PRIVACY POLICY

Last Updated: August 10, 2025

App Name: HealCycle

Release Date: February 24, 2025

--------------------------------------------------------------------------------------------------------------------------------

We are HealCycle Wellness Private Limited (“HealCycle”, “we”, “us”). 

Thank you (“user”, “you”, “your”) for your interest in our HealCycle Mobile Application, designed for tracking and managing menstrual health symptoms, including but not limited to Premenstrual Syndrome, Premenstrual Dysphoric Disorder, and Premenstrual Exacerbation Syndrome.

This Privacy Policy defines how HealCycle collects, uses, shares, and protects the personal data/information disclosed by you and governs your access to and use of the HealCycle through all digital interface, including, website being https://www.healcycle.com, mobile application, communication tools like WhatsApp and other messaging services, any associated software applications, websites, media form (collectively “App”) offered by us, Accordingly, you are advised to read this Privacy Policy carefully before accessing the App. By downloading and/ or interacting with our App, you expressly consent and agree to be bound by the terms and conditions of this Privacy Policy as they apply to you. If you do not consent to or agree with any of the terms contained in this Privacy Policy, please do not download, use or access our App. Do note that the App description and further related details of the App may be provided to you at the time you access or engage with the App.

Your personal data and information are handled and processed in accordance with the provisions of Indian data protection laws relating to the collection, use, or processing of personal data, including the Information Technology Act, 2000, Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, and rules, as updated, amended, superseded, or replaced from time to time.

HealCycle is committed to ensuring your privacy is protected. The information you provide during the usage of the App will only be used in accordance with this Privacy Policy, subject to limitations under applicable Indian data protection laws. 

The core objective of this Privacy Policy is to bring to your knowledge the nature of personal data collected by us, the purpose of collecting such data and its use, subsequent processing of such data and your rights pertaining to such personal data shared with us. 

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes. 

1.1.   The Company strives to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through this App cannot be guaranteed.

1. What Data We Collect

1. Personal data refers to any data about you by which you are identifiable or in relation to such data. Accordingly, we may collect the following personal data which you provide to us during the course of your usage of the App – 

1. Name;

2. Age;

3. Gender;

4. Telephone number;

5. E-mail address;

6. IP Address;

7. Device Information;

8. Health Data (including, but not limited to, menstrual cycle dates, mood, and symptoms)

2. We collect your personal data which you provide to us, inter alia, in scenarios such as:

1. by downloading and using the functionalities of the App; 

2. when registering for personalized services on the App; 

3. requesting information about our product or use of our services on the App or request for customer support etc.;

4. filing grievances, complaints, feedback, etc.

3. We may use a third-party service provider(s) to assist us with some features of the App. Our service provider(s) may receive your information on our behalf and such information will not be used for any other purpose than for necessarily achieving the specific purpose as indicated to you at the time of collection.

4. We automatically collect certain personal data from you when you access the App, including your IP address, location, other unique device identifiers, your browser type, language, the URL of any other website which you may have used prior to accessing the App, and any other diagnostic data.

5. We may also collect personal data from third parties such as our partners, service providers and publicly available websites, to offer services we think may be of interest and to help us maintain data accuracy, provide, and enhance the provision of our services and access to our App to you.

6. All personal health information (PHI) is collected in full compliance with HIPPA laws. The Company is committed to protecting PHI according to HIPAA regulations, including the Privacy Rule. This commitment covers all forms of PHI. 

Our commitments include:

• Using and disclosing PHI only as permitted by HIPAA or with authorization.

• Limiting the use and disclosure of PHI to the minimum contacts necessary.

• Implementing safeguards to protect PHI.

• Providing a Notice of Privacy Practices (NPP).

• Training staff on HIPAA privacy requirements. 

You have the right to access, amend, and request restrictions on their information. Individuals also have the right to an accounting of disclosures and to choose how they receive communications containing PHI. You also have the right to file complaints with the company or the HHS Office for Civil Rights. 

1.7  California Consumer Privacy Act of 2018 (CCPA). 

You have the right under the California Consumer Privacy Act of 2018 (CCPA) and certain other privacy and data protection laws, as applicable, to opt-out of the disclosure of your personal information. If you exercise your right to opt-out of the disclosure of your personal information, we will refrain from disclosing your personal information, unless you subsequently provide express authorization for the disclosure of your personal information. To opt-out of the disclosure of your personal information, visit this Web page healcycle.com/privacy.  

These rights under the CCPA include the 

•  Right to Deletion - Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:

·            Delete your personal information from our records; and

·            Direct any service providers to delete your personal information from their records.

Please note that we may not be able to comply with requests to delete your personal information if it is necessary to:

·            Complete the transaction for which the personal information was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us;

·           Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;

·        Debug to identify and repair errors that impair existing intended functionality;

·            Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law;

·            Comply with the California Electronic Communications Privacy Act;

·          Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent;

·         Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us;

·            Comply with an existing legal obligation; or

·            Otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information.

1.8  Your Rights under the EU GDPR - and GDPR Compliance 

INTERNATIONAL DATA TRANSFERS

All personal information processed by us may be used, transferred, processed, and stored anywhere in the wording, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of applicable laws. These countries may or may not have adequate data protection laws as identified by the data protection authority in your country. 

If we transfer personal information from the European Economic Area, Switzerland, and/or the United Kingdom to a country that does not provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

For more information about the safeguards we use for international transfers of your personal information, please see the “Contact Us” section. 

RETENTION OF PERSONAL INFORMATION

We store the personal information we collect as described in this Privacy Notice for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. 

Right to Be informed

·      The right to know or be notified about the collection and use of your personal information

 Right to Access

·      The right to be provided with a copy of your personal information

Right to Rectification

·       The right to require us to correct any mistakes in your personal information

 Right to be Forgotten

·  The right to require us to delete your personal information – in certain situations

Right to Restriction of Processing

·    The right to require us to restrict processing of your personal information – in certain circumstances, e.g., if you contest the accuracy of the data

 Right to Data Portability

·  The right to receive the personal information you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party – in certain situations

 Right to object

·    The right to object

At any time to your personal information being processed for direct marketing (including profiling)

In certain other situations to our continued processing of your personal information, e.g., processing carried out for the purpose of our legitimate interests

Right Not to be Subject to Automated individual Decision-Making

·  The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

 For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the EU General Data Protection Regulation. 

Further, a data protection officer with the Company will maintain and protect your data per our privacy policies, and the Company will maintain its standard contractual obligations and its Data Processing Addendum. 

SUPPLEMENTAL NOTICE FOR EU/UK GDPR

This Supplemental Notice for EU/UK GDPR only applies to our processing of personal information that is subject to the EU or UK General Data Protection Regulation.

In some cases, providing personal information may be a requirement under applicable law, a contractual requirement, or a requirement necessary to enter into a contract. If you choose not to provide personal information in cases where it is required, we will inform you of the consequences at the time of your refusal to provide the personal information.

HealCycle’s processing of your personal information may be supported by one or more of the following lawful bases:

Privacy Notice SectionLawful Basis: Performance of a Contract (i.e., to provide the Services to you)Lawful Basis: Legitimate InterestLawful Basis: ConsentLawful Basis: For Compliance with Legal ObligationsSection 3A: Provide the Services✔✔✔✔Section 3B: Administrative Purposes ✔✔✔✔Section 3C: Marketing✔✔Section 3D: With Your Consent or Direction✔✔✔

         IF, WITHIN THE FRAMEWORK OF A CONSIDERATION OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE ON THE GROUNDS THAT ARISE FROM YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING REASONS WORTHY OF PROTECTION FOR PROCESSING WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS. IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA WHICH ARE USED FOR DIRECT MARKETING PURPOSES. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

2. What We Do with the Information

1. In addition to the uses of your personal data we describe elsewhere in this Privacy Policy, we gather information to understand your needs and provide you with a better experience in relation to your usage of the App, and to do the following

1. Enable your access and use of the App;

2. To manage your account to give you access to the various functionalities of the App;

3. To manage your requests;

4. Internal record keeping;

5. To improve our products and services;

6. To periodically send promotional notifications about new products, special offers or other information which we think you may find interesting. HealCycle or its representatives may reach out to you using the phone number and/or email address provided by you.

7. From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail. We may also use this information to customize the App according to your interests.

8. To perform internal operations such as troubleshooting, data analysis, testing, research, statistical, internal training, and quality management purposes aimed at improving the App, such analysis is aggregated and does not pertain to any specific user; and

9. To enforce our App policies.  

10. Further, we implement data encryption steps. We have standard encryption of all user data in transit and at rest on our servers, and the added option of end to end encryption. 

11. You can access or delete your health data or withdraw consent to our processing of your health data, subject to certain exceptions. To delete your health data, you can hit the ‘delete’ button within your profile. You can also request to exercise any of these rights by emailing support@healcycle.com.

12. If we deny your request to exercise one of those rights, you may appeal that decision by emailing support@healcycle.com. If your appeal is unsuccessful, you may be able to raise a concern or lodge a complaint with the Attorney General in your state.

3. Your Rights and Your Personal Data

We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal data.

