← Back to Home

MYRO HEALTH

Privacy Policy

Last updated: April 7, 2026

1. Introduction

This Privacy Policy explains how Myro Health (OPC) Private Limited (“Myro,” “we,” “us,” or “our”) handles your personal data when you use our mobile application, website (myrohealth.com), and related services (collectively, the “Services”).

This policy is published in compliance with India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Digital Personal Data Protection Rules, 2025. It is available in English and Hindi. In case of conflict, the English version prevails.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use our Services.

2. Key Definitions

  • Data Principal: You — the individual whose personal data we process.
  • Data Fiduciary: Myro Health — we determine why and how your data is processed.
  • Data Processor: Third parties that process data on our behalf (lab partners, doctors, cloud providers, etc.).
  • Personal Data: Any data that can identify you directly or indirectly.
  • Processing: Any operation on your data — collection, storage, use, sharing, or deletion.
  • Consent Manager: A registered entity that helps you manage your consent preferences.

3. What Personal Data We Collect

3.1 Data You Provide Directly

  • Account Information: Name, email, phone number, date of birth, gender, address.
  • Health Profile: Existing conditions, medications, family medical history, health goals, dietary preferences, lifestyle details, and sexual orientation (where voluntarily provided — used for clinically relevant screening recommendations, such as STI panels, hormonal assessments, and cancer screening protocols that vary by sexual behavior and orientation).
  • Lab Test Data: Biomarker results from blood tests and diagnostics conducted through our lab partners — metabolic panels, hormonal profiles, complete blood counts, organ function markers, and more.
  • Doctor Consultation Data: Symptoms, medical history, and notes from consultations with doctors on the Myro platform.
  • Nutritionist Data: Dietary logs, nutritional assessments, and recommendations from our nutritionist services.
  • Payment Information: Payment details necessary to process subscriptions and purchases. All payment data is handled by Razorpay and is not stored on our servers.
  • Communication Data: Messages, feedback, and support requests you send us.

3.2 Data We Collect Automatically

  • Device Information: Device model, operating system, unique identifiers, mobile network info.
  • Usage Data: Features used, screens visited, actions taken, timestamps, session duration.
  • Location Data: Approximate location based on IP address for connecting you with nearby labs. We do not track precise GPS unless you explicitly enable it for home sample collection.
  • Log Data: IP address, browser type, crash reports, system activity logs.

3.3 Device Permissions

Our app may request access to certain device features to enable specific functionality:

  • Camera: Used to photograph lab reports for upload and digitization, and to capture profile photos. Images are transmitted securely to our servers and are not shared with third parties beyond what is described in this policy.
  • Photos and Media: Used to select existing images or documents from your device for upload (e.g., lab reports, prescriptions, profile photos). We access only the files you explicitly select.
  • File Storage: Used to read and save files such as health reports, prescriptions, and downloaded documents (e.g., your Myro health report PDFs). We do not scan or access files unrelated to the Services.

We request these permissions only when needed, through Android/iOS runtime permission prompts. You can revoke any of these permissions at any time through your device settings. Revoking permissions may limit certain features but will not affect core functionality of the app.

3.4 Data from Third Parties

  • Lab Partners: Test results from NABL-certified partner laboratories.
  • Wearable Devices: If you connect a wearable, we receive health metrics like steps, heart rate, sleep, and activity data.
  • Health Records: If you choose to import records from other platforms or providers.

4. Why We Process Your Data

4.1 To Deliver Our Services

  • Analyzing lab results to generate personalized health insights and risk scores.
  • Creating and maintaining your health profile and longitudinal records.
  • Facilitating doctor consultations and sharing relevant data with your assigned doctor.
  • Providing personalized nutrition guidance.
  • Tailoring screening recommendations based on clinically relevant factors including sexual orientation, where provided.
  • Generating action plans, reminders, and daily health tasks.
  • Tracking your health progress over time.
  • Scheduling lab tests, home collections, and follow-ups.
  • Processing payments.

4.2 To Improve Our Services

  • Analyzing usage patterns to improve features and user experience.
  • Troubleshooting technical issues and preventing fraud.
  • Maintaining platform security and integrity.

4.3 Anonymized Health Research

We de-identify and aggregate health data from all users to generate population-level insights. This anonymized data is used for:

  • Improving our AI models and recommendation algorithms.
  • Identifying health trends across demographics and regions.
  • Publishing aggregated insights (e.g., vitamin D deficiency rates in specific age groups).
  • Developing new health features.

