Privacy Policy

This Privacy Policy (“Policy”) outlines the principles and legal framework governing the collection, processing, storage, use, and disclosure of personal data, including sensitive personal data or health-related information, by users of Antara CGM App (“App”). The App is a white-labelled version of the Tracky Health App, exclusively developed, maintained, and operated by Drstore Healthcare Services India Pvt Ltd (“Drstore”), including its cloud-based storage and backend services. The App is branded and made available to end users by Antara Assisted Care Services Limited (“Antara”). For legal and regulatory purposes, Antara does not collect, control, access, process, or store any user data, including personal or health information entered or transmitted through the App. Drstore, as the sole developer and cloud controller, shall be solely responsible for compliance as per applicable data protection laws within India. By downloading, installing, or using Antara CGM App, you explicitly acknowledge and agree that all rights, obligations, responsibilities, and liabilities regarding your personal data lie exclusively with Drstore, and no claims, actions, or liabilities shall be raised against Antara in terms of such data or its processing.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings assigned to them below. These definitions shall be interpreted strictly and in favour of limiting the legal responsibility of Antara Assisted Care Services Limited to its role as brand licensee only.

“Anonymized Data” means data that has been processed in such a manner that it irreversibly loses any capability of being associated with an identified or identifiable individual, by any party including Drstore.
“App” refers to Antara CGM mobile application, a white-labeled version of the Tracky Health App, developed and offered under the brand of Antara Assisted Care Services Limited.
“Applicable Laws” means all laws, statutes, regulations, rules, guidelines, directives, circulars, judicial interpretations, and governmental policies applicable to data collection, processing, security, and privacy, including but not limited to the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 (as amended) and any other law enforced in India.
“Biometric Health Data” refers to sensitive health information related to glucose levels, either captured through the Continuous Glucose Monitoring (CGM) device or manually entered by the User.
“Consent” means any freely given, specific, informed, and unambiguous indication of the User’s agreement to the processing of their Personal Data for one or more specified purposes, expressed through affirmative action. Users have the right to withdraw their consent at any time.
“Data Fiduciary” means the entity that determines the purpose and means of processing Personal Data. For all purposes under this Policy and applicable law, Antara is the exclusive Data Fiduciary.
“Data Principal” has the meaning ascribed under the DPDP Act and refers to the individual to whom the personal data relates. In the context of this Policy, the User is the Data Principal.
“Data Processor” means the entity who processes personal data (in this case entire App data) on behalf of Data Fiduciary. For all purposes under this Policy and applicable law, Drstore Healthcare Services India Pvt Ltd is the exclusive Data Processor..
“De-identified Data” refers to Personal Data from which unique identifiers have been removed or masked such that it cannot reasonably be used to identify a User without additional information. Such data may be used for product development, analytics, or research by Drstore, subject to Applicable Laws.
“Grievance Officer” means the designated representative appointed by Drstore to address user complaints, data access requests, or other rights-related inquiries under this Policy and Applicable Laws.
“Grievance Officer” means the designated representative appointed by Drstore to address user complaints, data access requests, or other rights-related inquiries under this Policy and Applicable Laws.
“Personal Data” means any information relating to an identified or identifiable natural person, including but not limited to name, age, gender, date of birth, contact number, email address, unique device identifier, IP address, or any data point that, either individually or in combination with other information, allows for the identification of an individual. This includes information collected directly or indirectly through the App.
“Personal Data” means any data about an individual who is identifiable by reference to identifiers such as name, identification number, contact details, location data, online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
“Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
“Sensitive Personal Data” includes Personal Data that pertains to health, biometric details, physiological or medical conditions, or any data classified as sensitive under Applicable Laws. ,
“Tracky Health Cloud” refers to the secure, proprietary, cloud-based data infrastructure controlled exclusively by Drstore, through which all Personal Data collected via the App is transmitted, processed, and stored. Antara has no access to or control over this infrastructure.
“Third Party” means any individual or entity other than the User, Drstore, or Antara, including but not limited to vendors, contractors, cloud service providers, research institutions, or regulatory bodies, who may receive access to data strictly under contractual obligations consistent with this Policy.
“User” means any individual who downloads, installs, registers on, or uses the App for the purposes of monitoring, recording, or managing biometric, health, or personal data. The User shall be deemed the “Data Principal” under the DPDP Act.

3. Scope and Applicability

This Privacy Policy applies exclusively to the collection, use, and processing of Personal Data and Biometric Health Data conducted online and within the app through Antara CGM App. The Policy outlines the rights and obligations arising from data collection and processing activities carried out by Drstore in its role as the sole Data Processor and Cloud Controller under the Applicable Laws.

This Policy does not extend to or apply in any manner to:

* any offline interactions or data collected by Antara Assisted Care Services Limited (“Antara”);
any services, programs, or physical interventions delivered outside the App;
any other software, application, device, or service not expressly governed by this App and developed by Drstore; or data collected independently by third-party medical service providers or healthcare institutions, even where those providers may recommend or review the data visible on the App.

Antara’s role is strictly limited to brand licensing, distribution, and public interface support. Antara does not access, store, transmit, analyse, modify, share, or influence any user data in any direct or indirect manner.

4. Nature and Categories of Data Collected

All data collected through Antara CGM App is exclusively handled, accessed, and processed by Drstore in its capacity as the sole Data Fiduciary and technical operator of the App. The data collected is essential for the core functionality of the App and is processed in strict compliance with applicable data protection laws and user consent.

