Privacy Policy

Effective Date: May 25, 2026

Last Updated: May 25, 2026

This Privacy Policy (“Policy”) explains how Intelligence First Private Limited (“Company”, “we”, “us”, or “our”) collects, uses, stores, shares, discloses, and otherwise processes personal data when you access or use our website, mobile application, software, dashboards, AI tools, and related services (collectively, the “Platform” or “Services”).

This Policy should be read together with our Terms of Use. By accessing or using the Platform, creating an account, submitting information, or clicking any consent mechanism such as “I Agree,” you acknowledge that you have read and understood this Policy and consent to the collection and processing of your personal data in accordance with this Policy and applicable law. If you do not agree, you must not use the Platform or Services.

If you use the Platform on behalf of another person or entity, you represent that you are duly authorized to accept this Policy and provide the necessary consents on their behalf.

1. SCOPE AND APPLICABILITY

This Policy is published in compliance with applicable Indian laws, including, where relevant:

• the Digital Personal Data Protection Act, 2023 (“DPDP Act”)

• the Information Technology Act, 2000

• the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, to the extent applicable

• other applicable laws, rules, and regulations relating to privacy, data protection, and information technology in India

This Policy applies to personal data we process in our capacity as a data fiduciary / body corporate, including data relating to:

• users who browse, register, or use the Platform

• end users who book health diagnostic tests, receive reports, purchase subscriptions, or otherwise use health-related services provided by us

• individuals who communicate with us by phone, email, chat, forms, surveys, or support channels

• business partners or representatives who interact with us in connection with the Services

2. DEFINITIONS

For the purposes of this Policy:

“User, You or Your” means any individual or entity who accesses, browses, registers on, or otherwise uses the Platform, including end users and business partners.

“End User” means a natural person who uses the Services, including for booking health diagnostic appointments, obtaining reports, purchasing packages or subscriptions, or availing ancillary services.

“Personal Data” means any data about an individual who is identifiable by or in relation to such data, and includes “personal information” or “sensitive personal data or information” to the extent recognized under applicable law i.e., the DPDP Act

“Sensitive Personal Data / Health Data” has the meaning assigned under applicable law, including Rule 3 of the IT (Reasonable Security Practices) Rules, 2011 and the DPDP Act. In the context of the Platform, this includes health records, medical history, blood biomarker results, physiological information, passwords, financial information processed in connection with payments, and other data of a sensitive nature.

“Data Principal” shall have the same meaning as provided under the DPDP Act.

“Data Processor” shall have the same meaning as provided under the DPDP Act.

“Diagnostic Partners/Service Providers” includes hospitals/labs, medical practitioners, clinics, diagnostic centres, spas, fitness centres, or similar entities listed on the Platform from whom Users may choose to obtain services.

“Content” All text, graphics, algorithms, reports, dashboards, data outputs, and materials available on the Platform.

“Services” Any digital functionality made available through the Platform including wellness analytics, diagnostic facilitation, lifestyle guidance and information. reports, subscriptions, educational content, AI insights, or partner services.

“Third Parties” means any person, organization, or application that is not the User or the Company. This includes external vendors such as payment processing partners.

“Platform” refers to the digital infrastructure developed or operated by the Company — including the website, mobile app/interface, or related domain, software systems, analytics engines, dashboards, algorithms — through which Users can access Services.

3. NATURE OF THE PLATFORM

The Platform is a technology-enabled, digital health, preventive wellness, and AI-assisted insights platform. It may offer services including diagnostic facilitation, wellness dashboards, AI-based informational outputs, biomarker insights, subscriptions, support tools, and related features.

The Platform is not a hospital, clinic, emergency service, or diagnostic laboratory. All informational outputs are intended for informational and wellness-support purposes only and do not constitute medical advice. Users are advised to contact a registered medical practitioner before making health related decisions basis the information received through the Platform.

