Privacy Policy
Last Updated:
Kokh AI — Privacy Policy
Version: 1.0
Introduction
This Privacy Policy explains how Reora Labs LLP ("Reora Labs," "we," "us," or "our"), a Limited Liability Partnership incorporated under the LLP Act, 2008 (LLPIN: ACU-7286), collects, uses, stores, protects, and shares your personal information when you use the Kokh AI mobile application, WhatsApp companion bot, website, and all related services (collectively, the "Service").
Reora Labs LLP is the data fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDPA") and applicable Indian privacy laws.
Registered Office: Irkal Hospital, Opp. District Court, Dharwad Narayanpur, Dharwad – 580008, Karnataka, India
PAN: ABNFR0755R
GSTIN: 29ABNFR0755R1Z7
Contact: privacy@kokh.ai
By using the Service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide Directly
Category | Data | Purpose |
|---|---|---|
Account Information | Phone number, full name, email (optional) | Account creation, authentication, communication |
Health Profile | Date of birth, last menstrual period (LMP), expected due date, blood type, height, pre-pregnancy weight, gravida/para history, medical conditions, allergies, dietary preferences | Pregnancy tracking, personalised health insights |
Health Data | Blood pressure readings, weight logs, blood glucose levels, temperature, fetal movement counts, symptom reports | Health monitoring, trend analysis, alert generation |
Medication Data | Medication names, dosages, schedules, adherence logs | Medication reminders, adherence tracking |
Appointment Data | Doctor names, appointment dates, clinic details | Appointment reminders, care coordination |
Communication Data | Chat messages (with AI companion and with healthcare providers), voice notes (if supported) | AI companion responses, doctor-patient messaging |
Emergency Contact | Emergency contact name, phone number, relationship | Emergency notification (if applicable) |
1.2 Information Collected Automatically
Category | Data | Purpose |
|---|---|---|
Device Information | Device model, operating system, app version, unique device identifiers | App compatibility, debugging, analytics |
Usage Data | Feature usage patterns, session duration, screens viewed, interaction timestamps | Service improvement, engagement analytics |
Log Data | IP address, access times, error logs, crash reports | Security, debugging, service reliability |
Location | Approximate location (city/state level, derived from IP) — we do NOT collect precise GPS location | Regional content, language defaults |
1.3 Information from Healthcare Providers
If you are linked with a healthcare provider (OBGYN/Gynecologist) through the Service:
Your provider may add clinical notes, prescriptions, and observations to your profile.
Your provider can view your self-reported health data (vitals, symptoms, medication adherence) that you share through the Service.
1.4 Sensitive Personal Data
Under DPDPA and the Information Technology (Reasonable Security Practices) Rules, 2011, health data and medical records constitute sensitive personal data. We handle this data with the highest level of protection and only process it with your explicit consent.
2. How We Use Your Information
We use your information for the following purposes:
2.1 Core Service Delivery
Providing personalised pregnancy tracking and week-by-week updates
Powering the AI pregnancy companion (Kokh AI chatbot)
Processing and displaying health vitals, symptom logs, and trends
Sending medication and appointment reminders
Generating health insights and alerts (e.g., abnormal blood pressure detection)
Facilitating doctor-patient communication (when a provider is linked)
2.2 Safety & Emergency
Detecting high-severity symptoms and generating alerts for linked healthcare providers
Providing emergency helpline information when crisis patterns are detected
Escalating critical health readings to assigned medical professionals
2.3 Service Improvement
Analysing aggregate, de-identified usage patterns to improve features
Debugging errors and improving app reliability
Training and improving AI models (only with de-identified, aggregated data — never individual health records)
2.4 Communication
Sending WhatsApp messages via our chatbot companion (morning greetings, reminders, follow-ups)
Push notifications for medication reminders, appointment alerts, and health updates
Service announcements and policy updates
2.5 Legal Compliance
Complying with applicable laws, regulations, and legal processes
Responding to lawful requests from government authorities
Enforcing our Terms of Service
3. AI & Automated Processing
3.1 AI Companion (Kokh AI Chatbot)
The AI companion uses large language models (LLMs) to provide conversational pregnancy support.
Your messages and health context (gestational week, symptoms, medications) are sent to AI service providers to generate responses.
The AI does not make medical decisions. It provides wellness information and always recommends consulting a healthcare provider for medical concerns.
3.2 Automated Health Alerts
The Service automatically analyses your health data to detect concerning patterns (e.g., elevated blood pressure, reduced fetal movement, low medication adherence).
When a concerning pattern is detected, an alert is generated for your linked healthcare provider.
You can review all alerts in your app profile.
3.3 AI Service Providers
We use the following third-party AI providers to power the chatbot:
Google Gemini API — for generating AI companion responses
Groq — as a fallback AI provider
Your messages are processed in real-time and are not stored by these providers beyond the duration of the API call, as per their respective data processing agreements.
4. How We Share Your Information
We do not sell your personal data. We share information only in these limited circumstances:
4.1 With Your Linked Healthcare Provider
If you accept a link request from a healthcare provider (OBGYN/Gynecologist), they can view your health profile, vitals, symptoms, medication adherence, and appointment history.
Direct messages between you and your provider are visible only to both parties.
You can revoke this link at any time from the app settings.
4.2 With Service Providers
We use trusted third-party services to operate the Service:
Provider | Purpose | Data Shared |
|---|---|---|
Supabase (Singapore) | Database hosting, authentication | Account data, health records (encrypted) |
Google Cloud | AI processing (Gemini API) | Chat messages, health context (transient) |
Groq | Fallback AI processing | Chat messages (transient) |
Meta (WhatsApp Business API) | WhatsApp chatbot delivery | Phone number, message content |
Expo / EAS | App build and update delivery | Device identifiers |
PhonePe | Payment processing (for subscriptions) | Transaction data (not health data) |
All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
4.3 For Legal Compliance
We may disclose information if required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of Reora Labs LLP, our users, or the public.
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.
5. Data Storage & Security
5.1 Storage Location
Your data is stored on Supabase infrastructure hosted in Singapore (Asia-Pacific region). Backups may be stored in additional Supabase data centre locations.
5.2 Security Measures
We implement industry-standard security measures including:
Encryption in transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption.
Encryption at rest: Health records and sensitive data are encrypted in the database.
Row-Level Security (RLS): Database access is restricted so users can only access their own data, and doctors can only access data for their assigned patients.
Authentication: Phone number-based OTP authentication via Supabase Auth.
Access controls: Role-based access (Mother, OBGYN) with strict permission boundaries.
Audit logging: Access to sensitive data is logged for security auditing.
5.3 Data Breach Protocol
In the event of a data breach involving personal data:
We will notify affected users within 72 hours of discovery.
We will notify the Data Protection Board of India as required under DPDPA.
We will provide details of the breach, data affected, and remedial steps taken.
6. Data Retention
Data Type | Retention Period | After Deletion |
|---|---|---|
Account information | Until account deletion | Deleted within 30 days |
Health records (vitals, symptoms, logs) | Until account deletion or 3 years after last activity | Anonymised for aggregate analytics, then deleted |
Chat messages (AI companion) | 12 months from message date | Permanently deleted |
Chat messages (doctor-patient) | Until account deletion | Deleted within 30 days |
Medication & appointment data | Until account deletion | Deleted within 30 days |
Usage analytics | 24 months | Permanently deleted |
Payment transaction records | 7 years (as required by Indian tax law) | Permanently deleted |
When you delete your account, we initiate deletion of all personal data within 30 days, except where retention is required by law.
7. Your Rights
Under the DPDPA and applicable Indian law, you have the following rights:
7.1 Right to Access
You can view all your personal data within the app (Profile, Health Logs, Chat History). You may also request a full data export by contacting us.
7.2 Right to Correction
You can update your profile information, health data, and preferences at any time within the app.
7.3 Right to Erasure
You can delete your account and all associated data from the app settings. Upon account deletion:
All personal data is queued for deletion within 30 days.
Data shared with linked healthcare providers will be removed from their view.
Anonymised, aggregated data may be retained for service improvement.
7.4 Right to Withdraw Consent
You may withdraw consent for data processing at any time by deleting your account. Note that withdrawing consent will result in loss of access to the Service.
7.5 Right to Grievance Redressal
If you have concerns about how your data is handled, you may:
Contact our Grievance Officer (details below).
If unresolved, file a complaint with the Data Protection Board of India.
8. Children's Privacy
The Service is intended for users aged 18 years and above. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided personal data, we will take steps to delete it promptly.
9. Cookies & Tracking
The mobile app does not use cookies. For our website (if applicable):
We use essential cookies for authentication and session management.
We use analytics cookies (e.g., Google Analytics) to understand usage patterns.
You can disable non-essential cookies through your browser settings.
10. Third-Party Links
The Service may contain links to third-party websites or services (e.g., hospital websites, health resources). We are not responsible for the privacy practices of these third parties. We recommend reviewing their privacy policies before sharing any personal data.
11. WhatsApp Chatbot Privacy
If you interact with the Kokh AI WhatsApp chatbot:
Messages are received and processed via the Meta WhatsApp Business API.
Your phone number and message content are processed by Meta as part of WhatsApp's infrastructure.
We store chat messages on our servers for providing continuity of conversation and health tracking.
Meta's privacy policy governs WhatsApp's handling of your data: https://www.whatsapp.com/legal/privacy-policy
You can stop chatbot interactions at any time by sending "STOP" or blocking the number.
12. International Data Transfers
Your data may be processed outside India (e.g., AI processing via Google Cloud, database hosting in Singapore). In all cases:
We ensure adequate data protection through contractual safeguards.
Service providers are bound by data processing agreements.
Transfers comply with DPDPA provisions for cross-border data flow.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we do:
The "Last Updated" date at the top will be revised.
For material changes, we will notify you via in-app notification or WhatsApp message.
Continued use of the Service after changes constitutes acceptance of the updated policy.
14. Grievance Officer
In accordance with the Information Technology Act, 2000 and DPDPA, the Grievance Officer for Kokh AI is:
Name: Anikaet Irkal
Designation: Designated Partner, Reora Labs LLP
Email: grievance@kokh.ai
Address: Irkal Hospital, Opp. District Court, Dharwad Narayanpur, Dharwad – 580008, Karnataka, India
The Grievance Officer will acknowledge your complaint within 48 hours and resolve it within 30 days.
15. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy:
Email: privacy@kokh.ai
WhatsApp: +91 88616 06450
Address: Reora Labs LLP, Irkal Hospital, Opp. District Court, Dharwad Narayanpur, Dharwad – 580008, Karnataka, India
This Privacy Policy is governed by the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts in Dharwad, Karnataka, India.
Reora Labs LLP
LLPIN: ACU-7286 | PAN: ABNFR0755R | GSTIN: 29ABNFR0755R1Z7