Privacy Policy

Mirivo Health — A product of Mirivo Health, India

At Mirivo Health, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal and health data when you use the Mirivo Health mobile application ("App"). By using the App, you consent to the practices described in this policy.

1. Data We Collect

1.1 Account Information

Data Type	Details
Identity	Name, phone number, email address
Demographics	Gender, birth year
Physical profile	Height, starting weight

1.2 Health and Medication Data

Data Type	Details
Medication	Medication type (e.g., Ozempic, Mounjaro), current dose, injection sites, dose timestamps
Weight logs	Weight entries with timestamps
Side effects	Reported side effects with severity scores (1-5 scale)
Mood and wellness	Mood ratings, energy levels, craving intensity
Meal logs	Food items, estimated calories, macronutrients (protein, carbs, fat, fiber), meal timestamps

1.3 Body Scan Data

Data Type	Details
Body photos	Front and side photos captured via camera for body composition analysis
Body measurements	AI-estimated measurements including body fat percentage, muscle mass, and other body composition metrics (these are approximate estimates, not clinical-grade measurements)

1.4 Communication Data

Data Type	Details
Chat messages	Messages sent to the AI health assistant and Care Team chat
Voice input	Speech-to-text input used for Smart Log and other voice features (processed on-device via expo-speech-recognition; raw audio is not transmitted to our servers)

2. How We Use Your Data

We use your data for the following purposes:

Personalized health insights: Your health data is analyzed to provide tailored daily recommendations, medication phase guidance, and side effect predictions.
AI-generated recommendations: Your logged data (meals, weight, side effects, mood, medication) is used as context for AI models to generate personalized health suggestions and priorities.
Body composition analysis: Your body photos are processed by AI vision models to estimate body measurements and track progress over time.
Nutrition analysis: Meal descriptions and photos are analyzed to estimate nutritional content.
Care Team communication: Your messages and relevant health context are shared with your assigned care team members to facilitate health coaching.
Escalation alerts: Automated pattern detection on your logged data to flag potential concerns for your care team.
Service improvement: Aggregated, anonymized data may be used to improve the App's algorithms and features.

3. Third-Party Data Sharing

3.1 Service Providers

We share your data with the following third-party services that are essential to the App's operation:

Service	Data Shared	Purpose
Firebase (Google)	Authentication tokens, phone number or email	User authentication and account management
Groq	Chat messages, health context (medication, side effects, nutrition data, mood), body photos	Primary AI processing for chat responses, recommendations, insights, and body scan analysis
OpenAI	Chat messages, health context, body photos	Fallback AI processing when the primary service is unavailable
Mixpanel	Anonymized usage events, feature engagement, session data, onboarding funnel metrics	Product analytics to understand how members use the App and improve the experience
Sentry	Error and crash reports, device information, request context (anonymized)	Error monitoring and crash reporting to maintain App stability

3.3 Cross-Border Data Transfer

Some of the third-party services listed above (Groq, OpenAI, Mixpanel, Sentry) are based in the United States. By using the App, you consent to the transfer of your data outside India to these service providers for the purposes described above. We ensure that such transfers are protected by appropriate contractual safeguards and that these providers maintain industry-standard security practices in accordance with the Digital Personal Data Protection Act, 2023.

3.2 What We Do NOT Do

We do not sell your data to advertisers or any third parties for marketing purposes.
We do not share your identifiable health data with third parties for their independent use.
We do not use your data for targeted advertising.

4. Device Permissions

4.1 Camera

The App requests camera access for the body scan feature. Body photos you capture are uploaded to our servers and transmitted to external AI vision APIs (Groq or OpenAI) for body composition analysis. Photos are stored in our database to enable progress tracking over time.

4.2 Microphone

The App requests microphone access for the voice input feature (Smart Log and other voice-enabled interactions). Speech-to-text conversion is processed on-device using expo-speech-recognition. Raw audio recordings are not transmitted to our servers or any third party. Only the resulting text transcription is sent to our servers for processing.

5. Data Storage and Security

Server-side: Your data is stored in MongoDB databases with access controls. All data transmission between the App and our servers uses HTTPS/TLS encryption.
Authentication: We use Firebase Authentication with secure token-based verification. Authentication tokens are refreshed automatically and validated on every API request.
Local storage: Authentication tokens are stored in SecureStore (encrypted device keychain). App preferences and non-sensitive cached data are stored in AsyncStorage.
Access controls: API access is protected by user-specific rate limiting and authentication middleware. Your data is accessible only to your account and your assigned care team members.

6. Data Retention

Active account: Your data is retained for as long as your account is active and you continue to use the App.
Deleted account: Upon account deletion, all your personal data will be permanently purged from our systems within 30 days. This includes all health logs, body photos, chat messages, and profile information.
Cached AI data: AI-generated recommendations are cached with time-to-live (TTL) policies (daily recommendations: 24 hours; insights: 3 days) and are automatically purged after expiry.

7. Your Rights — Data Deletion

You have the right to request deletion of your personal data at any time. You can exercise this right by:

Using the account deletion option in the Profile screen within the App
Sending an email to help@mirivohealth.com with the subject line "Data Deletion Request"

We will process your deletion request and remove all your personal data within 30 days of receiving a valid request.

8. Children's Privacy

The App is not intended for users under 18 years of age. GLP-1 receptor agonist medications are prescription-only and their use requires adult supervision by a licensed healthcare provider. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will promptly delete that data.

9. Cookies and Local Storage

The App does not use browser cookies. Local data storage on your device includes:

AsyncStorage: Used to store user preferences, cached dashboard data, and non-sensitive app state. This data remains on your device and is not transmitted except as part of normal App operation.
SecureStore: Used to securely store authentication tokens in your device's encrypted keychain. These tokens are used to authenticate your API requests.

10. DPDP Act 2023 Compliance

In accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, we affirm the following:

Consent: We obtain your informed consent before collecting any personal data. You may withdraw consent at any time by deleting your account.
Purpose limitation: Your data is collected and processed only for the specific purposes described in this Privacy Policy.
Data minimization: We collect only the data that is necessary to provide the App's services. We do not collect data beyond what is required for the stated purposes.
Right to erasure: You have the right to request complete deletion of your personal data, as described in Section 7.
Data accuracy: You can update your personal information at any time through the App's Profile screen.
Grievance redressal: If you have any concerns about how your data is handled, please contact our designated Grievance Officer as described in Section 13.

11. Data Breach Notification

In the event of a data breach that compromises the security or confidentiality of your personal data, we will:

Notify the Data Protection Board of India within 72 hours of becoming aware of the breach, as required under the DPDP Act, 2023
Notify affected users without unreasonable delay, through the App, email, or other appropriate means
Provide details of the nature of the breach, the data affected, and the steps being taken to address it

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes through the App or via your registered email address. Your continued use of the App after such changes constitutes your acceptance of the updated policy.

13. Grievance Officer

In accordance with the DPDP Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the designated Grievance Officer for Mirivo Health is:

Grievance Officer, Mirivo Health
Email: help@mirivohealth.com
Address: No. 23 & 24, Hosur Main Road, Hongasandra Village, AMR Tech Park, Bengaluru, Karnataka — 560068, India

The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 15 days of receipt.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Mirivo Health
Email: help@mirivohealth.com
Address: No. 23 & 24, Hosur Main Road, Hongasandra Village, AMR Tech Park, Bengaluru, Karnataka — 560068, India

Effective Date: March 2026