TAKE THE HAIR TEST MY RESULTS image

Privacy Policy

Privacy Policy

Last Updated on August 18, 2023

Welcome to our website/mobile site accessible at www.traya.health (“Site”) or mobile application “Traya” (the Site and mobile application are collectively referred to as the “Platform”).

This privacy policy (“Privacy Policy”) describes the policies and procedures of Tatvartha Health Private Limited (“we”, “our” or “us”) in respect of the type of information that we may collect, and our practices in relation to collection, use, maintain, protect and disclosure of such information including but not limited to your Personal Information (defined below) on the Platform and the services, features, content, applications, and products we offer (collectively with the Platform, the “Services”). By clicking on 'Continue' during the sign-up process, by using the Platform, or by using the Services, you confirm that you have read, understood, and agree with the privacy practices described in this Privacy Policy, and the collection, processing, transfer, manipulation, storage, disclosure and other uses of your personal information as described in this Privacy Policy. Please read this Privacy Policy in consonance with our Terms of Service , (“Terms”), available here. Any capitalized terms used but not defined in this Privacy Policy have the meaning given to them in the Terms.

This Privacy Policy is published in compliance with, inter alia:

  • Section 43A of the Information Technology Act, 2000 (“IT Act”);
  • Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (“SPDI Rules”); and
  • Regulation 3(1) of the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediaries Guidelines”).

General Terms:

  1. By accessing or using the Platform or the Service, or by otherwise giving us your information, you confirm that you have the capacity to enter into a legally binding contract under Indian law, in particular, the Indian Contract Act, 1872, and have read, understood and agreed to the practices and policies outlined in this Privacy Policy and agree to be bound by the Privacy Policy. If you disclose to us any personal information relating to other people, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
  2. You hereby consent to our collection, use, sharing, and disclosure of your information as described in this Privacy Policy. We reserve the right to change, modify, add or delete portions of the terms of this Privacy Policy, at our sole discretion, at any time, and any continued use of the Services or the Platform, following any such amendments to the Privacy Policy, will be deemed as an implicit acceptance of the Privacy Policy in its amended form. You are requested to review the Privacy Policy from time to time to keep yourself updated with any changes; modifications made to the terms hereof.
  3. If you are accessing or using Services or the Platform from an overseas location, you do so at your own risk, and shall be solely liable for compliance with any applicable local laws.
  4. If you do not agree with any of the terms and conditions of this Privacy Policy, please do not proceed further to use the Platform or any Services.
  1. Privacy Policy Applicability:
    1. This Privacy Policy applies only to the information we collect through our Services, in email, text and other electronic communications sent through or in connection with our Services.

    2. This Privacy Policy does not apply to the information that you provide to, or that is collected by, any third-party, that you use in connection with the services of such third-party. We encourage you to consult directly with such third parties about their privacy practices.

  2. Information collected

    We may collect several types of information from and about users of our Services, including:
    (i) Your personal information- Personal information is the information that can be associated with a specific person and could be used to identify that specific person whether from that data, or from the data and other information that we have, or is likely to have access to. We do not consider personal information to include information that has been made anonymous or aggregated so that it can no longer be used to identify a specific person, whether in combination with other information or otherwise. Personal information can include, but not be limited to, information such as your name, email address, contact number (cellular and landline), educational qualification(s), occupation, date of birth, marital status, monthly income, city and state of residence, marital status, health information. number of children, employer details, Aadhaar number, PAN, social security and tax identification numbers, and post-qualification or work experience among other things; and/or (ii) Information about your internet connection, the equipment you use to access our Services and your usage details. Given below are the types of information that we may collect:

    1. Information you give us: We receive and store any information you enter on our Platform or provide us in any other way. When you register on the Platform, we may collect registration details such as phone number, name, age, gender, geographical address and email address. We may verify your phone number or email address with the help of a one-time password sent to your phone number or email address. We may also collect information required for providing the Services including, items you place in the cart, pharmaceutical, nutraceutical products including prescription drugs or over the counter (OTC) products you may order, height, weight, lifestyle habits, diet habits and profile, delivery address, exercise habits, facilitating booking a consultation with a Medical Practitioner, etc. You can choose not to provide certain information, but then you may consequently not be able to take advantage of many of our features or avail the Services. We may also collect sensitive personal data or information (“SPDI”) about you when you use the Services. This information includes health information we receive from you or, on your behalf, such as information or records relating to your medical or health history, health status and laboratory testing results, details of medical practitioner issuing the prescription, details of treatment plans and medication prescribed by a medical practitioner, dosage details such as frequency of dosage, medicines or products ordered by you through the Platform, diagnostic results, other health-related information including nutritional deficiencies, and any other information inferred therefrom. We may also collect payment information such as your payment card number, expiration date, billing and shipping address. By using the Service, you consent to the recording, storage, and disclosure of such communications you send or receive for these purposes. We may also store and process prescriptions, treatment notes, recommendations and other data generated by medical practitioners on or through the Platform, and data shared by third parties such as diagnostics related information; prescription related information etc. and may retain such material for our records for the duration of you availing the Services or for any such period required or permitted under applicable law. Information you provide through our Services, including your reviews, photographs, comments, lists, followers, the users you follow, ordering details and history, favourite categories, special requests, contact information of people you add to, or notify of, your orders through our Services, names, and other information you provide on our Services, and other information in your account profile. You also may provide information (such as ratings, reviews, tips, photos, comments, likes, bookmarks, friends, lists, etc.) to be published or displayed (hereinafter, “posted”) on publicly accessible areas of our Services or transmitted to other users of our Services or third parties (hereinafter collectively referred to as “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of our Services with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons. We may display this information on the Services, share it with businesses, and further distribute it to a wider audience through third party sites and services. You should be careful about revealing any sensitive details about yourself in such postings.

    2. Information from Other Sources: We might receive information about you such as order details, your details shared with our partners etc. from other sources including from our partners, advertisers or third parties registered on the Platform and add it to our account information.

    3. Cookies and Other Tracking Technologies: We utilize “cookies” and other tracking technologies. A “cookie” is a small text file that may be used, for example, to collect information about activity on the Platform. Some cookies and other technologies may serve to recall information previously indicated or submitted by you. Most browsers/mobile settings allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers/mobile application to notify you if you receive a cookie, or you may choose to block cookies with your browser/mobile applications. Tracking technologies may record information such as internet domain and host names, internet protocol (IP) addresses, browser software and operating system types, stream patterns, and dates and times that the Platform is accessed. Our use of cookies and other tracking technologies allows us to improve the Platform, the Services and your experience.
      At all times, you may refuse all cookies on your browser or the Platform by changing your settings to the extent permissible on your device. However, by doing so, you may not be able to use certain features on the Platform or take full advantage of all the offerings and interest-based advertising. You can remove cookies by following directions provided in your mobile’s “help” file or the browser.

    4. Third party tools and software: We use third party SDKs in the Platform. Majority of them are different payment options by which you can make a payment for an order. In order to enhance your personal and overall experience some of the tools are used therein. This Privacy Policy covers our use of cookies only and does not cover the use of cookies by third parties. We do not control when or how third parties place cookies on your computer. For example, third party websites to which a link points may set cookies on your computer.

    5. Automatic Information: We receive and store certain types of information whenever you interact with us. For example, we obtain certain types of information when your web browser accesses the Site or advertisements and other content served by or on behalf of Site on other web sites. (OS type and version, App version, device brand, browser and its version details, user agent) to see examples of the information we receive. We may also receive/store information about your location and your mobile device, including a unique identifier for your device. We may use this information for internal analysis and to provide you with location-based services, such as advertising, search results, and other personalized content. Unique mobile device identifier (e.g. IDFA, GAID or other device IDs on Apple devices like the iPhone and iPad), if you're using our Services on a mobile device, we may use mobile device IDs (the unique identifier assigned to a device by the manufacturer), instead of cookies, to recognize you. We may do this to store your preferences and track your use of our applications. Unlike cookies, mobile device IDs cannot be deleted. Advertising companies may use device IDs to track your use of our applications, track the number of advertisements displayed, measure advertising performance and display advertisements that are more relevant to you. Analytics companies may use mobile device IDs to track your usage of our applications.
      You agree that you are providing all information, including SPDI to us voluntarily. Collection, use and disclosure of personal information and SPDI requires your express consent. You are providing us with your consent for our use, collection and disclosure of the personal information and SPDI. You may choose to not provide us with personal information or SPDI or if you ask us to delete your personal information or account, we may no longer be able to provide all or any of our Services to you., but in the event that you do so, we will be unable to provide you access to the Platform or provide Services.

  3. Use of the information
    1. We use information collected, in a variety of ways in order to provide the Services and to operate our business, including the following:
      1. To carry out our obligations arising from your requests for the products and Services;

      2. To facilitate the diagnosis and screenings;
      3. To operate and improve the Platform in order to foster a positive user experience and to improve our business as a whole;
      4. To process and deliver your order with us;
      5. To enable your access to the Platform to purchase products and avail the Services;

      6. To assist with the facilitation of the consultations with hair coaches, medical practitioners, including to send you information and updates about the consultations you have availed and the prescriptions issued;
      7. Analyzing data, tracking trends, building algorithms, creating databases for rating systems, recommendations engines, etc.;
      8. Research, growth and development of our or our group entities' business (including building upon our network of our consulting medical practitioners, partners etc);
      9. Research, growth and development of our or our group entities' business (including building upon our network of our consulting medical practitioners, partners etc);
      10. We use the information that you provide for such purposes such as responding to your requests, customizingcustomising your orders, improving our Platform or communicating with you
      11. For non-targeting reasons such as frequency capping, compliance, billing, ad reporting or delivery, market research or product development purposes; To comply with applicable law;
      12. To conduct audits and quality assessment procedures;
      13. To analyze the use of our resources, troubleshooting problems and improving our products and Services, by using the information regarding your mobile device and software.
      14. Contacting users, both during and after an order, for updates, resolution of queries, order details, consultations, follow-up consultations or offering new products or services;
      15. To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms, or as otherwise required by law;
      16. To respond to any queries that you may have, and to communicate information to you, including notifications of any promotions or alerts, any changes/updates to the Platform, or the introduction of any future fees or charges that we may collect at the time for purchasing products or provision of our Services to you; or
      17. To contact you, by way of SMS, email and phone calls, from time to time to record your valuable feedback on our products and Services, as they currently stand, and/or any potential products and services that may be offered in the future.

    2. We may use “cookies” information and “automatically collected” information we collect on the Platform to (i) personalize our Services, such as remembering your information so that you will not have to re-enter it during your visit or the next time you avail the Service; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of the Service and third-party marketing activities; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Service.

    3. We may access or store your information if it is necessary to detect, prevent or address fraud and other illegal activity or to protect the safety, property or rights of the Platform or others.

    4. We may use information regarding your location or the location of your device through which you access the Service for a number of purposes, including without limitation to confirm you are located in a jurisdiction in which the Service is offered and to identify an appropriate medical practitioner.

    5. We may collect, analyze, use, publish, create and sell de-identified information, of which your personal or sensitive personal information might be a component, for any business or other purpose not prohibited by applicable law, including for research and marketing purposes.

  4. Transfer of the information

    By using the Platform, you accept the terms hereof and hereby consent to the storage and processing of the personal information and SPDI by third parties. We may disclose personal information that we collect, or you provide, as described in this Privacy Policy, in the following ways:

    1. General Information Disclosures
      1. To our holding companies, subsidiaries and affiliates, which are entities under our common ownership or control.
      2. To contractors, advertisers/service providers, credit information agencies, analytics and research partners, other banks or financial institutions, insurers or intermediaries and other third parties whom we use to support our business (e.g. logistics and delivery, to collect payments), or to improve your experience on the Platform and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
      3. To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by us about the users of our Services are among the assets transferred.
      4. To third parties to market their products or services to you which we feel may be of interest or beneficial to you. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them.
      5. To fulfil the purpose for which you provide it.
      6. For any other purpose disclosed by us when you provide the information.
      7. Hair coaches to enable them to provide you consultations and advice;
      8. Medical practitioners for diagnostics or therapeutic purposes;

    2. Service Providers. We may share your information with outside vendors that we use for a variety of purposes, such as to send you communications via emails, messages or tele-call to inform you about the services and/or products that may be of interest to you, push notifications to your mobile device on our behalf, provide voice recognition services to process your spoken queries and questions, help us analyze use of our Services, process and collect payments, help us diversify the payment processing and collection methods available, providing consultation and diagnosis, and offer you special offers and services where available. Some of our products, Services and databases are hosted by third party hosting services providers. We also may use vendors for other projects, such as conducting surveys, organizing sweepstakes for us, advertising, marketing and advertisement measuring purposes. We may share information about you with these vendors only to enable them to perform their services. The tools used by such third party service providers to provide the services, may also collect your personal information or SPDI during the process of providing such services. It is clarified that we will not be responsible and liable for the acts of omissions and commissions of such third parties associated with us. However, we may facilitate resolving any issue you may face with such third parties.

    3. Legal Purposes. We may share your information when we believe in good faith that such sharing is reasonably necessary in order to investigate, prevent, or take action regarding possible illegal activities or to comply with legal process. We may also share your information to investigate and address threats or potential threats to the physical safety of any person, to investigate and address violations of this Privacy Policy or the Terms, or to investigate and address violations of the rights of third parties and/or to protect our rights, property and safety, our employees, users, or the public. This may involve the sharing of your information with law enforcement, government agencies, courts, and/or other organizations on account of legal requests such as subpoena, court order or government demand to comply with the law.

    4. Improving Our business: You acknowledge that we have a right to use a recorded copy of your telephonic conversation, and e-prescription with your medical practitioner, and your diagnostic test reports for providing and improving the Services, marketing and promotional efforts, customize your experience and aiding you in procuring targeted consultation for the underlying medical condition. These uses improve the Platform, and the Services, and better tailor it to meet your needs, so as to provide you with an efficient, safe and customized experience. We may transfer such personal Information and SPDI to a third party, including persons outside India, to improve product and Service offerings while taking commercially reasonable steps to try and ensure, that the recipient adheres to the applicable laws for ensuring data protection as is adhered by us.

    5. Social Networks. If you interact with social media features on our Services, such as the Facebook Like button, or use your social media credentials to log-in or post content, these features may collect information about your use of the Services, as well as post information about your activities on the social media service. Your interactions with social media companies are governed by their privacy policies.

    6. To enforce or apply our Terms and other agreements, including for billing and collection purposes.

    7. If we believe disclosure is necessary or appropriate to protect our rights, property, or safety, our users or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction etc.

    8. Consent. We may share your information in any other circumstances where we have your consent.

    Transfer to third parties and outside India: Subject to applicable law, we may at our sole discretion, transfer personal information and SPDI to any other body corporate (as defined under the Information Technology Act, 2000) that ensures at least the same level of data protection as is provided by us under the terms hereof, located in India or any other country. By using the Platform or availing the Services, you accept the terms hereof and hereby consent to us, sharing with and/or processing of your personal information and SPDI by third parties, including in any location outside India, provided that they ensure that your SPDI is protected in compliance with standards that are comparable to the standards of protection afforded to it in India or equivalent international standards.


  5. Information Security

    We maintain electronic, physical and procedural safeguards in connection with the collection, storage and disclosure of personal information (including SPDI). We endeavor to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input in addition to maintaining security of your information as per the industry standards. We restrict access to personal information, to our employees and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations, and may be disciplined or whose relationship with us may terminate if they fail to meet these obligations. No employee or administrator will have knowledge of your password of your account on the Platform. It is important for you to protect Your account against unauthorized access to your password and your mobile phone. You must be sure to log off from the Platform when you have finished use thereof. We do not undertake any liability for any unauthorised use of your account and password. If you suspect any unauthorized use of your account, you must immediately notify us by sending an email to the contact details indicated in the contact section. You shall be liable to indemnify us due to any loss suffered by Us due to such unauthorized use of your account or password.

    However, we shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond our control including but not limited to acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, poor quality of internet service or telephone service of the user, etc. We implement appropriate security measures to protect your personal Information from unauthorised access and follow technology standards prescribed by applicable law. We cannot guarantee the security of any account information. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We otherwise store all the information, including your IP address, using measures as required under applicable law. We do not guarantee or warrant that such techniques will prevent unauthorized access to information about you that we store, personal Information or otherwise.

    The access to the Services is offered through the use of a secure server and adhere to our security guidelines to protect it against unauthorized access. However, by using the Services, the users accept the inherent security implications of data transmission over the internet and the World Wide Web which cannot always be guaranteed as completely secure, and therefore, there would always remain certain inherent risks regarding use of the Services.


  6. Accessing and correcting the information
    1. The Platform, for the limited purpose of viewing, and, in certain cases, modifying, and deleting, gives you access to a broad range of information about your account and your interactions with the Platform for the limited purpose of viewing. You may rectify any inaccurate or deficient personal information or SPDI, or permanently delete your account, as feasible by contacting at the email address provided in the ‘Contact Us’ section. You have the option to opt-out of optional services such as receiving promotional materials etc. and should you desire to opt-in to such services at the time of signing up you may choose do so.

    2. Your right to review, update, correct, and delete your personal information may be limited, subject to the applicable law:
      1. If your requests are abusive or unreasonably excessive,
      2. Where the rights or safety of another person or persons would be encroached upon, or
      3. If the information or material you request relates to existing or anticipated legal proceedings between you and us, or providing access to you would prejudice negotiations between us or an investigation of possible unlawful activity. Your right to review, update, correct, and delete your information is subject to our records retention policies and applicable law, including any statutory retention requirements.

  7. Retention of information
    1. We also have measures in place to ensure that SPDI which is in our possession or under our control, is destroyed and/or anonymized as soon as it is reasonable to assume that: (i) the purposes for which your SPDI has been collected have been fulfilled; and (iii) retention is no longer necessary for any other reason, or under applicable law.

    2. We may, however, reserve the right to retain and store your personal information for our business purposes, whether such personal information has been deleted or not. After a period of time, your information may be anonymized and aggregated and then may be held by us as long as necessary, to enable purchases of products and provision of Services or for analytics purposes.

    3. If you wish to withdraw your consent for processing your personal information and SPDI, cancel your account, or request that we no longer use your personal information and SPDI, please contact us at details indicated in the contact section. Please note however that your withdrawal of consent or cancellation of account may result in us not being able to provide you access to our Services, or the Platform, or terminate any existing relationship that we may have with You.

    4. Please note that uninstalling the mobile application will not result in deletion of Your personal information or SPDI.

  8. Third-party links
    1. The Platform may include hyperlinks to various external websites, and may also include advertisements, and hyperlinks to applications, content or resources (“Third Party Links”). We have no control over such Third Party Links available on the Platform, which are provided by persons or entities other than Us. You acknowledge and agree that we are not responsible for any collection or disclosure of your information by any external sites, applications, entities or persons thereof. The presence of any Third Party Links on the Platform, cannot be construed as a recommendation, endorsement or solicitation for the same, or any other material on or available via such Third Party Links.

    2. You further acknowledge and agree that we are not liable for any loss or damage which may be incurred/suffered by you as a result of the collection and/or disclosure of your information via Third Party Links, as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, products services, or other materials on, or available via such Third Party Links. This will include all transactions, and information transmitted therein, between you and any such third party sites or applications or resources, such transactions are strictly bi-partite. We shall not be liable for any disputes arising from or in connection with such transactions between you and the aforementioned third parties. Such third party websites, external applications or resources, accessible via the Third Party Links may have their own privacy policies governing the collection, storage, retention and disclosure of your information that you may be subject to. We recommend that you exercise reasonable diligence, as you would in traditional offline channels and practice judgment and common sense before committing to any transaction or exchange of information, including but not limited to reviewing the third party website or application’s privacy policy.

  9. Changes to Privacy Policy

    We may amend this Privacy Policy from time to time to reflect changes in the law, our data collection and use practices, the features of the Services, or advances in technology. Please check this page periodically for changes. Use of information we collect now is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we collect or use your personal information, we will notify you by posting an announcement on the Platform or sending you an email. Please review the changes carefully. Your continued use of the Services or the Platform, following the posting of changes to this Privacy Policy will constitute your consent and acceptance of those changes.


  10. Permissible Age

    Use of the Platform is available only to persons who can form a legally binding contract under the Indian Contract Act, 1872. If you are under 18 years of age, then please do not use or access the Services at any time or in any manner. If we learn that a person under 18 years of age has used or accessed the Platform or Service or any personally identifiable information has been collected on the Platform from persons under 18 years of age, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an account on or otherwise accessed the Service, then you may alert us at [insert-email id] and request that we delete that child’s personally identifiable information from our systems.


  11. Grievance Officer

    In accordance with the IT Act and the SPDI Rules, the name and contact details of the Grievance Officer are provided below:

    Name: Zahra Lokhandwala
    Address: 1st Floor, Interface 16 Road, Malad, Mindspace, Malad West, Mumbai, Maharashtra - 400064
    Email: zahra@traya.health
    We shall endeavorendeavour to resolve your grievances within one month from the date of receipt of such grievance.


  12. Contact Us

    If you have any queries relating to the processing/ usage of information provided by you or the Privacy Policy or if you would like to raise any other inquiries, you may email us at the contact information provided above under section 11 of this Privacy Policy.


  13. Miscellaneous
    1. Indemnity: You agree and undertake to indemnify us in any suit or dispute by any third party arising out of disclosure of information by you to third parties either through the Platform or otherwise and your use and access of websites, applications and resources of third parties. We assume no liability for any actions of third parties with regard to your personal information or SPDI which you may have disclosed to such third parties.

    2. Severability: Each section of this Privacy Policy shall be and remain separate from and independent of and severable from all and any other clauses herein except where otherwise expressly indicated or indicated by the context of the Privacy Policy. The decision or declaration that one or more clauses are null and void shall have no effect on remaining clauses of this Privacy Policy.