Privacy Policy

Last Updated on November 30, 2025

Welcome to our website/mobile site, accessible at https://hairskinmedix.com (the "Site"). This privacy policy (the "Privacy Policy") outlines the procedures of Avan derma private limited ("we", "our", or "us") regarding the collection, use, maintenance, protection, and disclosure of information, including your Personal Information (defined below), on the Platform and the services, features, content, applications, and products we offer (collectively, the "Services").

By creating an account or continuing to use our platform, you acknowledge and consent to the practices described in this Privacy Policy. Please read this Privacy Policy in conjunction with our Terms of Service ("Terms"), available here. Any capitalized terms used but not defined in this Privacy Policy have the meaning given to them in the Terms.

Compliance and General Terms

This Privacy Policy is published in compliance with, inter alia:

• Section 43A of the Information Technology Act, 2000 ("IT Act");
• Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 ("SPDI Rules"); and
• Regulation 3(1) of the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021 ("Intermediaries Guidelines").

General Terms of Agreement

• By accessing or using the Platform or the Service, or by otherwise giving us your information, you confirm that you have the capacity to enter into a legally binding contract under Indian law, in particular, the Indian Contract Act, 1872. You confirm you have read, understood, and agreed to the practices and policies outlined in this Privacy Policy and agree to be bound by it.
• If you disclose to us any personal information relating to other people, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
• You hereby consent to our collection, use, sharing, and disclosure of your information as described in this Privacy Policy.
• We may update or revise this Privacy Policy periodically. Your continued use of our services after such updates signifies your acceptance of the revised terms. You are requested to review the Privacy Policy from time to time to keep yourself updated with any changes or modifications.
• If you are accessing or using Services or the Platform from an overseas location, you do so at your own risk and shall be solely liable for compliance with any applicable local laws.
• If you do not agree with any of the terms and conditions of this Privacy Policy, please do not proceed further to use the Platform or any Services.

1. Privacy Policy Applicability

A. Scope of Application

This Privacy Policy applies only to the information we collect through our Services, in email, text, and other electronic communications sent through or in connection with our Services.

B. Third-Party Exclusion

This Privacy Policy does not apply to the information that you provide to, or that is collected by, any third-party that you use in connection with their services. We encourage you to consult directly with such third parties about their privacy practices.

2. Information Collected

We may collect several types of information from and about users of our Services. This includesPersonal Information and information about your internet connection, the equipment you use to access our Services, and your usage details.

A. Categories of Personal Information

Personal Information is data that can be associated with a specific person and used to identify them. It excludes anonymous or aggregated information. Personal Information can include, but is not limited to, the following:

• Name, email address, contact number (cellular and landline), date of birth, age, marital status, city and state of residence.
• Educational qualification(s), occupation, employer details, monthly income, number of children, Aadhaar number, PAN, social security and tax identification numbers, and post-qualification or work experience.

B. Information You Provide Us

We receive and store any information you enter on our Platform or provide us in any other way. This includes:

• Registration Details: Phone number, name, age, gender, geographical address, and email address (verified via OTP).
• Service and Order Details: Items placed in the cart, products ordered, height, weight, lifestyle and diet habits, exercise habits, and delivery address.
• Payment Information: Payment card number, expiration date, billing and shipping address.
• User Contributions: Information you provide (ratings, reviews, tips, photos, comments, lists, followers, ordering details, and history) to be posted on publicly accessible areas of our Services or transmitted to other users or third parties. Your User Contributions are posted at your own risk. You should be careful about revealing any sensitive details about yourself in such postings.
• You can choose not to provide certain information, but this may prevent you from accessing many of our features or availing the Services.

C. Sensitive Personal Data or Information (SPDI)

We may collect SPDI when you use the Services, which includes:

• Health Information: Information or records relating to your health history, health status, laboratory testing results, nutritional deficiencies, and other health-related information.
• Consultation Details: Details of the healthcare professional assigned, the treatment plans and consultation offered, dosage details, and products ordered through the Platform.
• Communications: By using the Service, you consent to the recording, storage, and disclosure of communications (including consultation notes and recommendations) you send or receive for quality assessment and business purposes.

