Skip to content Need urgent help?

PRIVACY POLICY

Your Privacy, Our Promise

We believe your health data is sacred. This policy explains exactly what we collect, how we use it, and how you stay in control at all times.

Last updated: December 15, 2024 8 min read

KEY TAKEAWAYS

  • We never sell your personal or health data to third parties.
  • Health calculator results are processed locally on your device whenever possible.
  • You can download, modify, or delete all your data at any time.
  • End-to-end encryption protects your data in transit and at rest.
  • We comply with India's DPDP Act 2023 and international healthcare data protection standards.
01

Information We Collect

In plain English

We only collect what is necessary to provide you with personalised health insights. You choose what to share, and we are transparent about what we gather automatically.

Information You Provide Directly

When you create an account or use our health tools, you may choose to provide the following information:

  • Account details: name, email address, date of birth
  • Health calculator inputs: body measurements, cycle data, dietary information
  • Profile preferences: language, notification settings, display preferences
  • Communications: messages to our support team, feedback submissions

Information Collected Automatically

When you use SHELY, we automatically collect certain technical information to improve your experience:

  • Device and browser information (type, version, operating system)
  • Usage patterns and feature interactions
  • General location data (city or country level only)
  • Performance metrics and error reports
Your health calculator results are processed locally on your device whenever possible and are never stored permanently without your explicit consent.
02

How We Use Your Information

In plain English

We use your information solely to provide and improve our health services. We never sell or share your data for advertising purposes.

Core Health Services

Your information helps us deliver personalised health insights and tools:

  • Generate personalised health recommendations based on your inputs
  • Connect you with appropriate healthcare professionals
  • Send relevant health reminders and educational content
  • Provide customer support and assistance

Platform Improvement

We use aggregated, anonymised data to improve SHELY for all users:

  • Improve health calculator accuracy and reliability
  • Develop new features for women's health and wellness.
  • Conduct anonymised research to advance healthcare
  • Personalise content based on your interests and needs

Legal Compliance

We may process your information to comply with legal obligations:

  • Respond to lawful requests from regulatory authorities
  • Fulfil tax and financial reporting requirements
  • Investigate and prevent fraud or security incidents
  • Enforce our Terms of Use and other policies
We never sell, rent, or trade your personal or health data. Not to advertisers, not to data brokers, not to anyone.
03

Health Data Protection

In plain English

Your health data receives the highest level of protection. We use military-grade encryption and strict access controls to keep it safe.

Encryption Standards

All health data is protected with enterprise-grade encryption:

  • AES-256 encryption at rest for all stored health data
  • TLS 1.3 encryption in transit for all data transfers
  • End-to-end encryption for sensitive health communications
  • Hardware security modules (HSMs) for encryption key management

Access Controls

Strict access controls ensure only authorised personnel can access your data:

  • Role-based access control with principle of least privilege
  • Multi-factor authentication required for all data access
  • Comprehensive audit logs for every data access event
  • Regular access reviews and automatic deprovisioning

Local Processing

We prioritise processing your health data locally on your device:

  • Health calculator results computed in your browser
  • Temporary data cleared when you close the tool
  • Optional save with explicit consent only
  • No server-side storage unless you choose to save
Even our own engineers cannot access your health data without your authorisation and a documented, audited business reason.
04

Data Sharing & Third Parties

In plain English

We share data only when absolutely necessary and always with strict safeguards. We never sell your data, period.

When We Share Data

We may share your data only under these specific circumstances:

  • With your explicit consent (e.g., when connecting with a healthcare expert)
  • When required by law (court orders, regulatory compliance)
  • With trusted service providers under strict data processing agreements

Trusted Service Providers

We work with a limited number of service providers who help us operate:

  • Cloud hosting (encrypted infrastructure with strong access controls)
  • Email delivery services for health tips and notifications
  • Analytics providers (anonymised, aggregated data only)
  • Payment processors for subscription handling (PCI DSS compliant)

What We Never Do

There are practices we will never engage in:

  • Sell or rent your personal data to any third party
  • Share your data with advertisers or data brokers
  • Use your health data for non-health-related purposes
Every third-party provider we work with is contractually bound to process your data only as we instruct and to maintain equivalent security standards.
05

Your Rights & Choices

In plain English

You are in full control of your data. You can access, download, correct, or delete your information at any time.