The categories of data collected by Drstore may include the following:

Identification Data:
This includes personally identifiable details voluntarily provided by the User during registration or profile setup, such as full name, date of birth, gender, and age. These fields may be mandatory or optional depending on the configuration of the App and intended use.
Contact Information:
Email address, mobile phone number, and, where applicable, secondary contact details are collected to facilitate account verification, communication of app-related alerts or updates, and customer support functionalities.
Biometric and Health Data:
This includes sensitive health-related information captured through a Bluetooth-enabled Continuous Glucose Monitoring (CGM) device or manually entered by the User. Such data shall specifically comprise glucose values obtained from CGM. This data is classified as Sensitive Personal Data under applicable law and is processed by Drstore solely for health tracking, trend analysis, and display within the App, as well as storage in the Tracky Health Cloud.
Device and Technical Usage Data:
Drstore also gathers certain technical metadata from the User’s device to ensure the security and functionality of the App. This may include unique device identifiers, device make and model, operating system version, IP address, diagnostic and crash logs, app performance data, access timestamps, usage frequency, and in-app settings or preferences.
Behavioral and Interactional Data:
To enhance the usability and experience of the App, Drstore may collect anonymised or aggregated data showing how the User interacts with various modules of the App, such as time spent on screens, frequency of data entry, frequency of Bluetooth device syncing, and interaction with alerts or messages.

5. Legal Basis for Processing

The lawful bases on which Drstore processes data are as follows:

Explicit and Informed Consent
Data is processed only with the User’s explicit, specific, and informed consent, obtained through a clear affirmative action within the App interface. This consent is gathered at registration or when inputting data, and Users can review, modify, or withdraw their consent at any time via the App settings or by contacting Antara.
Contractual Necessity
Processing certain data is essential for fulfilling the User’s agreement with Drstore, such as delivering core App features like displaying glucose values, syncing data with the continuous glucose monitoring device, storing data on the Tracky Health Cloud, enabling healthcare practitioner access (where permitted), and generating reports or alerts. Without this processing, the App would not work as intended.
Legal and Regulatory Compliance
Drstore may process data to meet legal requirements under Indian health, consumer protection, and data privacy laws. This includes obligations to keep certain records, ensure secure transfer of sensitive data, respond to legal notices, or cooperate with lawfully authorised regulatory or enforcement agencies.
Legitimate Interests
Drstore may also process anonymised or de-identified data for purposes that support the public interest or enhance products. Such processing might include research on chronic disease management trends, algorithm optimisation, bug detection, app usage analytics, and other activities where data is used without identifying any individual User. Drstore ensures that this processing does not infringe upon the basic rights and freedoms of the User.
User Rights on Withdrawal of Consent:
Users have the right to withdraw Consent at any time. Such withdrawal will apply prospectively and will not impact the legality of any processing conducted based on valid consent prior to its revocation. Upon withdrawal of consent from Antara, Drstore may suspend or terminate App functionality that relies on such data and initiate secure data deletion protocols as outlined in this Policy.

6. Legal Basis for Processing

Purpose of Data Collection and Processing

Health Monitoring and Visualization
To help Users effectively monitor and manage their health, the App gathers real-time and historical Biometric Health Data, which is shown in easy-to-understand charts, summaries, and alerts. This allows Users to keep track of vital health indicators related to glucose trends over time, supporting informed self-care.
Data Synchronization and Backup
All Biometric Health Data data collected through the App is securely synchronised and stored on the Tracky Health Cloud, which is operated solely by Drstore. This guarantees safe cloud-based backups, seamless cross-device access, and long-term preservation of health records, subject to the User’s ongoing consent and account status.
Healthcare Practitioner Access (with User Consent)
The App facilitates data sharing with registered or authorized healthcare professionals, strictly based on explicit User consent. This feature allows clinicians to remotely access and review the User’s health data to support diagnostics, care decisions, and follow-up monitoring.
Research, Development, and Analytics (De-identified Data Only)
Drstore may use anonymized or de-identified data, i.e., data that cannot be linked back to any specific individual for the following legitimate purposes:
Development and testing of new features, algorithms, or predictive models
- Software performance improvements and bug resolution
- Population-level health trend analysis
- Research on chronic and lifestyle diseases, such as diabetes, hypertension, and obesity
- Academic collaborations, whitepapers, or product publications
Such de-identified data is processed in full compliance with applicable data privacy laws and will not be used in a way that re-identifies or impacts the User in any manner.

7. Data Sharing and Disclosure

Drstore may share user data under the following circumstances:

With Healthcare Professionals (Subject to Explicit Consent):
User health data may be shared with treating or monitoring healthcare professionals only with the User’s explicit, informed, and revocable consent, which is obtained through the App interface. Such disclosures are limited to the scope of the provided Consent, and both Antara or Drstore shall ensure that these professionals are bound by ethical and professional obligations regarding confidentiality and data use.
With Contracted Service Providers (Sub-Processors):
Drstore may engage third-party vendors for support services essential to the App's operation, such as cloud hosting, data encryption, cybersecurity monitoring, IT maintenance, or analytics infrastructure. These service providers act as data sub-processors under written agreements requiring them to implement appropriate security measures and comply with data protection standards that are at least equivalent to those followed by Antara or Drstore.
Compliance with Lawful Requests or Court Orders:
User data may be disclosed to courts, law enforcement agencies, data protection authorities, or other government bodies in response to valid legal processes, subpoenas, or regulatory orders issued under applicable law. Antara or Drstore will evaluate the legal validity of such requests and share only the data that is strictly necessary, in accordance with applicable confidentiality standards.
Corporate Transactions (With Safeguards):
In the case of a merger, acquisition, sale of assets, restructuring, or corporate reorganisation involving Antara or Drstore, user data may be transferred to the successor entity. However, such a transfer will only occur if the receiving entity agrees in writing to uphold the privacy rights and protections provided under this Policy. Users will be notified of any significant change in data handling or ownership.
Important Clarification Regarding Antara:
Antara shall not, under any circumstance, whether contractual, operational, or incidental, access, receive, use, view, transmit, analyse, or process any Personal Data or Biometric Health Data of the Users. Its role is strictly limited to brand licensing and distribution of the white-labelled App. All data sharing decisions and obligations are solely the responsibility of Drstore.