D. Automatic Information and Tracking Technologies

We receive and store certain types of information whenever you interact with us:

• Cookies: We utilize “cookies” (small text files) and other tracking technologies to collect information about activity, recall previously submitted information, improve the Platform, and personalize our Services.
• Tracking Data: Tracking technologies may record internet domain and host names, IP addresses, browser and operating system types, stream patterns, and dates/times of access.
• Mobile Device IDs: We may use unique mobile device identifiers (e.g., IDFA, GAID) instead of cookies to recognize you, store preferences, and track usage for analytics and advertising. Unlike cookies, mobile device IDs cannot be deleted.
• Location: We may receive/store information about your location to provide you with location-based services, such as personalized content.
• You may refuse all cookies by changing your browser/device settings; however, this may limit your ability to use certain features.

E. Information from Other Sources and Third-Party Tools

• Other Sources: We might receive information about you (e.g., order details) from our partners, advertisers, or other third parties and add it to our account information.
• Third-Party Tools: We use third-party SDKs in the Platform (mostly for payment options) to enhance your experience. This Policy covers our use of cookies only and does not cover the use of cookies by third parties.

F. Voluntariness and Consent

You agree that you are providing all information, including SPDI, to us voluntarily. Collection, use, and disclosure of this information require your express consent, which you are providing. If you choose not to provide us with Personal Information or SPDI, we will be unable to provide you access to the Platform or the Services.

3. Use of the Information

We use information collected to provide the Services and operate our business, including:

• Service Delivery: To carry out our obligations, process/deliver orders, facilitate diagnosis/screenings, and enable access to Services.
• Consultation and Communication: To assist with consultations, send updates, resolve queries, and contact you for follow-up consultations or feedback.
• Improvement: To operate and improve the Platform, analyze data (tracking trends, building algorithms), research, and customize your orders and experience.
• Security and Legal: To comply with applicable law, conduct audits, investigate illegal activities, and respond to threats or violations of our Terms.
• Targeting and Advertising: For non-targeting reasons such as frequency capping, compliance, billing, ad reporting, and displaying customized advertisements and content.
• Location-Based Services: To confirm you are located in a jurisdiction where the Service is offered and to identify an appropriate healthcare practitioner.
• De-Identified Data: We may collect, analyze, use, publish, and sell de-identified information for any business purpose not prohibited by law, including research and marketing.

4. Transfer and Disclosure of Information

By using the Platform, you consent to the storage and processing of your Personal Information and SPDI by third parties. We may disclose your information in the following ways:

A. General Disclosures

• To our holding companies, subsidiaries, and affiliates.
• To contractors, advertisers/service providers (e.g., logistics, payment collection, analytics partners) who support our business and are bound by confidentiality obligations.
• To a buyer or successor in the event of a merger, sale, or transfer of assets.
• To third parties to market their products or services to you, provided they contractually agree to keep the information confidential.
• To fulfill the purpose for which you provide it, or for any other purpose disclosed when you provide the information.
• To hair coaches and healthcare practitioners for diagnostics, consultations, and therapeutic purposes.

B. Legal and Security Disclosures

• To investigate, prevent, or take action regarding possible illegal activities, to comply with legal process (subpoena, court order, etc.), and to enforce our Terms.
• If disclosure is necessary to protect our rights, property, or safety, or that of our users or others, including sharing with companies for fraud protection and credit risk reduction.

C. Business Improvement and Social Networks

• Improving Business: We have a right to use a recorded copy of your telephonic conversation, consultation records, and diagnostic reports to improve the Services and customize your experience. We may transfer such information to third parties, including persons outside India, for this purpose, while taking commercially reasonable steps to ensure data protection.
• Social Networks: If you interact with social media features (e.g., the Facebook Like button) on our Services, these features may collect information about your use and post information about your activities, governed by the respective social media company's privacy policies.

Transfer to Third Parties and Outside India: You consent to us sharing with and/or processing of your Personal Information and SPDI by third parties, including in any location outside India, provided they ensure a level of protection comparable to Indian or equivalent international standards.

5. Information Security

We maintain electronic, physical, and procedural safeguards in connection with the collection, storage, and disclosure of personal information (including SPDI). We protect the security of your information during transmission using Secure Sockets Layer (SSL) software, and restrict access to employees and agents under strict confidentiality obligations.

We implement appropriate security measures to protect your Personal Information from unauthorized access and follow technology standards prescribed by applicable law. However, we cannot guarantee the security of any account information, and you acknowledge the inherent risks regarding data transmission over the internet.

It is important for you to protect your account against unauthorized access and log off from the Platform when you have finished use thereof. We do not undertake any liability for any unauthorized use of your account and password.

6. Accessing and Correcting the Information

• You have access to a broad range of information about your account for the limited purpose of viewing, and, in certain cases, modifying and deleting.
• You may rectify any inaccurate or deficient Personal Information or SPDI, or permanently delete your account, by contacting us at the email address provided in the ‘Contact Us’ section.
• Your right to review, update, correct, and delete your information may be limited if your requests are abusive/excessive, encroach upon the rights or safety of others, or relate to existing or anticipated legal proceedings.
• You have the option to opt-out of optional services such as receiving promotional materials.

7. Retention of Information

• We have measures in place to ensure that SPDI is destroyed and/or anonymized as soon as the purposes for which it was collected have been fulfilled, and retention is no longer necessary under applicable law.
• We reserve the right to retain and store your Personal Information for our business purposes. After a period, your information may be anonymized and aggregated and then held for analytics purposes.
• If you wish to withdraw your consent for processing your information or cancel your account, please contact us. Note that this may result in us being unable to provide you access to our Services.
• Uninstalling the mobile application will not automatically result in the deletion of your Personal Information or SPDI.

8. Third-Party Links

The Platform may include hyperlinks to external websites, advertisements, and resources ("Third Party Links"). We have no control over such links and are not responsible for any collection or disclosure of your information by external sites or applications.

The presence of any Third Party Links cannot be construed as a recommendation or endorsement. We are not liable for any loss or damage incurred by you as a result of using Third Party Links. You should exercise reasonable diligence and review the third-party website’s privacy policy before committing to any transaction.

9. Changes to Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in the law, our data collection and use practices, the features of the Services, or advances in technology. Please check this page periodically for changes. Your continued use of the Services or the Platform, following the posting of changes, will constitute your consent and acceptance of those changes.

10. Permissible Age

Use of the Platform is available only to persons who can form a legally binding contract under the Indian Contract Act, 1872. If you are under 18 years of age, then please do not use or access the Services. If we learn that a person under 18 years of age has accessed the Service, we will take appropriate steps to delete this information.

If you are a parent or guardian and discover that your child under 18 years of age has obtained an account, you may alert us at hairskindoctor@gmail.com and request that we delete that child’s personally identifiable information from our systems.

11. Grievance Officer

In accordance with the IT Act and the SPDI Rules, the name and contact details of the Grievance Officer are:

We shall endeavour to resolve your grievances within one month from the date of receipt of such grievance.

12. Contact Us

If you have any queries relating to the processing/usage of information or the Privacy Policy, or if you would like to raise any other inquiries, you may email us at the contact information provided above under section 11 of this Privacy Policy.

13. Miscellaneous

A. Indemnity

You agree to indemnify and hold us harmless against any third-party claims arising from your disclosure or misuse of information. We assume no liability for any actions of third parties with regard to your Personal Information or SPDI which you may have disclosed to such third parties.

B. Severability

Each section of this Privacy Policy shall be and remain separate from and independent of and severable from all and any other clauses herein. The decision or declaration that one or more clauses are null and void shall have no effect on the remaining clauses of this Privacy Policy.