Privacy Policy

Last updated: May 2026

    Dhruv is an emergency identity platform. We handle sensitive health data. We take privacy seriously and comply with India's Digital Personal Data Protection (DPDP) Act 2023.
  

1. Who We Are

Dhruv is operated by [Company Name], registered in India. We provide emergency identity cards that help bystanders and medical responders access critical health information during emergencies.

2. What Data We Collect

Personal: Name, age, gender, phone number, photo
Medical: Blood group, allergies, medical conditions, surgery history
Insurance: Company name, policy number, TPA, coverage type
Emergency contacts: Names, phone numbers, relationship
Vehicle: Vehicle number, type
Location: GPS coordinates captured only during emergency triggers
Usage: Scan logs, emergency trigger timestamps, incident IDs

3. Why We Collect It

To display your medical profile when your card is scanned in an emergency
To notify your emergency contacts during an emergency
To facilitate hospital pre-alerts and insurance pre-intimation (with your consent)
To provide you a dashboard to manage your profile

4. Emergency Data Sharing — Your Consent

We share your medical data with third parties (hospitals, ambulance services, insurance TPAs) ONLY when:

You have explicitly checked the Emergency Data Sharing Consent checkbox during activation
An emergency is triggered by scanning your QR code or tapping your NFC card

    Principle of Data Minimization: We share only what each party needs.

    Family → Full medical alert + GPS

    Hospital → Blood group, allergies, conditions, insurance details

    Ambulance → Blood group, allergies, GPS location only

    Insurance TPA → Name, policy number, incident ID only

5. Data Storage

All data is stored on MongoDB Atlas (cloud database) with encryption at rest
Servers are hosted on Render.com (US-based)
We do not store your data on local servers
Location data is stored only in scan logs for audit purposes

6. Your Rights (DPDP Act 2023)

Right to access — view all your data from your dashboard
Right to correction — edit your profile anytime from your dashboard
Right to erasure — request deletion by emailing support@dhruv.in
Right to withdraw consent — uncheck emergency consent from your profile anytime
Right to grievance — contact our Data Protection Officer at support@dhruv.in

7. Data Retention

We retain your data for as long as your card is active. If you deactivate your card and request deletion, we delete all personal data within 30 days. Scan logs are retained for 1 year for audit purposes then automatically deleted.

8. Third Parties

We use the following third-party services:

Twilio — WhatsApp and SMS delivery (subject to Twilio's privacy policy)
MongoDB Atlas — Database storage
Render.com — Hosting
Razorpay — Payment processing (does not receive medical data)

We do not sell your data to any third party. We do not use your data for advertising.

9. Cookies

We use session cookies for login only. We do not use tracking cookies or advertising cookies.

10. Children

Our service is not directed at children under 18. For children's cards under the Elite family plan, a parent or guardian must complete activation and provide consent on the child's behalf.

11. Changes to This Policy

We may update this policy. We will notify registered users of material changes via WhatsApp/SMS.

12. Contact

Data Protection Officer: support@dhruv.in
Address: [Company Address], Vijayawada, Andhra Pradesh