Privacy policy

This Privacy Policy (“policy”) sets forth the terms and conditions (“Terms”) with respect to the collection, use and sharing of personal as well as non-personal data of the end-user (“you” or “user”). The policy prescribes the rights of CORA Healthcare Private Limited (“CORA” or “we” or “us”) to collect, use and share personal and non-personal data of users as well as stipulates restrictions applicable to CORA in dealing with such data. By creating an account or registering with CORA, you agree to be bound by our Privacy Policy, which is incorporated by reference into the Terms of Use. If you do not accept and agree to be bound by the policy, you shall not access or use the Products and Services offered by CORA. We may make changes to the Privacy Policy from time to time. We may do this for a variety of reasons including to reflect changes in or requirements of the law, new features, or changes in business practices. The most recent version of the policy will be posted on the Site and you should regularly check for the most recent version. The most recent version is the version that applies. If you continue to access any of the Platforms or avail Products and Services after the changes become effective, then you agree to the revised Terms.

You can sign in and access as well as use the Products and Services offered by CORA through any of the Platforms as referred to in the Terms of Use. For such purposes you shall be required to provide mandatory information like (i) date of birth, gender, residential address, marital status, email address, Mobile Number etc. ii) information pertaining to your medical condition such as medical records, family history, prescriptions, past surgeries and lifestyle choices including smoking habits, food preferences (Vegetarian/Non-Vegetarian) etc. and (iii) information sought by CORA Partners either via online chats, telephone or any other means to offer their Services. CORA shall collect information based on your interaction with CORA Partners and access through the aforesaid means which helps CORA in providing personalized and effective service [Office1] (collectively referred to as “personal data[L2] ”).  CORA shall also collect supplemental information via Cookies, Web Beacons, CORA mobile device applications and from external sources. (“non-personal data” or “NPD”)


Data Collection and Management

1. Purposes for which the personal data is to be processed

CORA requires personal data of the users for personalized and pertinent health advice and supporting doctor-patient relationship. It also requires personal data for providing adequate Products and Servicesas defined under the Terms of Use including but not limited to:

a) Administering account of the user and provide the user with access to particular tools, Products and Services personalized by the user

b) For validating eligibility for and participation in the Services and Treatment Plans offered by CORA (i.e., you meet the clinical enrolment criteria for the Services, which may identify those individuals at risk for certain chronic diseases or living with certain chronic diseases)

c) Sending personalized emails or secure electronic messages pertaining to your health interests, including news, announcements, reminders and opportunities, and provide you with more relevant content and advertisements

d) Reviewing and enhancing the quality of CORA Products and Services, and improving your overall experience

e) To investigate or defend against any allegation or claim against CORA


 2.   Nature and categories of personal data being collected

a) Mandatory identifiable information: Name, date of birth, gender, residential address, marital status etc

b) Contact information: Mobile number, email address, communication address etc

c) health data related to the state of physical or mental health of the user and includes records regarding the past, present or future state of the health of user, data collected in the course of registration for, or provision of health services and includes medical records, family history, prescriptions, diagnostic test reports, lifestyle choices etc

d) Financial data

e) data collected automatically through usage and access of Platforms by virtue of interaction with CORA Partners, feedback, reviews and ratings provided by the user etc.


3.  Right of the user to withdraw his consent

The user may exercise his right to withdraw his consent from permitting CORA from processing or sharing personal data of the user by giving notice of withdrawal to CORA at the CORA shall not process or share any personal data of the user once CORA receives such notice from the user. However, CORA shall not be liable for any information which is already processed or shared before such notice of withdrawal is given by the user. CORA also reserves its right to terminate the Account of the user on basis of such notice of withdrawal.

  1.   Source of collection of personal data other than the Platform

CORA collects personal data from the users through its Platforms either by proactively asking the user or automatically through Content uploaded by the user on the Platforms. However, CORA also reserves its right to collect personal data from third parties like social media aggregators, insurance companies, laboratories, medical practitioners etc. CORA may also collect information from you through phone, SMS or email. You also provide data when you search, buy, post, participate in the Services and Treatment of CORA or communicate with customer service. As a result of those actions, you might supply us with such information as: your name; address and phone number; credit card information; the personal description in your profile; and your health information. The source of information could be such information which is provided by you, automatically provided via uploading of Content on the Platforms or data received through third parties.


  1.   Individuals or entities with whom personal data may be shared without further notice
  2.   Subsidiaries or affiliates, suppliers and sub-contractors of CORA[Office3] 
  3.   CORA Partners

             iii.   Third Party Vendors selling their Products through the CORA Platforms

  1.   CORA Care team in order to build and deliver personalized programs for users
  2.   Any other third parties necessary for back-end support services
  3.   Government enforcement agencies and legal authorities if necessary in accordance with applicable law or legal directions;


Other than as set out above, you will receive notice when information about you might go to third parties and you will have an opportunity to choose not to share the information.


