Privacy Policy

This Privacy Policy explains how the company collects, uses, and protects personal data from individual users. Having a Privacy Policy is legally required when collecting personal information. The policy applies to all B2C users who register on the website/app or purchase services.

We collect personal information including your name, email address, phone number, and address to create and manage your account, enable seamless communication, and provide essential service updates; account-related data such as login credentials, profile details, and session history are used to securely authenticate users, personalize your experience, and track progress across coaching programs; payment information, including billing details and transaction history, is processed securely through trusted third-party providers (we do not store full card details) to facilitate payments, maintain records, and ensure compliance; we also collect usage data such as IP address, device and browser information, pages visited, and session timestamps to improve platform performance, enhance user experience, and maintain security; cookies and similar technologies are used to remember preferences, manage sessions, and analyze platform usage; additionally, any health or wellness information you choose to share during coaching is collected strictly to deliver personalized support and improve outcomes, and in the case of corporate clients, only anonymized and aggregated insights are shared—never individual sensitive data—ensuring confidentiality and responsible data use in line with privacy standards.

We process personal data strictly for lawful purposes and on legally valid grounds in accordance with the Digital Personal Data Protection Act, 2023 and other applicable laws, under which consent is the primary basis for data processing and must be free, specific, informed, and unambiguous; accordingly, by accessing our platform, engaging in coaching services, or providing your information, you expressly consent to the collection and use of your data for defined purposes including account creation, service delivery, personalized coaching, communication, and platform improvement; processing necessary to deliver our services—such as session scheduling, matching with coaches or analysts, and payment processing—is undertaken as part of contract performance, while certain limited processing activities such as platform security, fraud prevention, internal analytics, and service optimization may be carried out under permitted “legitimate uses” as recognized under applicable law; any optional processing, including marketing communications or non-essential tracking, is conducted only with your explicit consent and can be withdrawn at any time; we ensure that all data processing is purpose-specific, proportionate, and limited to what is necessary for delivering high-quality wellness outcomes, and continued use of the platform constitutes acknowledgment and acceptance of this Privacy Policy along with our associated Terms and Conditions.

We may share personal data only in a limited and controlled manner, strictly in accordance with applicable laws including the Digital Personal Data Protection Act, 2023, and only for legitimate business purposes; this includes sharing with trusted third-party service providers such as cloud hosting partners, payment processors, analytics providers, and technology vendors who support the operation of our platform and are contractually bound to maintain confidentiality, security, and use data solely for specified purposes; in the event of a business transaction such as a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity, subject to appropriate safeguards and prior notice to users; we may also disclose personal data where required to comply with legal obligations, enforce our rights, or respond to valid requests from law enforcement or regulatory authorities; additionally, we may share anonymized and aggregated data, which does not identify any individual, for purposes such as analytics, research, and corporate reporting, ensuring that no personally identifiable information is disclosed; we do not sell, rent, or trade your personal data to third parties under any circumstances, and all data sharing is conducted with a strong commitment to privacy, transparency, and user trust.

We may transfer personal data outside India to trusted service providers, cloud infrastructure partners, or affiliates located in other jurisdictions where necessary for the operation of our platform and delivery of services, and such transfers are carried out strictly in accordance with the Digital Personal Data Protection Act, 2023 and applicable laws, under which cross-border data transfers are generally permitted unless specifically restricted by the Central Government; in such cases, we ensure that appropriate safeguards, contractual protections, and security measures are implemented to maintain an adequate level of data protection, including obligations on recipients to process data only for specified purposes and to maintain confidentiality and security; where applicable, internationally recognized mechanisms such as contractual clauses or equivalent safeguards may be used to ensure compliance with global data protection standards; by using our platform or providing your information, you acknowledge and consent to such cross-border transfers, with the assurance that your personal data will continue to receive a level of protection consistent with this Privacy Policy and applicable legal requirements.

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, misuse, or disclosure, including the use of encryption, secure storage systems, role-based access controls, authentication mechanisms, and regular security assessments and monitoring to identify and address potential vulnerabilities, in line with industry-standard data protection practices; access to personal data is restricted only to authorized personnel and service providers who require such access for legitimate business purposes, and all such parties are bound by confidentiality obligations; we also maintain safeguards such as secure data transmission protocols and internal policies to ensure the integrity and confidentiality of sensitive information, including health and wellness data shared on our platform; however, while we follow commercially reasonable efforts and industry best practices to safeguard your data, no system, platform, or method of transmission over the internet can be guaranteed to be completely secure, and users acknowledge and accept this inherent risk while we continuously work to enhance our security posture in compliance with applicable laws and standards.

We use cookies and similar tracking technologies to enhance the functionality, security, and performance of our platform, including essential session cookies that enable secure login and account access, preference cookies that remember user settings, and analytics cookies that help us understand platform usage and improve user experience; cookies are small text files stored on your device that allow the platform to recognize your browser and retain certain information for efficient operation; where required under applicable laws including the Digital Personal Data Protection Act, 2023 and global privacy standards, non-essential cookies are deployed only with your consent, and you may manage or withdraw your consent at any time; detailed information about the types of cookies we use, their purposes, and duration may be provided in a separate Cookie Policy or within this Privacy Policy, and users retain the ability to control or disable cookies through their browser settings, noting that restricting certain cookies may impact the functionality of the platform and limit access to specific features.

We retain personal data only for as long as it is necessary to fulfill the specific purposes for which it was collected, including providing coaching services, maintaining user accounts, ensuring platform functionality, and complying with legal and regulatory obligations, in accordance with the storage limitation principles under the Digital Personal Data Protection Act, 2023, which require that personal data be erased once the purpose is achieved or consent is withdrawn, unless retention is required by law; accordingly, we retain account-related information for the duration of an active user relationship, while transaction and financial records may be retained for longer periods as required for tax, audit, and legal compliance, and certain technical logs or security records may be maintained for a limited period to ensure platform integrity and investigate incidents; upon expiry of the applicable retention period or upon valid request, personal data is securely deleted or irreversibly anonymized, and we periodically review our data retention practices to ensure that no data is retained longer than necessary for legitimate business or legal purposes, thereby maintaining compliance, minimizing risk, and protecting user privacy.

As a user of our platform, you are entitled to certain rights in relation to your personal data in accordance with the Digital Personal Data Protection Act, 2023, which grants individuals enforceable rights to access, control, and seek redress regarding their data; these rights include the right to access and confirmation of whether we process your personal data and to request a summary of such processing, the right to correct, update, or complete any inaccurate or incomplete information, and the right to request erasure of personal data that is no longer necessary for the purposes for which it was collected, subject to applicable legal retention requirements; you may also request a copy of your data in a structured, commonly used, and machine-readable format where technically feasible, as well as object to certain types of processing such as direct marketing or request restriction of processing under specific circumstances; additionally, you have the right to withdraw consent at any time and to raise grievances regarding the handling of your data by contacting our designated grievance officer or data protection contact, with the option to escalate complaints to the appropriate regulatory authority if required; we are committed to facilitating the exercise of these rights through clear processes, timely responses, and secure verification mechanisms, ensuring transparency, accountability, and user control over personal data in line with applicable privacy laws.

We provide users with clear and accessible options to opt out of non-essential communications, particularly marketing and promotional messages, in compliance with the Digital Personal Data Protection Act, 2023, which requires that individuals be able to withdraw consent and discontinue data processing at any time; users may unsubscribe from marketing emails through the “unsubscribe” link included in such communications or by contacting us directly, and upon opting out, we will cease sending promotional content within a reasonable timeframe; however, certain essential or transactional communications—such as account updates, session confirmations, payment receipts, and service-related notifications—may continue as they are necessary for the performance of our services; we ensure that opting out is simple, free of charge, and does not affect your ability to use the core features of the platform, although some optional features or updates may no longer be available; we respect user preferences and maintain records of opt-out requests solely to ensure compliance and prevent further unwanted communications, thereby upholding transparency, user control, and responsible data handling practices.

Our platform may contain links to third-party websites, applications, or services that are provided for user convenience or to enable certain functionalities, including integrations with external tools or resources; however, such third-party platforms operate independently and are not under our control, and therefore this Privacy Policy does not apply to any information collected, processed, or stored by those third parties, whose practices are governed by their own terms and privacy policies; we do not endorse, monitor, or make any representations regarding the content, accuracy, security, or privacy practices of such third-party sites, and users are encouraged to review the applicable policies of any external platform they access; any interaction with third-party websites or services is undertaken at the user’s own risk, and we shall not be held responsible or liable for any loss, damage, or issues arising from the use of such third-party platforms, thereby clearly distinguishing our responsibilities and ensuring transparency in how external links are handled within our services.

We reserve the right to update, modify, or revise this Privacy Policy from time to time to reflect changes in our business practices, services, or legal and regulatory requirements, including updates required under the Digital Personal Data Protection Act, 2023, and such updates will be made available on our platform with a revised “effective date”; where changes are material in nature—such as modifications to how we collect, use, or share personal data—we will take reasonable steps to notify users through appropriate means, including platform notifications or email communication, in order to maintain transparency and compliance with applicable laws; we encourage users to review this Privacy Policy periodically to stay informed about how their data is handled, and continued use of the platform after any updates shall constitute your acknowledgment and acceptance of the revised Policy, thereby ensuring that our practices remain transparent, up-to-date, and aligned with evolving legal standards.

● This Privacy Policy applies not only to individual users but also to corporate clients, including their authorized representatives such as employees, officers, and agents who interact with the Platform or its services, and in the course of providing corporate wellness and coaching services, we may collect and process certain personal data relating to such individuals, including but not limited to names, job titles, work email addresses, phone numbers, and other professional contact information; while such data may be provided in a business context, it is important to clarify that under the Digital Personal Data Protection Act, 2023, any information that can directly or indirectly identify an individual—such as contact details or identifiers—constitutes “personal data” and is therefore subject to data protection obligations, regardless of whether it is personal or professional in nature ; accordingly, this Policy governs the collection, use, storage, and protection of such data in the context of our engagement with corporate clients, ensuring that all personal data is processed lawfully, transparently, and securely, and that appropriate safeguards are applied even in business-to-business interactions, thereby maintaining compliance with applicable laws and upholding the privacy rights of all individuals whose data is processed through our Platform.

● In the course of providing services to corporate clients, we may collect and process certain categories of information relating to the Client organization and its authorized representatives, including but not limited to the company name, business contact details (such as official email addresses and phone numbers), designation, role, and department of the primary point of contact, as well as organization-specific information such as business metrics, participation data, or wellness-related inputs shared for analytics and program delivery purposes; additionally, we may collect account-related information including billing addresses, invoicing details, and authorized finance contacts to facilitate contractual and payment obligations, and such information is collected strictly for purposes including account setup, service delivery, communication, reporting, and compliance—for example, we collect the name and business email address of a designated corporate contact to create and manage the organization’s account and ensure effective coordination of services; it is important to note that even business or professional contact information constitutes “personal data” where it can identify an individual, and under the Digital Personal Data Protection Act, 2023, any data that directly or indirectly identifies a person—such as names, emails, or phone numbers—is subject to data protection obligations and must be processed lawfully, securely, and for a specified purpose , and accordingly, all such information is handled in compliance with applicable legal standards while ensuring transparency, necessity, and proportionality in data collection practices.

● We use the information collected from corporate clients and their authorized representatives strictly for legitimate business and contractual purposes, including to establish and manage corporate accounts, deliver enterprise wellness and coaching services, customize program offerings based on organizational requirements, generate anonymized insights and reports, communicate service updates, and facilitate billing, invoicing, and payment processing; for example, we use the name, designation, and business contact details of a corporate representative to coordinate program implementation, provide account-related support, and send invoices or contractual communications; such processing is primarily carried out on the basis of contractual necessity—i.e., to fulfill our obligations under agreements with the Client—and our legitimate interests in operating, improving, and scaling our services, rather than relying solely on individual consent, as business-to-business engagements typically involve processing necessary for service delivery and operational efficiency; however, where required under the Digital Personal Data Protection Act, 2023, we ensure that appropriate notices are provided and that processing remains lawful, purpose-specific, and proportionate, noting that any information capable of identifying an individual (including business contact details) qualifies as personal data and must be handled in accordance with applicable data protection principles .

