Last updated: 10th March 2026
1. Introduction
Moonjar Technologies Private Limited values your privacy and is committed to protecting your personal data. Personal data refers to any information which can be used to identify you, such as your name, email addresses, phone number, health information, or billing information (“Personal Data”). This Privacy Policy explains what Personal Data we process, why we process it, how we use it, with whom we share your Personal Data, and your rights regarding your Personal Data, when you access, register on, browse and use our Platform and Services.
This Privacy Policy must be read along with the Terms. Capitalised terms not defined here shall have the same meaning as under the Terms.
What data do we process and why?
When you use our Platform, we may process your Personal Data to provide you our Services, including to help you create an account, manage yours and your families’ health data, schedule reminders, generate summaries of information; comply with legal obligations; resolve disputes; and manage risks. In particular, we collect and process the following:
• Verifying your identity and administering your account
• Communicating with you, including for marketing of our Platform or informing you about updates to the Platform, this Privacy Policy or the Terms
• Document storage and organisation
• AI-powered categorisation and OCR processing
• Generating health summaries and insights
• Family collaboration and access management
• Providing health record management services
• Generating reminders and notifications
• Enabling search and retrieval of your records
• Managing your subscription
• Ensuring platform security and monitoring for fraud
• Compliance with tax and financial record-keeping obligations
• Improving our Services and platform performance
• Providing technical support and troubleshooting
• Analytics and understanding usage patterns
2.1
Children’s Health Data: The Platform enables Family Owners to manage health records of their children (individuals under the age of 18 years). Children cannot register independently on the Platform. Health data of children is collected and managed solely by the Family Owner acting in their capacity as parent or lawful guardian and Data Principal of the child’s personal data, in accordance with the Digital Personal Data Protection Act, 2023 and rules thereunder. The Platform does not engage in behavioral tracking or profiling of children and does not process children’s personal data for any purpose other than providing the Services.
2.2
Anonymized and Aggregated Data: We may use anonymized, aggregated patterns derived from use of the Platform to improve the accuracy and relevance of our Services. Such anonymized data cannot be traced to any individual or family, does not constitute Personal Data under Applicable Law, and is not shared with third parties for their model training purposes.
Where we collect your Personal Data from?
We collect your Personal Data:
(a)
Directly from you: This includes any Personal Data that you share or upload on the Platform, including Medical Records, profile details, notes, and responses to our queries.
(b)
Via WhatsApp and Email: You may forward documents to us via WhatsApp or email for upload to the Platform. Documents sent through these channels transit through third-party platforms (such as Meta and email service providers) before reaching Maatra and are subject to those platforms’ own privacy policies during transit. Once received by Maatra, such documents are encrypted and moved into secure storage. They are not viewed or handled by any person at Moonjar.
(c )
Automatically: When you use our Platform, we use automated means such as cookies and similar technologies to automatically collect certain technical and behavioural data about you, including your Personal Data, that helps us in improving your experience.
(d)
From a Family Owner: If you are a Family Member (as defined in the Terms), we may receive your Personal Data from the Family Owner who manages the profile on your behalf. If you have queries or wish to exercise your rights in relation to your Personal Data, please refer to Section 6 of this Policy.
(e)
Third parties: We may receive limited data from external sources, such as third-party analytics service providers, for the purpose of understanding aggregate usage patterns. We do not receive identifiable Personal Data from marketing or advertising platforms. Any data received from third parties is used solely for improving our Services and is processed in accordance with this Privacy Policy.
Who Do We Share Your Personal Data With?
We share your Personal Data with third parties in accordance with this Privacy Policy and as required by law.
We engage third-party service providers to provide services such as cloud hosting and data storage, APIs for optical character recognition (OCR) extraction, large language models (LLMs) for document synthesis, analytics services, and communication services for sending notifications via WhatsApp, SMS and email and for providing support.
These providers (Data Processors) process your Personal Data only on our behalf and are contractually restricted from using it for any other purposes except as instructed by us or required by Applicable Law. Your Personal Data is not used by any third-party service provider to train their AI models.
We may disclose your data with third parties (such as governmental authorities, law enforcement agencies, etc.) if:
(a) necessary to comply with applicable laws and regulations or directions of governmental authorities or law enforcement agencies, court judgments, decree or orders;
(b) required to respond to a valid warrant or court orders;
(c ) necessary to prevent, detect and prosecute any kind of fraudulent/illegal behaviour;
(d) to enforce our Terms or other policies;
(e) needed to investigate and defend ourselves against claims or allegations;
(f) necessary to protect the rights and safety of Moonjar, our customers, personnel or others;
(g) required by our auditors and legal advisors; or
(h) permitted or required by law.
If we are involved in a merger, acquisition, restructuring, or sale of assets, your Personal Data may be transferred as part of that transaction.
If you give explicit consent or make a specific request, we may share your data with other parties for purposes not covered in this Privacy Policy.
5. How Long Do We Retain Your Personal Data?
We retain any Personal Data we collect from you for as long as needed to make available our Services and Platform, and only for so long as the purpose of collection is being served. When Personal Data is no longer required, we will securely delete or anonymize it.
5.1
Data Retention Schedule: Upon deletion of your account or profile:
Medical Records, User Content, and profile information: Made inaccessible immediately and permanently deleted from active systems within 30 (thirty) days. Deletion propagates to backup and archival systems within 90 (ninety) days.
Consent and audit logs: Retained for 3 (three) years from the date of account deletion, as required for legal compliance and dispute resolution.
Payment and tax-related records: Retained for such period as required under applicable fiscal and taxation statutes
System and processing logs: Retained for a minimum of 1 (one) year for the purposes of breach detection, investigation, and security, in accordance with the Digital Personal Data Protection Rules, 2025.
5.2
Anonymized Data: Anonymized and aggregated data that cannot be used to identify any individual does not constitute Personal Data under Applicable Law and may be retained indefinitely for analytics, service improvement, or other legitimate business uses. Such data is not subject to erasure requests.
5.2
Deletion Requests: You may choose to delete your account and associated Personal Data by exercising the delete account feature on the Platform or by writing to us at support@maatra.health. Upon deletion, we will process your request in accordance with the retention schedule set out above. Please note that deletion may require a reasonable period to propagate across systems, backups, and archives as described above.
6. Your Rights
You have the following rights regarding your Personal Data:
(a)
Right to access information about your Personal Data: You can ask us for a summary of your Personal Data, the processing activity, and the recipients with whom we have shared your Personal Data, along with a description of the Personal Data shared.
(b)
Right to seek correction and erasure of Personal Data: If you believe that the Personal Data we hold is inaccurate, incomplete or outdated, you can write to us. You may also request deletion of your data through the account deletion feature on the Platform or by writing to us; however, in certain cases, we may need to retain it for legal or regulatory reasons (see Section 5 above).
(c )
Right to withdraw consent: You may withdraw your consent to the processing of your Personal Data at any time by deleting your account through the Platform. Please note that the Platform cannot function without your consent, and withdrawal of consent will result in the deletion of your account and associated data in accordance with the Terms and this Privacy Policy. You acknowledge that you bear the consequences of such withdrawal in accordance with Applicable Law.
(d)
Right to grievance redressal: If you wish to file a grievance, you may contact our Grievance Officer in accordance with this Privacy Policy. If your grievance remains unresolved, you have the right to escalate it to the Data Protection Board of India or other competent supervisory authority.
(e)
Right to nominate: You can designate another individual to exercise your rights under this Privacy Policy on your behalf in the event of your death or incapacity. To exercise this right, please write to us at support@maatra.health.
To exercise any of these rights or seek further information, you can write to us at support@maatra.health. We reserve the right to verify your identity before processing your request, and not to respond to complaints that we believe are manifestly false, unfounded, or frivolous. Additionally, these rights may be limited in certain cases where we are legally required to process or retain your Personal Data.
How Do We Protect Your Personal Data?
We are committed to ensuring the security of the Personal Data we process, protecting it from unauthorized access, alteration, disclosure, or destruction. Our security measures include encryption of data in transit and at rest, access controls and access logs with regular reviews, data backups to ensure continuity of processing, and contractual provisions with our data processors to safeguard Personal Data.
Our employees, agents, contractors, and third parties who have access to your Personal Data for performance of business functions are required to process your Personal Data in accordance with this Privacy Policy.
7.1
Data Residency: While your primary data is stored in India, we may use global AI processors for advanced analysis, which may involve temporary routing of data through secure servers outside India. These processors act solely on our behalf under strict contractual safeguards, and your data is not stored outside India.
7.2
Personal Data Breach Notification: In the event of a personal data breach that compromises the confidentiality, integrity, or availability of your Personal Data, we will notify the Data Protection Board of India and affected Users without undue delay, in accordance with the Digital Personal Data Protection Act, 2023 and rules thereunder. We will submit a detailed report to the Board within 72 (seventy-two) hours of becoming aware of the breach, or within such extended period as may be approved. We will take all reasonable steps to contain the breach and mitigate any potential harm.
While we make every effort to protect your Personal Data, we understand that no system can guarantee complete security. If you have any concerns, require assistance, or suspect that your interaction with us is no longer secure, please contact us immediately using details in the “Contact Us” section below.
8. Third-Party Links
Our Platform may contain external links, and accordingly you are advised to verify the privacy practices of such other websites. We are not responsible for the manner of use or misuse of information made available by you at such other websites. We encourage you not to provide personal information, without assuring yourselves of the privacy policies of third-party links. Accessing or using these third-party options is done at your own discretion, and we highly recommend reviewing their privacy policies to understand how they treat your data.
9. Cookies and Tracking Technologies
When you visit our Platform, we may place a number of cookies on your browser. For example, we use cookies to understand visitor and user preferences, improve their experience, and track and analyse usage and other statistical information. Additionally, cookies allow us to bring customized features to you. You can control the use of cookies at the individual browser level. If you elect not to activate the cookie or to later disable cookies, you may still utilise our Platform, but your ability to use some features or areas thereof may be limited. We may use any of the following categories of cookies:
• Essential Cookies: Essential cookies are sometimes called “strictly necessary” as without them we cannot provide the Services or basic functionality. For example, essential cookies help remember your preferences as you navigate the Platform and keep you logged in.
• Analytics Cookies: These cookies track information about visits to the Platform so that we can make improvements and report our performance. For example, they analyse visitor and user behaviour so as to provide more relevant content or suggest certain activities. They collect information about how visitors use the website, the number of each user’s visits and how long a user stays on the website.
10. Contact us
Grievance officer:
Name: Shilpa Bhardwaj Endow
Email: shilpa@moonjar.tech
Address: Moonjar Technologies Private Limited, B24, 2nd floor, Mayfair Garden, New Delhi 110016.
We aim to resolve privacy concerns promptly and effectively. Upon receipt of your complaint, we will acknowledge it within 2 (two) days and endeavour to resolve your issue within 7 (seven) days, in compliance with Applicable Law. If you are not satisfied with our response, and do not think we are handling your Personal Data adequately, you may lodge a complaint with the Data Protection Board of India or the relevant regulatory authority.
11. Updates to This Privacy Policy
We reserve the right to modify, add, or remove portions of this Privacy Policy, at our sole discretion. We will make reasonable efforts to notify you of any material changes via notifications, SMS or email. Once the revised Privacy Policy is published on our Platform, the changes will take effect immediately unless stated otherwise. Your continued use of our Platform after such updates constitutes consent to the updated policy, to the extent permitted by law. Please take the time to periodically review this Privacy Policy for the latest information on our privacy practices.