8. Data Retention and Storage

Drstore may share user data under the following circumstances:

Retention practices comply with applicable data protection laws, healthcare compliance standards, and industry best practices for medical data management. Antara does not store, back up, or retain any user data under any circumstances.
- Retention Period:
  Antara or Drstore retains user data only for as long as necessary to achieve the purposes specified in this policy and to keep the app functioning. This includes real-time health monitoring, cloud synchronization, user support, and access for authorised healthcare providers. The data will remain stored as long as the user has an active account and does not withdraw consent.
  Upon the User initiating any of the following actions:
  Deletion of the App account via in-app settings or written request
  Revocation or withdrawal of consent for data processing
  Antara or Drstore will execute a secure deletion process to permanently remove all Personal and Biometric Health Data linked to that User from its active systems and databases, including the Tracky Health Cloud within thirty (30)days of such aforesaid actions, unless specific legal or regulatory requirements mandate limited retention (for example, to meet tax, legal, or audit obligations).
- Data Localization and Hosting Standards:
  All data collected through the App is stored solely within India, complying with data localisation requirements where applicable. Drstore uses cloud infrastructure hosted on AWS servers in India, which meet internationally recognised security and privacy certifications, including but not limited to:
  - ISO/IEC 27001 (Information Security Management)
  - SOC 2 Type II (Service Organization Controls)
  - HIPAA (Health Insurance Portability and Accountability Act, for health data protection)
  The data is encrypted both in transit and at rest using industry-grade encryption standards to prevent unauthorized access, tampering, or loss.

9. User Rights and Data Subject Access

Users of Antara CGM App have the right to exercise a wide range of data protection rights under the applicable Indian laws and similar privacy legislation. All such rights must be exercised exclusively with Drstore, which functions as the sole Data Processor for the App.

Users have the following rights in relation to their personal and Biometric Health Data:

Right to Access: Users have the right to request confirmation from Antara or Drstore as to whether their personal data is being processed. If so, they can access the data and relevant details such as the purpose of processing, categories of data collected, storage duration, and recipients with whom the data has been shared.
Right to Rectification: Users can request the correction or updating of inaccurate or incomplete personal data held by Antara or Drstore. Such rectification will be completed within a reasonable timeframe upon verification of identity and supporting information.
Right to Erasure (Right to be Forgotten): Subject to applicable legal and regulatory retention obligations, Users may request the deletion of their personal and Biometric Health Data. This includes withdrawal of consent or closure of their App account. Antara or Drstore will implement permanent deletion procedures and confirm the completion of the process to the User. Data that is anonymised or de-identified will not be subject to deletion, as it no longer constitutes personal data.
Right to Data Portability: Where applicable, users have the right to access their personal data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller or organisation, where feasible and technically possible.
Right to Restrict or Object to Processing: Users may oppose or request limitations on specific types of data processing, especially when:
- Processing is based on legitimate interest and not consent
- Data is believed to be inaccurate
- Processing is unlawful and deletion is not sought
Antara or Drstore will assess such requests individually, considering legal requirements and the technical feasibility of restricting operations.
Right to Lodge a Complaint: Users have the right to lodge a grievance with Antara’s or Drstore’s designated Grievance Officer, and if not resolved satisfactorily within the specified timeframe, may escalate the complaint to the Data Protection Board of India under the DPDP Act.
How to Exercise Your Rights: All rights-related requests may be submitted by sending an email to Antara at:
Email: support@ageasybyantara.com
All rights-related requests may be submitted by sending an email to Drstore at:
Email: info@drstore.in.
Users must provide sufficient information to verify their identity, such as registered email ID, mobile number, and device ID (if applicable). Antara or Drstore may request additional verification for sensitive or large-scale requests to protect against fraudulent or unauthorized access.

10. Security Safeguards and Data Integrity

Drstore, as the exclusive Data Processor and technology provider of Antara CGM App, employs a multi-layered, risk-based approach to protect all Personal and Biometric Health Data collected through the App. Security controls are implemented according to leading industry standards, legal mandates under applicable laws within India, and best practices for safeguarding health-related data.

The security measures adopted by Antara and Drstore include, but are not limited to, the following:

