1 Information We Collect

We collect information necessary to provide care coordination and facility management services. The types of information we collect depend on your role (Staff, Administrator, or Guardian/Family member).

A. Account and Identity Information

• Full name, email address, mobile phone number
• Role and designation within your facility
• Profile photograph (optional)
• Password (stored in encrypted form — we never see your plain-text password)

B. Resident Personal Information (collected by Guardians)

• Full name, date of birth, gender, religion, occupation, educational qualification
• Permanent and current address details
• Government-issued identity documents: PAN Card number, Aadhar Card number, Passport number, Voter ID number
• Emergency contact information
• Allergies, daily habits, personal preferences

C. Health and Medical Information

• Vital signs (blood pressure, pulse, temperature, oxygen saturation, blood sugar, weight) — entered manually by care staff or collected automatically from a paired wearable device
• Prescriptions and medication schedules
• Medical orders and pharmacy records
• Diagnostic notes and clinical observations
• Health assessment records including chronic illness history, mental health declarations, ADL support needs, and dedicated care requirements
• Hygiene care logs
• Fluid intake and output logs
• Healthcare appointment records

G. Wearable Device Health Data

Where a resident’s wearable device (e.g. Apple Watch, Samsung Galaxy Watch, Fitbit, Garmin) is paired to the app by an authorised staff member, the following health data is read automatically from the device via the phone’s health platform (Apple HealthKit on iOS, Google Health Connect on Android) and synced to our servers:

• Heart rate
• Blood oxygen saturation (SpO₂)
• Blood pressure (systolic and diastolic)
• Body temperature
• Respiratory rate
• Step count

This sync occurs automatically in the background approximately every 15 minutes once a device is paired. The app reads data only — it does not write any data back to HealthKit or Health Connect. The wearable’s device identifier and device name are also stored to maintain the pairing record.

D. Incident and Care Event Records

• Medical incidents (description, action taken, staff involved)
• Fall incident reports (location, injuries, first aid administered)
• Safeguarding (abuse) incident reports (description, handling records)
• Caregiver handover logs (shift notes, observations)
• Nurse round records

E. Operational Information

• Grocery order records
• Maintenance and repair task records
• Tiffin (meal delivery) assignment and collection records
• Voice log transcripts (caregiver audio recordings transcribed to text)
• Room scan logs via QR code

F. Device and Technical Information

• Device push notification token (FCM token for Android, APNs token for iOS) — used to deliver care alerts and reminders
• Device operating system and app version
• App usage logs for error diagnosis

2 How We Use Your Information

We do not use your information for advertising, behavioural profiling, or sell it to any third party.

3 Sensitive Health Information

This includes:

• Physical and mental health information
• Prescription and medication history
• Medical assessments and diagnostic records
• Government-issued identity document numbers

Sensitive health data is collected only with the explicit consent of the account holder (Guardian) on behalf of the resident. It is used exclusively for providing care management services within the facility and is not shared outside the authorised facility team except as required by law.

4 Biometric Data

The app offers an optional biometric sign-in feature (Face ID, Touch ID, or Fingerprint) to allow faster access for returning users.

How it works

• Your login credentials (email and password) are encrypted and stored in the device’s secure hardware keychain (iOS Secure Enclave or Android Keystore) protected by your biometric lock.
• Biometric data itself (fingerprint images, face geometry) is never accessed, stored, or transmitted by our app or servers. The authentication is handled entirely by the device operating system.
• We only receive a success/failure signal from the device OS after biometric verification.

Your control

• Biometric sign-in is opt-in and can be skipped at any time.
• You can disable biometric access by changing your device biometric settings or reinstalling the app.

5 Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

Within your facility

Authorised staff members and administrators of your facility can access resident and care records as permitted by their role-based access level configured by your facility administrator.

Guardians and co-guardians

Resident information is visible to the registered guardian and any co-guardians they have explicitly invited.

Service providers

• Firebase (Google): Used for push notification delivery. FCM tokens are sent to Firebase infrastructure. Google’s Privacy Policy applies to this processing.
• Apple HealthKit / Google Health Connect: Used to read wearable health vitals from a resident’s paired device. Read-only. Subject to Apple’s and Google’s respective privacy policies.
• Hosting providers: Our backend servers are hosted on secure cloud infrastructure. Hosting providers may process data as data processors under our instructions.

Legal requirements

We may disclose information if required by applicable law, court order, government authority, or to protect the rights, safety, and security of users or the public.

6 Data Retention

Retention of data in this platform is governed by three independent drivers, not simply by whether an account is active. An account being inactive or deactivated does not automatically erase the data associated with it.

1. The physical service contract — Resident admission records, health assessments, and guardian-submitted information are retained for the full duration of the service contract and beyond, as they form part of the formal admission file.
2. Statutory healthcare documentation requirements — Indian healthcare practice standards and legal compliance obligations require certain care records to be retained for defined periods regardless of account status.
3. Institutional data governance — Care logs entered by staff are facility records. Their retention is determined by the facility’s operational and legal needs, not by the individual staff member’s account status.

Retention periods by data type

After the applicable retention period expires, data is securely deleted or irreversibly anonymised. Where data is subject to active legal proceedings, regulatory enquiry, or dispute, retention may be extended until resolution.

7 Data Security

We take security seriously given the sensitive nature of the data we process. Our measures include:

• Encryption in transit: All data transmitted between the app and our servers uses TLS (HTTPS).
• Encryption at rest: Sensitive data stored on our servers is encrypted.
• Authentication: JWT-based token authentication with role-based access controls.
• Biometric credential storage: Login credentials stored using the device’s hardware-backed secure keychain.
• Access controls: Facility administrators control which staff members can access which features via granular permission settings.
• Session management: Tokens are invalidated on logout and push notification listeners are cleaned up.

While we implement robust security measures, no system is completely immune to security risks. We encourage users to use strong passwords and keep their devices updated.

8 Your Rights and Choices

Under the Digital Personal Data Protection Act, 2023 (India), you have the following rights. However, as described below, how these rights apply differs significantly between Staff and Guardian users because the data is generated and held in the context of a formal service contract and statutory healthcare obligations — not a standalone consumer relationship.

• Right to access: Request a summary of the personal data held on your account profile. Note that care records belong to the facility and are subject to facility data governance policies.
• Right to correction: Request correction of inaccurate profile information (name, email, mobile). Correction of care records entered by staff is governed by the facility’s internal audit and amendment procedures.
• Right to erasure: Limited by contractual obligations, statutory retention requirements, and the ongoing nature of the service agreement (see Section 9).
• Right to withdraw consent for optional features: Biometric sign-in can be disabled in device settings. Push notifications can be turned off in app settings. Wearable pairing can be removed by an authorised staff member.
• Right to grievance redressal: Lodge a complaint with our Grievance Officer at sales@gnextsolutions.in or with the Data Protection Board of India.

To exercise any of these rights, contact us at sales@gnextsolutions.in. We will respond within 30 days.

9 Account Access, Deactivation, and Data Retention

The Assisted Living app is a digital platform for a regulated care service that involves physical contracts, statutory healthcare obligations, and institutional data governance. For this reason, account deletion and data erasure work differently from a typical consumer app.

Staff and Employee Accounts

Staff accounts are created, managed, and deactivated by the Facility Administrator. Individual staff members do not hold an independent right to delete their own accounts or the care records they have entered, because:

• Care records entered by staff are institutional records belonging to the facility, not personal data owned by the employee.
• Historical entries — vital logs, incident reports, medication administration records — are part of the resident’s permanent care file and must be preserved for audit, compliance, and continuity of care.
• Account access is removed by the Facility Administrator when a staff member’s employment ends. The administrator contacts sales@gnextsolutions.in to deactivate accounts.

Guardian Accounts and Resident Data

When a Guardian registers and enrols a resident, this action is linked to a formal, signed physical service contract between the Guardian and the facility. The digital app is the operational interface to that contract. Consequently:

• While the service contract is active: Resident personal data, health records, and care documentation cannot be deleted, as they are essential to fulfilling the contractual care obligations and maintaining clinical continuity. Deletion during an active contract would also violate the facility’s duty-of-care obligations.
• After the service contract ends (discharge or exit): Guardian account access may be removed. Resident care records are retained for the statutory period applicable to healthcare documentation in India before being securely deleted or anonymised.
• Government ID numbers (PAN, Aadhar, Passport, Voter ID) submitted during enrolment form part of the signed admission record and are retained for the duration of the contractual relationship plus 90 days.

Requesting Profile Data Correction or Account Closure

For corrections to your personal profile, or to initiate account closure after a service contract has ended, contact:

sales@gnextsolutions.in — Subject line: “Account / Data Request”

Biometric Credentials

Biometric login credentials are stored only on your device’s secure hardware keychain and are outside our control. You can remove them by:

• Disabling biometrics in device settings
• Uninstalling the app

Push Notification Tokens

FCM device tokens are deleted from our servers immediately upon logout. If your account is deactivated by an administrator, all associated notification tokens are also removed.

10 Push Notifications

The app uses Firebase Cloud Messaging (FCM) to deliver care reminders, medication alerts, and operational notifications.

• Push notifications are initialised only after you have logged in and the app has permission to send notifications.
• On Android 13+ and iOS, you will be prompted to grant notification permission. You may deny this permission — the app will continue to function but you will not receive push alerts.
• Your FCM device token is stored on our server and deleted when you log out or request account deletion.
• You can manage notification preferences in your device settings at any time.

11 Device Permissions

All permissions are requested at the time of use with a clear explanation. You may revoke any permission in your device Settings at any time. Revoking HealthKit or Health Connect permission will stop automatic wearable sync; previously synced records are not deleted.

12 Children’s Privacy

The Assisted Living app is intended for use by adults only — specifically healthcare staff, facility administrators, and family guardians of elderly residents. The app is not designed for, or directed at, children under the age of 18.

We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor has registered an account, please contact us immediately at sales@gnextsolutions.in and we will delete the account.

13 International Data Transfers

Our primary servers are located in India. If data is processed outside India (for example, via Firebase/Google’s global infrastructure for push notifications), such transfers are governed by appropriate data transfer agreements in compliance with the DPDPA 2023 and applicable international data protection standards.

14 Legal Basis for Processing (India)

We process your personal data under the following legal bases as defined by the Digital Personal Data Protection Act, 2023 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011:

• Consent: You provide consent when you register an account, accept these terms, and provide health-related information about residents.
• Contractual necessity: Processing necessary to fulfil the service agreement between your facility and GNEXT Solutions.
• Legal obligation: Processing required by applicable law, including healthcare documentation requirements.
• Legitimate interests: App security monitoring, fraud prevention, and service improvement — balanced against your privacy rights.

15 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Update the “Last updated” date at the top of this policy
• Send a push notification or in-app banner informing active users
• Where required by law, seek fresh consent

Continued use of the app after the effective date of any changes constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

16 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: