Our Privacy Commitment
At PRISM, your privacy is not just a legal obligation — it's a core principle. Your health data belongs to you, and you have complete control over who can access it. We are committed to transparency in how we handle your information.
1. Information We Collect
1.1 Personal Information
When you create an account or use PRISM services, we may collect:
- Name, email address, and contact information
- Date of birth, gender, and demographic information
- National health identifiers (e.g., ABHA ID in India) when linked
- Profile and account preferences
1.2 Health Information
To provide our health management services, we collect:
- Vital signs (blood pressure, heart rate, SpO2, glucose levels, weight, height)
- Medical conditions and diagnoses (coded in ICD-10/ICD-11)
- Medications (recorded using pharmacopeia and WHO Drug Dictionary standards)
- Laboratory test results (coded in LOINC)
- Health diary entries and notes
- Risk assessment scores and calculations
1.3 Device and Usage Information
We automatically collect certain technical information:
- Device type, operating system, and app version
- Data from connected wearables and health devices
- App usage patterns and feature interactions
- IP address and general location (country/region level)
2. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Calculate and display personalised health risk scores | Your consent / Contract performance |
| Enable consultations with healthcare providers | Your consent / Contract performance |
| Sync data with connected devices and apps | Your consent |
| Send health alerts and reminders | Your consent / Legitimate interest |
| Improve our services and algorithms | Legitimate interest (anonymised data only) |
| Comply with legal and regulatory requirements | Legal obligation |
3. Your Consent Controls
PRISM provides granular consent management that puts you in control:
- Provider Access: Choose exactly which healthcare providers can view your data
- Data Categories: Control access to specific data types (vitals, medications, conditions, lab results) separately
- Instant Withdrawal: Revoke any consent at any time with immediate effect
- Audit Trail: View a complete log of who has accessed your data and when
- Research Participation: Opt in or out of anonymised data use for research
Your Rights Under GDPR and Similar Laws
You have the right to: access your data, correct inaccuracies, delete your data, restrict processing, data portability, object to processing, and withdraw consent. Exercise these rights anytime through the app or by contacting us.
4. Data Sharing
4.1 With Your Healthcare Providers
We share your health data with doctors, clinics, and hospitals only when you have explicitly granted consent. You can view and manage all active consents in the app.
4.2 With Third-Party Services
When you choose to integrate with external services:
- Apple Health / Google Fit — syncs data you select
- Laboratory systems — for test ordering and results
- National health ID systems — for identity verification
4.3 We Never Sell Your Data
PRISM does not sell, rent, or trade your personal health information to third parties for marketing or commercial purposes. Ever.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide services. You may request deletion of your account and associated data at any time. Some data may be retained longer if required by healthcare regulations or legal obligations.
6. International Data Transfers
PRISM operates with data locality compliance, meaning your data is stored in servers within your country or region where possible. When international transfers are necessary, we ensure appropriate safeguards including Standard Contractual Clauses and adequacy decisions.
7. Children's Privacy
PRISM services are intended for users 18 years and older. For minors, a parent or guardian must create and manage the account. We do not knowingly collect data from children without parental consent.
8. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. Continued use after changes constitutes acceptance.
Contact Our Privacy Team
If you have questions about this Privacy Policy or wish to exercise your data rights:
Email: privacy@prismhealth.io
Data Protection Officer: dpo@prismhealth.io
Address: PRISM Health Technologies, [Address]