Encryption Protocols:
All data is encrypted in transit and at rest using industry-standard cryptographic techniques (e.g., TLS 1.2+ for transmission and AES-256 for storage). This ensures that user data remains unintelligible and protected from unauthorized access or interception during data exchange or storage.
Access Controls and Authentication:
Access to user data is strictly limited to authorized personnel under the principle of least privilege. Role-based access control (RBAC) models are enforced, and authentication protocols such as multi-factor authentication (MFA) are deployed across sensitive environments to mitigate internal and external threats.
System Monitoring and Vulnerability Management:
Antara or Drstore conducts periodic penetration testing, vulnerability scans, and log audits to detect, analyze, and remediate any security weaknesses. Security Incident and Event Management (SIEM) systems are used for continuous real-time monitoring of infrastructure components and user interaction points.
Infrastructure Hardening and Physical Security:
All backend infrastructure, including the Tracky Health Cloud hosted on AWS servers in India, is hardened to minimize risk exposure. These cloud environments are certified against international benchmarks such as HIPAA, ensuring both physical and virtual security measures are maintained.
Employee Training and Confidentiality:
Personnel involved in data handling are provided with mandatory training on data privacy, cyber hygiene, and confidentiality obligations. All such individuals are contractually bound by non-disclosure and data handling agreements, with disciplinary provisions for violations.
Data Integrity Safeguards:
Antara or Drstore ensures that all collected data remains accurate, complete, and up to date. Automated processes monitor anomalies and data corruption, with fallback systems and backup protocols available to restore data integrity in the event of a technical failure.
User Responsibility:
While Antara or Drstore endeavours to maintain the highest standards of data security, users are encouraged to exercise reasonable precautions, including:
- Keeping login credentials confidential and avoiding password reuse;
- Installing the latest updates of the App and mobile OS;
- Using secure and private internet connections when accessing the App;
- Immediately reporting any suspected unauthorized access or breach to Drstore’s support team.

11. Children's Privacy

Antara CGM App is primarily intended for use by adults, including senior citizens, caregivers, and healthcare professionals. However, it may also be used for pediatric health monitoring under the explicit supervision and consent of a parent or legal guardian.

Encryption Protocols:
Antara CGM App is primarily intended for use by adults, including senior citizens, caregivers, and healthcare professionals. However, it may also be used for pediatric health monitoring under the explicit supervision and consent of a parent or legal guardian.
Consent and Supervision Requirement:
In cases where the App is used to track the health metrics of a minor (defined as a person under the age of 18 years), the parent or legal guardian must:
- Provide verifiable consent for the collection, use, and storage of the minor’s Personal and Biometric Health Data;
- Remain the primary point of contact and controller of the child’s account access;
- Accept full responsibility for the use of the App on behalf of the minor.
Without such legally valid and documented consent, Antara or Drstore does not knowingly collect or process personal data belonging to minors. In the event that data is inadvertently collected from a child without appropriate consent, Antara or Drstore will initiate prompt deletion procedures upon discovery or receipt of a verified request.
Rights of Parents and Guardians:
Parents or legal guardians of minor users may exercise all rights under this Privacy Policy on behalf of the child, including:
- Requesting access to the child's data;
- Requesting correction or rectification of inaccurate data;
- Requesting account termination and deletion of all related data;
- Withdrawing consent at any time, which will result in data erasure and deactivation of access.
All such requests must be submitted to Antara or Drstore as mentioned above in clause 9 (vii) with appropriate verification of identity and relationship to the child.
Data Safeguards for Minors:
Data collected under a child's profile is processed with the same level of confidentiality, encryption, and security safeguards as adult data. However, additional protective protocols, including restricted access and audit trails, are applied to ensure enhanced protection of pediatric data.

12. Marketing and Communication

Drstore as the sole operator and Data Processor of Antara CGM App, may from time to time send non-intrusive and relevant communications to users strictly for the purposes of:

Providing product and software updates;
Informing users about scheduled maintenance, security advisories, or new feature rollouts;
Sharing general health insights or wellness tips that may support chronic condition management.

Marketing Communications & Consent Requirement: Any communication that may be deemed promotional or marketing in nature such as offers on new services, partnerships, or product upgrades will be sent only if the user has explicitly opted in to receive such messages. This consent may be obtained through the App interface, during user onboarding, or via a separate confirmation email.

Antara or Drstore ensures that such consent is:

Freely given, not bundled with essential services;
Informed, with full disclosure of the communication type;
Granular, allowing users to choose specific categories of communication;
Revocable, at any time by the user without prejudice.

Opt-Out Mechanism: Users may withdraw consent or unsubscribe from marketing and/or informational communications at any time through either of the following methods:

Navigating to App Settings > Notifications > Communication Preferences and toggling off applicable options;
Writing directly to Antara or Drstore as mentioned above in clause 9 (vii).

Upon receipt of an opt-out request, Drstore will ensure that the user’s preferences are updated within a reasonable timeframe and no further promotional messages are sent.

No Third-Party Advertising or Tracking: Antara CGM App does not engage in third-party advertising, ad placement, or behavior-based tracking for marketing purposes. No user data is shared with advertisers, data brokers, or ad networks under any circumstance.

13. Account Termination and Data Deletion

Users of Antara CGM App retain full control over their account lifecycle, including the right to voluntarily terminate their user account and request deletion of all associated Personal and Biometric Health Data.

Process for Termination:
An account may be terminated at the user's discretion at any time by taking one of the following steps:
- Navigating to the App interface: Settings > About > Cancel Account, and confirming the account termination process; or
- Sending a formal request via email to Antara or Drstore as mentioned above in clause 9 (vii).
Upon receipt and verification of the termination request, Antara or Drstore shall initiate a structured and irreversible deletion process.
Scope of Deletion:
Account termination will result in the permanent and complete erasure of the following:
- All user-specific Personal Data and Biometric Health Data stored in the Tracky Health Cloud;
- Access logs, device identifiers, and usage history linked to the user profile;
- Any linked health records or historical data visualizations viewable through the App.
Legal and Compliance Exceptions:
While Antara and Drstore is committed to honoring user deletion requests promptly and comprehensively, it may, in limited and clearly defined circumstances, retain certain records or de-identified data for the following purposes:
- Compliance with statutory obligations, such as under tax, medical records, or public health regulations;
- Fulfillment of legitimate interests in defending legal claims, conducting product audits, or complying with enforceable government directives;
- Research and development, strictly in anonymized or aggregated form that does not identify the individual.
No deleted data will ever be sold, shared, or reused in personally identifiable form.
Consequences of Termination:
Once the account has been deleted:
- Users will no longer be able to access any historical health records or prior App usage information;
- Any services linked to the account, including health monitoring, alerts, or physician dashboards, will be discontinued;
- Re-registration will require creating a fresh user profile from the beginning, with no restoration of previous data possible.
Finality and Disclaimer:
The deletion process is irreversible. Antara and Drstore encourages users to download or backup any personal health data they may wish to retain before initiating account termination. Drstore shall not be liable for any user loss or inconvenience resulting from intentional deletion actions.

14. Policy Updates and Revisions

This Privacy Policy is a dynamic document that may be amended, revised, or updated from time to time by Antara or Drstore to reflect legal developments, regulatory changes, technological advancements, user feedback, or enhancements in the features or functionality of Antara CGM App.

Scope of Revisions:
Policy updates may include (but are not limited to):

Changes in data collection practices;
Adjustments to lawful bases for processing;
Introduction of new user rights or opt-out mechanisms;
Modifications to data sharing protocols or third-party services;
Enhancements in security measures or storage frameworks.

Notification of Changes:
All material changes to this Privacy Policy will be clearly communicated to users via one or more of the following methods:

In-app notification banners;
Pop-up alerts requiring acknowledgement;
Email notifications sent to the registered user address;
Update notices published on the App Store listing or website.

Where required by applicable law, users will be given a reasonable period to review and provide or withdraw consent to changes that materially alter their rights or the nature of data processing.

User Consent and Binding Effect:
Continued use of Antara CGM App after the effective date of any revised Privacy Policy shall constitute the user's deemed acceptance of such changes. If users do not agree with the revised terms, they are advised to:

Discontinue use of the App; and
Delete their account or request account termination under Clause 13.

Users are encouraged to periodically review this Policy to remain informed of how their data is handled.

15. Contact and Grievance Redressal

Users may exercise their rights or raise concerns relating to this Privacy Policy, data access, corrections, deletion requests, consent withdrawal, or any other data protection matters by contacting the designated Grievance Officer of Antara or Drstore:

Primary Contact for Data Privacy and Compliance Matters:
Antara Assisted Care Services Limited
Address: 2nd Floor, Plot No 65, Landmark House, Sector 44, Gurugram, Haryana-122003
Email: Grievance@antaraseniorcare.com
Grievance Officer: Dr. Mandeep Singh
Secondary Contact for Data Privacy and Compliance Matters:
Drstore Healthcare Services India Pvt Ltd
SA 44, 2nd Floor, Lake City Mall, Ghod Bunder Road,
Thane (West) 400607, Maharashtra, India
Email: info@drstore.in
Grievance Officer: Surbhi Mittal
Associate Director- Strategy & Marketing
Response Timeline:

As per the Digital Personal Data Protection Act, 2023, all grievances shall be acknowledged within 24 hours and responded to within 7 working days from the date of receipt.
Users may also request:
- Access to a summary of data processed;
- Rectification or erasure of inaccurate or outdated data;
- Restriction of processing for certain use cases;
- Portability of specific health data (where technically feasible).
Escalation and Statutory Remedies:
If users are unsatisfied with the resolution offered by Antara or Drstore or do not receive a response within the statutory timelines, they may escalate the matter to:
- Data Protection Board of India under the DPDP Act;
- Any other authority empowered under applicable data protection legislation in India or globally.
For Brand-Related Product Queries or Support:
Please contact Antara exclusively for product-level inquiries, device concerns, or non-personal data-related issues. Antara Assisted Care Services Limited
Plot No. 65, 2nd Floor, Landmark House, Sector – 44, Gurgaon -122001, Haryana
Email: support@ageasybyantara.com
Phone Number +91 9911789911

Issuance Statement:

This Privacy Policy is issued jointly by: Drstore Healthcare Services India Pvt Ltd and Antara Assisted Care Services Limited, as the Data Processor and Data Fiduciary respectively.

Shop

About Us

Need Help

Antara's Legacy

Email:
support@ageasybyantara.com

Phone:
+91 9911789911

Office location:
4th Floor, Plot No. 65, Sector 44, Gurugram, Haryana-122003

Office Hours:
Monday - Friday
9:00 AM - 6:00 PM

Privacy Policy

2. Definitions

“Anonymized Data” means data that has been processed in such a manner that it irreversibly loses any capability of being associated with an identified or identifiable individual, by any party including Drstore.
“App” refers to Antara CGM mobile application, a white-labeled version of the Tracky Health App, developed and offered under the brand of Antara Assisted Care Services Limited.
“Applicable Laws” means all laws, statutes, regulations, rules, guidelines, directives, circulars, judicial interpretations, and governmental policies applicable to data collection, processing, security, and privacy, including but not limited to the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 (as amended) and any other law enforced in India.
“Biometric Health Data” refers to sensitive health information related to glucose levels, either captured through the Continuous Glucose Monitoring (CGM) device or manually entered by the User.
“Consent” means any freely given, specific, informed, and unambiguous indication of the User’s agreement to the processing of their Personal Data for one or more specified purposes, expressed through affirmative action. Users have the right to withdraw their consent at any time.
“Data Fiduciary” means the entity that determines the purpose and means of processing Personal Data. For all purposes under this Policy and applicable law, Antara is the exclusive Data Fiduciary.
“Data Principal” has the meaning ascribed under the DPDP Act and refers to the individual to whom the personal data relates. In the context of this Policy, the User is the Data Principal.
“Data Processor” means the entity who processes personal data (in this case entire App data) on behalf of Data Fiduciary. For all purposes under this Policy and applicable law, Drstore Healthcare Services India Pvt Ltd is the exclusive Data Processor..
“De-identified Data” refers to Personal Data from which unique identifiers have been removed or masked such that it cannot reasonably be used to identify a User without additional information. Such data may be used for product development, analytics, or research by Drstore, subject to Applicable Laws.
“Grievance Officer” means the designated representative appointed by Drstore to address user complaints, data access requests, or other rights-related inquiries under this Policy and Applicable Laws.
“Grievance Officer” means the designated representative appointed by Drstore to address user complaints, data access requests, or other rights-related inquiries under this Policy and Applicable Laws.
“Personal Data” means any information relating to an identified or identifiable natural person, including but not limited to name, age, gender, date of birth, contact number, email address, unique device identifier, IP address, or any data point that, either individually or in combination with other information, allows for the identification of an individual. This includes information collected directly or indirectly through the App.
“Personal Data” means any data about an individual who is identifiable by reference to identifiers such as name, identification number, contact details, location data, online identifiers, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
“Processing” means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
“Sensitive Personal Data” includes Personal Data that pertains to health, biometric details, physiological or medical conditions, or any data classified as sensitive under Applicable Laws. ,
“Tracky Health Cloud” refers to the secure, proprietary, cloud-based data infrastructure controlled exclusively by Drstore, through which all Personal Data collected via the App is transmitted, processed, and stored. Antara has no access to or control over this infrastructure.
“Third Party” means any individual or entity other than the User, Drstore, or Antara, including but not limited to vendors, contractors, cloud service providers, research institutions, or regulatory bodies, who may receive access to data strictly under contractual obligations consistent with this Policy.
“User” means any individual who downloads, installs, registers on, or uses the App for the purposes of monitoring, recording, or managing biometric, health, or personal data. The User shall be deemed the “Data Principal” under the DPDP Act.

3. Scope and Applicability

This Policy does not extend to or apply in any manner to:

* any offline interactions or data collected by Antara Assisted Care Services Limited (“Antara”);
any services, programs, or physical interventions delivered outside the App;
any other software, application, device, or service not expressly governed by this App and developed by Drstore; or data collected independently by third-party medical service providers or healthcare institutions, even where those providers may recommend or review the data visible on the App.

4. Nature and Categories of Data Collected

The categories of data collected by Drstore may include the following:

Identification Data:
This includes personally identifiable details voluntarily provided by the User during registration or profile setup, such as full name, date of birth, gender, and age. These fields may be mandatory or optional depending on the configuration of the App and intended use.
Contact Information:
Email address, mobile phone number, and, where applicable, secondary contact details are collected to facilitate account verification, communication of app-related alerts or updates, and customer support functionalities.
Biometric and Health Data:
This includes sensitive health-related information captured through a Bluetooth-enabled Continuous Glucose Monitoring (CGM) device or manually entered by the User. Such data shall specifically comprise glucose values obtained from CGM. This data is classified as Sensitive Personal Data under applicable law and is processed by Drstore solely for health tracking, trend analysis, and display within the App, as well as storage in the Tracky Health Cloud.
Device and Technical Usage Data:
Drstore also gathers certain technical metadata from the User’s device to ensure the security and functionality of the App. This may include unique device identifiers, device make and model, operating system version, IP address, diagnostic and crash logs, app performance data, access timestamps, usage frequency, and in-app settings or preferences.
Behavioral and Interactional Data:
To enhance the usability and experience of the App, Drstore may collect anonymised or aggregated data showing how the User interacts with various modules of the App, such as time spent on screens, frequency of data entry, frequency of Bluetooth device syncing, and interaction with alerts or messages.

5. Legal Basis for Processing

The lawful bases on which Drstore processes data are as follows:

Explicit and Informed Consent
Data is processed only with the User’s explicit, specific, and informed consent, obtained through a clear affirmative action within the App interface. This consent is gathered at registration or when inputting data, and Users can review, modify, or withdraw their consent at any time via the App settings or by contacting Antara.
Contractual Necessity
Processing certain data is essential for fulfilling the User’s agreement with Drstore, such as delivering core App features like displaying glucose values, syncing data with the continuous glucose monitoring device, storing data on the Tracky Health Cloud, enabling healthcare practitioner access (where permitted), and generating reports or alerts. Without this processing, the App would not work as intended.
Legal and Regulatory Compliance
Drstore may process data to meet legal requirements under Indian health, consumer protection, and data privacy laws. This includes obligations to keep certain records, ensure secure transfer of sensitive data, respond to legal notices, or cooperate with lawfully authorised regulatory or enforcement agencies.
Legitimate Interests
Drstore may also process anonymised or de-identified data for purposes that support the public interest or enhance products. Such processing might include research on chronic disease management trends, algorithm optimisation, bug detection, app usage analytics, and other activities where data is used without identifying any individual User. Drstore ensures that this processing does not infringe upon the basic rights and freedoms of the User.
User Rights on Withdrawal of Consent:
Users have the right to withdraw Consent at any time. Such withdrawal will apply prospectively and will not impact the legality of any processing conducted based on valid consent prior to its revocation. Upon withdrawal of consent from Antara, Drstore may suspend or terminate App functionality that relies on such data and initiate secure data deletion protocols as outlined in this Policy.

6. Legal Basis for Processing

Purpose of Data Collection and Processing

Health Monitoring and Visualization
To help Users effectively monitor and manage their health, the App gathers real-time and historical Biometric Health Data, which is shown in easy-to-understand charts, summaries, and alerts. This allows Users to keep track of vital health indicators related to glucose trends over time, supporting informed self-care.
Data Synchronization and Backup
All Biometric Health Data data collected through the App is securely synchronised and stored on the Tracky Health Cloud, which is operated solely by Drstore. This guarantees safe cloud-based backups, seamless cross-device access, and long-term preservation of health records, subject to the User’s ongoing consent and account status.
Healthcare Practitioner Access (with User Consent)
The App facilitates data sharing with registered or authorized healthcare professionals, strictly based on explicit User consent. This feature allows clinicians to remotely access and review the User’s health data to support diagnostics, care decisions, and follow-up monitoring.
Research, Development, and Analytics (De-identified Data Only)
Drstore may use anonymized or de-identified data, i.e., data that cannot be linked back to any specific individual for the following legitimate purposes:
Development and testing of new features, algorithms, or predictive models
- Software performance improvements and bug resolution
- Population-level health trend analysis
- Research on chronic and lifestyle diseases, such as diabetes, hypertension, and obesity
- Academic collaborations, whitepapers, or product publications
Such de-identified data is processed in full compliance with applicable data privacy laws and will not be used in a way that re-identifies or impacts the User in any manner.

7. Data Sharing and Disclosure

Drstore may share user data under the following circumstances:

With Healthcare Professionals (Subject to Explicit Consent):
User health data may be shared with treating or monitoring healthcare professionals only with the User’s explicit, informed, and revocable consent, which is obtained through the App interface. Such disclosures are limited to the scope of the provided Consent, and both Antara or Drstore shall ensure that these professionals are bound by ethical and professional obligations regarding confidentiality and data use.
With Contracted Service Providers (Sub-Processors):
Drstore may engage third-party vendors for support services essential to the App's operation, such as cloud hosting, data encryption, cybersecurity monitoring, IT maintenance, or analytics infrastructure. These service providers act as data sub-processors under written agreements requiring them to implement appropriate security measures and comply with data protection standards that are at least equivalent to those followed by Antara or Drstore.
Compliance with Lawful Requests or Court Orders:
User data may be disclosed to courts, law enforcement agencies, data protection authorities, or other government bodies in response to valid legal processes, subpoenas, or regulatory orders issued under applicable law. Antara or Drstore will evaluate the legal validity of such requests and share only the data that is strictly necessary, in accordance with applicable confidentiality standards.
Corporate Transactions (With Safeguards):
In the case of a merger, acquisition, sale of assets, restructuring, or corporate reorganisation involving Antara or Drstore, user data may be transferred to the successor entity. However, such a transfer will only occur if the receiving entity agrees in writing to uphold the privacy rights and protections provided under this Policy. Users will be notified of any significant change in data handling or ownership.
Important Clarification Regarding Antara:
Antara shall not, under any circumstance, whether contractual, operational, or incidental, access, receive, use, view, transmit, analyse, or process any Personal Data or Biometric Health Data of the Users. Its role is strictly limited to brand licensing and distribution of the white-labelled App. All data sharing decisions and obligations are solely the responsibility of Drstore.

8. Data Retention and Storage

Drstore may share user data under the following circumstances:

Retention practices comply with applicable data protection laws, healthcare compliance standards, and industry best practices for medical data management. Antara does not store, back up, or retain any user data under any circumstances.
- Retention Period:
  Antara or Drstore retains user data only for as long as necessary to achieve the purposes specified in this policy and to keep the app functioning. This includes real-time health monitoring, cloud synchronization, user support, and access for authorised healthcare providers. The data will remain stored as long as the user has an active account and does not withdraw consent.
  Upon the User initiating any of the following actions:
  Deletion of the App account via in-app settings or written request
  Revocation or withdrawal of consent for data processing
  Antara or Drstore will execute a secure deletion process to permanently remove all Personal and Biometric Health Data linked to that User from its active systems and databases, including the Tracky Health Cloud within thirty (30)days of such aforesaid actions, unless specific legal or regulatory requirements mandate limited retention (for example, to meet tax, legal, or audit obligations).
- Data Localization and Hosting Standards:
  All data collected through the App is stored solely within India, complying with data localisation requirements where applicable. Drstore uses cloud infrastructure hosted on AWS servers in India, which meet internationally recognised security and privacy certifications, including but not limited to:
  - ISO/IEC 27001 (Information Security Management)
  - SOC 2 Type II (Service Organization Controls)
  - HIPAA (Health Insurance Portability and Accountability Act, for health data protection)
  The data is encrypted both in transit and at rest using industry-grade encryption standards to prevent unauthorized access, tampering, or loss.

9. User Rights and Data Subject Access

Users have the following rights in relation to their personal and Biometric Health Data:

