Privacy Policy for Dhanvantari AI Lab Private Limited

Last updated: May 21, 2026

1. Introduction

Welcome to Dhanvantari AI Lab Private Limited. We offer mobile applications (including our iOS and Android apps), related websites, and cloud services that help you manage your nutrition, track your vitals, monitor well-being, and receive personalized AI-driven health insights.

This Privacy Policy explains how Dhanvantari AI Lab Private Limited ("we", "us", or "our") collects, uses, and protects your information when you use our apps, websites, and services.

By using Dhanvantari AI Lab Private Limited, you agree to the collection and use of information in accordance with this policy.

2. Website visitors, cookies, and analytics

When you visit our public websites (including zivohealth.ai and this privacy policy page), we may set cookies and use similar technologies, and we may load third-party analytics. In particular, we use Google Analytics (Google Tag Manager / gtag) to understand aggregated site usage (for example which pages are viewed and general traffic patterns). This does not read your Dhanvantari AI Lab Private Limited account or health data from our apps; it is standard website measurement.

Mobile apps are separate: Product analytics in the iOS and Android apps (such as Firebase Analytics where enabled) is described in section 3 (Automatically collected data). The website and the apps use different systems for different purposes.

You can control cookies and some analytics through your browser or device settings. Depending on your region, industry opt-out tools for advertising or analytics may also be available; website analytics here are not used to sell your personal health data for advertising as described in this policy.

3. Information I Collect

A. Information You Provide

When using Dhanvantari AI Lab Private Limited, you may voluntarily provide:

Profile information: name, gender, age, height, and weight.
Nutrition logs: meals, portions, calories, and macro/micronutrients.
Vitals and wellness data: heart rate, sleep, steps, SpO₂ (oxygen saturation), blood sugar (glucose), blood pressure, and body weight.
Mood and emotional state: self-logged wellness or symptoms.
Prescriptions: medication names, dosages, and schedules.
Appointments and AI chats: interactions with your nutritionist or AI coach.
Contact details: email or phone number for support or inquiries.

All data is collected only with your explicit consent and used solely for wellness and personalization.

B. Apple Health (HealthKit) Data (iOS)

If you connect Apple Health (HealthKit), Dhanvantari AI Lab Private Limited requests read access only to the health types needed for the features you use. The categories available can vary by iOS version and device; we request access solely to support vitals, activity, and sleep features in the app.

Depending on your device, permissions, and iOS, data we may read from HealthKit includes:

Heart rate, resting heart rate, and heart rate variability (HRV)
Step count, active energy burned (calories), Apple Stand Time, and flights climbed
Workouts and exercise sessions
Sleep (sleep analysis)
Body mass (weight) and body temperature
Blood pressure (systolic and diastolic), blood glucose, and oxygen saturation (SpO₂)

You may also enter SpO₂ manually or load it from other account sources; when Apple Health is connected, we can read SpO₂ samples written to Health (for example from Apple Watch or compatible devices).

HealthKit data handling principles:

Data is used only to display insights, generate recommendations, and track progress.
Health data is synced to our secure cloud servers and encrypted end-to-end during transmission and storage.
Health data is never sold, shared, or used for marketing or advertising. We strictly prohibit the use of Apple Health (HealthKit) data for advertising or marketing. Your HealthKit data will never be used for advertising purposes and will never be sold, rented, or shared with data brokers, ad networks, or third-party marketing agencies.
You can revoke access anytime by going to Profile → Connected devices in the app, or through iOS Settings → Health → Data Access & Devices.

Dhanvantari AI Lab Private Limited fully complies with Apple's HealthKit and App Store privacy guidelines.

C. Google Health Connect (Android)

If you connect Health Connect on a supported Android device, Dhanvantari AI Lab Private Limited may read health and fitness data that you authorize, such as:

Heart rate, blood pressure, blood glucose, body temperature
Weight, steps, sleep

Health Connect data handling principles:

Data is used only to display insights, generate recommendations, sync vitals to your account, and track progress.
Health data may be synced to our secure cloud servers and is protected in transit using encryption (for example, HTTPS/TLS).
Health data accessed via Health Connect is not sold and is not used for third-party advertising or marketing. We strictly prohibit the use of Google Health Connect data for advertising or marketing. Your Health Connect data will never be used for advertising purposes and will never be sold, rented, or shared with data brokers, ad networks, or third-party marketing agencies.
You can revoke or adjust access anytime in Android Settings → Health Connect → App permissions, or through Connected devices / vitals settings in the app where available.

Access to Health Connect is optional and only occurs after you grant permissions on your device.

D. Device permissions and on-device features

Depending on your device and the features you use, Dhanvantari AI Lab Private Limited may request access to:

Camera and photos: to log meals, upload documents or images you choose, or join video sessions.
Microphone: for video calls or voice features when you use them.
Notifications: to send reminders and account or health-related alerts you opt into.
Biometrics (for example Face ID / fingerprint): only for optional app unlock on your device; biometric data stays on your device and is not transmitted to us as a biometric template.
Location (approximate or precise): only when needed for a feature you use (for example certain payment or browser-based flows inside the app) and only if you grant permission on your device.
Phone or network-related signals: limited information may be used by integrated SDKs (for example for payment processing, connectivity, fraud prevention, or video stability). We do not use this to sell your data.

You can deny any optional permission; core app availability may vary if a permission is required for a specific feature.

E. Automatically Collected Data

To improve app performance and experience, Dhanvantari AI Lab Private Limited may collect:

Device information (for example model, operating system version, language, region, app version).
Crash logs and diagnostics (for example via Apple or Google reporting tools, or Firebase Crashlytics where enabled).
Product analytics and feature usage metrics (for example session or screen flows) via services such as Firebase Analytics, used to understand reliability and usage—not for selling your personal health data for advertising.
On iOS, we do not use the advertising identifier (IDFA) for advertising. On Android, analytics may use app-instance or device-scoped identifiers as described by Google Firebase for measurement; we do not sell personal health data to third parties for their marketing.

4. How Your Data Is Used

Your data helps Dhanvantari AI Lab Private Limited:

Display your personalized nutrition and wellness dashboard.
Generate your Health Score based on vitals and logs.
Provide AI-based nutrition and lifestyle recommendations.
Track long-term trends like blood sugar stability or oxygen variation.
Manage nutritionist appointments and chat interactions.
Enhance app performance and reliability.

Dhanvantari AI Lab Private Limited does not sell or share your data for advertising or marketing purposes.

Third-party generative AI: Uses that depend on external AI APIs are described in Section 6 — Third-party generative AI services (what may be sent, to whom, and how permission works). Health-related information we send to AI vendors is covered by the same advertising, marketing, and use‑based mining restrictions as other health-related vendor sharing.

5. Data Security and Storage

All user data, including health and Vault data, is strictly protected using industry-leading security measures. Your data is encrypted at rest using the AES-256 encryption standard and is encrypted in transit using TLS 1.3 protocols to ensure secure communication between the app and our secure cloud servers.

Data is securely stored using platform secure storage (for example Apple Keychain on iOS, Android Keystore where applicable), on-device storage, and encrypted cloud databases (for example Firebase, AWS).
Documents you upload (for example prescriptions, lab reports, and scans) are stored in an encrypted Vault on AWS S3 with key controls.
Data transmissions between the app and our servers use HTTPS/TLS. Do not use the app on untrusted networks if you are concerned about network interception.
Health data you choose to sync (including from HealthKit or Health Connect) is processed on our secure cloud servers with access controls; we use industry-standard protections in transit and at rest.
Only authorized systems and app functions can access your information for the purposes described in this policy.

Despite these protections, no method is completely immune to breaches, and you use the app at your own discretion.

6. Data Sharing

Dhanvantari AI Lab Private Limited may share limited data only:

With trusted service providers and subprocessors who assist us with hosting, authentication, analytics, push notifications, email or SMS, video communication, payment processing, customer support, or security—for example Google (Firebase, Sign-In), cloud infrastructure providers, Apple and Google (for in-app subscriptions and wallet purchases), Razorpay (for doctor consultation fees at appointment booking only—not for subscriptions or wallet top-ups on iOS), and communication providers (such as Twilio for video or messaging features). See Section 7 — Payments, subscriptions, and wallet for how each payment type is handled. They may only use data to provide services to us and must protect it consistent with this policy and applicable law.
When required by law, subpoena, or regulatory authority.
To prevent fraud or abuse of the service.

We do not sell your personal information. We do not share health, SpO₂, or blood sugar data with data brokers for marketing or unrelated profiling.

Health-related data and third-party vendors (including AI)

Scope: “Health-related information” includes any information you provide or we process in connection with wellness, nutrition, vitals, medications, labs, prescriptions, pharmacy or medication-purchase information you log, clinical documents, appointments, consultations, or similar features—including text, images, structured health fields, and conversation content that reflects your health or care.

When we share health-related information with service providers and subprocessors (including generative AI vendors named below), we do so only to operate the specific features you use and as described in this policy and our agreements with those vendors.

Restrictions we require (including for AI vendors): We do not permit health-related information we send to those vendors to be used for third‑party advertising, for marketing their or others’ products or services (beyond what is necessary to provide the contracted service to us), or for use‑based data mining for advertising or marketing. Health-related inputs and outputs are processed to deliver AI-assisted functionality to you (and, where applicable, to clinicians you engage through the Platform)—not to build advertising profiles, sell data for marketing, or train public consumer models as described in our vendor commitments below.

This is in addition to our general statement that we do not sell your personal information and do not use HealthKit or Health Connect data for advertising, as stated elsewhere in this policy.

Third-party generative AI services

Certain features use cloud-based generative AI (large language and related models) operated by third-party vendors we engage as processors. Depending on how a feature is built and configured in production, those vendors may include:

OpenAI (for example for chat-style assistance, structured extraction, or vision-capable models where we configure OpenAI).
Anthropic (for example where we configure Claude-family models through Anthropic’s API).
Amazon Web Services (AWS) — Amazon Bedrock, which invokes foundation models from AWS or from model providers AWS makes available through Bedrock (the exact model provider depends on our selected Bedrock configuration).

How data is collected and sent: You provide information in the app (typing, uploads, syncing health data, etc.) as described in Section 3. That information is transmitted to Dhanvantari AI Lab Private Limited’s servers using encryption in transit (for example HTTPS/TLS). If you use a feature that relies on third-party generative AI, relevant content is included in server-to-server API requests from Dhanvantari AI Lab Private Limited to those vendors, also using encryption in transit, solely to return results to you (or to your authorized clinician flows, where applicable).

In-app permission: Before we use those third-party generative AI APIs for gated patient features, the app asks for a separate, affirmative choice (for example “Enable AI insights”). If you decline, AI features that depend on those APIs remain off; the rest of the app can still be used where other functionality does not require that processing.

Categories of information that may be included in requests to those vendors, depending on which feature you use, include (without limitation):

Profile and account details you have provided—such as name, email or phone on your profile when relevant to the feature, demographics (for example gender and age), body metrics (for example height and weight), and health or nutrition goals—when a feature includes them in a prompt.
AI chat and session context: text you enter in AI chat (or similar experiences), limited prior messages from the same conversation when needed for continuity, and related session metadata required to run the feature.
Health records stored in your account—nutrition and meal logs; vitals and wellness readings (including data synced via Apple Health (HealthKit) or Health Connect when you have enabled access and a feature uses it); labs and biomarkers; medications and prescriptions; pharmacy-related information you choose to log (for example bills or purchase records); mood, symptoms, or other wellness notes—when a feature attaches that context to a model request (including when tools retrieve it to answer you).
Files and images you upload—for example meal photos, nutrition labels, lab reports, prescriptions, clinical scans, device-screen photos of monitors, PDFs, or other documents—when a feature uses generative, vision, or document workflows to interpret them.
Care-related text and recordings—for example video-visit chat routed to an AI assistant; asynchronous consultation or messaging context between you and a clinician; or transcripts or summaries from appointments or recordings—when a feature sends that content for summarization, extraction, verification, or assistance (including clinician-facing workflows where applicable).

Purposes of sharing with these vendors: To operate AI-assisted features you choose to use—such as personalized guidance, chat assistance, document or image understanding, categorization, summaries, meal or plan-related help, and reliability of outputs. Health-related content sent in API requests is used only to produce those features’ outputs for you (and authorized clinician flows where applicable). It is not used for third‑party advertising, for marketing unrelated products or services, for use‑based data mining for advertising or marketing, or for selling your personal health data to advertisers or data brokers—consistent with Health-related data and third-party vendors (including AI) above and our vendor contracts.

Healthcare and PHI commitments: For OpenAI, Anthropic, and AWS (Amazon Bedrock), Dhanvantari AI Lab Private Limited maintains healthcare data processing agreements with these vendors (including BAA/healthcare addendum coverage, where applicable) for the services we use to process PHI. Under these agreements and configured service settings, PHI is processed for permitted healthcare use-cases, is not used to train public third-party AI foundation models, and is retained according to those agreements and applicable provider controls.

Treatment and retention of inputs and outputs remain subject to each vendor's applicable enterprise/API terms, signed healthcare addenda, and account-level controls that Dhanvantari AI Lab Private Limited configures and maintains.

Machine learning on infrastructure we control

Separately from the generative AI APIs above, Dhanvantari AI Lab Private Limited may run open-weights or open-source models (for example medical language models used for embeddings or semantic matching) on servers operated for Dhanvantari AI Lab Private Limited (including cloud compute in our AWS environments). Those models support features such as search, categorization, and knowledge matching. Processing for those paths typically occurs without sending your content to the same third-party generative AI chat APIs named above; model files may be obtained from public model hubs during deployment, while inference for your requests is run on our systems subject to the security practices in Section 5.

7. Payments, subscriptions, and wallet

We use different payment partners for different features. Subscriptions and wallet credits are processed by Apple or Google (In-App Purchase / Play Billing). Doctor consultation fees at appointment booking are processed separately by Razorpay—they are not subscription charges, wallet credits, or app-store in-app products.

A. Subscriptions and In-App Purchases (Apple / Google)

If you purchase a subscription (for example Zivo Insights or Zivo 360) or wallet credits through the iOS or Android app, payment is processed by Apple or Google. We do not receive your full payment card number from those stores.

We may receive and store:

Product or plan identifiers, subscription status, renewal and expiry dates, and transaction or original-transaction identifiers.
Purchase and refund status, and related app-store notification data needed to grant or revoke entitlements and wallet credits.
Approximate purchase amounts and currencies as reported by the store or our verification systems.
If you opt in, consumption or usage data shared with Apple when you request a refund for an in-app purchase or subscription (as described in app settings).

This information is used to activate your plan, credit your wallet, prevent fraud, provide support, and meet tax or accounting obligations. Subscription and wallet purchases do not pay for doctor consultation fees.

B. Doctor consultation payments (Razorpay)

When you pay a doctor consultation fee at appointment booking, payment is processed by Razorpay (or another payment gateway we enable for that flow). That payment is separate from Apple In-App Purchase, Google Play Billing, and wallet credits.

We may receive and store order identifiers, payment status, amounts, currency, refund status, and limited billing metadata needed to confirm your appointment and handle cancellations or refunds. Razorpay processes payment credentials according to its own privacy policy and applicable law.

C. Retention

Billing and transaction records are retained as long as your account is active and as required for tax, audit, fraud prevention, and legal compliance, then deleted or anonymized in accordance with Section 9.

8. Data Retention and Deletion

Your data is retained only as long as you use Dhanvantari AI Lab Private Limited or as legally required.

You can delete your account and data by:

Going to Profile → Delete account in the app.
Using the Delete Account page on our website.
Emailing contactus@zivohealth.ai to request full deletion.

Account deletion can be revoked within 7 days by logging back into the app. After 7 days, all data will be permanently deleted from our servers.

You may specifically request the deletion of your 'Vault' data, which includes sensitive lab reports, medical documents, and prescriptions. Upon requesting deletion of your account or Vault data, there is a 7-day grace period during which you can recover your data. After 7 days, your Vault data is permanently and irreversibly deleted from our active servers.

Deleting the app will remove all local data from your device but will not delete your account from our servers.

9. Your Privacy Rights

Dhanvantari AI Lab Private Limited operates on a principle of granular consent. You have full control over your information and can explicitly opt-in or opt-out of sharing specific data types individually at any time (for example, you may choose to sync your heart rate and step data while opting out of uploading prescriptions or meal logs).

Withdrawal of Core Consents: Please note that certain personal data points (such as your basic identity, age, and gender) are strictly necessary for the core functioning of Dhanvantari AI Lab Private Limited. If you choose to withdraw consent for these essential data points, Dhanvantari AI Lab Private Limited will be unable to provide you with its services, and your account may be subject to termination or deletion in accordance with our retention policies.

You have the right to:

Access and review your data.
Correct or update information.
Withdraw consent for specific data uses.
Request deletion of your data.

To exercise any right, contact contactus@zivohealth.ai.

10. Children's Privacy

Dhanvantari AI Lab Private Limited is intended for users 18 years of age or older only. We do not permit accounts for, or direct use of the Platform by, anyone under 18.
We do not knowingly collect personal information from children under 18. If you believe we have collected information from someone under 18, contact us at contactus@zivohealth.ai and we will take steps to delete such information where required.
If we learn that a user is under 18, we may refuse service, suspend, or close the account and delete associated personal information as permitted by applicable law.

11. Health Disclaimer

Dhanvantari AI Lab Private Limited provides wellness and nutritional guidance only.
Dhanvantari AI Lab Private Limited is not a medical device and does not diagnose, treat, cure, or prevent any disease or medical condition.
It does not replace professional diagnosis or treatment.
Always consult a qualified healthcare professional for medical advice, diagnosis, or treatment, including for conditions such as blood sugar or oxygen saturation.
In case of a medical emergency, please contact your healthcare provider or emergency services (e.g., 102/108) immediately.

12. Changes to This Policy

This Privacy Policy may be updated occasionally.
You'll be notified of significant updates through in-app alerts, email (where appropriate), or app store release notes (Apple App Store, Google Play).

Last updated: May 21, 2026.

13. Contact

If you have any questions about privacy or data usage, please reach out:

Company: Dhanvantari AI Lab Private Limited
📧 Email: contactus@zivohealth.ai
📍 Location: Bangalore, Karnataka, India