Important: We strip all personal identifiers at the point of ingestion into our research pipeline. This data cannot be traced back to you and is never used to make decisions about any specific individual. This processing falls under the research and statistical purposes exemption in Indian data protection law.

4.4 Communication

  • Service notifications: test results, appointment reminders, health alerts.
  • Marketing and promotional messages (only with your separate, explicit consent).

4.5 Legal Compliance

  • Complying with applicable laws and regulations.
  • Responding to lawful requests from government authorities.

5. Legal Basis for Processing

  • Your Consent: For all health data processing, consultations, and personalized insights. You provide this when you agree to this Privacy Policy during onboarding.
  • Legitimate Uses: For fulfilling services you’ve requested, responding to medical emergencies, and meeting legal obligations.
  • Research Exemption: For anonymized, aggregated data used for research and statistics that don’t involve individual-level decisions.

6. Your Consent

6.1 How We Obtain Consent

We obtain your consent through clear, affirmative action during onboarding:

  • A plain-language notice describing what data we collect and why.
  • Separate consent for health data processing (required) and marketing communications (optional).
  • Available in English and Hindi.

6.2 Withdrawing Consent

You can withdraw consent at any time through:

  • The “Privacy Settings” section in the Myro app.
  • Emailing privacy@myrohealth.com.

Withdrawing consent for health data processing means we can no longer provide the service, so your account will be terminated and data deleted. Withdrawal doesn’t affect processing that happened before you withdrew.

6.3 Marketing Consent

Marketing communications require separate, optional consent. Opt out anytime via app settings or the “Unsubscribe” link in any marketing email.

7. Artificial Intelligence Features

Myro uses AI technologies to power core features of our Services, including:

  • Automated analysis of your biomarker data to generate health risk scores and trend insights.
  • Personalized health recommendations and action plans based on your lab results, profile, and lifestyle data.
  • Health companion features including smart nudges, reminders, and progress tracking.
  • AI-assisted triage to determine when a doctor review is needed.

When you interact with these features, we process your health data to generate relevant outputs. Important things to know:

  • AI-generated insights are for informational and wellness purposes only. They do not constitute medical advice, diagnosis, or treatment.
  • All AI outputs that involve clinical significance are reviewed by licensed medical professionals before being shared with you.
  • AI models are regularly tested for accuracy and fairness across demographics.
  • We do not use your identifiable health data to train third-party AI models. Our AI improvement uses only anonymized, aggregated data as described in Section 4.3.
  • Always consult your doctor before making changes to medications or treatment plans based on AI-generated recommendations.

8. Who We Share Your Data With

We share your data only with the following parties, and only to the extent necessary to deliver our Services:

  • Lab Partners: Your name, phone number, and address are shared with third-party lab partners to coordinate sample collection and deliver test results. Your health profile and test requisition data are shared as needed for diagnostic testing.
  • Doctors: Your health data, lab results, relevant medical history, and any uploaded files or documents (such as prescriptions and reports) are shared with doctors on the Myro platform for case reviews and consultations.
  • Nutritionists: Your health profile, dietary info, and relevant lab results for personalized guidance.
  • Payment Processor (Razorpay): Transaction data for payment processing. We do not store your card details.
  • Cloud Infrastructure (AWS India): Data storage on secure servers located in India.
  • Analytics: Anonymized usage data to help us understand and improve the app.

If you choose to provide your sexual orientation, this information is used solely to deliver clinically accurate biomarker interpretation — such as hormone panel analysis, disease risk profiling, and screening recommendations that may vary based on sexual behavior and orientation. It is shared only with doctors and clinical systems involved in your care, and never with lab partners, advertisers, or any other third party.

All third-party processors are bound by written contracts requiring them to process data only on our instructions, maintain confidentiality, and implement appropriate security measures.

We do not sell your personal data. We do not share your identifiable data with advertisers or for third-party marketing.

9. Account Deletion

You can delete your Myro Health account at any time from the app by going to Settings > Delete Account.

Here’s what happens when you request deletion:

  • Immediate Deactivation: Your account is deactivated right away. You will no longer be able to log in or access any services.
  • 6-Month Retention Window: Your data is retained in a deactivated state for 6 months from the date of your request. During this period, you can contact support@myrohealth.com to reactivate your account and restore your data.
  • Permanent Deletion: After 6 months, your data is permanently and irreversibly deleted. This includes your health records, biomarker and lab test results, personal information (name, email, phone, address), uploaded documents (prescriptions, reports, photos), consultation history, and nutritionist records.
  • Legal Requirements: Certain records (e.g., tax, GST) may be retained beyond deletion as required by Indian law.
  • Anonymized Data: Data that was de-identified and aggregated before your deletion request is retained, as it no longer constitutes personal data.

