Disclaimer: This Privacy Policy is a concise template informed by the principles of the DPDP Act, 2023. It is NOT legal advice. Data privacy laws are complex and require nuanced interpretation. You MUST consult with a legal professional specializing in Indian privacy law to draft a bespoke Privacy Policy that fully complies with the DPDP Act and any other applicable regulations for your specific operations.
Privacy Policy for TheHealthDairy.com
Effective Date: July 16, 2025
Welcome to TheHealthDairy.com. This Privacy Policy outlines how TheHealthDairy.com (“we,” “us,” or “our,” acting as the Data Fiduciary under the Digital Personal Data Protection Act, 2023) collects, uses, processes, and shares your personal data when you interact with our website, mobile applications, and services (collectively, the “Services”).
We are deeply committed to protecting your privacy and handling your data transparently and securely, in full compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India. By using our Services, you consent to the collection and use of information as described in this policy.
1. Personal Data We Collect
We collect various types of “personal data” (as defined by the DPDP Act) to provide and improve our Services.
1.1. Data You Provide Directly (With Consent): This includes information you voluntarily provide with your free, specific, informed, unconditional, and unambiguous consent:
- Account Information: Name, email, password, gender, date of birth.
- Health & Wellness Data: Activity, nutrition, sleep logs, mood entries, biometric data (e.g., weight, if you choose to provide). Please note: Health data is considered sensitive and collected with particular care and explicit consent.
- Communication Data: Your messages to us (e.g., support requests) or community posts.
- Payment Information: Details for premium subscriptions, processed securely by third-party payment gateways.
1.2. Data Collected Automatically: When you use our Services, we automatically collect certain data for legitimate uses as permitted by the DPDP Act or based on your implied consent through clear affirmative action:
- Usage Data: Pages visited, features used, time spent on the platform.
- Device Information: IP address, browser type, operating system.
- Cookies & Tracking Technologies: Used to enhance your experience, analyze usage, and remember your preferences.
1.3. Data from Third-Parties (With Consent): With your explicit consent, we may receive data from third-party services you connect, such as fitness trackers (e.g., activity, sleep data).
2. How We Process Your Personal Data
We, as the Data Fiduciary, process your personal data only for lawful purposes and where we have obtained your consent, adhering to the principle of purpose limitation.
- Service Provision: To deliver and operate core features like tracking, logging, and personalized insights.
- Personalization: To tailor content, recommendations (e.g., workout plans, meal suggestions) based on your data and goals.
- Service Improvement: To analyze usage, identify trends, and develop new features, while ensuring data minimisation.
- Communication: To send essential service updates and, with your explicit consent, promotional materials.
- Security & Compliance: To detect fraud, ensure security, and fulfill legal obligations, including those under the DPDP Act.
3. Sharing Your Personal Data
We may share your data with third parties under specific circumstances, always in compliance with the DPDP Act.
- With Your Consent: We share data only when you explicitly permit it.
- Service Providers (Data Processors): We engage third-party vendors (e.g., cloud hosting, analytics) who process data strictly on our behalf. We ensure they are contractually obligated to comply with the DPDP Act’s requirements.
- Legal Compliance: We may disclose data if legally required by Indian authorities (e.g., court orders).
- Aggregated/Anonymized Data: We share aggregated or anonymized data (which is not personal data) for research or analysis.
4. Data Security & Retention
Your data security is paramount. We implement reasonable security safeguards to protect your personal data from unauthorized access or breach, including encryption and access controls. In case of a data breach, we will notify the Data Protection Board of India and affected individuals as required by law.
We retain your personal data only as long as necessary to fulfill the stated purposes or as required by Indian law (storage limitation principle). Upon account closure, data will be erased or anonymized unless legal retention is necessary.
5. Your Data Principal Rights
As a “Data Principal” under the DPDP Act, you have important rights:
- Right to Access: Obtain information about your personal data being processed.
- Right to Correction & Erasure: Request correction of inaccurate data or deletion of your data when the purpose is no longer served.
- Right to Grievance Redressal: Seek redressal for any concerns regarding your data processing.
- Right to Nominate: Appoint someone to exercise your rights in case of death or incapacity.
To exercise these rights, please contact us using the details below.
6. Children’s Privacy
Our Services are not for individuals under 18. We do not knowingly collect personal data from children. If a parent/guardian becomes aware of such collection, please contact us immediately.
7. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements, particularly those related to the DPDP Act. We will notify you of significant changes.
8. Contact Us
For any questions about this Privacy Policy or your personal data, please contact our Grievance Officer:
Through our website: [Link to your Contact Us page]
By email: ashishsgnvgrd@gmail.com
