Dhinetra Health Technologies Private Limited (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal and health-related information. This policy outlines how we collect, use, share, and protect your data in compliance with the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and Digital Personal Data Protection Act (DPDP Act, India). 1. Scope of this Policy This policy applies to all users of the Souloxy platform, including individuals seeking mental health support, therapists, psychologists, corporate clients, and healthcare partners. 2. Data We Collect 2.1 Personal Data We collect personally identifiable information (PII) such as: •Name, email address, phone number •Date of birth, gender •Payment details (for paid services) 2.2 Sensitive Personal Data (Health Information) As a mental health platform, we may collect: •Mental health assessments and therapy session details •Case notes from therapists (if applicable) •Any self-reported health conditions 2.3 Usage Data To improve user experience, we collect: •IP address, device information •User activity (e.g., pages visited, features used) •Cookies and tracking technologies 3. How We Use Your Data We use collected data for the following purposes: PurposeLegal Basis (GDPR, HIPAA, DPDP) Providing mental health servicesConsent & Legitimate Interest Securely storing session dataHIPAA compliance Processing paymentsContractual Obligation Improving platform functionalityLegitimate Interest Sending appointment remindersLegitimate Interest & Consent Compliance with legal obligationsLegal Requirement 4. Data Sharing & Third-Party Services We do not sell your personal data. However, we may share data in the following cases: •With therapists and healthcare providers: To facilitate counseling sessions. •With payment gateways (e.g., Razorpay): For secure transactions. •With regulatory authorities: If required by law (e.g., HIPAA compliance for audits). •With trusted third-party service providers: For platform functionality (subject to strict confidentiality agreements). 5. Data Storage & Security •HIPAA-compliant encryption: All health data is securely encrypted during storage and transmission. •GDPR-compliant data retention: We store data only for the duration required by law or as necessary for service delivery. •Access control: Only authorized personnel can access sensitive data. •Data anonymization: When used for analytics, personal identifiers are removed. 6. Your Rights (Under GDPR, HIPAA, and DPDP Act) You have the following rights regarding your personal data: RightDescription Right to AccessRequest a copy of your personal data. Right to RectificationCorrect inaccurate or incomplete data. Right to ErasureRequest deletion of your data (subject to legal limitations). Right to Restrict ProcessingLimit the way we use your data. Right to Data PortabilityReceive your data in a structured format. Right to Withdraw ConsentWithdraw consent for data processing at any time. Exercising Your Rights: To make a request, email us at [support@souloxy.com]. We will respond within 30 days as per GDPR and DPDP guidelines. 7. International Data Transfers As we operate globally, your data may be transferred outside your country. •GDPR Compliance: We ensure adequate data protection for EU users. •DPDP Compliance: Transfers adhere to India’s data localization policies. •HIPAA Compliance: We implement security controls for US-based data. 8. Data Breach Notification In case of a data breach: •We will notify affected users and regulatory authorities within the required timeframes (as per GDPR, HIPAA, and DPDP). •Steps will be taken to contain the breach and prevent future occurrences. 9. Use of AI & Automated Decision-Making Our AI-driven mental health assistant follows strict ethical guidelines: •No AI-based diagnosis: AI only provides support, not clinical decisions. •Transparency in AI recommendations: Users are informed of AI involvement. 10. Contact Us For privacy-related inquiries, contact: Souloxy Privacy Officer Email: support@souloxy.com If you believe your rights have been violated, you may lodge a complaint with: •GDPR: [Local Data Protection Authority] •HIPAA: [U.S. Department of Health & Human Services] •DPDP Act: [India’s Data Protection Board] Updates to This Policy We may update this policy from time to time. Any significant changes will be communicated via email or platform notifications. Acknowledgment & Consent By using Souloxy, you acknowledge that you have read and understood this Privacy Policy.