Resonate Health

Legal

Privacy Policy

Last updated May 2026. This policy explains how Resonate Health collects, uses, discloses, and safeguards information across the platform, applications, and LeanRx.

RESONATE HEALTH

Privacy Policy

Last updated: May 2026

Welcome to Resonate Health (“Resonate Health,” “we,” “us,” or “our”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, applications, and programs including LeanRx.

By using Resonate Health, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please do not use our services.

1. Information We Collect

1.1 Personal information you provide

When you register and use Resonate Health, we collect:

  • Account information: name, email address, phone number, date of birth
  • Profile information: health goals, dietary preferences, allergies, intolerances
  • Medical history: existing conditions, medications, previous treatments
  • Program-specific information: GLP-1 medication name and dosage (LeanRx only), body composition goals

1.2 Health data

With your permission, we collect health data from:

Wearable devices & health apps (Apple HealthKit / Health Connect)

  • Steps, distance, heart rate, resting heart rate, heart rate variability (HRV)
  • Sleep duration, active energy and calories burned
  • Weight, height, body fat percentage, BMI
  • Blood glucose, blood pressure, oxygen saturation

Body composition scans (BCA)

  • Fat mass, lean mass, muscle mass, visceral fat level
  • Scan date, scan location, scan device

Lab reports

  • When you upload lab reports (PDF from Thyrocare, Dr. Lal PathLabs, or any other provider), we extract: test names, values, reference ranges, and dates

1.3 Usage data

We automatically collect:

  • App usage analytics and feature interactions
  • Chat and consultation history
  • Device information (type, OS version)
  • Error logs and crash reports

2. How We Use Your Information

2.1 Core services

We use your information to:

  • Provide personalised health insights and care coordination
  • Power AI-assisted features including blood work interpretation and meal analysis
  • Track and display your health metrics over time
  • Enable your care team (doctor, nutritionist, fitness expert, coach) to coordinate from a shared record
  • Send health alerts, appointment reminders, and program updates

2.2 AI-powered features

IMPORTANT: Third-Party AI Service Disclosure

Resonate Health uses OpenAI’s GPT models and Google’s Gemini models to power AI features. When you use AI-powered features, certain data is sent to these providers’ servers for processing.

3. Third-Party AI Data Sharing

3.1 AI providers and data sent

Feature

Data sent

Provider

Blood work interpretation

Lab report content, test names, values, reference ranges

OpenAI / Gemini

Meal analysis

Nutrition logs, dietary preferences, health conditions

OpenAI / Gemini

Health summaries

Health profile, body composition trends, biomarker summaries

OpenAI / Gemini

Care team notes

Anonymised trend summaries for professional review

OpenAI / Gemini

3.2 How AI providers handle your data

  • OpenAI and Google do not use data submitted via API to train their models
  • Data is transmitted via encrypted connections (TLS 1.3)
  • OpenAI retains API data for up to 30 days for abuse monitoring, then deletes it
  • Google retains API data per their data processing terms

3.3 Your consent

You will be asked to provide explicit consent before AI features are activated. You can accept, decline, or withdraw consent at any time in Settings > Privacy > AI Data Sharing.

4. Other Third-Party Services

Service

Purpose

Data shared

Railway (hosting)

Platform infrastructure

All platform data, encrypted at rest

PostgreSQL / TimescaleDB

Health data storage

All health records, encrypted

Thyrocare / Dr. Lal PathLabs

Lab processing

Name, contact info, test orders

Razorpay

Payment processing

Name, email, transaction amount (not card data)

WhatsApp Business

Care team communication

Messages and files shared in program

5. Data Security & Retention

5.1 Security

  • Data encrypted in transit using TLS 1.3
  • Data encrypted at rest using AES-256
  • Access to health records is role-based — only your assigned care team members can view your record
  • AI processing logs are deleted after 90 days

5.2 Retention

  • Your data is retained while your account is active
  • You may request deletion of your data at any time (see Section 6)
  • Certain data may be retained longer where required by Indian law or medical record-keeping regulations

6. Your Rights and Choices

Depending on your location and applicable law, you have the following rights:

  • Right to be informed: how your data is collected and used (this policy provides that)
  • Right of access: request a copy of the data we hold about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of your data, subject to legal obligations
  • Right to restrict processing: request that we limit how we process your data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to withdraw consent: including consent for AI data processing, at any time
  • Right not to be subject to automated decision-making without human review

Exercising your rights

Email: privacy@resonatehealth.in

We will respond to verified requests within applicable legal timeframes.

7. Region-Specific Rights

7.1 India (DPDPA / SPDI Rules)

If you are located in India, you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Erase your personal data
  • Withdraw consent for data processing at any time
  • Nominate a representative to exercise these rights on your behalf

Contact our Data Protection Officer: dpo@resonatehealth.in

7.2 EU / UK (GDPR)

If you are located in the EEA or United Kingdom, you are entitled to all rights listed in Section 6, and you have the right to lodge a complaint with your local data protection authority.

8. Children’s Privacy

Resonate Health is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at privacy@resonatehealth.in and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and notify you via email or in-app notification for material changes. Continued use of Resonate Health after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

For questions regarding this policy:

  • Email: privacy@resonatehealth.in
  • Support: support@resonatehealth.in
  • Website: https://resonatehealth.in/privacy

Resonate Health, Delhi NCR, India.