Once permanent deletion is complete, we cannot recover your data. Please make sure to download any records you need before requesting deletion.

10. Data Retention

  • Active Account: Your data is retained as long as your account is active and necessary for our Services.
  • After Deletion: Upon account deletion, your data is retained in a deactivated state for 6 months, after which it is permanently erased. We instruct all processors to do the same, unless legally required to retain it.
  • Legal Requirements: Certain records (e.g., tax, GST) may be retained beyond deletion as required by law.
  • Anonymized Data: Data that was de-identified and aggregated before your account deletion is retained, as it no longer constitutes personal data.

If you don’t use your account or contact us for 24 continuous months, we may treat the purpose as no longer served and initiate erasure after giving you reasonable notice.

11. Data Security

We implement reasonable security safeguards to protect your data:

  • Encryption at Rest: AES-256 encryption for all stored personal data.
  • Encryption in Transit: TLS 1.3 for all data transmitted between your device and our servers.
  • Access Controls: Role-based access — only authorized personnel can access personal data, limited to what’s necessary for their role.
  • Infrastructure: AWS India servers, ISO 27001 compliant.
  • Audits: Periodic security audits and vulnerability assessments.
  • Breach Response: In the event of a data breach, we notify the Data Protection Board of India and affected users as prescribed by law.

12. Your Rights

Under Indian data protection law, you have the right to:

  • Access: Request a summary of your data, how it’s being processed, and who it’s been shared with.
  • Correction and Erasure: Request correction of inaccurate data, completion of incomplete data, or deletion of your data.
  • Grievance Redressal: Lodge a grievance about how we handle your data. We’ll respond within the prescribed timeframe.
  • Nomination: Nominate someone to exercise your rights in case of your death or incapacity.
  • Withdraw Consent: Withdraw consent at any time, as easily as you gave it.

To exercise any right, email privacy@myrohealth.com or use the Privacy Settings in the app.

13. Children’s Data

Myro Health is for individuals aged 18 and above. We do not knowingly collect data from anyone under 18. If we discover we’ve collected a child’s data without proper parental consent, we’ll delete it immediately. If you’re a parent and believe your child has shared data with us, contact privacy@myrohealth.com.

14. Data Transfer Outside India

Your data is primarily stored and processed in India. We do not transfer data outside India except where necessary for operations and only to countries permitted under Indian law. If any cross-border transfer becomes necessary, we’ll ensure appropriate safeguards and update this policy.

15. Cookies

  • Essential Cookies: Required for website functionality. Cannot be disabled.
  • Analytics Cookies: Help us understand website usage. Anonymized, no individual tracking.

Our mobile app does not use cookies. Manage cookie preferences through your browser settings.

16. Grievance Redressal

If you have any concerns about how we handle your data:

Grievance Officer: Gowtham Kasi
Email: privacy@myrohealth.com
Address: SY:11 WeWork Krishe Emerald, Kondapur Main Road, Laxmi Cyber City, Whitefields, Serilingampally Mandal, Ranga Reddy District, Hyderabad, Telangana 500081

We’ll acknowledge your grievance within 48 hours and resolve it within the legally prescribed timeframe. If unsatisfied, you may file a complaint with the Data Protection Board of India.

17. Updates to This Policy

We may update this policy to reflect changes in our practices, technology, or legal requirements. For material changes, we’ll notify you via push notification or in-app notice, update the date at the top, and where required, seek fresh consent.

18. Contact Us

Myro Health (OPC) Private Limited
Email: privacy@myrohealth.com
Phone: +91 9491775377
Address: SY:11 WeWork Krishe Emerald, Kondapur Main Road, Laxmi Cyber City, Whitefields, Serilingampally Mandal, Ranga Reddy District, Hyderabad, Telangana 500081
Website: myrohealth.com

Regulatory Compliance

This policy complies with the Digital Personal Data Protection Act, 2023 (Sections 4-17), the Digital Personal Data Protection Rules, 2025, and the Information Technology Act, 2000. Myro Health is a Data Fiduciary as defined under the DPDP Act. The research exemption referenced in this policy operates under Section 17(2)(b) of the Act.