Privacy Policy
This Privacy Policy along with the Terms of Use available at https://empaithy.com/terms-of-service governs the use of the Platform owned, operated and managed by VeriScript Private Limited, a company incorporated under the provisions of the Companies Act, 2013 and has a registered address at 7/20 Industrial Area, Kirti Nagar - 110015, West Delhi, New Delhi, India, 110015 (hereinafter “Company”, “empaithy™”, “We”, “Us”, “Our”). The terms capitalized but not defined in this Privacy Policy shall have the meaning ascribed to them in the Terms of Use.
This Privacy Policy is published by Us, in compliance with:
Section 43A of the Information Technology Act, 2000;
Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (“SPI Rules”); and
Section 6 of the Digital Personal Data Protection Act, 2023 (“DPDP Act”)
Definitions
“Personal Information” as defined under the SPI Rules, means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
“Sensitive Personal Data or Information” as defined under the SPI Rules, means personal information about that person relating to:
passwords.
financial information such as bank accounts, credit and debit card details or other payment instrument details.
physical, physiological, and mental health condition.
sexual orientation.
medical records and history.
biometric information.
information received by body corporate under lawful contract or otherwise.
visitor details as provided at the time of registration or thereafter; and
call Information records.
“Personal Data” as defined under the DPDP Act, means any Information about an individual who is identifiable by or in relation to such Information;
"Processing” as defined under the DPDP Act, in relation to personal Information, means a wholly or partly automated operation or set of operations performed on digital personal Information, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction;
The terms “Process” and “Processed” shall be construed in conjunction with Clause 1.4.
For the purposes of this Privacy Policy, the term "Information" shall encompass and be synonymous with the terms Personal Information, Sensitive Personal Data or Information, and Personal Data as defined under Clause 1.
This Agreement applies to:
Individuals who are seeking mental well-being support, guidance, or information through the Platform; and
Any other individuals or entities who access or interact with the Platform for various purposes.
In addition to the defined terms associated with specific class of persons as mentioned in Clause 1.6.1 and Clause 1.6.2 any reference to the terms “you” or “User” shall deemed to be a reference to each of the persons mentioned in this Clauses 1.6.1 and 1.6.2.
General
Except to the extent mentioned in this Privacy Policy, we will not sell, share or rent Your Information to any third party or use Your email address/mobile number for unsolicited emails and/or SMS. Any emails and/or SMS sent by Us will only be in connection with the provision of agreed Services & products and this Privacy Policy. To carry out general marketing, We would be sending out emails to the Users registered on Our Platform or by any means and in any media.
Collection of information
User-Submitted Information:
Profile Information: When You create a profile on our Platform, we collect essential details such as Your name, email, phone number, password, One-Time Password (OTP), and profile picture. These elements are voluntarily provided by You, forming the foundation for a personalized User experience.
Communication History: Your interactions on the Platform, including chat history that may reference advanced AI technologies like GPT, and journal Information entries, contribute to the richness of Your profile. These User-submitted Information elements are crucial for enhancing Your overall experience.
Automatically Collected Information:
Contacts and Permissions: In certain scenarios, such as emergencies, we may fetch Your contacts, but only with Your explicit permission. This respects Your autonomy over personal networks, ensuring that Your Information remains under Your control.
Subscription and Location Data: To facilitate seamless transactions and adhere to payment processing rules and government policies, we collect subscription Information, including card details. Location Information is gathered in compliance with relevant laws, ensuring transparency and legal adherence.
Device Information: Technical processes involve the collection of device information to enhance Your User experience and improve service accuracy. This Information is invaluable for analytics and repair purposes, ensuring our Services align with Your unique device specifications.
Audio Features with Consent: Introducing audio features adds a layer of convenience, but only with Your explicit consent. Microphone Information collected for real-time audio-to-text conversion is processed in a way that prioritizes Your privacy—note that the raw audio Information is never stored.
Tracking Technologies: The Platform, designed for mobile devices, adopts a different approach for user authentication and session management. Instead of traditional web cookies, which are more common in browser environments, it utilizes session tokens. These tokens, unique identifiers assigned to a User's session upon login, are stored on the User’s mobile device. This method offers a more secure and efficient way to handle User sessions, aligning with the specific needs and constraints of mobile applications.
If You choose to integrate third-party Services with Our Platform, We may receive information from these Services in accordance with their privacy policy.
When You provide this Information to Us, You consent to its use for tailoring Our Services to Your needs, enhancing service quality, research and development, and legal compliance. We are committed to handling Your Information with utmost care and confidentiality, ensuring it's used only as per Your consent and legal requirements.
Use of information
We are committed to using Your Information responsibly and transparently. We use the information collected for the following purposes or as otherwise described at the time of collection:
Identity and Service Delivery: Profile Information serves as a cornerstone for identity management, allowing Us to create a personalized and secure environment for Our Users. Additionally, chat and journal entries, submitted by Users, undergo AI analysis to provide emotional support and generate valuable analytics. This dual-purpose utilization ensures that Our Services are not only tailored to individual identities but also contribute to the continuous enhancement of Our Platform.
Emergency Situations: In situations identified as critical through AI analysis, User contacts play a pivotal role. The information stored in Your contacts is used judiciously during emergency scenarios, offering a swift and responsive approach to ensure User safety and well-being.
Financial Transactions: Payment Information, including subscription charges, is collected to facilitate secure financial transactions. This information is processed in compliance with stringent security measures and payment processing protocols, ensuring the seamless execution of subscription charges and other financial transactions.
Enhanced User Experience: Device information and location Information are harnessed to elevate the overall User experience. By tailoring Our Services to the unique specifications of each device, we ensure a seamless and optimized experience for Users. Furthermore, location Information is utilized responsibly, adhering to legal frameworks, to enhance service accuracy and provide location-specific features.
Audio Processing: With User permission, audio Information is collected to enable dynamic interactions with Our platform. Through sophisticated processing powered by OpenAI's API, this audio Information is converted into text, fostering seamless communication and interaction with Our AI Services. Importantly, no retention of the original audio Information occurs, prioritizing User privacy and confidentiality.
