Cookie policy

Preamble

This Cookie Policy is issued by HealAssist Healthtech Private Limited ("HealAssist," "we," "us," "our," or "the Platform"), with registered office at Innov8 UCP, 9th Floor, Tower D, Unitech Cyber Park, Sector 39, Gurugram, Haryana, 122001, India.

This Cookie Policy explains how HealAssist uses cookies, web beacons, pixels, tags, and similar tracking technologies (collectively "Cookies" or "Tracking Technologies") on the HealAssist website, mobile applications, and all related digital properties and services (the "Platform").

This Cookie Policy is supplementary to the Privacy Policy and Terms of Use. By accessing or using the Platform, you accept the terms of this Cookie Policy.

This Cookie Policy is issued in compliance with:

• The Information Technology Act, 2000 and Rules thereunder;
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
• The Digital Personal Data Protection Act, 2023;
• The European Union General Data Protection Regulation (GDPR) 2018 (for users accessing from EU jurisdictions);
• Best practices and standards for cookie usage.

1. What are cookies and tracking technologies?

1.1 Definition of cookies

A cookie is a small text file or data element downloaded and stored on your device when you access the Platform. Cookies contain information about your browsing activities, preferences, login credentials, and other interaction data.

1.2 Types of tracking technologies

Beyond cookies, HealAssist also uses:

• a) Web beacons: small transparent images or pixels that track engagement;
• b) Pixels: small image tags used to track user behavior and conversions;
• c) Tags: code snippets that track user actions and events;
• d) Local storage: browser-based storage similar to cookies with larger capacity;
• e) Session storage: temporary data storage during a session;
• f) Mobile advertising IDs: IDFA (iOS), Android Advertising ID;
• g) Cross-device tracking across phone, tablet, and computer;
• h) Flash cookies (LSOs): Local Shared Objects for storing data.

1.3 Purpose of cookies and tracking technologies

• a) Essential platform functions and session management;
• b) Analytics and performance measurement;
• c) Personalization of preferences and settings;
• d) Marketing, advertising, and measuring effectiveness;
• e) Fraud prevention and malicious behavior detection;
• f) User tracking across journeys and engagement patterns;
• g) Cross-domain tracking across HealAssist and partner websites;
• h) Research and analytics;
• i) Business intelligence and strategic planning.

2. Implied consent model and default cookie acceptance

2.1 Implied consent by default

2.2 Acceptance without action

You acknowledge that your access to the Platform constitutes automatic acceptance of this Cookie Policy, that you do not need to take any action for Cookies to be deployed, and that all Cookies (including non-essential) are deployed by default.

2.3 Legal basis for implied consent

Under Indian law (IT Act 2000, DPDP Act 2023), implied consent through continued use of the Platform is a legally valid basis for cookie deployment. Indian law does not mandate explicit, affirmative cookie consent. This Cookie Policy is incorporated into the Terms of Use and Privacy Policy.

2.4 For GDPR compliance (EU users)

For users accessing from European Union jurisdictions, non-essential Cookies may require explicit opt-in consent under GDPR. EU users may manage cookie preferences by contacting care@healassist.in. HealAssist relies on legitimate interests as the legal basis for certain Cookies alongside explicit consent. Essential Cookies are deployed for all users without consent.

2.5 Enforcement of implied consent

By using the Platform, you accept the use of Cookies as described, waive any requirement for explicit consent banners or popups, agree HealAssist is authorized to deploy Cookies by default, and release HealAssist from any related liability.

3. Types of cookies used by HealAssist

3.1 Essential / functional cookies

These are strictly necessary and cannot be disabled. They enable session management, authentication, security and fraud prevention, load balancing, error handling, core platform functionality, CSRF protection, and content delivery optimization.

3.2 Analytics and performance cookies

Cookies that track how users interact with the Platform — including Google Analytics (GA4), session recording (if implemented), performance monitoring, user flow analysis, event tracking, device and browser tracking, geographic tracking, traffic source tracking, and conversion tracking.

3.3 Preference and personalization cookies

Language preference, theme preference, accessibility settings, search filters, location preference, hospital preferences, display settings, and user customization.

3.4 Marketing and advertising cookies

Retargeting and remarketing, Facebook Pixel, Google Ads / Google Tag Manager, LinkedIn Pixel (if applicable), other ad networks, email tracking pixels, affiliate and referral tracking, UTM parameters, advertising ID synchronization, behavioral targeting, and cross-domain advertising.

3.5 Third-party service cookies

Payment gateway (future), CRM system, live chat, CDN services, A/B testing tools, email marketing platforms (Mailchimp, HubSpot), social media integration, analytics partners, video hosting, map services, and other third-party integrations.

3.6 Cross-domain tracking cookies

Tracking across all HealAssist domains, partner websites, and cross-device tracking. User ID mapping enables persistent cross-device and cross-domain tracking. Advertising platform synchronization unifies tracking across Facebook, Google, LinkedIn.

3.7 Mobile app cookies and identifiers

Mobile apps primarily use identifiers: iOS (IDFA, ATT framework), Android (Google Advertising ID, Google Play Services), mobile analytics (Firebase, Crashlytics), in-app events, push notification tracking, app installation tracking, and mobile advertising.

3.8 Hospital partner tracking cookies

Hospital website pixels, referral tracking, conversion tracking, hospital analytics integration, and potential hospital CRM integration.

4. Cookie duration and retention

4.1 Session cookies

Session cookies are deleted when you close your browser or log out. Typical session duration is 2 hours of inactivity. Session cookies are automatically deleted on browser close, inactivity timeout, logout, or session expiry.

4.2 Persistent cookies

Persistent cookies remain on your device for extended periods: Google Analytics up to 2+ years, essential cookies until browser cache is cleared, preference cookies 1 year from last activity, marketing cookies 13 months to 2+ years, advertising cookies up to 2+ years or longer. HealAssist may retain cookie data for the longest possible period to enable historical analysis.

4.3 Storage locations

• a) Device storage: browser cache and local storage;
• b) Cloud servers: HealAssist servers on Microsoft Azure (India region);
• c) Third-party servers: Google, Facebook, etc. per their policies;
• d) Backup systems in compliance with data retention policies;
• e) Archival systems for long-term retention.

4.4 Cookie deletion and cleanup

Session cookies are automatically deleted. Users can delete persistent cookies via browser settings. HealAssist does not honor "Do Not Track" signals; cookies are deployed regardless of DNT settings. Server-side cookie data requires a deletion request via email.

5. Data collection and sharing

5.1 Data collected via cookies

Personal information (name, email, contact, age, location, insurance), device information, behavioral data, location data, event data, session information, referral information, conversion data, technical data, email engagement, advertising response, cross-device data, and health/insurance information.

5.2 Data sharing with third parties

HealAssist shares cookie-collected data with Google Inc., Facebook Inc., Google Ads, LinkedIn Corporation, email marketing platforms, advertising networks, analytics partners, CDN providers, A/B testing platforms, live chat providers, CRM systems, hospital partners, service providers, affiliates and subsidiaries, successors, and legal or government authorities as required.

5.3 Cross-platform data integration

Data collected through Cookies is integrated with account data, third-party advertising data, behavioral profiles, predictive analytics, and hospital data.

6. User consent and control options

6.1 Consent status

By using the Platform, you provide implied consent to all Cookies described. HealAssist does not require explicit cookie consent via banner or popup. All Cookies are deployed automatically upon Platform access.

6.2 Withdrawal of consent

Users who wish to withdraw consent for non-essential Cookies may submit a written request to care@healassist.in with subject line "Cookie consent withdrawal." Requests are processed within 15 business days. Essential cookies cannot be disabled.

6.3 Browser-level controls

Users may manage Cookies through browser settings. Disabling cookies may impair Platform functions. HealAssist does not control browser-level settings.

6.4 Do Not Track (DNT) signals

HealAssist does not honor "Do Not Track" browser signals. Cookies are deployed regardless of DNT settings.

6.5 Third-party cookie controls

For third-party cookies, users may opt out of Google Analytics at tools.google.com/dlpage/gaoptout and manage Facebook advertising preferences in account settings. HealAssist cannot guarantee third-party opt-out effectiveness.

6.6 GDPR user rights (EU users)

EU users may request cookie preference management by contacting care@healassist.in, withdraw consent for non-essential Cookies, request access, deletion, or data portability, and lodge complaints with their Data Protection Authority.

7. Cookie retention and data storage

7.1 Data retention periods

Google Analytics data retained for 2+ years or longer; behavioral and event data retained indefinitely for business intelligence; personal data linked to cookies retained for account duration and beyond; marketing cookies retained 13 months to 2+ years; preference cookies 1 year from last activity; advertising data retained per provider policies.

