Abstract representation of brain activity or neural connections

Privacy Policy

Effective Date: May 20, 2025

Last Updated: May 20, 2025

1. Introduction

This Privacy Policy describes how Synaptom Private Limited ("we," "us," "our," or "the Company") collects, uses, processes, and protects your personal information when you use our mobile application Synaptom (the "App" or "Service") available on Android and iOS platforms.

Company Information:

  • Name: Synaptom Private Limited
  • Address: Ambady, 18/1047-A, S N Junction, Palluruthy, Kochi-682006, Kerala, India
  • Email: info@synaptom.com

By using our App, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please discontinue use of our App immediately.

2. Definitions

For the purposes of this Privacy Policy:

  • Account: A unique account created for you to access our Service or parts of our Service
  • Affiliate: An entity that controls, is controlled by, or is under common control with the Company
  • Application/App/Service: Synaptom mobile application provided by the Company
  • Company: Synaptom Private Limited
  • Device: Any device that can access the Service (computer, mobile phone, tablet)
  • Personal Data: Any information relating to an identified or identifiable individual
  • Service Provider: Third-party companies or individuals who process data on behalf of the Company
  • Third-party Social Media Service: External platforms (Google, Facebook, Instagram, Twitter, LinkedIn) through which users can access our Service
  • Usage Data: Data collected automatically through use of the Service
  • User/You: The individual or entity accessing or using the Service

3. Information We Collect

3.1 Personal Information

We collect the following personal information when you provide it to us:

  • Contact Information: Email address, first name, last name, phone number
  • Address Information: Physical address, state, province, ZIP/postal code, city
  • Account Information: Username, password, and account preferences
  • Communication Records: Customer support interactions and feedback

3.2 Usage Data

We automatically collect usage data including:

  • Device Information: IP address, device type, unique device identifiers, mobile device ID
  • Technical Data: Browser type and version, operating system, mobile Internet browser type
  • App Analytics: Pages visited, time and date of visits, time spent on pages, app features used
  • Diagnostic Data: Crash reports, error logs, performance metrics

3.3 Location Data

With your explicit consent:

  • Device Location: GPS coordinates and precise location data
  • Approximate Location: Location derived from IP address or network information

3.4 Third-Party Social Media Information

When you connect through social media platforms (Google, Facebook, Instagram, Twitter, LinkedIn):

  • Profile information (name, email, profile picture)
  • Contact lists and social connections
  • Activity data from linked accounts
  • Any additional information you choose to share

3.5 Health and Biometric Data

As a health-focused application, we may collect and process the following types of sensitive health and biometric information with your explicit consent:

Medical Information:

  • Health conditions, symptoms, and medical history
  • Medication details and treatment records
  • Doctor consultations and medical appointments
  • Laboratory test results and medical reports
  • Mental health assessments and mood tracking data

Biometric Data:

  • Heart rate, blood pressure, and vital signs
  • Sleep patterns and quality metrics
  • Physical activity data (steps, exercise duration, calories)
  • Body measurements (weight, height, BMI)
  • Glucose levels and other biomarker readings
  • Data from connected health devices and wearables

4. Legal Basis for Processing

We process your personal data based on:

  • Consent: For marketing communications and optional features
  • Explicit Consent: For health and biometric data collection and processing
  • Contract Performance: To provide our Service and fulfill our obligations
  • Legitimate Interest: For analytics, security, and service improvement (excluding health data)
  • Legal Compliance: To meet regulatory and legal requirements
  • Vital Interests: For emergency health situations where consent cannot be obtained

5. How We Use Your Information

5.1 Service Provision

  • Providing, maintaining, and improving our Service
  • Managing your account and user registration
  • Processing transactions and providing customer support
  • Personalizing your app experience
  • Health Service Delivery: Processing health data to provide medical insights, symptom tracking, medication reminders, and personalized health recommendations
  • Emergency Services: Using health data in emergency situations to provide critical health information to medical professionals (with your prior consent or in life-threatening situations)

