Privacy Policy — HealthInTime

1. Introduction

This Privacy Policy explains how HealthInTime ("HIT", "we", "us", "our") collects, uses, stores, shares, and protects your information when you use the HIT mobile application. HIT is a patient queue management and doctor appointment booking service operated for users in India.

By downloading, installing, or using HIT, you agree to the practices described in this policy. If you do not agree, please do not use the app.

This policy is designed to comply with Apple's App Store Review Guidelines, Google Play policies, the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, and Apple's App Tracking Transparency framework.

2. Information we collect

2.1 Account information

When you sign up or sign in, we collect:

Name and age (entered during profile setup)
Contact details — email address and/or phone number
Authentication identifiers — obtained when you sign in using Sign in with Apple, Google, or phone OTP

2.2 Location data

HIT uses your device's location for the following purposes:

Finding nearby clinics and doctors — when you search for healthcare facilities close to you
Predicting consultation wait times — based on your distance from the clinic
Automatic check-in on arrival — HIT detects when you arrive at a clinic and marks you as "arrived" in the queue, so you don't have to check in manually at reception
Geofencing — HIT monitors entry into a small zone around your booked clinic to trigger the auto check-in feature
Displaying clinic locations on maps — using Google Maps SDK to render interactive maps showing clinic positions, routes, and directions
Place search and address lookup — using Google Places API and Geocoding API to help you search for clinics by name or address, auto-complete location inputs, and convert addresses to map coordinates

How location data is handled: Your real-time GPS coordinates are used on-device to display nearby clinics and calculate distances. Location data is not stored on our servers after check-in is confirmed. Clinic addresses and coordinates (stored in our database for display purposes) are static data provided by clinic administrators — not derived from your personal location.

"When In Use" vs "Always" permission: HIT requests "Always" location access only if you opt into the auto check-in feature. If you decline, HIT will still function — but you will need to open the app manually to check in upon arrival. You can change this at any time in your device settings.

2.3 Bluetooth (BLE) data

HIT uses Bluetooth Low Energy (BLE) beacons as a fallback mechanism for detecting clinic arrival in situations where GPS accuracy is poor (for example, inside buildings or in dense urban areas).

HIT scans for BLE beacons registered to partner clinics only
HIT does not scan for, pair with, or identify any other Bluetooth devices
BLE data is used solely to determine whether you are physically near the clinic you have booked, and is not stored or transmitted to our servers

2.4 Appointment and health-adjacent data

Appointments you book, including date, time, clinic, and doctor
Token numbers issued to you and their queue status
Consultation history (past appointments)
Any symptoms or health categories you select when searching for a doctor — used solely to route you to an appropriate specialist

HIT does not collect clinical medical records, diagnoses, prescriptions, or lab results at this time.

2.5 Device and diagnostic information

Device model, OS version, and app version (for troubleshooting)
Anonymous crash logs and performance metrics via Firebase Crashlytics

2.6 Notification tokens

Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) device tokens, used to send you queue updates, reminders, and appointment confirmations

3. How we use your information

We use the information we collect to:

Facilitate appointment bookings and manage queue tokens
Provide real-time queue position and wait time estimates
Send push notifications about your upcoming turn, appointment confirmations, and changes
Show you nearby clinics and verified doctors
Automatically check you in at a clinic when you arrive, if you have enabled this feature
Improve app stability via anonymous crash reporting
Respond to your support requests

We do not use your data for advertising, profiling, or any purpose unrelated to providing the HIT service.

4. Data sharing and third parties

We do not sell your personal information to anyone.

