Privacy Policy

Last updated: 13 June 2026 · Effective: 13 June 2026

This Privacy Policy explains how Enbod Technologies Private Limited (“Aushvar”, “we”, “us”, “our”), the operator of the Aushvar platform (website, mobile and web apps, collectively the “Platform”), collects, uses, stores, shares and protects your personal data when you use the Platform to order medicines and healthcare products, book lab tests, or consult doctors. We act as the Data Fiduciary for the personal data for which we determine the purpose and means of processing. This Policy is published in compliance with India's Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000 and the rules made thereunder, and forms part of our Terms of Service.

Health data — including prescriptions, allergies, conditions and the medicines you order — is among the most sensitive information we handle. We process it only to fulfil your orders safely and only with your consent, and we never sell it.

1. Scope & your consent

This Policy applies to everyone who uses the Platform — customers, caregivers ordering for dependants, and visitors to our website. By creating an account, uploading a prescription, or placing an order, you consent to the collection and processing of your personal data as described here. Where we process sensitive health data, we ask for your specific, informed consent at the point of collection. You may withdraw consent at any time (see Section 9), though some features may not function without the related data.

2. The data we collect

We collect only what we need to operate the Platform and serve you. This includes:

Identity & contact data: your name, mobile number, email address, delivery addresses, and the name, age and relationship of any dependant you order for.
Health & prescription data: prescriptions you upload or that are issued through the Platform, recorded allergies, current medications, conditions you choose to add to your health profile, lab test selections and results delivered through the Platform, and consultation notes from doctors you book.
Order & transaction data: items ordered, order history, amounts, invoices, delivery records, handover confirmations and support interactions.
Payment data: payment status, method and transaction references. Card, UPI and bank details are collected and processed directly by our PCI-DSS-compliant payment partner — we do not store your full card number, CVV, UPI PIN or banking credentials.
Technical & usage data: device identifiers, app version, IP address, approximate location (with permission, to check serviceability and assist delivery), log data, and diagnostic information used to operate, secure and improve the Platform.
Communications: messages, call records or chat content exchanged with support, and feedback or ratings you submit.

3. How we collect it

We collect data directly from you (when you register, build your profile, upload a prescription, or place an order), automatically (through your use of the Platform and its features), and from the partners who help fulfil your order (for example, delivery confirmation from a delivery partner, or a result from a partner lab). We do not buy personal data from data brokers.

4. Why we use your data (purposes)

To create and manage your account and verify your identity.
To accept, verify, prepare, dispatch and deliver your orders, and to enable the fulfilling pharmacist to verify prescriptions and flag allergy or interaction risks before dispensing.
To enable lab test bookings, sample collection and result delivery, and doctor consultations you choose to book.
To process payments, issue invoices, and handle cancellations and refunds.
To provide customer support and resolve disputes and grievances.
To send you transactional messages (order, delivery, payment and appointment updates) by SMS, push, email or WhatsApp, and — only with your consent — promotional messages you can opt out of at any time.
To keep the Platform safe: prevent fraud, abuse, fake prescriptions and misuse, and enforce our Terms.
To comply with legal, tax, drug-dispensing and regulatory record-keeping obligations.
To analyse usage in aggregated or de-identified form to improve our products and services.

Our lawful basis is your consent and, where applicable under the DPDP Act, “legitimate uses” such as fulfilling a purpose for which you voluntarily provided data, and compliance with law.

5. Who we share your data with

We share only the minimum data necessary, and only with:

The licensed pharmacy fulfilling your order — to verify the prescription, dispense and invoice the correct items.
The delivery partner assigned to your order — limited to your name, delivery address, contact number and the handover code needed to deliver.
Partner laboratories and doctors — only when you book a lab test or consultation, and only the data needed to provide that service.
Our payment processor — to take payment and process refunds for online transactions.
Service providers and processors — cloud hosting, SMS/email/notification delivery, analytics and customer-support tools that process data on our behalf under contractual confidentiality and security obligations, and only for the purposes above.
Legal and regulatory authorities — where required by law, court order, or to protect rights, safety, and prevent fraud or harm.
Successors — in connection with a merger, acquisition or reorganisation, subject to this Policy.

We do not sell your personal data, and we do not share your health data for third-party advertising.

6. Cookies & similar technologies

Our website and apps use cookies and similar technologies to keep you signed in, remember preferences, secure sessions, and understand usage. You can control cookies through your browser or device settings; disabling some may affect how the Platform works.

7. Data storage & cross-border transfers

Your data is stored on secured, access-controlled cloud infrastructure. Some of our service providers may process data on servers located outside India; where this happens, we do so in accordance with the DPDP Act and applicable transfer restrictions, and we require appropriate safeguards to protect your data.

8. How long we keep it (retention)

We retain personal and order data for as long as your account is active and as needed to provide the service. Records relating to the dispensing of medicines, transactions, invoices and tax are retained for the periods required by applicable drug, accounting and tax laws even after account closure. When data is no longer required for any lawful purpose, we delete or irreversibly anonymise it.

9. Your rights under the DPDP Act

Subject to the DPDP Act, you have the right to:

Access a summary of the personal data we process about you and the processing activities.
Correct, complete or update inaccurate or incomplete data.
Erase your personal data where it is no longer needed for the purpose it was collected and no law requires us to retain it.
Withdraw consent at any time, as easily as you gave it.
Nominate another individual to exercise your rights in the event of death or incapacity.
Grievance redressal — raise a complaint about how we handle your data and receive a response.

You can exercise most rights directly in the app (Account → Terms & policies / privacy controls) or by writing to our Grievance Officer (Section 11). We may need to verify your identity before acting on a request, and we will respond within the timelines required by law.

10. Security

We apply technical and organisational measures appropriate to the sensitivity of the data, including encryption in transit, access controls and least-privilege access, audit logging of sensitive actions, and private storage for prescription files reachable only by you and the pharmacy serving your order. No method of transmission or storage is completely secure; we work continuously to protect your data and will notify you and the Data Protection Board of a personal-data breach as required by law.

11. Grievance Officer & escalation

If you have any concern, complaint or request regarding your personal data or this Policy, please contact our Grievance Officer:

Grievance Officer: Vishnu Surendranath, Director
Aushvar — Enbod Technologies Private Limited (CIN: U63122KA2024PTC183450)
No. 467/468, Krishna Temple Road, Indiranagar 1st Stage, Indiranagar, Bengaluru, Karnataka 560038
Email: [email protected]

We will acknowledge your grievance promptly and resolve it within the period prescribed by law. If you are not satisfied with our response, you may escalate to the Data Protection Board of India under the DPDP Act.

12. Children

The Platform is intended for adults aged 18 and over. We do not knowingly create accounts for, or process the data of, children except where a parent or lawful guardian places an order for a dependant and provides verifiable consent. We do not undertake tracking, behavioural monitoring or targeted advertising directed at children.

13. Changes to this Policy

We may update this Policy from time to time to reflect changes in our services or the law. We will post the revised version here with a new “Last updated” date and, where the change is significant, notify you in the app. Your continued use of the Platform after an update constitutes acceptance of the revised Policy.

14. Contact

For any privacy question, email [email protected] or [email protected], or see our Contact page.