1. The Right to Confirmation and Access to Information: At any point, you can contact us to request (a) confirmations on whether your personal data is being processed by us; and (b) brief summaries of your personal data processed or being processed by us. You may also request us for further information on the matters covered in the Privacy Policy. Once we have received your request, we will respond within one month. There are no fees or charges for the first request but additional requests for the same data may be subject to an administrative fee.

2. The Right to Correction, Withdrawal of Consent, and Erasure of Information: With regard to the personal data you have provided us, you have the right to correct inaccurate or misleading personal data, complete any incomplete personal data, and update the personal data. You may also request for the withdrawal of your consent for processing of your personal data as well as erasure of such personal data in a manner that is prescribed under law. We will take reasonable steps to notify all relevant persons to whom we have disclosed your personal data about any corrections, completion, or updates made to your personal data, as the case may be. If we do not agree to correct, complete or update your information, we will provide you with an adequate written justification for the same.  

3. The Right to Grievance Redressal: You have the right to a readily available means of grievance redressal. We have appointed a grievance officer to cater to any grievances, complaints, or queries raised by you in the course of the processing of your personal data by us. We have provided the officer’s name and contact details under Clause 9 of this Privacy Policy.

4. The Right to Nominate: You have the right to nominate an individual to exercise these rights in the event of any incapacity.

4. How Long Do We Keep Your Personal Data?

1. We retain your data/information for as long as is necessary to provide you with our services and access to the App; thereafter, we may retain your data/information to comply with our legal obligations, resolve disputes and enforce our agreements, and protect our legal rights, subject in each case to limitations under applicable law.

5. How We Share Your Personal Data

1. We store and share your data and information in accordance with the overall terms of this Policy. In certain instances, we may share your personal data and information with our associated entities, affiliates and third-party vendors, for the furtherance of providing you with an optimal experience in your usage of the App, and other associated purposes, who may store or process your data and information in jurisdictions other than India. These may include, third-party distributors, dealers, vendors, and service providers engaged by HealCycle as well as group entities of HealCycle, as the case may be. However, this is only done as per the permissible circumstances specified under applicable Indian data protection laws. Further, HealCycle will not disclose or share your personal data or information for any purpose other than those identified in this Policy, except with your consent.

2. We may share your data/information with various third parties who assist us in providing you with access to the App, and other associated purposes, including the following: 

1. Service providers, such as information technology service providers, Artificial Intelligence tool, etc. whose services may form a part of or may be necessary for the provision and functioning of the App; 

2. Cloud storage providers to store the data/information you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you;

3. Analytics and search engine providers that assist us in the optimisation and improvement of the App.

3. We may share your data/information with law enforcement agencies, public authorities, or other organisations if legally required to do so or if such use is reasonably necessary to:

1. Comply with any applicable law, legal obligation, process, or request from government or judicial authorities;

2. Enforce our App policies, including investigation of any potential violation thereof;

3. Detect, prevent, or otherwise address security, fraud, or technical issues; or

4. Protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law.  

6. Security and Protection of your Personal Data

1. We use industry standard and legally mandated reasonable security safeguards to keep your personal data and information secure. These measures include periodic reviews of our data collection practices, storage and processing practices, cyber security measures such as encryption, and physical security measures to guard against unauthorised access to systems where we store your personal data. We have a comprehensive information security program and information security policies that contain managerial, technical, operational and physical security control measures adequate for the protection of personal data. Where applicable, our web hosts and any third parties managing and processing your personal data and information are compliant with IS/ISO/IEC27001 or an equivalent in standards of Security Techniques and Information Security Management System Requirements.

7. Personal Data of Children

1. The App is not intended or directed at anyone under the age of 18, and we do not knowingly collect or solicit any information from anyone under the age of 18. Upon learning that we have collected personal data from anyone under the age of 18, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under age 18, please contact our grievance officer in the manner provided in Clause 9 below. 

8. Links To Other Websites

1. Our App may contain links to third-party websites or services of interest. However, once you have used these links to leave our App, you should note that we do not have any control over such other third-party website or service. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and carefully review the privacy policy applicable to such third-party website or service.

2. Cookies

3. In order to make your visit to our App attractive and to enable the use of certain functions, we use “cookies” on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (“session cookies”). Other cookies remain on your terminal and enable us or our partner companies (“third-party cookies”) to recognize your browser on your next visit (“persistent cookies”). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.

4.  If personal data are also processed by individual cookies set by us, the processing is carried out for (1) the execution of the contract or (2) to safeguard our legitimate interests in the best possible functionality of the App and a User-friendly and effective design of the page visit. We work together with advertising partners who help us to make our App more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our App (“third-party cookies”). You will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following sections.