To comply with legal obligations and protect Our rights and Our User’s rights, including:
Auditing Our processes for compliance with legal, contractual and internal policy requirements;
Enforcing the terms and conditions governing Our Services; and
Preventing, identifying, investigating and deterring fraudulent, harmful, unauthorized, unethical or illegal activities, including security breaches or identity theft.
Sharing your information
We place great emphasis on highlighting the intricacies surrounding the sharing of Personal Information collected through Our Platform. Following are the various scenarios and considerations involved in the responsible sharing of Your Personal Information.
Service Providers: To ensure seamless operations and enhanced features, Personal Information may be shared with specific service providers integral to our Platform. This collaborative sharing ensures the efficient management of databases, identity verification, One-Time Password (OTP) Services (via Google Firebase), advanced chat and journal analysis, and audio processing (via OpenAI), secure storage and hosting (via Azure Database), and reliable payment processing (via Stripe). Each service provider is carefully chosen for their expertise and adherence to stringent Information protection standards. We strongly recommend that You review the terms of use and privacy policy for all the platforms mentioned below.
Platform
Link to Terms of Use and Privacy Policy
Google Firebase
Google Firebase
Microsoft Azure
OpenAI
Stripe
Microsoft Azure
Open AI
Stripe
Legal Obligations: There may arise circumstances necessitating the sharing of Personal Information to comply with legal obligations, regulatory requirements, or respond to lawful requests. This sharing is essential for maintaining compliance with applicable laws and regulations governing our operations. Every effort is made to ensure that such sharing is conducted within the confines of the law, respecting the privacy and rights of our Users.
Consent-Based Sharing: Personal Information may also be shared subject to the explicit consent of the User. Users are provided with transparent information regarding such sharing, and consent is sought before proceeding. For instance we may allow limited sharing of device and location Information for specified marketing initiatives.
Business Transitions: Personal information may be shared in the context of a business transition, such as a merger, acquisition, or sale of assets. This sharing facilitates the seamless transition of Services and continuity for our Users. We shall make all efforts to uphold the privacy and security of User Information during any business transitions.
Emergency Situations: Contacts stored on our Platform may be shared in identified emergency situations through AI analysis. This sharing is important in ensuring a rapid and effective response in critical scenarios, prioritizing User safety and well-being. Such sharing is governed by predefined parameters established through careful AI analysis.
Anonymized Aggregated Data: Aggregated and anonymized Information may be shared for analytical purposes, devoid of personally identifiable information. This sharing contributes to ongoing efforts to improve our Services, enhance User experiences, and conduct internal research. Rigorous measures are in place to anonymize Information, ensuring the privacy of individual Users while still benefiting the collective improvement of our Platform.
User's Rights
In accordance with the provisions outlined in the Data Protection Legislations, the Users have the following rights
Right to Access Information: You have the right to request a summary of Your Information that We Process, including details of Processing activities and identities of third parties with whom Your Information has been shared. This excludes instances where Information is shared with authorities authorized by law for legal purposes.
Right to Correction and Erasure: You can request correction, completion, updating, or erasure of Your Information that We hold, especially if it is inaccurate, incomplete, or outdated. We will comply with such requests unless there is a legal requirement to retain the Information. Such requests can be made by contacting Us at support@empaithy.com.
Grievance Redressal: You have the right to address any grievances regarding Our handling of Your Information and to that effect, We have appointed a grievance officer to whom you can address such grievances or concerns.
Nomination Rights: You have the right to nominate an individual who can exercise Your Information rights on Your behalf in the event of Your incapacity or death.
Account Deletion: You may request the deletion of Your account by visiting the relevant section on our Platform.
Online Tracking Technologies Opt-Out: You can opt out of the tracking technologies used by Us, by denying the Platform, the permission to track, or if such feature is not available on the system that you are using to access our Platform, then by writing to us at support@empaithy.com.
Withdrawal of Consent: You may withdraw Your consent for Processing Your Information at any time. This includes requesting the deletion of Your account, which will be deemed as withdrawal of consent. Please be aware that withdrawing Your consent, including deleting Your account, may mean that You will no longer be able to use Our Services. This will not affect the lawfulness of the information collected and Processed prior to Your withdrawal.
Security
The security of Your Information is important to Us. We employ a comprehensive approach to safeguard Your Information and Information against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. This includes a combination of administrative, technical, and physical measures to ensure robust protection.
Our Platform is equipped with various electronic, procedural, and physical security measures to protect against the loss, misuse, and alteration of information, or any accidental loss, destruction, or damage to Information. When You submit Your information via Our Platform, it is protected through Our advanced security systems. These include the following:
The security of Your Information is important to Us. We employ a comprehensive approach to safeguard Your Information and Information against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. This includes a combination of administrative, technical, and physical measures to ensure robust protection.
We use state-of-the-art encryption technologies to secure Your Information during transmission and storage. This encryption safeguards Your information from unauthorized access.
Frontend Storage and Security:
Data Storage Practices: Our platform leverages Firebase as the chief solution for frontend data storage. This encompasses the Firestore Database for managing various data types and Firebase Storage for file handling. This integration offers a scalable and efficient approach to data management.
Access Control: Access to our system is regulated through Firebase Authentication. This measure ensures that only verified and authorized users have the ability to engage with our services, maintaining the integrity of user interactions.
Data Encryption: We employ stringent encryption protocols on both the server and client sides. These protocols are designed to provide robust protection for data during both transmission and storage phases, thereby enhancing the overall security framework.
Network Protection: To secure data in transit and within our network infrastructure, we implement advanced network security protocols. These include HTTPS and SSL/TLS encryption, along with the deployment of Virtual Private Cloud (VPC) configurations, offering a fortified environment against potential threats.
System Monitoring and Logging: Our system's operations and security-related events are continuously monitored using tools such as Firebase Analytics, Performance Monitoring, and Crashlytics. This enables us to have real-time insights and maintain vigilance over our system's performance and security aspects.
Regulatory Compliance and Standards: The frontend storage systems we utilize adhere to industry-recommended best practices and comply with relevant certifications. This commitment ensures that we operate in a secure manner, consistent with regulatory requirements.
Backup and Disaster Recovery: We have established comprehensive backup and disaster recovery protocols. These are designed to facilitate the quick restoration of data in unforeseen situations, thereby preserving data integrity and ensuring continuity of our services.
Backend Storage and Security:
Data Storage: Encrypted Information bases with Transport Layer Security (TLS) and storage encryption are employed at the backend, reinforcing the security of stored Information.
Encryption: Both at rest and in transit, Information encryption is enforced, providing continuous protection and mitigating potential vulnerabilities.
Third-Party Processing: OpenAI and Microsoft Azure, as third-party service providers, implement their own robust Information protection measures, ensuring the confidentiality and security of Information processed through their platforms.
In accordance with the provisions outlined in the Data Protection Legislations, the Users have the following rights
Children
We strictly adhere to Data Protection Legislations and do not knowingly collect or solicit Information from individuals under the age of 18. Our Services are designed for users who are 18 years or older, and We do not permit minors under 18 to use Our Platform. We urge parents and guardians to supervise their children's online activities and contact Us at support@empaithy.com to remove any information provided by a minor without consent. Our commitment to protecting the privacy of all Users, especially minors, is unwavering
Changes to the privacy policy
We reserve the right to update or modify this Privacy Policy at any time, with or without prior notice. In the event of significant changes in the way We handle Users’ Personal Information, or in the Privacy Policy itself, We will either prominently display a notice on Our website or send an email notification to the address associated with Your account. It is important for You to review the changed terms before You continue to use the Platform. The latest version of Our Privacy Policy will always be available on Our website, and We encourage You to check it periodically.
By continuing to use Our Platform or accessing Our website after the publication of a notice of changes or receiving an email notification about these changes, You are acknowledging and consenting to these revised terms.
We understand that You may not agree with these changes. If You object to any of the updated terms and no longer wish to use Our Platform, You are free to visit the relevant section on our Platform and to deactivate Your account.
Unless explicitly stated otherwise, Our current version of Privacy Policy applies to all information We have about You and Your account. This policy governs Our Information practices and outlines Your rights and Our responsibilities with respect to Your Personal Data.
Compliance with laws and law enforcement
We will cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We reserve the right to track IP addresses for the purposes of fraud prevention and to release IP addresses to legal authorities. We will disclose information about You to government or law enforcement officials or private parties when We believe it reasonably necessary to comply with the law, to protect the property and rights of the Company or a third party, to protect the safety of the public or any person, or to prevent or stop activity We may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
Users are strongly encouraged to utilize this Platform exclusively for lawful and ethical purposes. It is imperative that all Users adhere to the principles of legality and ethical conduct while engaging with this Platform. Any User found participating in activities deemed unlawful or potentially harmful to others will face strict consequences. We retain the right to suspend the account of any User involved in such activities and, when deemed necessary, report the matter to the appropriate governmental authorities
Data Retention
We retain the Information only for as long as necessary to fulfil the purposes for which it was collected and in accordance with legal and regulatory obligations, or until You withdraw Your consent. In determining the appropriate retention period for the Information, We take into account various factors. These include the volume, nature, and sensitivity of the Information; the potential risk of harm from unauthorized use or disclosure; the specific purposes for which We Process the information and whether these purposes can be achieved through other means; and the requirements of applicable legal and regulatory frameworks.
Our approach ensures that the Information is not kept longer than necessary, balancing the need to fulfil Our operational purposes with Our commitment to protect Your privacy and comply with legal obligations.
Grievance Officer
If You have any questions or concerns regarding this Privacy Policy or the Company’s practices for collecting, using, and disclosing the Information, please feel free to contact Our appointed Grievance Officer. We are committed to addressing Your inquiries and resolving any issues related to the handling of Your Information with promptness and care. Should You have a specific grievance regarding our use of Your information, You are encouraged to communicate directly with the Grievance Officer:
To, Grievance Officer
E-mail ID: support@empaithy.com
Address: New Delhi
We assure you that we will make every reasonable effort to promptly respond to and resolve any concerns or questions you may have.
Privacy Policy
This Privacy Policy along with the Terms of Use available at https://empaithy.com/terms-of-service governs the use of the Platform owned, operated and managed by VeriScript Private Limited, a company incorporated under the provisions of the Companies Act, 2013 and has a registered address at 7/20 Industrial Area, Kirti Nagar - 110015, West Delhi, New Delhi, India, 110015 (hereinafter “Company”, “empaithy™”, “We”, “Us”, “Our”). The terms capitalized but not defined in this Privacy Policy shall have the meaning ascribed to them in the Terms of Use.
This Privacy Policy is published by Us, in compliance with:
Section 43A of the Information Technology Act, 2000;
Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (“SPI Rules”); and
Section 6 of the Digital Personal Data Protection Act, 2023 (“DPDP Act”)
Definitions
“Personal Information” as defined under the SPI Rules, means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
“Sensitive Personal Data or Information” as defined under the SPI Rules, means personal information about that person relating to:
passwords.
financial information such as bank accounts, credit and debit card details or other payment instrument details.
physical, physiological, and mental health condition.
sexual orientation.
medical records and history.
biometric information.
information received by body corporate under lawful contract or otherwise.
visitor details as provided at the time of registration or thereafter; and
call Information records.
“Personal Data” as defined under the DPDP Act, means any Information about an individual who is identifiable by or in relation to such Information;
"Processing” as defined under the DPDP Act, in relation to personal Information, means a wholly or partly automated operation or set of operations performed on digital personal Information, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction;
The terms “Process” and “Processed” shall be construed in conjunction with Clause 1.4.
For the purposes of this Privacy Policy, the term "Information" shall encompass and be synonymous with the terms Personal Information, Sensitive Personal Data or Information, and Personal Data as defined under Clause 1.
This Agreement applies to:
Individuals who are seeking mental well-being support, guidance, or information through the Platform; and
Any other individuals or entities who access or interact with the Platform for various purposes.