4. CATEGORIES OF DATA WE COLLECT

Depending on how you use the Platform, we may collect the following categories of information:

4.1 Identity and Contact Data

• name

• age or date of birth

• gender

• email address

• mobile number

• postal address

• user ID or account identifiers

4.2 Account and Login Data

• username/login credentials

• OTP / PIN-based authentication information

• account preferences and settings

4.3 Health and Wellness Data

• self-reported lifestyle, wellness, and health information

• uploaded medical records, diagnostic reports, scans, and supporting documents

• biomarker data and test results received from partner laboratories or uploaded by you

• data synced from wearables or integrations, if enabled by you and in case provided as a service by our platform

• wellness scores, health insights, and AI-generated outputs based on your inputs

4.4 Transaction and Payment Data

• billing information

• order history

• subscription history

• payment references

• partial payment instrument details processed via payment gateways

We do not store full card numbers, CVV, or similar highly sensitive payment credentials; such information is typically processed and handled by registered and compliant third-party payment service providers.

4.5 Device, Technical, and Usage Data

• IP address

• browser type

• device identifiers

• operating system

• app crash data

• access timestamps

• pages viewed and actions performed

• referring URL

• ISP or network-related information

• cookie or SDK-related identifiers

4.6 Communications and Support Data

• emails, chats, and support tickets

• call recordings, where lawful and disclosed

• appointment coordination records

• feedback, surveys, reviews, and complaints

4.7 Third-Party and Provider Data

We may receive personal data relating to you from:

• diagnostic laboratories

• healthcare providers

• logistics or sample collection partners

• payment processors

• customer support tools

• authorized integrations or business partners

4.8 Publicly Available Data

We may collect or use information lawfully available in the public domain as permitted by applicable law.

5. HOW WE COLLECT DATA

5.1 We may collect information:

• directly from you when you register, book services, upload reports, make payments, fill forms, or contact support

• from service providers and partners involved in delivering Services to you

• through surveys, campaigns, contests, or user research, where you choose to participate

Some users may have limited access to certain parts of the Platform without creating an account. However, full access to features and benefits may require registration and submission of personal data.

5.2 We may automatically collect certain information when you access or use the Platform through cookies, log files, software development kits (SDKs), analytics tools, device identifiers, pixels, tags, and other similar technologies.

Such information may include, without limitation, your device information, browser type, operating system, IP address, app version, device identifiers, pages or screens viewed, features used, access times, referring URLs, crash logs, performance data, approximate location derived from IP address, and other usage or diagnostic information.

We use such information for lawful and legitimate purposes, including to:

(a) operate, maintain, secure, and improve the Platform;

(b) authenticate users and prevent fraud, misuse, or unauthorized access;

(c) remember user preferences and improve user experience;

(d) monitor platform performance, errors, and technical issues;

(e) conduct analytics and understand usage patterns; and

(f) comply with applicable legal, regulatory, security, and audit requirements.

Where required under applicable law, we shall obtain your consent before using non-essential cookies, analytics tools, SDKs, or similar technologies. You may disable or manage cookies through your browser or device settings; however, disabling certain cookies or technologies may affect the functionality, security, or performance of the Platform.

By continuing to use the Platform, and where applicable by providing your consent through the cookie banner, app permissions, or platform settings, you acknowledge the collection and use of such information in accordance with this Privacy Policy.

6. PURPOSES OF PROCESSING

We may process your data for the following purposes:

6.1 To Provide and Operate Services

• create and manage your account

• facilitate bookings, subscriptions, and service delivery

• coordinate diagnostic services, reports, and logistics

• provide wellness dashboards, reports, and AI-assisted outputs

• maintain and administer the Platform

6.2 To Personalize Your Experience

• tailor insights and content to your profile and preferences

• improve usability and functionality

• deliver customized wellness prompts or informational outputs

6.3 To Process Payments

• process transactions

• facilitate refunds, reversals, or billing adjustments

• detect fraudulent or unauthorized payment activity

6.4 To Communicate With You

• send service-related updates

• provide appointment reminders

• respond to support requests

• collect feedback

• notify you of important policy, product, regulatory, or account changes

• contact you if you begin but do not complete a transaction

By verifying your contact details and using the Platform, you consent to receive transactional and service-related communications through calls, SMS, email, app notifications, WhatsApp, or similar channels, even if your number is registered on DND / NCPR lists, to the extent permitted by law.