7.2 Data storage locations

Primary storage in Microsoft Azure (India region), backup storage in India and potentially abroad, third-party storage per Google/Facebook/LinkedIn policies, and archival storage for historical data.

7.3 Data retention upon account deletion

Even if you delete your HealAssist account, cookie data may be retained indefinitely. Submit a separate request to care@healassist.in for cookie data deletion. Requests are processed within 30 days. Data already shared with third parties is not deleted by HealAssist.

7.4 Backup and archival

Backups maintained for disaster recovery. Backup copies are not deleted when primary data is deleted; historical data maintained in long-term archives.

8. Security and data protection

8.1 Security measures

SSL/TLS encryption, secure flags on sensitive cookies, HttpOnly on authentication cookies, SameSite attributes to prevent CSRF, access controls, regular security audits, penetration testing, incident response procedures, and vendor security requirements.

8.2 Limitations on security

No system is completely immune to security risks. Unauthorized access may occur. Data stored with third parties is subject to their security measures. Users are responsible for protecting their devices and login credentials.

8.3 Data breach notification

HealAssist will notify affected users where legally required and comply with applicable data protection laws. HealAssist's liability is limited per the Terms of Use.

9. Special tracking implementations

9.1 Cross-domain tracking implementation

Sophisticated tracking across all HealAssist domains, subdomains, and partner domains; user ID synchronization; pixel implementation on partner sites; referral link tracking; and analytics platform syncing.

9.2 Behavioral profiling

Detailed behavioral profiles built from browsing behavior, behavioral scoring, preference inference, predictive modeling using machine learning, audience segmentation, and personalized targeting.

9.3 Mobile app tracking integration

App-to-web tracking, device ID linking, unified profiles combining app and web data, cross-platform attribution, and mobile advertising ID integration.

9.4 Email and SMS integration

Email tracking pixels, link click tracking, email engagement profiles linked to cookie profiles, SMS tracking if applicable, and suppression lists.

10. Compliance with laws

10.1 Indian law compliance

This Cookie Policy complies with the Information Technology Act, 2000, IT Rules 2011, Digital Personal Data Protection Act, 2023, IT Act Section 43A, and IT Act Section 72.

10.2 GDPR compliance for EU users

For users from the European Union, GDPR applies. HealAssist relies on explicit consent, legitimate interests, and contractual necessity. EU users have rights to access, correction, erasure, data portability, and objection. GDPR inquiries can be directed to care@healassist.in.

10.3 Other jurisdictions

For users in other jurisdictions, this policy complies with applicable local laws to the extent feasible.

11. Modifications to cookie policy

11.1 Right to modify

HealAssist reserves the right to modify this Cookie Policy at any time to reflect changes in cookie practices, add new technologies, update retention periods, modify data sharing practices, and ensure legal compliance.

11.2 Notification of changes

Material changes communicated via website notice, email notification to registered users, and in-app messages in mobile applications.

11.3 Acceptance of changes

Continued use of the Platform after policy updates constitutes acceptance of the modified policy.

12. Definitions

• Cookies: Small text files or data elements stored on user devices containing information about browsing activities and preferences.
• Tracking technologies: Technologies including cookies, web beacons, pixels, tags, local storage, and similar mechanisms.
• First-party cookies: Cookies set directly by HealAssist on user devices.
• Third-party cookies: Cookies set by external service providers (Google, Facebook, etc.).
• Session cookies: Cookies deleted when the browser is closed or session expires.
• Persistent cookies: Cookies that remain on the device for extended periods.
• User: Any person accessing or using the HealAssist Platform.
• Platform: HealAssist website, mobile applications, and all digital properties.
• Implied consent: Consent inferred from continued use of the Platform.
• Cross-domain tracking: Tracking user behavior across multiple domains.
• Behavioral profile: Comprehensive profile of user preferences, interests, and behaviors.

13. Contact and disputes

For questions, concerns, or disputes regarding this Cookie Policy:

For cookie data deletion or withdrawal of consent, email care@healassist.in with subject line "Cookie data deletion request." Processing timeline: 15–30 business days.

14. Governing law and jurisdiction

This Cookie Policy is governed by the laws of India and subject to the exclusive jurisdiction of courts in Gurugram, Haryana, India.

15. Acknowledgment

By accessing and using the HealAssist Platform, you acknowledge that you have read this Cookie Policy, accept the use of Cookies as described, provide implied consent to cookie deployment, understand that cookies may collect personal and behavioral data, accept that your data is shared with third-party platforms, and release HealAssist from liability related to cookie deployment.