We share data only in the limited circumstances below:

Shared with	What & why
The clinic you book	Your name, age, gender, contact number (if provided), and token number — so they can prepare for your consultation
Google Firebase	Firestore, Authentication, Cloud Messaging, Crashlytics, App Check — backend storage, auth, push notifications, crash reporting
Google Analytics	Anonymous usage patterns, device information, and engagement metrics — to understand and improve the user experience. No personally identifiable information is shared.
Google Maps SDK	Display interactive maps showing clinic locations and calculate routes/directions to clinics
Google Places API	Search for clinics and healthcare facilities by name, category, or area; retrieve clinic details such as name, address, and location; auto-complete address inputs
Google Geocoding API	Convert clinic addresses to geographic coordinates for map display, and convert coordinates to readable addresses
Apple APNs	Deliver push notifications on iOS
Legal authorities	Only when required by a valid legal request under the DPDP Act 2023 or other applicable Indian law

Google Maps Platform services (Maps SDK, Places API, Geocoding API) are subject to Google's Privacy Policy. When you interact with maps in HIT, Google may collect certain technical data (such as IP address and device identifiers) in accordance with their own policies.

We do not share your data with advertisers, data brokers, or analytics networks.

5. Data security

All data transmitted between the HIT app and our servers is encrypted in transit using HTTPS/TLS 1.2 or higher
Stored data is protected by Google Firebase's server-side encryption at rest
We use Firebase App Check with Apple's DeviceCheck and Google Play Integrity attestation to ensure only legitimate installations of HIT can access our backend
Authentication tokens are stored securely on your device (iOS Keychain / Android Keystore)

While we take reasonable security measures, no system is completely secure. If a data breach affects your information, we will notify you as required by the DPDP Act.

6. Data retention

Data type	Retention period
Account data	Retained as long as your HIT account is active
Appointment history	Up to 24 months, to provide a consultation history feature
Crash logs & diagnostics	Up to 90 days
After account deletion	Personal data deleted within 30 days, except where required by law

7. Your rights

Under the DPDP Act 2023 and platform guidelines, you have the right to:

Access the personal data we hold about you
Correct any inaccurate data
Delete your account and associated data
Withdraw consent for optional data processing (e.g., location, notifications) at any time via device settings
Lodge a complaint with the Data Protection Board of India if you believe your rights have been violated

How to delete your account

You can delete your account in two ways:

Inside the app — go to Profile → Settings → Delete Account
Via web form — submit a deletion request

Account deletion is permanent and cannot be undone.

8. Children's privacy

HIT is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately and we will take steps to delete the information.

For users between 13 and 18, we recommend that a parent or guardian help create the account and review this policy.

9. International data transfers

HIT is operated from India and primarily serves users in India. Data is stored on Google Firebase servers, which may be located in data centres outside India. By using HIT, you consent to the transfer and storage of your information in these locations, subject to the protections described in this policy.

10. App Tracking Transparency

HIT does not track you across apps and websites owned by other companies. We do not use the iOS Advertising Identifier (IDFA) or Android Advertising ID, and we do not serve third-party advertisements.

11. Third-party services

HIT integrates with the following third-party services, each governed by their own privacy policies:

Service	Purpose	Privacy policy
Google Firebase	Auth, Firestore, Storage, FCM, Crashlytics, App Check	firebase.google.com/support/privacy
Google Analytics	Anonymous usage analytics and engagement metrics	policies.google.com/privacy
Google Maps SDK	Interactive maps, directions, and distance calculations	policies.google.com/privacy
Google Places API	Clinic search, place details, and address auto-complete	policies.google.com/privacy
Google Geocoding API	Address-to-coordinate and coordinate-to-address conversion	policies.google.com/privacy
Sign in with Apple	User authentication on iOS	apple.com/legal/privacy
Sign in with Google	User authentication	policies.google.com/privacy
Google Play Integrity API	App attestation on Android (via Firebase App Check)	policies.google.com/privacy
Apple DeviceCheck	App attestation on iOS (via Firebase App Check)	apple.com/legal/privacy

12. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or via email before the changes take effect. The "Last Updated" date at the top of this policy indicates when it was most recently revised.

13. Contact us

healthintime@genmindz.co.in

Developer

HealthInTime by GenMindz

App bundle ID

app.loopdoop.healthintime

For formal complaints under the DPDP Act 2023, you may also contact the Data Protection Board of India.