6.5 To Improve and Develop Services

• analyze usage patterns

• debug support issues

• perform internal audits and quality checks

• test and improve product features

• conduct analytics, research, and product development

6.6 For Research, Analytics, and Business Intelligence

We may use anonymized, de-identified, or aggregated data for:

• internal research

• statistical analysis

• business intelligence

• model training and evaluation

• product and algorithm improvement

• investor, sponsor, or strategic reporting in non-identifiable form

6.7 For Legal and Compliance Purposes

• comply with legal, tax, audit, and regulatory requirements

• detect and prevent fraud, abuse, or security incidents

• protect our rights, users, partners, and the public

• on directions of any court of law, Government Regulators and/or Law Enforcement Agencies.

7. LAWFUL BASIS AND CONSENT

Where required by law, we rely on one or more of the following grounds:

• your consent

• performance of a contract or steps requested by you before entering a contract

• compliance with legal obligations

• legitimate uses permitted by law, including fraud prevention, information security, service support, and related purposes

By using the Platform and voluntarily providing data, you expressly consent to the collection, storage, use, disclosure, and other processing of your personal data and health-related data in accordance with this Policy.

You may withdraw consent at any time by contacting us on info@me100.in, but withdrawal may affect our ability to provide some or all Services.

8. HEALTH DATA CONSENT

Because the Platform may involve health-related and wellness-related information, you expressly acknowledge and consent that we may process data such as:

• diagnostic reports

• biomarker information

• medical history provided by you

• physiological, lifestyle, and wellness information

• device or wearable data linked by you

You represent that you are authorized to provide such information and that it is accurate to the best of your knowledge.

Furthermore, the Platform may facilitate the booking, coordination, and management of diagnostic testing services through independent third-party laboratories (“Diagnostic Partners”).

By using the Platform, you expressly acknowledge and consent that:

• Diagnostic test reports shall be generated and issued by the Diagnostic Partner and shared directly with the Company for the limited purpose of processing, analysis, and generation of health insights;

• The Company may analyze such reports and associated data to provide health-related insights, analytics, or summaries to you through the Platform; and

• The diagnostic report and any related outputs shall be made available to you only through the Company’s Platform, in accordance with its policies and applicable law.

9. AI-Enabled Features and Automated Processing

9.1 Certain functionalities of the Platform may incorporate artificial intelligence, machine learning algorithms, statistical methods, or other forms of automated processing to generate wellness scores, summaries, recommendations, and similar informational outputs.

By accessing or using such features, you acknowledge and agree that:

• the outputs generated are influenced by and dependent upon the information and data provided by you
• such outputs may be incomplete, inaccurate, or subject to limitations inherent in automated systems
• the outputs are provided solely for informational and general wellness purposes and do not constitute medical advice, diagnosis, or treatment
• your interactions with AI-driven features may be processed, including in anonymized or de-identified form, for the purposes of improving the Platform, enhancing algorithm performance, and refining user experience.

9.2 Non-Reliance on AI-Generated Outputs

You expressly acknowledge and agree that any outputs, insights, scores, recommendations, summaries, or other information generated by the Platform, including through artificial intelligence or automated systems (“AI Outputs”), are provided solely for general informational and wellness-support purposes.

You agree that:

• AI Outputs do not constitute medical advice, diagnosis, treatment, or clinical opinion of any kind
• AI Outputs are not a substitute for consultation with a qualified and registered medical practitioner
• no reliance should be placed on AI Outputs for making medical, diagnostic, or treatment decisions
• the Company does not guarantee the accuracy, completeness, reliability, or suitability of any AI Outputs

You further acknowledge that any decisions or actions taken based on AI Outputs are undertaken at your sole discretion and risk.

To the fullest extent permitted under applicable law, the Company disclaims all liability arising from:

• reliance on AI Outputs
• interpretation or use of such outputs
• any health, medical, financial, or other outcomes resulting from such reliance

10. DATA ANONYMIZATION, AGGREGATION, AND AI TRAINING RIGHTS

We may transform personal data into anonymized, de-identified, or aggregated datasets that do not directly or indirectly identify you, to the extent reasonably practicable.

Such anonymized or aggregated data may be used for:

• analytics

• research

• product development

• service enhancement

• artificial intelligence and machine learning training, testing, validation, and improvement

The Company exclusively owns all rights, title, and interest in such anonymized, de-identified, or aggregated datasets, and in all models, analyses, outputs, and derivative works created from or using such data, provided that such data does not identify you.

