Plain language summary: We collect only what we need to provide the service. We never sell your data. Health data stays in India. Aadhaar is processed on your device only — our servers never see it. You can delete your account and all data at any time.
1. Who We Are
Data Fiduciary: TFI Connect Pvt Ltd, a company registered under the Companies Act 2013, India.
Brand: Tapd.ai
Contact: privacy@tapd.ai
This Privacy Policy applies to the Tapd.ai mobile application (Android and iOS), the website at tapd.ai, and all related services operated by TFI Connect Pvt Ltd ("we", "us", "our"). By using our service, you agree to this policy.
2. What Data We Collect
2.1 Account Data
- Name, email address, and phone number (for account creation)
- Date of birth and gender (for ABHA integration)
- Family member profiles (name, age, relationship)
2.2 Health Data
- Prescription images (only uploaded with explicit consent)
- Extracted prescription data: medicine names, doses, frequencies, lab tests, doctor details, clinic name, date
- Medicine reminder schedules
- Lab test orders and results
- ABHA token (never Aadhaar number — see Section 5)
- Health records stored in ABHA via ABDM APIs
2.3 Transaction Data
- Medicine orders placed (via ONDC network or 1mg)
- Lab test bookings (via Thyrocare, Redcliffe Labs)
- Payment confirmations (via Razorpay — we do not store card data)
- Subscription plan and billing dates
2.4 Consent Logs
- Every consent event: user ID, purpose, timestamp, version, and status (granted/withdrawn)
- Consent logs are permanent audit records and are never deleted, even if your account is deleted
2.5 Technical Data
- App version, device type, operating system (for support and bug fixing)
- API usage logs (anonymised after 90 days)
- Crash reports (no health data included)
2.6 What We Do NOT Collect
- Aadhaar number — never stored, never sent to our servers (see Section 5)
- Full card numbers, CVV, or bank account details
- Location data (beyond what is needed for lab home collection address, with consent)
- Contact lists, call history, or other device data
3. How We Use Your Data
- Account management: Creating and managing your account and family profile
- Prescription extraction: Processing prescription images/text through AI to extract medicine and lab test data
- Medicine reminders: Sending dose reminders and missed-dose alerts to designated family members
- Medicine ordering: Placing orders on your behalf via ONDC network or 1mg (only with your explicit confirmation)
- Lab test booking: Booking lab tests with Thyrocare or Redcliffe Labs (only with your explicit confirmation)
- ABHA integration: Creating, linking, and pushing health records to your ABHA account via ABDM APIs
- Subscription billing: Processing subscription payments via Razorpay
- Service improvement: Anonymised usage data to improve accuracy and features
- Support: Responding to your queries and resolving issues
We never use your health data for advertising, profiling for third-party purposes, or sale to any party.
4. Consent & Purpose Limitation
We collect consent separately for each purpose. You cannot be required to grant consent for one purpose as a condition of using an unrelated feature.
4.1 Purposes Requiring Consent
- Account data: Name, email, phone — required for account creation
- Health data: Prescription images, extracted medicines — required for core features
- AI processing: Sending prescription images to AI Vision — explicit consent shown before each upload of a handwritten/unclear prescription
- Aadhaar OTP: Shown only when creating or linking an ABHA account via Aadhaar — separate explicit consent screen
- Clinic/provider sharing: Sharing records with healthcare providers — per-share consent
- Communications: Medicine reminders, order updates, important service alerts
4.2 Withdrawing Consent
You can withdraw consent for any purpose in Settings → Manage Consent in the app. Withdrawing consent for a purpose disables that feature for your account. It does not delete data already collected under that consent.
4.3 Consent Logging
Every consent event (grant, withdrawal, modification) is logged with: user ID, purpose, timestamp, version of this policy, and action taken. These logs are our audit trail and are retained permanently.
5. Aadhaar & UIDAI Compliance
Critical: Your Aadhaar number is NEVER sent to our servers. It is processed on your device only. Our backend never sees, stores, or processes your Aadhaar number.
- Aadhaar is used exclusively for ABHA account creation and linking, using the ABDM API path
- The Aadhaar OTP flow happens entirely on your device via the ABDM gateway — our backend only receives the resulting ABHA token
- We store only the ABHA token — not the Aadhaar number
- Aadhaar is masked in all UI displays — only the last 4 digits are shown
- Explicit consent is required before every Aadhaar OTP request
- We are not an Authentication User Agency (AUA) — all Aadhaar flows go through ABDM, which handles UIDAI compliance
6. ABDM & Health Records
Tapd.ai integrates with the Ayushman Bharat Digital Mission (ABDM) as a Health Information Provider (HIP). This means:
- Prescription records are submitted to your ABHA account in FHIR R4 format (MedicationRequest bundles)
- Lab results are submitted as FHIR R4 DiagnosticReport records
- Records stored in ABHA are governed by ABDM's policies and NHA's data management framework
- You can share records with healthcare providers (HIUs) via ABDM's consent artefact system
- We operate in the ABDM sandbox until production certification is received from NHA
Health records stored in your ABHA account are accessible via any ABDM-connected healthcare provider with your consent. ABDM's data management and retention policies apply to ABHA-stored records.
7. Children's Data
When adding a family member under 18 years of age as a dependent, we require:
- An additional parental/guardian consent screen before the profile is created
- The family admin (parent or guardian) must confirm they are the legal guardian of the child
- The child's health data is managed by the family admin on their behalf
- Children's data receives the same protections as adult health data
8. Data Storage & Residency
All data is stored in India. We use only MeitY empanelled cloud infrastructure:
- Dev/Staging: Oracle Cloud Free Tier — Mumbai (ap-mumbai-1)
- Production: E2E Networks — Mumbai (Month 7+ launch)
- Disaster Recovery: Tata Vayu Cloud (Month 12+)
- Backups: Oracle Object Storage Mumbai + Backblaze B2 (two-location from day one)
Prescription images are stored in object storage with server-side encryption. Database is encrypted at rest. Data in transit is encrypted via TLS 1.2+.
Retention Periods
- Account data: Retained until account deletion, then purged within 30 days
- Health data: Retained until account deletion, then purged within 30 days
- Prescription images: Purged 90 days after upload (extracted data retained separately)
- API logs (anonymised): 90 days
- Consent logs: Permanent — regulatory audit requirement
- Transaction records: 7 years — as required by Indian financial regulations
9. Data Sharing
We share data only with the following parties, and only as needed to provide the service:
- ABDM/NHA: Health records pushed to your ABHA account via ABDM APIs — with your consent
- ONDC Network: Order details (medicines, delivery address) shared with pharmacies — with your confirmation
- 1mg / Tata Health: Order details — with your confirmation
- Thyrocare / Redcliffe Labs: Lab test order and home collection address — with your confirmation
- Razorpay: Subscription billing — payment data governed by Razorpay's privacy policy
- AI Vision provider: Prescription images (handwritten/unclear only) — with explicit consent per image. The provider processes the image but does not store or use it for any other purpose
We never sell your data to any third party. We never share health data for advertising purposes. We do not use your health data for any purpose beyond providing the Tapd.ai service.
Law Enforcement
We may disclose data to competent authorities when required by law, a valid court order, or to comply with regulatory obligations. We will notify you of such requests to the extent permitted by law.
10. Security
- OWASP Top 10 compliance built from the first line of code
- CERT-IN empanelled agency security audit before production launch
- TLS 1.2+ encryption in transit; AES-256 encryption at rest
- API key authentication on all backend endpoints
- Rate limiting on all endpoints to prevent abuse
- Fail2Ban on all server ports
- Regular security updates and patch management
Data Breach
In the event of a personal data breach, we will notify affected users and the Data Protection Board of India within 72 hours of becoming aware, as required by the DPDP Act 2023.
11. Your Rights (DPDP Act 2023)
Under India's Digital Personal Data Protection Act 2023, you have the following rights:
Right to Access
View all personal data we hold about you — available in My Data in the app.
Right to Correction
Correct inaccurate or incomplete data — available via edit screens throughout the app, or by contacting us.
Right to Erasure (Deletion)
Delete your account and all associated data — available in Settings → Delete Account. All personal and health data is purged within 30 days. Consent logs and transaction records are retained as required by law.
Right to Withdraw Consent
Withdraw consent for any purpose at any time — available in Settings → Manage Consent.
Right to Grievance Redressal
Lodge a complaint about our data handling — contact our Grievance Officer (see Section 14). If unresolved, you may complain to the Data Protection Board of India.
Right of Nominee
You may designate a nominee to exercise your data rights in the event of death or incapacity. This feature will be available in a future app version.
12. Cookies & Analytics
The Tapd.ai mobile app does not use cookies. The website (tapd.ai) may use:
- Essential cookies: For session management and security (required, no consent needed)
- Analytics: Google Analytics 4 (GA4) — anonymised usage data to understand how visitors use the website. No personal health data is tracked. You can opt out via browser settings.
13. Changes to This Policy
We will notify you of material changes to this policy via in-app notification and email at least 14 days before changes take effect. The "last updated" date at the top of this page reflects the most recent version. Continued use of the service after the effective date constitutes acceptance of the updated policy.
14. Contact & Grievance Redressal
Grievance Officer
TFI Connect Pvt Ltd
Email: privacy@tapd.ai
Subject line: "Privacy Grievance — [your name]"
We will acknowledge your grievance within 48 hours and resolve it within 30 days.
General Contact
Email: hello@tapd.ai
Data Protection Board of India
If you are unsatisfied with our response, you may approach the Data Protection Board of India at dpboard.gov.in.
Governing Law
This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the jurisdiction of courts in India.