Privacy Policy
Last updated: April 7, 2026
1. Who We Are
Arogya Story ("we", "our", "us") is a health record management platform that helps individuals and families upload, organise, and understand their medical reports. We are operated as an independent service accessible at arogyastory.com.
For privacy-related questions, contact us at founder@arogyastory.com.
2. What Data We Collect
2.1 Data you provide directly
- Medical documents you upload (lab reports, prescriptions, discharge summaries)
- Your name, email address, and profile information via Google Sign-In
- Persona details (name, relationship, date of birth, gender) for family members
- Feedback messages you submit through the in-app feedback widget
2.2 Data collected automatically
- Usage events (pages visited, features used) via PostHog analytics
- Browser type, operating system, and approximate location (country/city)
- Session duration and interaction patterns
2.3 Data we do NOT collect
- Payment or financial information
- Government ID or Aadhaar number
- Location data beyond country/city level
3. How We Use Your Data
- To provide the service: Processing uploaded documents, extracting health facts, generating AI-powered answers to your health questions.
- To improve the product: Analysing aggregated, anonymised usage patterns to understand which features are most useful.
- To communicate with you: Responding to feedback or support requests you initiate.
- To ensure security: Detecting and preventing fraudulent or abusive access.
We do not sell your data, use it to train AI models, or share it with advertisers.
4. How We Store and Protect Your Data
- Document storage: Uploaded files are stored encrypted on AWS S3 (ap-south-1 — Mumbai region) with server-side AES-256 encryption.
- Database: Extracted health facts and account data are stored on Neon PostgreSQL with TLS encryption in transit.
- Access control: All API endpoints are authenticated via JWT tokens. You can only access your own data.
- Retention: Your data is retained for as long as your account is active. Deleting a document removes it from our storage within 30 days.
5. Third-Party Services
We use the following third-party services to operate Arogya Story:
| Service | Purpose | Data shared |
|---|---|---|
| Google OAuth | Authentication | Name, email |
| OpenAI | Document extraction & AI Q&A | Document text (no personal identifiers) |
| AWS S3 | File storage | Uploaded documents |
| PostHog | Product analytics | Usage events, anonymised device info |
| Vercel | Frontend hosting | Request logs |
| Railway | Backend hosting | Application logs |
6. Cookies and Local Storage
We use browser localStorage (not cookies) to store your authentication token and session preferences. PostHog also uses localStorage to maintain an anonymous analytics identifier.
You can opt out of analytics tracking at any time using the cookie preferences banner at the bottom of this page, or by enabling the "Do Not Track" setting in your browser.
7. Your Rights
Under applicable law (including India's Digital Personal Data Protection Act, 2023), you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and all associated data
- Withdraw consent for analytics tracking at any time
- Data portability — export your health records via the Export feature
To exercise any of these rights, email us at founder@arogyastory.com.
8. Children's Privacy
Arogya Story is not directed at children under 13. If you are a parent managing health records for a minor, you are responsible for providing consent on their behalf by creating a persona for them under your account.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via the app. Continued use of Arogya Story after changes constitutes acceptance of the updated policy.
10. Contact
For any privacy concerns or data requests: founder@arogyastory.com