All such datasets, AI systems, models, outputs, reports, and derived works form part of the Company’s intellectual property. Except for the limited right to use the Platform as expressly permitted under the Terms of Use, you shall have no ownership or proprietary rights in or to the same.

11. DATA SHARING AND DISCLOSURE

We do not sell your personal data. We may share anonymised or aggregated data that does not identify you, as described in this Policy.

11.1 With Diagnostic and Healthcare-Related Partners

We may share relevant personal and health data with laboratories, healthcare providers, sample collection partners, logistics providers, and related service partners in order to facilitate the Services.

11.2 With Service Providers and Vendors

We may engage vendors for:

• cloud hosting

• storage

• payment processing

• SMS / email delivery

• analytics

• customer support

• security

• communications infrastructure

These parties are contractually required to process data only for authorized purposes and with appropriate safeguards.

11.3 With Payment Partners

Financial and billing data may be shared with banks, financial institutions, payment processors, gateways, wallet providers, or other relevant entities to complete authorized transactions.

11.4 With Affiliates and Group Entities

We may share data with affiliates or group entities for internal administration, shared infrastructure, support, integrated services, analytics, compliance, and lawful business purposes.

11.5 Business Transfers

Your data may be disclosed or transferred in connection with:

• mergers

• acquisitions

• restructuring

• investment transactions

• financing

• sale of assets or business units

Any successor entity may continue to use the data in a manner consistent with this Policy and applicable law.

11.6 Legal and Regulatory Disclosure

We may disclose personal data where required by law or where necessary to:

• comply with legal process

• respond to government or regulatory requests

• protect our rights or those of others

• prevent fraud or harm

• enforce our Terms

11.7 Research and Commercial Use of Non-Identifiable Data

We may share anonymized, de-identified, or aggregated data with research institutions, partners, advertisers, sponsors, investors, or strategic collaborators, provided such data does not identify you.

11.8 Cross Border Data Transfer

Your personal data may be transferred to, stored in, or processed in jurisdictions outside India by our service providers. Such transfers shall be made in compliance with applicable restrictions under the DPDP Act and any rules notified thereunder. We shall ensure that appropriate contractual and technical safeguards are in place to protect your data in accordance with applicable law.

12. ACCOUNT MANAGEMENT, CORRECTION, AND DELETION

You are responsible for ensuring that the personal data and other information provided by you on the Platform is accurate, current, complete, and not misleading.

You may request correction, completion, updating, or deletion of your personal data by using the available account settings on the Platform or by contacting us at info@me100.in. Our data retention practices are further described in Clause 14 of this Privacy Policy.

For any request relating to deletion, correction, completion, or updating of personal data, you must clearly identify the specific data in respect of which the request is being made. We may require reasonable verification of your identity and request before processing such request.

We shall process lawful and verifiable requests in accordance with applicable law and within a reasonable period, subject to technical feasibility, verification requirements, and any legal, regulatory, contractual, tax, audit, fraud prevention, dispute resolution, medical record, compliance, or other lawful retention obligations.

We may decline, defer, or limit any request for correction, updating, or deletion where retention or continued processing of such data is permitted or required under applicable law, or where such data is necessary for legal claims, regulatory compliance, fraud prevention, security, audit, dispute resolution, enforcement of our terms, or protection of our legitimate rights and interests.

In case of account closure or deletion request:

(a) certain personal data may continue to be retained for lawful purposes, including legal, regulatory, tax, audit, fraud prevention, dispute resolution, security, and compliance purposes;

(b) anonymised, aggregated, or de-identified data that does not identify you may continue to be used for analytics, research, product improvement, statistical, business, and service development purposes;

(c) withdrawal of consent, deletion of personal data, or closure of your account may limit, suspend, or terminate your ability to access or use certain Services, including historical reports, health records, analysis, insights, recommendations, or other Platform features.

Where deletion is not immediately possible due to legal, technical, operational, or compliance reasons, we may restrict further active processing of such data to the extent reasonably practicable, except where continued processing is required or permitted under applicable law.

13. USER RIGHTS UNDER THE DPDP ACT

Subject to applicable law, you may have the right to access a summary of your personal data being processed, request correction, completion, or updating of inaccurate data, request erasure of personal data, where legally permissible, withdraw consent, grievance redressal, nominate another person to exercise rights on your behalf in case of death or incapacity, when such framework becomes applicable.