In addition to the defined terms associated with specific class of persons as mentioned in Clause 1.6.1 and Clause 1.6.2 any reference to the terms “you” or “User” shall deemed to be a reference to each of the persons mentioned in this Clauses 1.6.1 and 1.6.2.
General
Except to the extent mentioned in this Privacy Policy, we will not sell, share or rent Your Information to any third party or use Your email address/mobile number for unsolicited emails and/or SMS. Any emails and/or SMS sent by Us will only be in connection with the provision of agreed Services & products and this Privacy Policy. To carry out general marketing, We would be sending out emails to the Users registered on Our Platform or by any means and in any media.
Collection of information
User-Submitted Information:
Profile Information: When You create a profile on our Platform, we collect essential details such as Your name, email, phone number, password, One-Time Password (OTP), and profile picture. These elements are voluntarily provided by You, forming the foundation for a personalized User experience.
Communication History: Your interactions on the Platform, including chat history that may reference advanced AI technologies like GPT, and journal Information entries, contribute to the richness of Your profile. These User-submitted Information elements are crucial for enhancing Your overall experience.
Automatically Collected Information:
Contacts and Permissions: In certain scenarios, such as emergencies, we may fetch Your contacts, but only with Your explicit permission. This respects Your autonomy over personal networks, ensuring that Your Information remains under Your control.
Subscription and Location Data: To facilitate seamless transactions and adhere to payment processing rules and government policies, we collect subscription Information, including card details. Location Information is gathered in compliance with relevant laws, ensuring transparency and legal adherence.
Device Information: Technical processes involve the collection of device information to enhance Your User experience and improve service accuracy. This Information is invaluable for analytics and repair purposes, ensuring our Services align with Your unique device specifications.
Audio Features with Consent: Introducing audio features adds a layer of convenience, but only with Your explicit consent. Microphone Information collected for real-time audio-to-text conversion is processed in a way that prioritizes Your privacy—note that the raw audio Information is never stored.
Tracking Technologies: The Platform, designed for mobile devices, adopts a different approach for user authentication and session management. Instead of traditional web cookies, which are more common in browser environments, it utilizes session tokens. These tokens, unique identifiers assigned to a User's session upon login, are stored on the User’s mobile device. This method offers a more secure and efficient way to handle User sessions, aligning with the specific needs and constraints of mobile applications.
If You choose to integrate third-party Services with Our Platform, We may receive information from these Services in accordance with their privacy policy.
When You provide this Information to Us, You consent to its use for tailoring Our Services to Your needs, enhancing service quality, research and development, and legal compliance. We are committed to handling Your Information with utmost care and confidentiality, ensuring it's used only as per Your consent and legal requirements.
Use of information
We are committed to using Your Information responsibly and transparently. We use the information collected for the following purposes or as otherwise described at the time of collection:
Identity and Service Delivery: Profile Information serves as a cornerstone for identity management, allowing Us to create a personalized and secure environment for Our Users. Additionally, chat and journal entries, submitted by Users, undergo AI analysis to provide emotional support and generate valuable analytics. This dual-purpose utilization ensures that Our Services are not only tailored to individual identities but also contribute to the continuous enhancement of Our Platform.
Emergency Situations: In situations identified as critical through AI analysis, User contacts play a pivotal role. The information stored in Your contacts is used judiciously during emergency scenarios, offering a swift and responsive approach to ensure User safety and well-being.
Financial Transactions: Payment Information, including subscription charges, is collected to facilitate secure financial transactions. This information is processed in compliance with stringent security measures and payment processing protocols, ensuring the seamless execution of subscription charges and other financial transactions.
Enhanced User Experience: Device information and location Information are harnessed to elevate the overall User experience. By tailoring Our Services to the unique specifications of each device, we ensure a seamless and optimized experience for Users. Furthermore, location Information is utilized responsibly, adhering to legal frameworks, to enhance service accuracy and provide location-specific features.
Audio Processing: With User permission, audio Information is collected to enable dynamic interactions with Our platform. Through sophisticated processing powered by OpenAI's API, this audio Information is converted into text, fostering seamless communication and interaction with Our AI Services. Importantly, no retention of the original audio Information occurs, prioritizing User privacy and confidentiality.
To comply with legal obligations and protect Our rights and Our User’s rights, including:
Auditing Our processes for compliance with legal, contractual and internal policy requirements;
Enforcing the terms and conditions governing Our Services; and
Preventing, identifying, investigating and deterring fraudulent, harmful, unauthorized, unethical or illegal activities, including security breaches or identity theft.
Sharing your information
We place great emphasis on highlighting the intricacies surrounding the sharing of Personal Information collected through Our Platform. Following are the various scenarios and considerations involved in the responsible sharing of Your Personal Information.
Service Providers: To ensure seamless operations and enhanced features, Personal Information may be shared with specific service providers integral to our Platform. This collaborative sharing ensures the efficient management of databases, identity verification, One-Time Password (OTP) Services (via Google Firebase), advanced chat and journal analysis, and audio processing (via OpenAI), secure storage and hosting (via Azure Database), and reliable payment processing (via Stripe). Each service provider is carefully chosen for their expertise and adherence to stringent Information protection standards. We strongly recommend that You review the terms of use and privacy policy for all the platforms mentioned below.
Platform
Link to Terms of Use and Privacy Policy
Google Firebase
Google Firebase
Microsoft Azure
OpenAI
Stripe
Microsoft Azure
Open AI
Stripe
Legal Obligations: There may arise circumstances necessitating the sharing of Personal Information to comply with legal obligations, regulatory requirements, or respond to lawful requests. This sharing is essential for maintaining compliance with applicable laws and regulations governing our operations. Every effort is made to ensure that such sharing is conducted within the confines of the law, respecting the privacy and rights of our Users.
Consent-Based Sharing: Personal Information may also be shared subject to the explicit consent of the User. Users are provided with transparent information regarding such sharing, and consent is sought before proceeding. For instance we may allow limited sharing of device and location Information for specified marketing initiatives.
Business Transitions: Personal information may be shared in the context of a business transition, such as a merger, acquisition, or sale of assets. This sharing facilitates the seamless transition of Services and continuity for our Users. We shall make all efforts to uphold the privacy and security of User Information during any business transitions.
