Privacy Policy | DrKumar.ai

DrKumar.ai ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights over it. Because DrKumar.ai processes sensitive health data, we take these obligations seriously.

1. What data we collect

We collect the following categories of data when you use DrKumar.ai:

Account data: Your email address, full name, date of birth, gender, and password (stored as a secure hash via Supabase Auth).
Health profile data: Existing medical conditions, current medications, and known allergies — provided voluntarily by you.
Lab report data: Uploaded lab report files (PDF or image) and extracted biomarker values (e.g. HbA1c, cholesterol, TSH).
Conversation data: Messages you send to the AI Doctor Chat and responses generated by the AI.
Usage data: Page views, feature interactions, and error logs used for debugging and improving the platform.

2. How we use your data

To provide personalised AI health analysis, lab report interpretation, and symptom triage.
To display your biomarker trends and generate health insights over time.
To send transactional emails (e.g. account confirmation, password reset).
To improve the accuracy and safety of our AI models — only using anonymised, aggregated patterns, never individually identifiable data.

3. Data storage and security

All data is stored on Supabase infrastructure (PostgreSQL) hosted in the European Union (Frankfurt, Germany) or the region closest to you. Data at rest is encrypted using AES-256. Data in transit is encrypted using TLS 1.2+.

Row-Level Security (RLS) is enforced at the database level — your data is only accessible to your own authenticated session. No DrKumar.ai employee can query your personal health data without elevated access controls.

4. Data sharing

We do not sell, rent, or share your personal health data with third parties for advertising or commercial purposes. We share data only with:

Supabase — our database and authentication infrastructure provider.
Groq — our AI inference provider. Your health data is sent to Groq's API to generate AI responses. Groq processes data under a data processing agreement and does not use your data to train their models.
Legal authorities — only if required by applicable law or a valid court order.

5. Your rights (GDPR)

If you are in the European Economic Area (EEA), UK, or a jurisdiction with similar rights, you have the right to:

Access: Request a copy of all personal data we hold about you.
Correction: Request correction of inaccurate data.
Erasure: Request deletion of your account and all associated data. You can initiate this from Settings → Account.
Portability: Request your data in a machine-readable format.
Objection: Object to processing of your data for certain purposes.

To exercise any of these rights, contact us at privacy@drkumar.ai.

6. Data retention

We retain your data for as long as your account is active. If you delete your account, all personal data — including lab reports, chat history, biomarker records, and your health profile — is permanently deleted within 30 days. Anonymised, non-identifiable usage statistics may be retained for product improvement.

7. Cookies

DrKumar.ai uses only essential cookies required for authentication (session tokens set by Supabase Auth). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

8. Children

DrKumar.ai is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified to you by email or via an in-app notice at least 14 days before taking effect.

10. Contact

For privacy-related questions or to exercise your data rights, contact us at privacy@drkumar.ai or via our contact page.