Privacy & Data Protection

Your Health Data
Protected by Design

Instapredict Technologies Pvt Ltd governs this Privacy Policy with industry-leading security, full regulatory compliance, and transparent data practices across all jurisdictions.

Effective June 2026 Version 1.0 Multi-Jurisdiction
HIPAA GDPR DPDP Act 2023 UAE PDPL Malaysia PDPA CCPA/CPRA
Scroll to read
Section 01
Definitions & Interpretation

Instapredict Technologies Pvt Ltd ('I-PREDICT', 'we', 'us', 'our') governs this Privacy Policy across all platforms including the I-PREDICT mobile application, wearable devices, web portals (www.instapredict.ai, www.i-predict.net), telemedicine services, employer wellness programmes, and insurer integrations. By using our Platform, you acknowledge that you have read and understood this Policy.

1.1 Key Definitions

TermDefinition
PlatformThe I-PREDICT digital health ecosystem including the mobile application, web portal, wearable devices, AI engine, and all associated services offered by Instapredict Technologies Pvt Ltd.
Personal DataAny information relating to an identified or identifiable natural person, including health, biometric, and behavioural data processed on the Platform.
Sensitive Personal DataA subset of Personal Data including health data, biometric data, genetic data, mental health data, financial data, and data relating to minors.
Health DataData relating to the physical or mental health of an individual, including data from wearables, EHR, telemedicine consultations, and AI-derived health scores.
Biometric DataData from specific technical processing relating to physical or physiological characteristics, including heart rate, HRV, SpO2, sleep patterns, and stress indicators collected via the Platform wearable.
User / Data SubjectAny individual who registers for, accesses, or uses the I-PREDICT Platform.
ControllerInstapredict Technologies Pvt Ltd, which determines the purposes and means of processing Personal Data.
ProcessorA third party that processes Personal Data on behalf of Instapredict Technologies Pvt Ltd under a Data Processing Agreement.
ConsentA freely given, specific, informed, and unambiguous indication of the Data Subject's agreement to processing of their Personal Data.
PHIProtected Health Information under the US Health Insurance Portability and Accountability Act (HIPAA).
DPDP ActIndia's Digital Personal Data Protection Act, 2023 and the Rules issued thereunder.
GDPRThe EU General Data Protection Regulation (EU) 2016/679.
PDPAMalaysia's Personal Data Protection Act 2010 (as amended effective 2025).
UAE PDPLUAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.
ABDMAyushman Bharat Digital Mission — India's national digital health infrastructure and health data framework.
AI EngineThe proprietary artificial intelligence and machine learning models generating health risk scores, predictions, and personalised interventions.
Wearable DeviceSmart rings, smart bands, or other health monitoring devices provided or integrated with the I-PREDICT Platform.
Section 02
Scope & Applicability

2.1 Who This Policy Applies To

This Privacy Policy applies to all individuals who interact with the I-PREDICT Platform, including individual consumers, employees in corporate wellness programmes, health insurance policyholders, telemedicine patients, healthcare providers using our provider portal, and visitors to our websites.

2.2 Geographic Scope

This Policy applies globally. I-PREDICT operates initially in India, Malaysia, and the UAE/GCC. Where the Platform is accessed from the EEA, the UK, or the US, additional jurisdiction-specific rights set out in Section 13 of this Policy are activated.

Global Compliance Ready: HIPAA · GDPR · DPDP Act 2023 · UAE PDPL · Malaysia PDPA 2025 · CCPA/CPRA

2.3 User Eligibility

The Platform is intended for individuals aged 18 years and above. The DPDP Act (India) prohibits data processing of children (under 18) without verifiable parental consent. We do not knowingly collect personal data from minors. See Section 12 for our Minors Policy.

Section 03
Data We Collect

We collect the following categories of data depending on services used and permissions granted:

A. Identity & Contact Data

  • Full name, date of birth, gender, and nationality
  • Email address, mobile phone number, and residential address
  • Profile photograph (optional) and government-issued identity verification where legally required

B. Health & Medical Data

  • Medical history, diagnoses, medications, allergies, and surgical history
  • Electronic Health Records (EHR) — where ABDM or other EHR integration is enabled with consent
  • Laboratory results, diagnostic reports, and clinical consultation notes
  • Mental health assessments, stress and anxiety scores, and mood tracking data
  • Body weight, BMI, height, and metabolic parameters
  • Menstrual cycle, reproductive health, and hormonal data (Women's Health module)
  • Diabetes-related data including glucose readings, HbA1c levels, and CGMS data
  • Cardiovascular data including ECG trends and blood pressure readings

C. Biometric & Wearable Data

  • Heart rate and heart rate variability (HRV) — collected 24/7 via optical sensors
  • Blood oxygen saturation (SpO2) — continuously monitored
  • Sleep data including sleep stages, duration, quality scores, and apnoea detection
  • Stress and recovery scores derived from HRV and autonomic nervous system analysis
  • Activity data: steps, calories, exercise intensity, and movement patterns
  • Skin temperature and respiratory rate (where device-supported)

D. Technical & Device Data

  • Device identifiers (IMEI, device ID, advertising ID), OS, app version, and IP address
  • Wearable firmware version and Bluetooth pairing identifiers
  • Mobile SDK usage analytics, crash logs, and app performance data

E. Location Data

  • Approximate location (city/region) for service personalisation and regulatory compliance
  • Precise location only with explicit consent, for telemedicine provider matching

F. Financial & Insurance Data

  • Payment data processed by PCI-DSS compliant processors (we do not store raw card data)
  • Health insurance policy details for insurer integrations (with consent)
  • Subscription and billing history

G. Employer Wellness Data

  • Employer organisation and employee ID for corporate wellness programme participants
  • Individual data is never shared with employers without explicit consent

H. AI-Inferred & Generated Data

  • AI-derived health risk scores, predictive alerts, and personalised intervention recommendations
  • Longitudinal health trend analyses generated by the I-PREDICT AI Engine
Section 04
Purposes of Processing

We process your Personal Data only for specified, lawful purposes. The table below sets out primary processing activities and their legal basis:

PurposeDescriptionLegal Basis
Service DeliveryProviding health monitoring, AI analytics, and telemedicine servicesConsent / Contract
AI Health AnalyticsOperating AI models for risk prediction and personalised interventionsConsent / Legitimate Interest
Wearable IntegrationProcessing biometric streams from wearable devices for health insightsConsent
EHR IntegrationAccessing and updating health records via ABDM or integrated systemsConsent / Legal Obligation
TelemedicineFacilitating virtual consultations with healthcare providersConsent / Contract
Employer WellnessProviding aggregated, de-identified programme reports to employersContract / Consent
Insurance IntegrationSharing data with health insurers for wellness incentives or claimsExplicit Consent
CommunicationsHealth alerts, medication reminders, and appointment notificationsConsent / Contract
Legal ComplianceFulfilling obligations under health and data protection lawLegal Obligation
Safety & SecurityDetecting fraud, protecting platform integrity, incident responseLegitimate Interest
AI Model TrainingImproving AI models using de-identified, aggregated health dataConsent (opt-out available)
MarketingPromotional communications (opt-in only, easily withdrawable)Consent

4.1 Automated Decision-Making & AI Analytics

The I-PREDICT AI Engine uses automated processing, including machine learning, to generate health risk scores, predictive alerts, and personalised interventions. You have the right to:

  • Request human review of any AI-generated health determination
  • Receive an explanation of the AI logic and key input factors
  • Contest or challenge any AI-generated output
Important Disclaimer: I-PREDICT AI outputs are wellness insights and decision-support tools — they do not constitute clinical diagnoses or medical prescriptions.
Section 05
Data Sharing & Disclosure
Never Sold Strict Contractual Controls

We do not sell your Personal Data. We may share data with the following recipients under strict contractual and legal controls:

A. Healthcare Providers & Hospitals

We share relevant health data with your treating physician or healthcare facility where you engage telemedicine services. This requires your explicit prior consent and complies with applicable telemedicine regulations.

B. Health Insurers

With your explicit written consent, we may share de-identified or identified data with your health insurer for wellness incentives, premium adjustments, or claims adjudication. Consent may be withdrawn at any time without affecting existing coverage.

C. Employers (Corporate Wellness)

We share only aggregated, de-identified reports with your employer. Individual-level health data will never be shared with your employer without your separate, explicit written consent. Employers are contractually prohibited from using wellness data for employment decisions.

D. OEM Wearable Partner

We share device identifiers and firmware diagnostics with OEM vendor solely for device management and firmware updates. No health or biometric data is shared with the OEM manufacturer.

E. Technology & Infrastructure Partners

Cloud hosting, analytics, payment processing, and communications partners act as data processors under our instructions and under Data Processing Agreements (DPAs). All processors are vetted for applicable data protection compliance.

F. Legal & Regulatory Authorities

We disclose Personal Data where required by law, court order, or regulatory authority, including mandatory health reporting obligations and law enforcement requests where legally valid.

5.1 De-identification & AI Model Training

We de-identify data using k-anonymity, differential privacy, and aggregation techniques. De-identified data may be used for research, product improvement, and population health analytics.

Opt-Out Available: Navigate to Account > Privacy Settings to opt out of AI model training use. This will not affect core service access.
Section 06
Data Retention
Data CategoryRetention PeriodLegal Basis
Health & Medical Records7 years post-account closureHealthcare regulations
Biometric / Wearable Data3 years (or until consent withdrawn)Consent
Account & Identity DataDuration of account + 2 yearsContract / Legal
Telemedicine Records7 yrs (India); 10 yrs (UAE); 7 yrs (Malaysia)Health law
Payment / Financial Data7 years post-transactionTax / financial law
Employer Wellness Reports3 years post-programme endContract
Insurance-Related DataDuration of policy + 5 yearsInsurance regulations
App Usage / Technical Logs12 months rollingLegitimate Interest
Anonymised / De-identified DataIndefinite (no longer Personal Data)Research / Product
Section 07
Your Rights as a Data Subject

Subject to applicable law and identity verification, you have the following rights:

  • AccessObtain a copy of Personal Data we hold about you. Fulfilled within 30 days.
  • RectificationRequest correction of inaccurate or incomplete data. Health data corrections may require clinical validation.
  • ErasureRequest deletion of your Personal Data unless legal retention obligations apply.
  • PortabilityReceive your health data in a structured, machine-readable format (JSON, FHIR). ABDM Health Locker supported for Indian users.
  • RestrictionRequest limited processing while rectification or objection requests are assessed.
  • ObjectionObject to processing based on legitimate interests, including direct marketing and AI model training.
  • Withdraw ConsentWithdraw consent for any processing activity via Account > Privacy Settings. Withdrawal does not affect prior lawful processing.
  • GrievanceLodge a formal complaint with our Grievance Officer (India: within 30 days) or relevant supervisory authority.
To exercise any right: privacy@instapredict.ai or Account > Data Rights in-app.
Section 08
Cross-Border Data Transfers

I-PREDICT's infrastructure is hosted in India (primary) with replication in Singapore and the UAE. Health data of Indian users is stored within India in compliance with ABDM data localisation requirements.

JurisdictionTransfer Mechanism
EU / UK — GDPRStandard Contractual Clauses (SCCs) for transfers to countries not deemed adequate by the European Commission
India — DPDP ActTransfers only to countries/entities permissible under DPDP Act Rules; sensitive data requires additional safeguards
Malaysia — PDPA 2025Complies with the Personal Data Protection Commissioner's cross-border transfer guidelines effective June 2025
UAE — PDPLTransfers only to countries offering adequate protection or under approved contractual safeguards
Section 09
Breach Notification

In the event of a Personal Data breach we will:

  • Notify relevant supervisory authorities within 72 hours of becoming aware (GDPR standard adopted globally)
  • Notify affected users without undue delay where the breach creates high risk to their rights
  • Notify the Indian Data Protection Board per DPDP Act Rules
  • Notify the Malaysia Personal Data Protection Commissioner within 72 hours (effective June 2025)
  • Comply with UAE PDPL breach notification obligations and provide details of breach scope and remediation
Report suspected breaches to: security@instapredict.ai
Section 10
Cookies & Tracking

10.1 Web Portals

Our websites use cookies for functional operation, analytics, and personalisation. Cookie preferences are managed via our Cookie Preference Centre. We use only strictly necessary cookies without consent; all other cookies require opt-in.

10.2 Mobile SDK

The I-PREDICT app uses analytics SDKs for product improvement. We do not use cross-app tracking identifiers without consent. Opt-out is available via device settings or in-app privacy controls.

Section 11
Consent Architecture

We use a layered, granular consent framework. Each consent type is time-stamped, versioned, and stored in an auditable consent ledger:

  • Onboarding ConsentCore service delivery consent collected during registration
  • Module-Specific ConsentSeparate consent for each health module at activation (mental wellness, diabetes, cardiovascular, women's health)
  • Sensitive Data ConsentExplicit double opt-in for biometric and genetic data processing
  • Employer Sharing ConsentSeparate, clearly distinguished consent for any employer data-sharing
  • Insurer Data ConsentSeparate signed consent for health data sharing with health insurers
  • Research / AI Training ConsentSeparate opt-in consent for use of de-identified data in research or AI model training
Review and withdraw any consent at any time via Account > Privacy Settings.
Section 12
Children & Minors

I-PREDICT is intended for adults aged 18 and above. We do not knowingly collect Personal Data from minors. The DPDP Act (India) prohibits processing children's data without verifiable parental/guardian consent and prohibits behavioural tracking of children.

If we become aware that a minor's data has been collected without parental consent, we will delete it immediately.

Contact us at privacy@instapredict.ai if you believe a minor's data has been incorrectly collected.
Section 13
Regional Legal Rights by Jurisdiction
🇮🇳
India
DPDP Act 2023

Rights to access, correction, erasure, grievance redressal, and the right to nominate a representative. Grievance Officer: grievance@instapredict.ai. Response within 30 days.

🇪🇺
EU / UK
GDPR / UK GDPR

Rights of access, rectification, erasure, restriction, portability, objection, and rights relating to automated decisions. You may lodge a complaint with your local supervisory authority.

🇺🇸
United States
HIPAA · CCPA/CPRA

US users with PHI under HIPAA have rights to access, request amendments, receive an accounting of disclosures. BAAs executed with covered entities. California residents have additional CCPA/CPRA rights.

🇲🇾
Malaysia
PDPA 2010 (Amended 2025)

Rights to access and correct Personal Data and to withdraw consent. Biometric data is classified as sensitive personal data. DPO: dpo.my@instapredict.ai

🇦🇪
UAE
PDPL (Decree-Law 45/2021)

Rights to access, correction, restriction, and objection. Health data constitutes sensitive data subject to enhanced protections. Non-compliance fines: AED 50,000 to AED 5 million.

Section 14
Regulatory Compliance References
  • India: Digital Personal Data Protection Act 2023; IT Act 2000; ABDM Framework; Telemedicine Practice Guidelines 2020
  • Malaysia: Personal Data Protection Act 2010 (Amended 2025); Healthcare Code of Practice
  • UAE / GCC: Federal Decree-Law No. 45/2021 (PDPL); Federal Law No. 2/2019 on ICT in Healthcare
  • EU / UK: GDPR (EU) 2016/679; UK GDPR; eHealth Network Guidelines
  • USA: HIPAA/HITECH; FTC Health Breach Notification Rule; CCPA/CPRA (California)
  • International: WHO Digital Health Strategy; ISO/IEC 27001; NIST Cybersecurity Framework
Section 15
Policy Updates

We will update this Privacy Policy as required by regulatory changes, new service launches, or product developments.

30-Day Advance Notice: Material changes will be communicated via in-app notification and email at least 30 days prior to taking effect. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.
Section 16
Contact & Grievance Officer
Data Protection Officer dpo@instapredict.ai
Privacy Team privacy@instapredict.ai
Grievance Officer (India) grievance@instapredict.ai
Security Incidents security@instapredict.ai
DPO Malaysia dpo.my@instapredict.ai
Company Websites www.instapredict.ai
Instapredict Technologies Pvt Ltd
www.instapredict.ai  |  www.i-predict.net  |  privacy@instapredict.ai
this document constitutes the full privacy policy of the company. Version 1.0 — June 2026
AI Healthcare Logo

Empowering healthcare with AI-driven insights and predictive wellness solutions.
From telehealth to personalized medicine, we unite technology & care to transform lives globally.

Links
Company

All rights Reserved © MI-Tech , 2025