5.2 Communication

  • Sending service-related notifications and updates
  • Providing customer support and responding to inquiries
  • Sending marketing communications (with consent)
  • Security alerts and policy updates

5.3 Analytics and Improvement

  • Analyzing app usage patterns and user behavior
  • Conducting research and development
  • Identifying trends and measuring campaign effectiveness
  • Improving service functionality and user experience

5.4 Legal and Business Purposes

  • Complying with legal obligations and regulations
  • Protecting against fraud, abuse, and security threats
  • Business transfers, mergers, or acquisitions
  • Enforcing terms of service and resolving disputes

6. Data Sharing and Disclosure

6.1 Service Providers

We share data with trusted third-party service providers for:

  • App hosting, maintenance, and technical support
  • Analytics and performance monitoring (non-health data only)
  • Customer communication and support services
  • Payment processing (if applicable)

6.2 Business Partners and Affiliates

  • Sharing with affiliates under common control
  • Partnerships for service enhancement or promotions
  • Joint ventures and business collaborations

6.3 Social Media Integration

When you use social media features:

  • Your information may be visible to other users
  • Social media platforms may access your profile data
  • Public interactions may be distributed outside our Service

6.4 Legal Requirements

We may disclose information when required by:

  • Valid legal processes (court orders, subpoenas)
  • Government investigations and law enforcement requests
  • Protection of our rights, property, and user safety
  • Prevention of fraud or illegal activities
  • Health Data Legal Disclosures:
    • Health data disclosures follow stricter legal standards and require specific court orders
    • We will notify you of any health data disclosure requests unless legally prohibited
    • Emergency health disclosures may be made to medical professionals or emergency services to protect life or prevent serious harm
    • We maintain detailed logs of all health data disclosures for audit purposes

6.5 Business Transfers

In case of merger, acquisition, or asset sale, your data may be transferred to the acquiring entity with prior notice.

7. Data Storage and Security

7.1 Data Storage

  • Data is processed at our operating offices in Kerala, India
  • Information may be transferred to locations where processing parties are located
  • Adequate security controls are maintained for international transfers

7.2 Security Measures

We implement comprehensive security measures including:

  • Encryption: Data encryption in transit and at rest
  • Access Controls: Restricted access to authorized personnel only
  • Regular Monitoring: Continuous security monitoring and threat detection
  • Employee Training: Regular security awareness training for staff
  • Incident Response: Established procedures for security breach response
  • Enhanced Security for Health Data:
    • End-to-End Encryption: Health data is encrypted with healthcare-grade encryption standards
    • Role-Based Access: Health data access is restricted to authorized healthcare professionals and essential technical staff only
    • Audit Trails: All access to health data is logged and regularly audited
    • Secure Transmission: Health data transmission uses medical-grade security protocols
    • Regular Penetration Testing: Enhanced security testing specifically for health data systems
    • Compliance Monitoring: Continuous monitoring for healthcare data protection compliance

7.3 Security Limitations and Disclaimers

Important Security Notice: While the security of your Personal Data is of utmost importance to us, you acknowledge and understand that:

  • No Absolute Security: No method of transmission over the Internet or electronic storage is 100% secure
  • Best Efforts Standard: We strive to use commercially reasonable and industry-standard security measures to protect your Personal Data, but we cannot guarantee its absolute security
  • Inherent Risks: Internet transmission and electronic storage involve inherent security risks that cannot be completely eliminated
  • Shared Responsibility: Security is a shared responsibility - you are responsible for maintaining the confidentiality of your account credentials and reporting suspicious activities
  • Third-Party Risks: We cannot control the security practices of third-party service providers, social media platforms, or external websites linked to our Service
  • Force Majeure: We are not liable for security breaches caused by events beyond our reasonable control, including but not limited to natural disasters, cyberattacks, or infrastructure failures

Your Responsibilities:

  • Keep your login credentials confidential and secure
  • Use strong, unique passwords for your account
  • Log out of your account when using shared devices
  • Promptly report any suspected unauthorized access
  • Keep your device and app updated with latest security patches
  • Be cautious when using public Wi-Fi networks

Limitation of Liability: To the maximum extent permitted by applicable law, the Company shall not be liable for any unauthorized access to, alteration of, or loss of Personal Data that occurs despite our implementation of reasonable security measures.

