Download Get Started

Privacy Policy

How We Protect Your Health Data

We built SHELY to empower your health journey. That starts with being transparent about how we handle your most sensitive information.

Last updated: December 15, 2024 8 min read

Key Takeaways

  • We never sell your personal or health information to third parties, advertisers, or data brokers.
  • Health calculator results are processed on your device whenever possible and are not stored without your consent.
  • All data is encrypted in transit and at rest using industry-standard protocols (TLS 1.3, AES-256).
  • You can access, export, or permanently delete your data at any time through your account settings.
  • We comply with Indian data protection laws and follow international best practices for health data privacy.
01

Information We Collect

In plain English

We collect only what is necessary to run SHELY for you: your account details, what you enter into health tools, and basic analytics about how you use the app. Health calculator results stay on your device whenever possible.

Information You Provide to Us

When you create an account or use our health tools, you may provide us with personal information directly. This includes:

  • Account Information -- Name, email address, date of birth, and profile preferences you set when signing up.
  • Health Calculator Data -- Information entered into our health tools such as BMI calculators, cycle tracking, and wellness assessments.
  • Communication Data -- Messages you send to our support team or healthcare experts through the platform.
  • Survey Responses -- Feedback and research participation, which is always optional.

Information We Collect Automatically

When you use SHELY, certain technical information is collected automatically to ensure the platform works correctly and to improve your experience:

  • Usage Data -- How you interact with our website and app features, including pages visited and features used.
  • Device Information -- Browser type, operating system, and device identifiers necessary for compatibility.
  • Location Data -- General location at the city or country level, used to provide localized content and comply with regional regulations.
  • Cookies & Analytics -- Website performance metrics and user experience data to help us maintain and improve the service.
Your health calculator results are processed locally on your device whenever possible and are never stored permanently without your explicit consent.
02

How We Use Your Information

In plain English

We use your data to run the app, personalize your experience, send you useful health information, and improve our tools. We never use your health data for advertising. You can opt out of non-essential communications at any time.

Providing Our Services

Your information powers the core functionality of SHELY. We use it to:

  • Generate personalized health calculator results and recommendations tailored to your profile.
  • Connect you with appropriate healthcare experts and resources within our network.
  • Send important health reminders and educational content relevant to your needs.
  • Provide customer support and technical assistance when you reach out.

Improving and Personalizing

We use aggregated and individual usage patterns to make SHELY better for everyone:

  • Customize content based on your health interests, preferences, and stated needs.
  • Improve our health calculators and tools by understanding how they are used.
  • Develop new features that serve the Indian women's health community more effectively.
  • Conduct anonymized research to advance women's health knowledge.

Communication

From time to time, we may contact you with:

  • Important updates about changes to our services or this privacy policy.
  • Relevant health tips and educational content based on your interests.
  • Notifications about new features or tools that may benefit you.
  • Responses to your questions and support requests.
You can always opt out of non-essential communications and customize exactly what information you want to receive from us.
03

Health Data Protection

In plain English

Health data receives the highest level of protection at SHELY. We use enterprise-grade encryption, store sensitive health information separately from your identity, and run regular security audits. If something ever goes wrong, we will tell you within 72 hours.

Technical Safeguards

We employ multiple layers of technical security to protect your health information:

  • Encryption -- All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption, the same standards used by banks and governments.
  • Secure Hosting -- Our cloud infrastructure is SOC 2 certified with 99.9% uptime guarantees and physically secured data centers.
  • Access Controls -- Multi-factor authentication and role-based access ensure that only authorized personnel can access your data, and only when necessary.
  • Regular Audits -- We conduct quarterly security assessments and penetration testing by independent third-party firms.

Operational Security

Security is not just about technology; it is also about people and processes:

  • Staff Training -- Every team member undergoes regular privacy and security training.
  • Data Minimization -- We only collect and store what is absolutely necessary for the service you are using.
  • Incident Response -- Our systems are monitored 24/7 with rapid response procedures in place for any anomalies.
  • Compliance -- We adhere to Indian data protection laws (including the Digital Personal Data Protection Act) and international best practices.

Your Health Data Specifically

Health-related data receives additional protective measures beyond our standard security:

  • Calculator results are processed locally on your device when possible, never transmitted to our servers unless you explicitly save them.
  • Sensitive health information is stored separately from personal identifiers, so a breach of one system does not expose the other.
  • Regular backups follow the same encryption and access control standards as primary data stores.
  • Automatic data deletion is enforced based on defined retention policies.
In the unlikely event of a security incident, we will notify affected users within 72 hours and provide clear guidance on protective actions you should take.
04

Data Sharing & Third Parties

In plain English

We never sell your data. Period. We share information with healthcare partners only when you give explicit consent, with service providers who help run the platform (under strict contracts), and with authorities only when legally required.

With Healthcare Partners

When you choose to consult with healthcare professionals through SHELY, limited information may be shared:

  • Expert Consultations -- Relevant health information is shared only with your explicit consent when you initiate a consultation.
  • Verified Providers -- Healthcare professionals in our network receive information only with your permission and only what is necessary for your care.
  • Emergency Situations -- In rare circumstances where we believe there is an immediate health risk, we may share information to protect your safety.

With Service Providers

We work with carefully vetted service providers who help us operate and improve SHELY:

  • Cloud Hosting -- Secure, certified servers that store and serve the platform infrastructure.
  • Analytics Partners -- Receive only anonymized, aggregated data for improving the user experience.
  • Communication Tools -- Email and messaging service providers that help us deliver notifications and support.
  • Payment Processors -- Handle subscription and payment transactions under strict PCI-DSS compliance.

Legal Requirements

In limited circumstances, we may be required to disclose information:

  • When required by Indian law, regulation, or government authority with valid legal process.
  • To protect the rights, safety, or property of SHELY, our users, or the public.
  • In connection with legal proceedings, investigations, or regulatory inquiries.
We never sell your personal information to third parties, share your health data for advertising purposes, or provide your information to data brokers. This is a commitment, not just a policy.
05

Your Rights & Choices

In plain English

You own your data. You can view it, download it, correct it, or delete it at any time. You can control what emails and notifications you receive. You can also ask us to stop processing your data or transfer it to another service.

Access and Control

You have full control over the personal information we hold about you:

  • View Your Data -- Access a complete record of all personal information we have about you, at any time.
  • Download Data -- Export your data in a portable, machine-readable format for your own records or to transfer elsewhere.
  • Update Information -- Correct or update your personal details whenever they change.
  • Delete Account -- Permanently remove your account and all associated data from our systems.

Communication Preferences

You decide how and when we contact you:

  • Email Controls -- Unsubscribe from marketing emails while keeping essential service notifications active.
  • Notification Settings -- Customize app notifications and reminders to suit your preferences.
  • Content Preferences -- Choose what type of health content and recommendations you receive.

Data Processing Rights

Under applicable data protection laws, you also have the right to:

  • Restrict Processing -- Limit how we use your information in specific contexts.
  • Object to Processing -- Opt out of certain data uses, including profiling and automated analysis.
  • Data Portability -- Transfer your data to another service provider in a standard format.
  • Automated Decision Opt-out -- Request human review of any decisions made by algorithmic or automated systems.
Visit your Privacy Settings to exercise these rights instantly, or contact our Data Protection Officer for personal assistance.
06

Data Retention & Deletion

In plain English

We keep your data only as long as we need it. Active account data stays while you use SHELY. Calculator results are deleted immediately unless you save them. Inactive accounts are archived after 3 years. You can request deletion at any time.

Retention Periods

Different types of data are retained for different periods, based on their purpose:

  • Account Data -- Retained while your account is active, plus 2 years after account deletion for legal and compliance purposes.
  • Health Calculator Results -- Deleted immediately after display unless you explicitly choose to save them to your account.
  • Communication Records -- Kept for 3 years to support ongoing service quality and legal obligations.
  • Usage Analytics -- Anonymized data retained for up to 2 years for service improvement and research.

Automatic Deletion

We have automated systems that enforce data lifecycle policies:

  • Inactive accounts with no login for 3 years are automatically archived and scheduled for deletion.
  • Temporary calculator data is deleted within 24 hours of your session.
  • Email addresses are removed from marketing lists immediately upon unsubscribe.
  • Session data and temporary tokens are cleared when you log out or your session expires.

Legal and Safety Exceptions

In certain cases, data may be retained beyond standard periods:

  • Data required for ongoing or anticipated legal proceedings may be retained until resolution.
  • Financial records are kept in accordance with Indian tax and accounting laws.
  • Safety-related information may be retained to prevent harm to users or the public.
  • Fully anonymized research data, with no personal identifiers, may be kept indefinitely to advance health research.
You can request immediate deletion of your data at any time, regardless of standard retention periods. We will process your request within 30 days.
07

Children's Privacy

In plain English

SHELY is designed for users 18 and older. We do not knowingly collect personal information from children. If we discover we have collected data from someone under 18, we delete it immediately.

SHELY is intended for use by adults aged 18 years and older. We do not knowingly collect, use, or disclose personal information from anyone under the age of 18.

If we become aware that we have inadvertently collected personal information from a child under 18, we will take immediate steps to delete that information from our systems. If you believe a child has provided us with personal data, please contact our Data Protection Officer immediately.

Certain features of SHELY, such as baby tracking and pediatric health tools, may involve data about children entered by their parents or guardians. This data is always controlled by the adult account holder and subject to the same protections outlined in this policy. We never use children's health data for advertising or non-essential purposes.

08

International Transfers

In plain English

Your data is primarily stored in India. If it ever needs to be transferred internationally (for example, to a cloud provider), we ensure the same level of protection applies through contractual safeguards.

SHELY is based in India, and your personal data is primarily stored and processed within Indian jurisdiction. However, some of our service providers may process data in other countries as part of delivering cloud hosting, analytics, or communication services.

When your data is transferred outside of India, we ensure it receives an equivalent level of protection through one or more of the following measures:

  • Standard Contractual Clauses -- We require service providers to enter into data processing agreements that obligate them to protect your data to the same standards we apply.
  • Adequacy Assessments -- We evaluate the data protection laws of receiving countries before approving any international transfer.
  • Technical Measures -- Encryption and access controls travel with your data, ensuring it remains protected regardless of where it is processed.

We regularly review our international data transfer practices and update our safeguards to comply with evolving Indian and international data protection regulations.

09

Contact & DPO

In plain English

If you have any questions about this policy or want to exercise your rights, you can reach our privacy team by email. Our Data Protection Officer oversees all privacy matters and will respond within 24 hours on business days.

We take every privacy inquiry seriously. If you have questions, concerns, or requests related to this privacy policy or your personal data, please do not hesitate to reach out.

Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing our data protection strategy and ensuring compliance with applicable laws. You can contact the DPO directly for any privacy-related matters:

  • Email: privacy@shely.health
  • Response Time: Within 24 hours on business days (Monday through Friday, 9 AM to 6 PM IST).

Grievance Redressal

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the relevant data protection authority in India. We will provide you with the appropriate contact details and assist you with the complaint process if needed.

Policy Updates

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify you through the app, by email, or by posting a prominent notice on our website. We encourage you to review this page periodically.