5.  Please note that you can set your browser in such a way that you are informed about the setting of cookies and you can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

6. You will find these for the respective browsers under the following links:

7.  Internet Explorer https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

8.  Firefox https://www.mozilla.org/en-US/privacy/Platforms/#cookies

9.  Chrome https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en 

10. Safari https://support.apple.com/en-gb/guide/safari/manage-cookies-and-Platform-data-sfri11471/mac

11. Opera: http://help.opera.com/Windows/10.20/en/cookies.html

12.  Please note that the functionality of our App may be limited if cookies are not accepted.

9. Governing Law and Dispute Resolution

This Privacy Policy will be governed and construed in accordance with the laws of India, without regard to its ‘conflict of laws’ provisions. The competent courts in New Delhi shall have exclusive jurisdiction on all matters arising under this Privacy Policy. 

10. How to Contact Us

If you have any questions, about this Privacy Policy, or any concerns, requests, or grievances about the processing of your personal data by us or wish to exercise your rights, you may contact our grievance officer whose details are provided below: 

Name: Manish Grover

E-Mail Address: contact@healcycle.com

HEALCYCLE’S PRIVACY PRINICPLES

At HealCycle, Inc. (d/b/a HealCycle) (“HealCycle”, “we”, “us”, and “our”), we believe [______________________].

We know privacy and security are important to you and that you are trusting us with intimate health information such as information about your body, menstrual cycle, birth control usage, and state of mind. We are committed to making HealCycle the best platform to understand and optimize your health based on your hormone cycle. We will continue to be transparent about our privacy and security practices as we grow alongside our membership. As such, please carefully review our Privacy Principles and Privacy Notice below. We take your privacy seriously and want you to understand how we use, collect, share or otherwise process your personal information, including your health information.

Please not that we may de-identify, aggregate, or anonymize your health information in such a way that it no longer identifies you. We may use and share this type of information for purposes we think will benefit our users, such as for research, to understand trends and habits, or to provide you with customized advice and offers. You can find more detailed information about ways in which we use, collect, and share personal information below. If you are interested in further details, please review our full Privacy Policy below.

At HealCycle, we process your personal information according to our four core Privacy Principles:

1.     HEALCYCLE MEMBERS CONTROL THEIR PERSONAL INFORMATION

We believe you should be in control of your personal information. Consistent with this belief and our Privacy Notice:

·      We will delete your personal information upon your written request (unless we are legally prohibited from doing so), including if requested when cancelling your membership.

We will provide you with access to your personal information upon your written request, including if requested when cancelling your membership. 

·      We will NOT share your health information with others unless it is necessary to run and improve our services or in a way that combines data from many users to offer helpful content and recommendations. For example, we may work with trusted brands to suggest products like [________________________]. We will not share your individual health information with these brands.

·      We will limit the sharing of your personal information, including your health information, to the extent possible. For instance, we will only share your personal information with law enforcement if we are legally required to do it, but we will first exhaust all legal remedies available to fight law enforcement requests regarding your personal information before responding to them. 

2.     HEALCYCLE DOES NOT PROFIT FROM YOUR INDIVIDUAL HEALTH INFORMATION

Our business model is to provide highly valuable product experiences and services to our members in exchange for membership fees. We do not sell your identifiable health information to advertising platforms or data brokers. Our priority is protecting your privacy while delivering the best possible experience. This is our promise. 

3.     HEALCYCLE PROTECTS YOUR PERSONAL INFORMATION

We believe your personal information and health information should be protected from unauthorized access to the fullest extent possible. We continually evaluate our privacy and security practices to ensure that we treat your personal information and health information in compliance with applicable privacy laws and protect it against foreseeable security risks. To that end, we have implemented security measures to protect your personal information in line with the highest industry standards, including encrypting your personal information at rest on our hosted servers, limiting access to and sharing of your personal information, and working with outside privacy and security experts to assess the security of our tech, data storage and privacy and security practices and to implement their recommendations. 

4.     HEALCYCLE MAY SHARE AGGREGATED OR DE-IDENTIFIED HEALTH INFORMATION TO CREATE BETTER EXPERIENCES FOR OUR MEMBERS

We may de-identify, aggregate, or anonymize your personal information, including your health information, in such a way that it no longer identifies you. We may use and share this type of information for purposes we think will benefit our users – for example to conduct research, identify trends, or suggest relevant products for hormone health. 

We believe we have a responsibility to continuously improve your experience by identifying and sharing cutting edge insights with you. We will always look to provide new content and product features, to improve and customize our services, and to develop thought leadership in the area of hormone health without identifying you.

For more details on how we collect, use and share your personal and health information, please review our full Privacy Notice below.