7.4 Data Retention

  • Personal data is retained only as long as necessary for stated purposes
  • Usage data is generally retained for shorter periods unless required for security or legal compliance
  • Specific retention periods depend on data type and legal requirements
  • You may request deletion of your data subject to legal obligations
  • Data Loss Disclaimer: While we maintain regular backups and data recovery procedures, we cannot guarantee the recovery of data in all circumstances and are not liable for any data loss that may occur despite our reasonable efforts
  • Health Data Retention Policies:
    • Medical Records: Health data may be retained for up to 7 years in compliance with medical record retention standards
    • Active Use Period: Health data is actively accessible for as long as you use health features
    • Anonymization: After retention periods, health data is either securely deleted or anonymized for research purposes (with your consent)
    • Legal Compliance: Some health data may be retained longer if required by healthcare regulations
    • User Control: You can request deletion of health data at any time, subject to legal and medical record requirements

8. Your Rights and Choices

8.1 Access and Control Rights

You have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete information
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Limit processing of your personal data
  • Objection: Object to processing based on legitimate interests
  • Special Rights for Health Data:
    • Medical Data Access: Request detailed reports of your health data in standard medical formats
    • Healthcare Provider Sharing: Direct us to share your health data with your healthcare providers
    • Consent Withdrawal: Withdraw consent for health data processing at any time (may limit app functionality)
    • Data Portability: Export health data in formats compatible with other health applications
    • Correction Rights: Update or correct medical information with proper verification procedures

8.2 Account Management

You can:

  • Update your account information through app settings
  • Modify privacy preferences and notification settings
  • Delete your account and associated data
  • Export your personal data

8.3 Communication Preferences

  • Opt out of marketing communications at any time
  • Manage push notification settings
  • Choose communication channels and frequency

8.4 Location Data Controls

  • Enable or disable location services in device settings
  • Control location permissions for our app
  • Request deletion of location history

9. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards through:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by data protection authorities
  • Your explicit consent for specific transfers
  • Other legally recognized transfer mechanisms

10. Children's Privacy

10.1 Age Restrictions

  • Our Service is not intended for children under 13 years of age
  • We do not knowingly collect personal information from children under 13
  • If you are between 13-18, parental consent may be required in certain jurisdictions

10.2 Parental Controls

  • Parents can request access to their child's information
  • Parents may request deletion of their child's data
  • We will verify parental consent when required by law

11. Cookies and Tracking Technologies

11.1 Types of Technologies Used

  • Session Cookies: For app functionality and user authentication
  • Analytics Cookies: To understand app usage patterns
  • Preference Cookies: To remember your settings and preferences

11.2 Managing Cookies

You can control cookie preferences through:

  • Device settings and browser options
  • App privacy settings
  • Third-party opt-out mechanisms

12. Third-Party Services and Links

12.1 Third-Party Integration

Our app may integrate with third-party services including:

  • Social media platforms
  • Analytics providers
  • Advertising networks
  • Payment processors

12.2 External Links

  • We may provide links to external websites
  • This Privacy Policy does not apply to third-party sites
  • We recommend reviewing privacy policies of linked sites

13. Data Protection Officer and Contact Information

13.1 Privacy Inquiries

For questions about this Privacy Policy or our data practices:

  • Email: info@synaptom.com
  • Address: Synaptom Private Limited, Ambady, 18/1047-A, S N Junction, Palluruthy, Kochi-682006, Kerala, India

13.2 Exercising Your Rights

To exercise your privacy rights:

  • Contact us through the above channels
  • Provide sufficient information to verify your identity
  • Specify the right you wish to exercise
  • We will respond within legally required timeframes

14. Regulatory Compliance

This Privacy Policy complies with applicable data protection laws including:

  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (India)
  • Digital Personal Data Protection Act, 2023 (India)
  • Clinical Establishments (Registration and Regulation) Act, 2010 (India) - for health data
  • Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002 - for medical data handling
  • General Data Protection Regulation (GDPR) - for EU users
  • Health Insurance Portability and Accountability Act (HIPAA) equivalent standards - for health data security
  • California Consumer Privacy Act (CCPA) - for California residents
  • Other applicable local and international privacy and healthcare laws

15. Breach Notification

In the event of a data breach that poses risks to your rights and freedoms:

  • We will notify relevant authorities within 72 hours (where required)
  • We will inform affected users without undue delay
  • We will provide information about the breach and remedial actions taken

16. Automated Decision Making

If we use automated decision-making processes:

  • We will inform you about the logic involved
  • You have the right to request human intervention
  • You can contest automated decisions that significantly affect you

17. Grievance Redressal

17.1 Complaint Process

If you have concerns about our data practices:

  • Contact us directly at info@synaptom.com
  • We will acknowledge your complaint within 48 hours
  • We aim to resolve issues within 30 days
  • You may escalate to relevant data protection authorities if unsatisfied

17.2 Regulatory Authorities

You have the right to lodge complaints with:

  • Local data protection authorities in your jurisdiction
  • Relevant Indian authorities for users in India
  • Other applicable regulatory bodies

18. Disclaimers and Limitations

18.1 Service Availability

  • No Guarantee of Continuous Service: We do not guarantee that our Service will be available at all times or free from interruptions
  • Maintenance and Updates: We may temporarily suspend the Service for maintenance, updates, or improvements without prior notice
  • Technical Issues: We are not liable for any inconvenience, data loss, or damages resulting from service interruptions

18.2 Data Accuracy

  • User Responsibility: You are responsible for ensuring the accuracy and completeness of information you provide
  • No Verification: We do not verify the accuracy of user-provided information and are not liable for any consequences of inaccurate data
  • Third-Party Data: We are not responsible for the accuracy of information received from third-party sources

18.3 Third-Party Services

  • Integration Risks: Our Service may integrate with third-party platforms whose availability and functionality are beyond our control
  • No Liability: We are not liable for any loss, damage, or inconvenience caused by third-party service failures or changes in their terms
  • User Responsibility: You use third-party integrations at your own risk

18.4 Limitation of Liability

To the maximum extent permitted by applicable law:

  • Consequential Damages: We shall not be liable for any indirect, incidental, special, consequential, or punitive damages
  • Data Loss: Our liability for any data loss or corruption is limited to our reasonable efforts to restore such data from backups
  • Maximum Liability: Our total liability for any claims related to this Privacy Policy shall not exceed the amount paid by you for the Service in the 12 months preceding the claim
  • Force Majeure: We are not liable for any failure to perform due to events beyond our reasonable control

18.5 Indemnification

You agree to indemnify and hold harmless the Company, its officers, directors, employees, and agents from any claims, damages, or expenses arising from:

  • Your violation of this Privacy Policy
  • Your misuse of the Service
  • Your violation of any third-party rights
  • Any content you submit through the Service

19. Changes to This Privacy Policy

19.1 Policy Updates

We may update this Privacy Policy periodically. Material changes will be communicated through:

  • Email notifications (if you have provided email)
  • In-app notifications
  • Prominent notice on our Service

19.2 Effective Date

  • Changes become effective when posted unless otherwise stated
  • Continued use after changes constitutes acceptance
  • The "Last Updated" date will reflect the most recent modifications

Last Updated: May 20, 2025

Effective Date: May 20, 2025

This Privacy Policy represents our commitment to protecting your privacy and personal data. We encourage you to read this policy carefully and contact us with any questions or concerns.