● The processing of personal data in the context of corporate clients and their authorized representatives is carried out on lawful grounds recognized under applicable data protection laws, including the Digital Personal Data Protection Act, 2023, which requires that personal data be processed only for a lawful purpose and either based on valid consent or under specified “legitimate uses” permitted by law; in a B2B context, such processing is typically justified on the basis of contractual necessity—i.e., to perform obligations under agreements with the Client—and on recognized legitimate uses, such as where individuals voluntarily provide their business contact information for service delivery or communication purposes, rather than relying solely on standalone consent mechanisms ; however, where personal data is used for secondary purposes such as marketing communications, especially where such communications are directed to identifiable individuals, appropriate notice and, where required, consent or an opt-out mechanism is provided in line with best practices and evolving regulatory expectations, noting that while communications sent to general corporate contact channels (e.g., generic business email addresses) may not always require explicit consent, responsible data handling standards and transparency principles still require that recipients are given clear and easy options to opt out of such communications; accordingly, all processing is undertaken in a manner that is lawful, purpose-specific, proportionate, and consistent with the rights of individuals under applicable data protection frameworks.

● We may share corporate and personal data collected in the course of providing services with trusted third parties strictly on a need-to-know basis, including service providers such as cloud hosting partners, payment processors, analytics providers, and other vendors who support the operation of the Platform, all of whom are contractually bound to maintain confidentiality and implement appropriate security safeguards; in the context of delivering insights and reports to corporate clients, we ensure that any data shared is aggregated and anonymized, meaning that all personally identifiable information is removed so that individuals cannot be identified directly or indirectly—for example, we may provide usage trends, engagement metrics, or program effectiveness insights at an organizational level without disclosing individual employee data, and under the Digital Personal Data Protection Act, 2023, such anonymized or non-personal data falls outside the scope of “personal data” and is not subject to the same regulatory restrictions, as it cannot be linked back to an identifiable individual ; additionally, we may disclose information where required to comply with applicable laws, legal processes, or regulatory obligations, and all such sharing is carried out in a manner that is lawful, proportionate, and limited to the purpose for which the data was originally collected, ensuring both compliance and protection of individual privacy rights.

● We retain corporate and associated personal data only for as long as necessary to fulfill the purposes for which it was collected, including the duration of the business relationship with the Client and any additional period required to comply with applicable legal, regulatory, tax, or audit obligations; accordingly, B2B account information, contractual records, and transaction or billing data may typically be retained for a defined period (for example, up to 6–8 years in line with financial and tax compliance requirements), while operational data is retained only as long as necessary for service delivery and business continuity; under the Digital Personal Data Protection Act, 2023, we are required to adhere to the principle of storage limitation, which mandates that personal data must be deleted or anonymized once the purpose for which it was collected has been fulfilled, unless retention is required by law ; accordingly, we implement internal data retention schedules and periodic reviews to ensure that data is not retained indefinitely, and once retention obligations expire, such data is securely deleted, anonymized, or archived in a manner that prevents identification of individuals, thereby ensuring compliance with applicable data protection laws while maintaining necessary business and legal records.

● Individuals associated with corporate clients, including employees or authorized representatives whose personal data is processed through the Platform, are entitled to certain rights in relation to their personal data, broadly consistent with those available to individual consumers under the Digital Personal Data Protection Act, 2023, including the right to access information about their personal data, request correction of inaccurate or incomplete data, seek deletion or erasure of data that is no longer necessary, and raise grievances regarding data processing practices, as the Act grants individuals (referred to as “Data Principals”) clear rights to access, correct, and erase their personal data held by an organization ; however, in a B2B context, the exercise of certain rights—such as account-level changes, service discontinuation, or data deletion requests that may impact contractual obligations—may be subject to the terms of the agreement between the Company and the corporate client, and may require coordination with or authorization from the relevant organization; notwithstanding the foregoing, we remain committed to enabling individuals to review, update, or correct their personal data held by the Company in a transparent and timely manner, while ensuring that such requests are handled in compliance with applicable legal requirements, contractual obligations, and operational feasibility, thereby balancing individual rights with business continuity and legal compliance.

● User Rights: The rights of individual B2B contacts mirror those of consumers: access, correction, deletion, etc. However, note that certain requests (like account closure) may be handled per the corporate agreement. Reiterate that individuals have the right to review or correct their personal data held by BAG.

● Corporate clients and their authorized representatives may raise any privacy-related queries, concerns, or requests regarding the processing of personal data through the designated contact channels Grievance Officer,provided by the Company.