Emergency Situations: Contacts stored on our Platform may be shared in identified emergency situations through AI analysis. This sharing is important in ensuring a rapid and effective response in critical scenarios, prioritizing User safety and well-being. Such sharing is governed by predefined parameters established through careful AI analysis.
Anonymized Aggregated Data: Aggregated and anonymized Information may be shared for analytical purposes, devoid of personally identifiable information. This sharing contributes to ongoing efforts to improve our Services, enhance User experiences, and conduct internal research. Rigorous measures are in place to anonymize Information, ensuring the privacy of individual Users while still benefiting the collective improvement of our Platform.
User's Rights
In accordance with the provisions outlined in the Data Protection Legislations, the Users have the following rights
Right to Access Information: You have the right to request a summary of Your Information that We Process, including details of Processing activities and identities of third parties with whom Your Information has been shared. This excludes instances where Information is shared with authorities authorized by law for legal purposes.
Right to Correction and Erasure: You can request correction, completion, updating, or erasure of Your Information that We hold, especially if it is inaccurate, incomplete, or outdated. We will comply with such requests unless there is a legal requirement to retain the Information. Such requests can be made by contacting Us at support@empaithy.com.
Grievance Redressal: You have the right to address any grievances regarding Our handling of Your Information and to that effect, We have appointed a grievance officer to whom you can address such grievances or concerns.
Nomination Rights: You have the right to nominate an individual who can exercise Your Information rights on Your behalf in the event of Your incapacity or death.
Account Deletion: You may request the deletion of Your account by visiting the relevant section on our Platform.
Online Tracking Technologies Opt-Out: You can opt out of the tracking technologies used by Us, by denying the Platform, the permission to track, or if such feature is not available on the system that you are using to access our Platform, then by writing to us at support@empaithy.com.
Withdrawal of Consent: You may withdraw Your consent for Processing Your Information at any time. This includes requesting the deletion of Your account, which will be deemed as withdrawal of consent. Please be aware that withdrawing Your consent, including deleting Your account, may mean that You will no longer be able to use Our Services. This will not affect the lawfulness of the information collected and Processed prior to Your withdrawal.
Security
The security of Your Information is important to Us. We employ a comprehensive approach to safeguard Your Information and Information against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. This includes a combination of administrative, technical, and physical measures to ensure robust protection.
Our Platform is equipped with various electronic, procedural, and physical security measures to protect against the loss, misuse, and alteration of information, or any accidental loss, destruction, or damage to Information. When You submit Your information via Our Platform, it is protected through Our advanced security systems. These include the following:
The security of Your Information is important to Us. We employ a comprehensive approach to safeguard Your Information and Information against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. This includes a combination of administrative, technical, and physical measures to ensure robust protection.
We use state-of-the-art encryption technologies to secure Your Information during transmission and storage. This encryption safeguards Your information from unauthorized access.
Frontend Storage and Security:
Data Storage Practices: Our platform leverages Firebase as the chief solution for frontend data storage. This encompasses the Firestore Database for managing various data types and Firebase Storage for file handling. This integration offers a scalable and efficient approach to data management.
Access Control: Access to our system is regulated through Firebase Authentication. This measure ensures that only verified and authorized users have the ability to engage with our services, maintaining the integrity of user interactions.
Data Encryption: We employ stringent encryption protocols on both the server and client sides. These protocols are designed to provide robust protection for data during both transmission and storage phases, thereby enhancing the overall security framework.
Network Protection: To secure data in transit and within our network infrastructure, we implement advanced network security protocols. These include HTTPS and SSL/TLS encryption, along with the deployment of Virtual Private Cloud (VPC) configurations, offering a fortified environment against potential threats.
System Monitoring and Logging: Our system's operations and security-related events are continuously monitored using tools such as Firebase Analytics, Performance Monitoring, and Crashlytics. This enables us to have real-time insights and maintain vigilance over our system's performance and security aspects.
Regulatory Compliance and Standards: The frontend storage systems we utilize adhere to industry-recommended best practices and comply with relevant certifications. This commitment ensures that we operate in a secure manner, consistent with regulatory requirements.
Backup and Disaster Recovery: We have established comprehensive backup and disaster recovery protocols. These are designed to facilitate the quick restoration of data in unforeseen situations, thereby preserving data integrity and ensuring continuity of our services.
Backend Storage and Security:
Data Storage: Encrypted Information bases with Transport Layer Security (TLS) and storage encryption are employed at the backend, reinforcing the security of stored Information.
Encryption: Both at rest and in transit, Information encryption is enforced, providing continuous protection and mitigating potential vulnerabilities.
Third-Party Processing: OpenAI and Microsoft Azure, as third-party service providers, implement their own robust Information protection measures, ensuring the confidentiality and security of Information processed through their platforms.
In accordance with the provisions outlined in the Data Protection Legislations, the Users have the following rights
Children
We strictly adhere to Data Protection Legislations and do not knowingly collect or solicit Information from individuals under the age of 18. Our Services are designed for users who are 18 years or older, and We do not permit minors under 18 to use Our Platform. We urge parents and guardians to supervise their children's online activities and contact Us at support@empaithy.com to remove any information provided by a minor without consent. Our commitment to protecting the privacy of all Users, especially minors, is unwavering
Changes to the privacy policy
We reserve the right to update or modify this Privacy Policy at any time, with or without prior notice. In the event of significant changes in the way We handle Users’ Personal Information, or in the Privacy Policy itself, We will either prominently display a notice on Our website or send an email notification to the address associated with Your account. It is important for You to review the changed terms before You continue to use the Platform. The latest version of Our Privacy Policy will always be available on Our website, and We encourage You to check it periodically.
By continuing to use Our Platform or accessing Our website after the publication of a notice of changes or receiving an email notification about these changes, You are acknowledging and consenting to these revised terms.
We understand that You may not agree with these changes. If You object to any of the updated terms and no longer wish to use Our Platform, You are free to visit the relevant section on our Platform and to deactivate Your account.
Unless explicitly stated otherwise, Our current version of Privacy Policy applies to all information We have about You and Your account. This policy governs Our Information practices and outlines Your rights and Our responsibilities with respect to Your Personal Data.
Compliance with laws and law enforcement
We will cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We reserve the right to track IP addresses for the purposes of fraud prevention and to release IP addresses to legal authorities. We will disclose information about You to government or law enforcement officials or private parties when We believe it reasonably necessary to comply with the law, to protect the property and rights of the Company or a third party, to protect the safety of the public or any person, or to prevent or stop activity We may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
Users are strongly encouraged to utilize this Platform exclusively for lawful and ethical purposes. It is imperative that all Users adhere to the principles of legality and ethical conduct while engaging with this Platform. Any User found participating in activities deemed unlawful or potentially harmful to others will face strict consequences. We retain the right to suspend the account of any User involved in such activities and, when deemed necessary, report the matter to the appropriate governmental authorities
Data Retention
We retain the Information only for as long as necessary to fulfil the purposes for which it was collected and in accordance with legal and regulatory obligations, or until You withdraw Your consent. In determining the appropriate retention period for the Information, We take into account various factors. These include the volume, nature, and sensitivity of the Information; the potential risk of harm from unauthorized use or disclosure; the specific purposes for which We Process the information and whether these purposes can be achieved through other means; and the requirements of applicable legal and regulatory frameworks.
Our approach ensures that the Information is not kept longer than necessary, balancing the need to fulfil Our operational purposes with Our commitment to protect Your privacy and comply with legal obligations.
Grievance Officer
If You have any questions or concerns regarding this Privacy Policy or the Company’s practices for collecting, using, and disclosing the Information, please feel free to contact Our appointed Grievance Officer. We are committed to addressing Your inquiries and resolving any issues related to the handling of Your Information with promptness and care. Should You have a specific grievance regarding our use of Your information, You are encouraged to communicate directly with the Grievance Officer:
To, Grievance Officer
E-mail ID: support@empaithy.com
Address: New Delhi
We assure you that we will make every reasonable effort to promptly respond to and resolve any concerns or questions you may have.
Privacy Policy
This Privacy Policy along with the Terms of Use available at https://empaithy.com/terms-of-service governs the use of the Platform owned, operated and managed by VeriScript Private Limited, a company incorporated under the provisions of the Companies Act, 2013 and has a registered address at 7/20 Industrial Area, Kirti Nagar - 110015, West Delhi, New Delhi, India, 110015 (hereinafter “Company”, “empaithy™”, “We”, “Us”, “Our”). The terms capitalized but not defined in this Privacy Policy shall have the meaning ascribed to them in the Terms of Use.
This Privacy Policy is published by Us, in compliance with:
Section 43A of the Information Technology Act, 2000;
Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (“SPI Rules”); and
Section 6 of the Digital Personal Data Protection Act, 2023 (“DPDP Act”)
Definitions
“Personal Information” as defined under the SPI Rules, means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.
“Sensitive Personal Data or Information” as defined under the SPI Rules, means personal information about that person relating to:
passwords.
financial information such as bank accounts, credit and debit card details or other payment instrument details.
physical, physiological, and mental health condition.
sexual orientation.
medical records and history.
biometric information.
information received by body corporate under lawful contract or otherwise.
visitor details as provided at the time of registration or thereafter; and
call Information records.
“Personal Data” as defined under the DPDP Act, means any Information about an individual who is identifiable by or in relation to such Information;
"Processing” as defined under the DPDP Act, in relation to personal Information, means a wholly or partly automated operation or set of operations performed on digital personal Information, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction;
The terms “Process” and “Processed” shall be construed in conjunction with Clause 1.4.
For the purposes of this Privacy Policy, the term "Information" shall encompass and be synonymous with the terms Personal Information, Sensitive Personal Data or Information, and Personal Data as defined under Clause 1.
This Agreement applies to:
Individuals who are seeking mental well-being support, guidance, or information through the Platform; and
Any other individuals or entities who access or interact with the Platform for various purposes.
In addition to the defined terms associated with specific class of persons as mentioned in Clause 1.6.1 and Clause 1.6.2 any reference to the terms “you” or “User” shall deemed to be a reference to each of the persons mentioned in this Clauses 1.6.1 and 1.6.2.
General
Except to the extent mentioned in this Privacy Policy, we will not sell, share or rent Your Information to any third party or use Your email address/mobile number for unsolicited emails and/or SMS. Any emails and/or SMS sent by Us will only be in connection with the provision of agreed Services & products and this Privacy Policy. To carry out general marketing, We would be sending out emails to the Users registered on Our Platform or by any means and in any media.
Collection of information
User-Submitted Information:
Profile Information: When You create a profile on our Platform, we collect essential details such as Your name, email, phone number, password, One-Time Password (OTP), and profile picture. These elements are voluntarily provided by You, forming the foundation for a personalized User experience.
Communication History: Your interactions on the Platform, including chat history that may reference advanced AI technologies like GPT, and journal Information entries, contribute to the richness of Your profile. These User-submitted Information elements are crucial for enhancing Your overall experience.
Automatically Collected Information:
Contacts and Permissions: In certain scenarios, such as emergencies, we may fetch Your contacts, but only with Your explicit permission. This respects Your autonomy over personal networks, ensuring that Your Information remains under Your control.
Subscription and Location Data: To facilitate seamless transactions and adhere to payment processing rules and government policies, we collect subscription Information, including card details. Location Information is gathered in compliance with relevant laws, ensuring transparency and legal adherence.
Device Information: Technical processes involve the collection of device information to enhance Your User experience and improve service accuracy. This Information is invaluable for analytics and repair purposes, ensuring our Services align with Your unique device specifications.
Audio Features with Consent: Introducing audio features adds a layer of convenience, but only with Your explicit consent. Microphone Information collected for real-time audio-to-text conversion is processed in a way that prioritizes Your privacy—note that the raw audio Information is never stored.
Tracking Technologies: The Platform, designed for mobile devices, adopts a different approach for user authentication and session management. Instead of traditional web cookies, which are more common in browser environments, it utilizes session tokens. These tokens, unique identifiers assigned to a User's session upon login, are stored on the User’s mobile device. This method offers a more secure and efficient way to handle User sessions, aligning with the specific needs and constraints of mobile applications.
If You choose to integrate third-party Services with Our Platform, We may receive information from these Services in accordance with their privacy policy.
When You provide this Information to Us, You consent to its use for tailoring Our Services to Your needs, enhancing service quality, research and development, and legal compliance. We are committed to handling Your Information with utmost care and confidentiality, ensuring it's used only as per Your consent and legal requirements.
Use of information
We are committed to using Your Information responsibly and transparently. We use the information collected for the following purposes or as otherwise described at the time of collection:
Identity and Service Delivery: Profile Information serves as a cornerstone for identity management, allowing Us to create a personalized and secure environment for Our Users. Additionally, chat and journal entries, submitted by Users, undergo AI analysis to provide emotional support and generate valuable analytics. This dual-purpose utilization ensures that Our Services are not only tailored to individual identities but also contribute to the continuous enhancement of Our Platform.
Emergency Situations: In situations identified as critical through AI analysis, User contacts play a pivotal role. The information stored in Your contacts is used judiciously during emergency scenarios, offering a swift and responsive approach to ensure User safety and well-being.
Financial Transactions: Payment Information, including subscription charges, is collected to facilitate secure financial transactions. This information is processed in compliance with stringent security measures and payment processing protocols, ensuring the seamless execution of subscription charges and other financial transactions.
Enhanced User Experience: Device information and location Information are harnessed to elevate the overall User experience. By tailoring Our Services to the unique specifications of each device, we ensure a seamless and optimized experience for Users. Furthermore, location Information is utilized responsibly, adhering to legal frameworks, to enhance service accuracy and provide location-specific features.
Audio Processing: With User permission, audio Information is collected to enable dynamic interactions with Our platform. Through sophisticated processing powered by OpenAI's API, this audio Information is converted into text, fostering seamless communication and interaction with Our AI Services. Importantly, no retention of the original audio Information occurs, prioritizing User privacy and confidentiality.
To comply with legal obligations and protect Our rights and Our User’s rights, including:
Auditing Our processes for compliance with legal, contractual and internal policy requirements;
Enforcing the terms and conditions governing Our Services; and
Preventing, identifying, investigating and deterring fraudulent, harmful, unauthorized, unethical or illegal activities, including security breaches or identity theft.
Sharing your information
We place great emphasis on highlighting the intricacies surrounding the sharing of Personal Information collected through Our Platform. Following are the various scenarios and considerations involved in the responsible sharing of Your Personal Information.
Service Providers: To ensure seamless operations and enhanced features, Personal Information may be shared with specific service providers integral to our Platform. This collaborative sharing ensures the efficient management of databases, identity verification, One-Time Password (OTP) Services (via Google Firebase), advanced chat and journal analysis, and audio processing (via OpenAI), secure storage and hosting (via Azure Database), and reliable payment processing (via Stripe). Each service provider is carefully chosen for their expertise and adherence to stringent Information protection standards. We strongly recommend that You review the terms of use and privacy policy for all the platforms mentioned below.
Platform
Link to Terms of Use and Privacy Policy
Google Firebase
Google Firebase
Microsoft Azure
OpenAI
Stripe
Microsoft Azure
Open AI
Stripe
Legal Obligations: There may arise circumstances necessitating the sharing of Personal Information to comply with legal obligations, regulatory requirements, or respond to lawful requests. This sharing is essential for maintaining compliance with applicable laws and regulations governing our operations. Every effort is made to ensure that such sharing is conducted within the confines of the law, respecting the privacy and rights of our Users.
Consent-Based Sharing: Personal Information may also be shared subject to the explicit consent of the User. Users are provided with transparent information regarding such sharing, and consent is sought before proceeding. For instance we may allow limited sharing of device and location Information for specified marketing initiatives.
Business Transitions: Personal information may be shared in the context of a business transition, such as a merger, acquisition, or sale of assets. This sharing facilitates the seamless transition of Services and continuity for our Users. We shall make all efforts to uphold the privacy and security of User Information during any business transitions.
Emergency Situations: Contacts stored on our Platform may be shared in identified emergency situations through AI analysis. This sharing is important in ensuring a rapid and effective response in critical scenarios, prioritizing User safety and well-being. Such sharing is governed by predefined parameters established through careful AI analysis.
Anonymized Aggregated Data: Aggregated and anonymized Information may be shared for analytical purposes, devoid of personally identifiable information. This sharing contributes to ongoing efforts to improve our Services, enhance User experiences, and conduct internal research. Rigorous measures are in place to anonymize Information, ensuring the privacy of individual Users while still benefiting the collective improvement of our Platform.
User's Rights
In accordance with the provisions outlined in the Data Protection Legislations, the Users have the following rights
Right to Access Information: You have the right to request a summary of Your Information that We Process, including details of Processing activities and identities of third parties with whom Your Information has been shared. This excludes instances where Information is shared with authorities authorized by law for legal purposes.
Right to Correction and Erasure: You can request correction, completion, updating, or erasure of Your Information that We hold, especially if it is inaccurate, incomplete, or outdated. We will comply with such requests unless there is a legal requirement to retain the Information. Such requests can be made by contacting Us at support@empaithy.com.
Grievance Redressal: You have the right to address any grievances regarding Our handling of Your Information and to that effect, We have appointed a grievance officer to whom you can address such grievances or concerns.
Nomination Rights: You have the right to nominate an individual who can exercise Your Information rights on Your behalf in the event of Your incapacity or death.
Account Deletion: You may request the deletion of Your account by visiting the relevant section on our Platform.
Online Tracking Technologies Opt-Out: You can opt out of the tracking technologies used by Us, by denying the Platform, the permission to track, or if such feature is not available on the system that you are using to access our Platform, then by writing to us at support@empaithy.com.
Withdrawal of Consent: You may withdraw Your consent for Processing Your Information at any time. This includes requesting the deletion of Your account, which will be deemed as withdrawal of consent. Please be aware that withdrawing Your consent, including deleting Your account, may mean that You will no longer be able to use Our Services. This will not affect the lawfulness of the information collected and Processed prior to Your withdrawal.
Security
The security of Your Information is important to Us. We employ a comprehensive approach to safeguard Your Information and Information against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. This includes a combination of administrative, technical, and physical measures to ensure robust protection.
Our Platform is equipped with various electronic, procedural, and physical security measures to protect against the loss, misuse, and alteration of information, or any accidental loss, destruction, or damage to Information. When You submit Your information via Our Platform, it is protected through Our advanced security systems. These include the following:
The security of Your Information is important to Us. We employ a comprehensive approach to safeguard Your Information and Information against loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. This includes a combination of administrative, technical, and physical measures to ensure robust protection.
We use state-of-the-art encryption technologies to secure Your Information during transmission and storage. This encryption safeguards Your information from unauthorized access.
Frontend Storage and Security:
Data Storage Practices: Our platform leverages Firebase as the chief solution for frontend data storage. This encompasses the Firestore Database for managing various data types and Firebase Storage for file handling. This integration offers a scalable and efficient approach to data management.
Access Control: Access to our system is regulated through Firebase Authentication. This measure ensures that only verified and authorized users have the ability to engage with our services, maintaining the integrity of user interactions.
Data Encryption: We employ stringent encryption protocols on both the server and client sides. These protocols are designed to provide robust protection for data during both transmission and storage phases, thereby enhancing the overall security framework.
Network Protection: To secure data in transit and within our network infrastructure, we implement advanced network security protocols. These include HTTPS and SSL/TLS encryption, along with the deployment of Virtual Private Cloud (VPC) configurations, offering a fortified environment against potential threats.
System Monitoring and Logging: Our system's operations and security-related events are continuously monitored using tools such as Firebase Analytics, Performance Monitoring, and Crashlytics. This enables us to have real-time insights and maintain vigilance over our system's performance and security aspects.
Regulatory Compliance and Standards: The frontend storage systems we utilize adhere to industry-recommended best practices and comply with relevant certifications. This commitment ensures that we operate in a secure manner, consistent with regulatory requirements.
Backup and Disaster Recovery: We have established comprehensive backup and disaster recovery protocols. These are designed to facilitate the quick restoration of data in unforeseen situations, thereby preserving data integrity and ensuring continuity of our services.
Backend Storage and Security:
Data Storage: Encrypted Information bases with Transport Layer Security (TLS) and storage encryption are employed at the backend, reinforcing the security of stored Information.
Encryption: Both at rest and in transit, Information encryption is enforced, providing continuous protection and mitigating potential vulnerabilities.
Third-Party Processing: OpenAI and Microsoft Azure, as third-party service providers, implement their own robust Information protection measures, ensuring the confidentiality and security of Information processed through their platforms.
In accordance with the provisions outlined in the Data Protection Legislations, the Users have the following rights
Children
We strictly adhere to Data Protection Legislations and do not knowingly collect or solicit Information from individuals under the age of 18. Our Services are designed for users who are 18 years or older, and We do not permit minors under 18 to use Our Platform. We urge parents and guardians to supervise their children's online activities and contact Us at support@empaithy.com to remove any information provided by a minor without consent. Our commitment to protecting the privacy of all Users, especially minors, is unwavering
Changes to the privacy policy
We reserve the right to update or modify this Privacy Policy at any time, with or without prior notice. In the event of significant changes in the way We handle Users’ Personal Information, or in the Privacy Policy itself, We will either prominently display a notice on Our website or send an email notification to the address associated with Your account. It is important for You to review the changed terms before You continue to use the Platform. The latest version of Our Privacy Policy will always be available on Our website, and We encourage You to check it periodically.
By continuing to use Our Platform or accessing Our website after the publication of a notice of changes or receiving an email notification about these changes, You are acknowledging and consenting to these revised terms.
We understand that You may not agree with these changes. If You object to any of the updated terms and no longer wish to use Our Platform, You are free to visit the relevant section on our Platform and to deactivate Your account.
Unless explicitly stated otherwise, Our current version of Privacy Policy applies to all information We have about You and Your account. This policy governs Our Information practices and outlines Your rights and Our responsibilities with respect to Your Personal Data.
Compliance with laws and law enforcement
We will cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We reserve the right to track IP addresses for the purposes of fraud prevention and to release IP addresses to legal authorities. We will disclose information about You to government or law enforcement officials or private parties when We believe it reasonably necessary to comply with the law, to protect the property and rights of the Company or a third party, to protect the safety of the public or any person, or to prevent or stop activity We may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
Users are strongly encouraged to utilize this Platform exclusively for lawful and ethical purposes. It is imperative that all Users adhere to the principles of legality and ethical conduct while engaging with this Platform. Any User found participating in activities deemed unlawful or potentially harmful to others will face strict consequences. We retain the right to suspend the account of any User involved in such activities and, when deemed necessary, report the matter to the appropriate governmental authorities
Data Retention
We retain the Information only for as long as necessary to fulfil the purposes for which it was collected and in accordance with legal and regulatory obligations, or until You withdraw Your consent. In determining the appropriate retention period for the Information, We take into account various factors. These include the volume, nature, and sensitivity of the Information; the potential risk of harm from unauthorized use or disclosure; the specific purposes for which We Process the information and whether these purposes can be achieved through other means; and the requirements of applicable legal and regulatory frameworks.
Our approach ensures that the Information is not kept longer than necessary, balancing the need to fulfil Our operational purposes with Our commitment to protect Your privacy and comply with legal obligations.
Grievance Officer
If You have any questions or concerns regarding this Privacy Policy or the Company’s practices for collecting, using, and disclosing the Information, please feel free to contact Our appointed Grievance Officer. We are committed to addressing Your inquiries and resolving any issues related to the handling of Your Information with promptness and care. Should You have a specific grievance regarding our use of Your information, You are encouraged to communicate directly with the Grievance Officer:
To, Grievance Officer
E-mail ID: support@empaithy.com
Address: New Delhi
We assure you that we will make every reasonable effort to promptly respond to and resolve any concerns or questions you may have.