language, region) and improve experience.
- Analytics Cookies: Google Analytics, Mixpanel—to understand usage patterns.
- Advertising Cookies: With your opt-in, to deliver tailored offers and measure campaign efficacy.
You can manage cookie settings via your browser or our cookie-consent banner.
Data Security
- Encryption: TLS 1.2+ in transit; AES-256 at rest; KMS-managed keys with automatic rotation.
- Access Controls: RBAC, multi-factor authentication, least-privilege principle.
- Monitoring & Response: IDS/IPS, SIEM, quarterly penetration tests, 24×7 SOC.
- Disaster Recovery: RPO ≤ 1 hr, RTO ≤ 4 hrs, multi-AZ and cross-region backups, regular DR drills.
Data Retention
- Account & Health Data: Retained for as long as your account is active and per legal requirements (min 7 years).
- Transactional Records: 7 years for financial and audit compliance.
- Analytics Data: Aggregated or anonymized after 24 months.
- Deletion Requests: We will delete or anonymize your personal data upon request, subject to legal obligations.
Your Rights & Choices
- Access: Request a copy of your personal data.
- Correction: Ask us to rectify inaccurate or incomplete data.
- Deletion: Request erasure of your personal data.
- Portability: Obtain your data in machine-readable form.
- Restrict Processing: Temporarily suspend use of your data.
- Withdraw Consent: At any time for marketing or non-essential features.
To exercise your rights, contact our DPO at dpo@curiezon.com. We will respond within 30 days.
Children’s Privacy
Our Services are not intended for use by children under 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected such data, please contact us at privacy@curiezon.com for deletion.
International Data Transfers
We may transfer your data to our global cloud providers or partners. All transfers are governed by EU standard contractual clauses or similar mechanisms to ensure adequate protection.
Changes to This Policy
We may update this Privacy Policy as our business evolves or in response to legal changes. We will notify you via email and post a prominent notice on our website. Your continued use of our Services after changes indicates your acceptance of the revised policy.
Contact Information
- Data Protection Officer: hello@curiezon.com
- Privacy Team: hello@curiezon.com
- Phone: +91-9071477477
To exercise your rights, contact our DPO at dpo@curiezon.com. We will respond within 30 days.
