‍PRIVACY POLICY & DATA PROCESSING AGREEMENT

‍

Last Updated: 24th September 2025

‍

This Privacy Policy (“Policy”) describes how Sresht Ayur Pte Ltd (“Sresht Ayur”, “we”, “us”, or “our”) collects, uses, discloses, stores, protects, and retains personal data of users (“you”, “your”) of the My Ayur App and any related websites or services (collectively, the “Services”). If you do not agree with this Policy, please do not use our Services.

‍

1. Application / Scope

This Policy applies to personal data collected when you use or interact with My Ayur App, including through mobile applications, website, email or other communication channels.
It covers all users, including registered accounts, free users, and those using premium / paid features.
We are subject to Singapore’s Personal Data Protection Act 2012 (PDPA) and, where applicable, India’s Digital Personal Data Protection Act, 2023 (DPDPA).
We follow obligations under PDPA and DPDPA, including: consent, purpose limitation, notification, accuracy, protection, retention limitation, transfer limitation, access & correction, accountability, and data breach notification.

‍

2. Definitions

‍

Personal Data: Any data about an individual who can be identified from that data (or with other data to which we have access), including but not limited to name, contact details, health / wellness / dietary information, device identifiers.

Sensitive Data: Personal data that is more sensitive in nature, including health data. Additional care is required in handling such data.

Processing: Any operation or activity performed on personal data, whether or not by automatic means: collection, recording, use, storage, disclosure and erasure.

‍

3. What Data We Collect

Account / registration data: Name, email address, phone number, date of birth, and gender.
Health & wellness data: Information you voluntarily provide about your health (medical history, current conditions, allergies, diet preferences), lifestyle, activity, and sleep.
Usage & device data: Device ID, IP address, operating system, browser type, app usage logs, crash reports.
Location data: If permitted, to provide location-based features (e.g., for customized services & diet advices based on location).
Payment & billing data: Payment method, billing address, and transaction history for premium / paid services.
Communications data: Emails, messages, feedback, or customer support interactions.

‍

4. How We Use Your Data

To provide, operate, maintain, and improve the Services.
To deliver health / dietary / wellness content and plans tailored to your profile.
To process payments, subscriptions and manage your account.
To communicate with you: send newsletters, promotions, updates, reminders.
To ensure security, prevent fraud, abuse or misuse of the Services.
For analytics, research and internal purposes, to understand usage patterns and user preferences.
To comply with legal obligations or enforce our Terms & Conditions.

‍

5. Legal Basis, Consent & Notification

We will collect, use or disclose your personal data only with your consent, except when permitted or required by law under PDPA or DPDPA.
We will notify you (prior to or at the time of collection) of the purposes for which we are collecting, using or disclosing your personal data.
You may withdraw consent at any time. If you do so, we will stop using/disclosing the relevant personal data for those purposes (subject to any legal or contractual restrictions) and inform you of any consequences of withdrawal.

‍

6. Disclosure to Third Parties

We may share your personal data in the following ways:

Service providers / vendors: Third parties who help us operate the App, payment processors, hosting providers, analytics services.
Professional / health partners: If you engage in consultations, we may share relevant data with your health practitioner (only with your consent).
Legal / regulatory bodies: If required by law, court order, regulation.
Business transfers: If Sresht Ayur is merged with or acquired, your personal data may be transferred, subject to obligations at least as protective as this Policy

‍

7. Data Retention

We retain your personal data only as long as it is reasonably necessary for the purposes for which it was collected, or as required by applicable laws.

‍

Data Retention Schedule

Category of Data

Retention Period

Purpose

Account / Registration Data

Up to 3 years after account closure

Customer support, fraud prevention

Health & Wellness Data

Up to 3 years after account closure

Service history reference, user safety

Payment & Billing Data

Up to 7 years (from transaction date)

Legal, tax, and accounting compliance

Usage & Device Data

2 years (rolling)

Analytics, fraud detection

Communications (support, feedback)

3 years after closure of ticket

Audit trail, dispute resolution

‍

After these periods, data will be securely destroyed or anonymised, unless retention is required by law.

‍

8. Transfer of Data Outside Singapore & India

If your data is transferred outside Singapore or India, we ensure it is transferred only to jurisdictions that provide comparable protection, or safeguards (e.g., standard contractual clauses) are in place.
Examples: cloud hosting providers, overseas analytics servers.

‍

9. Security

We take reasonable technical, administrative, and physical security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction.
Some features may require you to keep your own credentials secure. Don’t share login info.

‍

10. Access, Correction & Deletion

You have the right to request access to your personal data held by us, to know how it was used or shared.
You may request correction of any inaccurate, incomplete, or outdated personal data.
You may request deletion of data, subject to legal / contractual constraints (for example, data needed for financial records, compliance, or safety).
We will respond to such requests within a reasonable time (as required by PDPA/DPDPA).

‍

11. Children / Minors

If you are under 18, you must use the Services with the consent of a parent or legal guardian.
We will require consent from the guardian for collection or use of any of your Personal Data.
Health-related data of minors is especially sensitive; parental consent is essential, and we take extra care in handling.

‍

12. Cookies, Tracking & Analytics

We may use cookies, web beacons, analytics tools to collect usage data, for app performance, user experience, improvement of Services.
You may opt out of certain tracking (depending on device settings or via the app) where possible.
We may also use third-party analytics services; they have their own privacy practices

‍

13. Notifications of Data Breaches

If a breach poses risk of harm, we will notify affected individuals and regulators (e.g., Singapore PDPC, India Data Protection Board) as required.

‍

14. Your Rights

Access to data
Correction of inaccurate datano system
Withdrawal of consent
Deletion request (subject to legal limits)
Information about data transfers
Opt-out of marketing

‍

15. Data Protection Officer

Name: Mr. Sumeet Gandhi
Email: contact@myayur.app / Sumeet.Kumar.Gandhi@gmail.com

‍

16. Changes to this Policy

We may update this Policy. The “Last Updated” date will be changed, and continued use constitutes acceptance.

‍

17. Contact Us

Sresht Ayur Pte Ltd
c/o Sleek, 160 Robinson Road #14-04, Singapore Business Federation Center, Singapore 068914
Email: contact@myayur.app

‍

DATA PROCESSING AGREEMENT (DPA)

‍

This DPA supplements the Privacy Policy.

‍

1. Roles of the Parties

User (You): Data Controller
Sresht Ayur Pte Ltd: Data Processor

‍

2. Purpose of Processing

To provide Services: health & wellness content, subscriptions, analytics, customer support.

‍

3. Obligations of Sresht Ayur

Process data only on user’s instructions.
Ensure staff confidentiality.
Apply security measures.
Assist with data subject rights requests.
Delete/return data after service termination (except where law requires retention).

‍

4. Sub-Processors

We may use vetted third parties (cloud providers, payment gateways).
Sub-processors will be contractually bound to equivalent obligations.

‍

5. International Transfers

Data transferred outside Singapore or India will follow PDPA/DPDPA safeguards.

‍

6. Audit & Compliance

Evidence of compliance available upon request.
Annual audit rights (under confidentiality).

‍

7. Governing Law

Governed by Singapore law, without prejudice to mandatory protections under India’s DPDPA.