We may need to verify your identity before acting on such requests.

14. DATA RETENTION

14.1 General Principle

We retain Personal Data only for as long as is reasonably necessary to fulfil the specific purpose for which it was collected or processed, in accordance with applicable law, including the DPDP Act and any rules notified thereunder.

14.2 Purposes of Retention

Personal data may be retained for one or more of the following purposes:

• (a) providing and improving our Services;

• (b) maintaining and administering user accounts;

• (c) processing payments, invoicing, and complying with applicable tax and financial regulations;

• (d) providing customer support and resolving disputes;

• (e) complying with legal, regulatory, and audit obligations;

• (f) detecting, preventing, and investigating fraud or other unlawful activity; and

• (g) establishing, exercising, or defending legal claims.

14.3 Retention Periods

We typically apply the following retention periods to categories of personal data:

Category of Data	Retention Period
Account data (name, contact details, preferences)	For the duration of the active account, plus 90 days following account closure or deactivation, unless a longer period is required by law
Payment and billing data	7 years from the date of the relevant transaction, or such longer period as may be required under applicable tax, financial, or other legislation
Health reports, biomarker data, and other sensitive personal data	For the duration of the active account and the provision of related Services, plus a maximum of 3 years thereafter for compliance, audit, or legal purposes, unless a longer period is mandated by law
System logs and analytics data	12 months from the date of generation, following which such data shall be irreversibly anonymised or securely deleted
Customer support records	2 years from the date of resolution of the relevant query or complaint

Where a specific retention period is mandated by any applicable law, rule, regulation, or order of a competent authority, the longer of the prescribed period or the period stated above shall apply.

14.4 Review and Deletion

We shall periodically review retained personal data to determine whether its continued retention is necessary for the purposes stated in Clause 15.2. Where personal data is no longer required for any such purpose and no legal obligation mandates its continued retention, we shall:

• (a) securely and irreversibly delete such personal data; or

• (b) irreversibly anonymise such personal data such that it can no longer be attributed to a Data Principal,

within a reasonable timeframe, and in any event no later than 90 days following the determination that such data is no longer required.

14.5 Rights of the Data Principal

• (a) Right to Erasure: A Data Principal may request the erasure of their personal data by contacting us at info@me100.in . Upon receiving a valid request, we shall erase the relevant personal data within a reasonable period, not exceeding 30 days, unless continued retention is required or permitted under any applicable law.

• (b) Withdrawal of Consent: Where processing is based on consent, a Data Principal may withdraw such consent at any time. Upon withdrawal of consent, we shall cease processing and erase the relevant personal data within 30 days, unless retention is required to comply with a legal obligation or for the establishment, exercise, or defence of legal claims.

15. SECURITY AND CONFIDENTIALITY

We implement reasonable and industry-aligned managerial, technical, operational, and physical safeguards designed to protect personal data against unauthorized access, misuse, disclosure, alteration, destruction, or accidental loss.

These safeguards may include encryption in transit and at rest, role-based access controls, secure infrastructure and servers, monitoring, logging, and incident response systems, confidentiality obligations for employees and processors, and security reviews and vulnerability management.

Access to personal data is restricted on a need-to-know basis.

While the Company implements robust security practices in line with industry standards, you acknowledge and agree that no digital platform, system, or network can be guaranteed to be completely secure or immune from cyber risks. It is hereby clarified that the Company shall not be liable for losses arising from security incidents to the extent that such incidents are caused by circumstances beyond its reasonable control, provided the Company has implemented and maintained reasonable security safeguards in accordance with applicable law.

Accordingly, to the fullest extent permitted under applicable law:

• the Company shall not be liable for any unauthorized access, data breach, loss, alteration, disclosure, or misuse of data resulting from cyber-attacks, hacking, malware, ransomware, phishing, denial-of-service attacks, or other malicious activities beyond the Company’s reasonable control

• the Company shall not be responsible for any compromise of data arising from vulnerabilities or failures in third-party systems, including but not limited to cloud service providers, internet service providers, payment gateways, diagnostic partners, or other external infrastructure

• the Company shall not be liable for any loss or damage resulting from unauthorized access caused by your failure to secure your devices, credentials, passwords, or authentication mechanisms

• the Company shall not be responsible for interruptions, delays, or failures in the availability or performance of the Platform caused by technical failures, cyber incidents, infrastructure outages, or force majeure events

• you agree that use of the Platform involves inherent risks associated with internet-based services and that you assume such risks to the extent permitted by law

You further agree to promptly notify the Company of any suspected or actual security incident, unauthorized access, or breach involving your account or data.