Data Access & Portability

You have the right to access and receive a copy of all your personal data:

  • View all personal information we hold about you
  • Download your data in standard formats (JSON, CSV, PDF)
  • Transfer your data to another service provider
  • Access a detailed log of how your data has been used

Correction & Objection

You have the right to correct inaccurate data and object to certain processing:

  • Request correction of any inaccurate personal information
  • Object to processing based on legitimate interests
  • Restrict processing while a complaint is being resolved

Consent Management

You can manage your consent preferences at any time:

  • Withdraw consent for any non-essential data processing
  • Opt out of marketing and promotional communications
  • Manage cookie and tracking preferences
  • Adjust data sharing settings for third-party services
Exercising your privacy rights will never affect the quality of service you receive from SHELY.
06

Data Retention & Deletion

In plain English

We keep your data only as long as necessary. You can request deletion at any time, and we honour that request promptly.

Retention Periods

Different types of data are retained for different periods:

  • Account data: retained while your account is active, plus 2 years after deletion
  • Health calculator results: deleted immediately unless you choose to save them
  • Communication records: retained for 3 years for support purposes
  • Usage analytics: retained for 2 years in anonymised form

Automatic Deletion

We proactively delete data that is no longer needed:

  • Inactive accounts (3+ years) are automatically archived and then deleted
  • Temporary calculator data is purged within 24 hours
  • Unsubscribed email addresses are removed immediately
  • Session data is cleared when you log out

Your Deletion Rights

You can request data deletion at any time through your Privacy Portal:

  • Full account deletion processed within 30 days
  • Selective data deletion (e.g., only health calculator history)
  • Confirmation email sent upon completion of deletion
  • Anonymised research data may be retained (no personal identifiers)
When you delete your data, we delete it permanently from all active systems. Encrypted backups are purged within 90 days.
07

Children's Privacy

In plain English

SHELY is designed for adults. We have strict policies to protect minors and comply with child safety regulations.

SHELY services are intended for users aged 18 and above. Users aged 13 to 17 may access limited features with verified parental or guardian consent.

We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided personal information, we will delete it immediately.

Parents or guardians who believe their child has provided personal information to SHELY should contact us at privacy@shely.health for immediate removal.

08

International Transfers

In plain English

Your data is primarily stored in India. When international transfer is necessary, we apply the same level of protection.

SHELY primarily stores and processes your data in secure data centres located in India, in compliance with the Digital Personal Data Protection Act, 2023.

In limited cases, your data may be transferred internationally for the following purposes:

  • Cloud infrastructure services (with equivalent encryption standards)
  • Email delivery services (marketing and transactional)
  • Content delivery networks for faster page loading

All international transfers are subject to contractual data protection agreements that ensure the same level of security as applied in India.

09

Contact & DPO

In plain English

Have questions? Our privacy team is here to help. Contact our Data Protection Officer for any privacy-related concerns.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our dedicated privacy team.

Privacy Team Contact

For general privacy inquiries and data requests:

Data Protection Officer

Our Data Protection Officer oversees all privacy and data protection matters. You may contact the DPO for formal complaints, escalations, or questions about our compliance with applicable data protection laws.

Regulatory Authority

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

Grievance Officer

In accordance with India's data protection and information technology laws, we have appointed a Grievance Officer to address your concerns about how we handle your personal data. You may reach out to the Grievance Officer using the details below.

  • Name: Grievance Officer, SHELY Health Private Limited
  • Email: grievance@shely.health
  • Postal address: SHELY Health Private Limited, 52, Rajivgandhi Street, Maduravoyal, Chennai 600095, Tamil Nadu, India

We aim to acknowledge every grievance within 24 hours and resolve it within the timelines required by applicable law. If you are not satisfied with the Grievance Officer's response, you may escalate the matter to the Data Protection Officer or to the relevant data protection authority.

Operating Entity

This website and the SHELY platform are operated by SHELY Health Private Limited (CIN U86909TN2025PTC186774), a company incorporated in India and registered at 52, Rajivgandhi Street, Maduravoyal, Chennai 600095, Tamil Nadu, India. SHELY Health Private Limited is the data fiduciary responsible for your personal data under this Privacy Policy.