Privacy Policy
Effective date: 1 June 2026
1. Who We Are
Storrx ("we", "us", "our") is a family health management platform operated by an individual based in India. We are committed to protecting your privacy in accordance with India's Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules") and the Digital Personal Data Protection Act, 2023("DPDPA").
Our operating entity details will be updated on this page once formally registered. Questions about this policy can be sent to hello@storrx.com.
2. What We Collect
We collect the following categories of information:
- Account information — name, email address, phone number
- Profile information — date of birth, gender, blood group, allergies, relation to account holder
- Health records — lab reports (PDFs/images), vaccine records, medication schedules
- Communication preferences — WhatsApp phone number, timezone for reminder delivery
- Usage data — pages visited, features used, login timestamps
Health records and medical information constitute Sensitive Personal Data or Information (SPDI) under the SPDI Rules, 2011, and are handled with the highest level of care.
3. How We Use Your Data
We use your information to:
- Provide and improve the Storrx platform and its features
- Analyse lab reports and health documents using AI to surface insights
- Send medication and appointment reminders via WhatsApp
- Authenticate your account and maintain session security
- Respond to support requests and communicate service updates
- Comply with applicable legal obligations
We do not sell your personal or health data to any third party. We do not use your health data for advertising purposes.
4. Third-Party Services
We work with the following trusted providers to deliver the Service. All are based in the United States and bound by their own data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| OpenAI | AI analysis of health records | USA |
| Neon (PostgreSQL) | Encrypted database storage | USA |
| Vercel | Platform hosting and infrastructure | USA |
| Cloudinary | Cloud storage for uploaded health documents | USA |
| Meta (WhatsApp Cloud API) | Delivery of medication reminders | USA |
We share only the minimum data necessary for each service to function. Health data sent to OpenAI for analysis is processed transiently and is not used to train AI models.
5. Health Data — Sensitive Personal Data
Your health records, lab results, medication details, and medical history are classified as Sensitive Personal Data or Information (SPDI) under Indian law. This data is:
- Encrypted at rest and in transit
- Accessible only to you and the family profiles you manage
- Never shared with insurers, employers, or third-party advertisers
- Sent to AI providers only when you explicitly request an analysis
6. WhatsApp Communications
If you provide a WhatsApp number, we will send medication reminders and health notifications to that number via the WhatsApp Cloud API. By providing your number you consent to receiving these messages. Message content includes medication names, dosage times, and the profile name.
We do not send marketing messages via WhatsApp. You can remove your WhatsApp number from your profile at any time to stop receiving messages.
7. Data Retention and Deletion
We retain your data for as long as your account is active. If you delete your account:
- All profile data, health records, and uploaded documents are permanently and immediately deleted from our database
- There is no recovery period — deletion is instant and irreversible
- No anonymised copies of your health data are retained after deletion
8. Your Rights (DPDPA 2023)
Under the Digital Personal Data Protection Act, 2023, you have the right to:
- Access — request a summary of the personal data we hold about you
- Correction — update inaccurate or incomplete data
- Erasure — request permanent deletion of your data (or use the in-app delete feature for immediate effect)
- Grievance redressal — raise a complaint about how we handle your data
To exercise any of these rights, email hello@storrx.com. We will respond within 30 days.
9. Children's Privacy
Storrx is not directed at children under 18. Family profiles for minors are managed by the account holder (parent or guardian), who is responsible for the data entered on behalf of the child. We do not knowingly collect data from minors without parental consent.
10. Security
We use industry-standard security measures including HTTPS encryption, secure OTP-based authentication (no passwords stored), and strict access controls. No system is completely secure — if you believe your account has been compromised, contact us immediately at hello@storrx.com.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" at the top and, for material changes, notify you via email before the changes take effect. Continued use of Storrx after changes constitutes acceptance of the updated policy.
12. Contact Us
For questions about this Privacy Policy or how we handle your data, please contact us at: