Arihum

Privacy Policy

Last updated: June 2026

Overview

Arihum ("we", "our", "us") is committed to protecting your personal and health data. This policy explains what we collect, how we use it, and your rights under the Digital Personal Data Protection Act 2023 (India) and applicable international law.

What we collect

We collect information you voluntarily provide, including:

  • Health profile: name, age, medical conditions, medications, allergies, health goals
  • Lab reports and medical documents you upload
  • Chat messages and health questions you ask
  • Account credentials (email address)
  • Device information and app usage data
  • Push notification token (for reminders)

How we use your data

Your health information is used solely to provide and improve the Arihum service:

  • To provide personalised AI health responses
  • To process and analyse uploaded lab reports
  • To maintain your health history and context across sessions
  • To send medication reminders and health notifications you opt into
  • To generate weekly and monthly health summaries
  • To detect and escalate medical emergencies

We do not sell your health data. We do not share it with advertisers or employers.

Who can see your data

Your health data is accessible only to you. Our AI systems process your data to generate responses. A limited number of authorised Arihum employees may access anonymised or aggregated data for service improvement. No identified health data is accessed by employees except when required by law.

Third-party services

We use the following services to operate Arihum:

  • Supabase: database and file storage (EU-hosted)
  • OpenAI: AI response generation (data not used for training)
  • RevenueCat: subscription management
  • Sentry: anonymous crash reporting
  • Expo: push notification delivery

Data retention

  • Medical report files are retained until you delete them or close your account
  • Extracted report data and health profile are retained until account deletion
  • Chat messages are retained to maintain your health history across sessions
  • Upon account deletion, all personal data is permanently erased within 30 days

Your rights (DPDP Act 2023)

Under the Digital Personal Data Protection Act 2023 (India), you have the right to:

  • Access your personal data at any time through the app
  • Correct inaccurate data through your profile settings
  • Erase all your data permanently via account deletion in settings
  • Withdraw consent at any time by deleting your account
  • Nominate a person to exercise your rights in case of death or incapacity

Security

Your health data is encrypted in transit (TLS 1.3) and at rest. We use row-level security on all database tables so your data is only readable by your authenticated session. Medical report files are stored in private buckets accessible only via time-limited signed URLs.

Contact

For privacy questions, data requests, or to exercise your rights, contact us at hello@arihum.com