  1. Period for which the personal data shall be retained

The personal data of the users shall be retained by CORA even after the termination or expiry of the Account of the user. [Office4] 

  1. Links to other sites:

CORA’s website may contain links to other websites. CORA is not responsible for the privacy practices of any other websites. We encourage users to be aware of when they leave our website and to read the privacy policy of every website that collects personal data.

  1. Merger, Sale, Bankruptcy, or Other event:

CORA may sell or buy assets, subsidiaries, or business units. In such transactions, customer information generally is one of the transferred business assets. If we are acquire or merge with, any other entity, we reserve the right to assign or transfer any personal data that we have collected; and, for any bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or for any application of laws or equitable principles affecting creditor’s rights, personal data might be transferred or disclosed to third parties. In case of sharing of personal data on account of the reasons set out in this Clause, users will be provided with a notice of such merger, sale, bankruptcy or any other similar event.

  1. Information Sharing with CORA Partners
  1. CORA in course of providing Products and Services may be required to divulge personal data to CORA Partners. Such personal data has been shared with these third parties in consonance with clause 1 (e). However, CORA may not have control over the personal data which comes within the knowledge of such CORA Partners. CORA does not take any responsibility for any unauthorized usage or sharing of such personal data by third parties. However, CORA shall assist the user in every way possible in initiating any action against the concerned CORA Partners for unauthorized usage of personal data of the user.
  2. CORA encrypts data transmitted to and from the App and the Site[Office5] . Despite CORA’s efforts to protect your personally identifiable information and personal health information, secure transmission of information via the internet cannot be guaranteed due to security threats outside CORA’s control and you acknowledge that transmission is at your own risk. By submitting your personal data, you agree to such transmission. CORA will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. However, it is made clear that the access, use, transaction, transmission, etc. are done by user at their own volition and risk, and CORA shall not be responsible and liable in any manner whatsoever.
  1.  Non-Personal Data

CORA shall also collect supplemental information via Cookies, Web Beacons, CORA mobile device applications and from external sources. Such data may not be identifiable to a person. However, such information is crucial to CORA. Examples of the information we collect and analyse include: the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information such as browser type and version; operating system and platform;, We may also use browser data such as cookies, Flash cookies (also known as Flash Local Shared Objects), or similar data on certain parts of our website for fraud prevention and other purposes. During some visits we may use software tools such as JavaScript to measure and collect session information, including page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.


  1. non-personal information may include:
  2.     Technical information, including the address used to connect your device to the Internet, your login information, system and operating system type and version, time zone setting, operating system and platform, your location,
  3.     Master and transaction data and other data stored in your user account,

                                    iii.     Information about your visit, including products and services you viewed or used; mobile application response times, interaction information (such as button presses, chat time stamps, response times, etc.) and any phone number used to contact CORA customer support.

  1. Cookies

Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your Web browser to enable our systems to recognise your browser and to provide features. CORA also collects information generated as you interact within CORA mobile application and website (such as your browser type, mobile device type, IP address, referring / exit pages, operating system, date / time stamp, articles downloaded, article tags and time spent reading each article). CORA collects non-personal information about your use of CORA website and mobile application, and your use of the websites or mobile application of selected sponsors through the use of Cookies. Every computer access of CORA website or mobile application is assigned a different Cookie by CORA. The information collected by Cookies:

  •   helps us dynamically generate content on Web pages or in newsletters,
  •   allows us to statistically monitor how many people are using CORA Website or mobile application and selected sponsors’ sites,
  •   understand how many people open CORA emails, and
  •   for what purposes these actions are being taken.

CORA may use Cookie information to determine the popularity of certain content. Cookies are also used to facilitate a user’s log-in, as navigation aids and as session timers. If you reject Cookies, certain functions and conveniences of CORA website or mobile application may not work properly, but you do not have to accept Cookies in order to productively use CORA website or mobile application. CORA does not link non-personal information from Cookies to personally identifiable information without your permission and do not use Cookies to collect or store personal health information about you.


  1. Updates and Changes to Privacy Policy:

At any time and from time to time, and without the user’s consent CORA may unilaterally amend, modify, or change this Privacy Policy, in our sole discretion and without any notice or cause. By continuing to use any of our Products and Services after any amendment, modification, or change, you have agreed to be bound by all such amendments, modifications, and changes. Therefore, please carefully review this Privacy Policy on a regular basis to maintain awareness of all amendments, modifications, and changes. If you have any concern about privacy or grievances at CORA, please contact us at with a thorough description and we will try to resolve the issue for you.