Nothing in this clause shall limit any obligations imposed on the Company under applicable law with respect to reasonable security practices or breach notification requirements.

16. DATA BREACH RESPONSE

If we become aware of a personal data breach, we will take reasonable steps to contain and investigate the incident, assess the nature and severity of the breach, mitigate risks where feasible, and notify affected individuals and/or regulators where required by applicable law.

Where feasible and legally required, breach notifications may include a description of the incident, categories of data affected, mitigation measures, and contact details for further information.

17. THIRD-PARTY WEBSITES AND SERVICES

The Platform may contain links or integrations to third-party websites, applications, or services that are not owned or controlled by the Company. The Company does not exercise any control over, and shall not be responsible for, the content, security, or privacy practices of such third-party platforms.

Any access to or use of such third-party services is undertaken at your sole discretion and risk and shall be governed by the respective terms and privacy policies of those third parties.

18. COMMUNICATION RECORDS, SURVEYS, AND FEEDBACK

We may keep records of support emails, chats, telephone calls, appointment-related communications, survey responses, complaints and service feedback.

Such records may be used for service administration, quality assurance, training, analytics, customer support, fraud detection, and product improvement.

Do note that participation in surveys or contests is optional unless specifically required for a particular service flow.

19. CHILDREN’S PRIVACY

The Platform is not intended for persons under 18 years of age unless specifically permitted with appropriate parental or guardian authorization under applicable law.

If we become aware that we have collected personal data from a minor without appropriate authorization, we may take steps to delete such data and disable the relevant account.

Parents and guardians are encouraged to monitor minors’ online activities.

20. NO-SPAM COMMITMENT

We maintain a no-spam approach and do not intend to sell or rent your personal data to unrelated third parties for their independent marketing without lawful basis or consent.

21. POLICY CHANGES

The Company reserves the right to update or modify this Policy from time to time. Any revised version will be made available on the Platform with an updated effective date.

You are encouraged to review this Policy periodically to stay informed of any changes. Your continued use of the Platform after such updates become effective shall constitute your acceptance of the revised Policy. Your continued use after non-material amendments shall constitute acceptance.

If you do not agree with any modifications, you must discontinue use of the Platform and may request closure of your account.

In case the Company is notified as or becomes a Significant Data Fiduciary under the DPDP Act it shall comply with additional obligations including conducting Data Protection Impact Assessments, appointing a Data Protection Officer and independent data auditor, and undertaking periodic audits, in accordance with the rules notified thereunder.

22. CONTACT, GRIEVANCE, AND DATA PROTECTION OFFICER

For questions, concerns, account deletion requests, or grievances, you may contact:

Intelligence First Private Limited

A-37 Mayapuri Industrial Area

Phase-II, New Delhi – 110064

India

Privacy / Support Email: info@me100.in

Grievance Officer / Data Protection Officer: Mr. Arsalan Mubasshir

We will endeavour to acknowledge and address your concerns within the timelines required under applicable law.

23. CONSENT TO THIS POLICY

You acknowledge that this Privacy Policy forms an integral part of the Terms of Use of the Platform, and that your access to or use of the Platform signifies your acceptance of this Policy and your consent to the collection, use, disclosure, processing, storage, and retention of your personal data in the manner described herein.

In the event of any conflict between this Privacy Policy and the Terms of Service regarding the processing or protection of personal data, the provisions of this Privacy Policy shall prevail to the extent of such conflict, unless the Terms of Service provide a higher standard of protection

This Privacy Policy, including its interpretation, validity, enforcement, breach, or termination, shall be subject to and resolved in accordance with the governing law, dispute resolution mechanism, and jurisdiction provisions that are set forth in the Terms of Service, which are hereby incorporated by reference. This includes any grievance, claim, dispute, or controversy that arises out of or relates to this Privacy Policy.