Right to Access: Users have the right to request confirmation from Antara or Drstore as to whether their personal data is being processed. If so, they can access the data and relevant details such as the purpose of processing, categories of data collected, storage duration, and recipients with whom the data has been shared.
Right to Rectification: Users can request the correction or updating of inaccurate or incomplete personal data held by Antara or Drstore. Such rectification will be completed within a reasonable timeframe upon verification of identity and supporting information.
Right to Erasure (Right to be Forgotten): Subject to applicable legal and regulatory retention obligations, Users may request the deletion of their personal and Biometric Health Data. This includes withdrawal of consent or closure of their App account. Antara or Drstore will implement permanent deletion procedures and confirm the completion of the process to the User. Data that is anonymised or de-identified will not be subject to deletion, as it no longer constitutes personal data.
Right to Data Portability: Where applicable, users have the right to access their personal data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller or organisation, where feasible and technically possible.
Right to Restrict or Object to Processing: Users may oppose or request limitations on specific types of data processing, especially when:
- Processing is based on legitimate interest and not consent
- Data is believed to be inaccurate
- Processing is unlawful and deletion is not sought
Antara or Drstore will assess such requests individually, considering legal requirements and the technical feasibility of restricting operations.
Right to Lodge a Complaint: Users have the right to lodge a grievance with Antara’s or Drstore’s designated Grievance Officer, and if not resolved satisfactorily within the specified timeframe, may escalate the complaint to the Data Protection Board of India under the DPDP Act.
How to Exercise Your Rights: All rights-related requests may be submitted by sending an email to Antara at:
Email: support@ageasybyantara.com
All rights-related requests may be submitted by sending an email to Drstore at:
Email: info@drstore.in.
Users must provide sufficient information to verify their identity, such as registered email ID, mobile number, and device ID (if applicable). Antara or Drstore may request additional verification for sensitive or large-scale requests to protect against fraudulent or unauthorized access.

10. Security Safeguards and Data Integrity

The security measures adopted by Antara and Drstore include, but are not limited to, the following:

Encryption Protocols:
All data is encrypted in transit and at rest using industry-standard cryptographic techniques (e.g., TLS 1.2+ for transmission and AES-256 for storage). This ensures that user data remains unintelligible and protected from unauthorized access or interception during data exchange or storage.
Access Controls and Authentication:
Access to user data is strictly limited to authorized personnel under the principle of least privilege. Role-based access control (RBAC) models are enforced, and authentication protocols such as multi-factor authentication (MFA) are deployed across sensitive environments to mitigate internal and external threats.
System Monitoring and Vulnerability Management:
Antara or Drstore conducts periodic penetration testing, vulnerability scans, and log audits to detect, analyze, and remediate any security weaknesses. Security Incident and Event Management (SIEM) systems are used for continuous real-time monitoring of infrastructure components and user interaction points.
Infrastructure Hardening and Physical Security:
All backend infrastructure, including the Tracky Health Cloud hosted on AWS servers in India, is hardened to minimize risk exposure. These cloud environments are certified against international benchmarks such as HIPAA, ensuring both physical and virtual security measures are maintained.
Employee Training and Confidentiality:
Personnel involved in data handling are provided with mandatory training on data privacy, cyber hygiene, and confidentiality obligations. All such individuals are contractually bound by non-disclosure and data handling agreements, with disciplinary provisions for violations.
Data Integrity Safeguards:
Antara or Drstore ensures that all collected data remains accurate, complete, and up to date. Automated processes monitor anomalies and data corruption, with fallback systems and backup protocols available to restore data integrity in the event of a technical failure.
User Responsibility:
While Antara or Drstore endeavours to maintain the highest standards of data security, users are encouraged to exercise reasonable precautions, including:
- Keeping login credentials confidential and avoiding password reuse;
- Installing the latest updates of the App and mobile OS;
- Using secure and private internet connections when accessing the App;
- Immediately reporting any suspected unauthorized access or breach to Drstore’s support team.

11. Children's Privacy

Encryption Protocols:
Antara CGM App is primarily intended for use by adults, including senior citizens, caregivers, and healthcare professionals. However, it may also be used for pediatric health monitoring under the explicit supervision and consent of a parent or legal guardian.
Consent and Supervision Requirement:
In cases where the App is used to track the health metrics of a minor (defined as a person under the age of 18 years), the parent or legal guardian must:
- Provide verifiable consent for the collection, use, and storage of the minor’s Personal and Biometric Health Data;
- Remain the primary point of contact and controller of the child’s account access;
- Accept full responsibility for the use of the App on behalf of the minor.
Without such legally valid and documented consent, Antara or Drstore does not knowingly collect or process personal data belonging to minors. In the event that data is inadvertently collected from a child without appropriate consent, Antara or Drstore will initiate prompt deletion procedures upon discovery or receipt of a verified request.
Rights of Parents and Guardians:
Parents or legal guardians of minor users may exercise all rights under this Privacy Policy on behalf of the child, including:
- Requesting access to the child's data;
- Requesting correction or rectification of inaccurate data;
- Requesting account termination and deletion of all related data;
- Withdrawing consent at any time, which will result in data erasure and deactivation of access.
All such requests must be submitted to Antara or Drstore as mentioned above in clause 9 (vii) with appropriate verification of identity and relationship to the child.
Data Safeguards for Minors:
Data collected under a child's profile is processed with the same level of confidentiality, encryption, and security safeguards as adult data. However, additional protective protocols, including restricted access and audit trails, are applied to ensure enhanced protection of pediatric data.

12. Marketing and Communication

Drstore as the sole operator and Data Processor of Antara CGM App, may from time to time send non-intrusive and relevant communications to users strictly for the purposes of:

Providing product and software updates;
Informing users about scheduled maintenance, security advisories, or new feature rollouts;
Sharing general health insights or wellness tips that may support chronic condition management.

Antara or Drstore ensures that such consent is:

Freely given, not bundled with essential services;
Informed, with full disclosure of the communication type;
Granular, allowing users to choose specific categories of communication;
Revocable, at any time by the user without prejudice.

Opt-Out Mechanism: Users may withdraw consent or unsubscribe from marketing and/or informational communications at any time through either of the following methods:

Navigating to App Settings > Notifications > Communication Preferences and toggling off applicable options;
Writing directly to Antara or Drstore as mentioned above in clause 9 (vii).

Upon receipt of an opt-out request, Drstore will ensure that the user’s preferences are updated within a reasonable timeframe and no further promotional messages are sent.

13. Account Termination and Data Deletion

Process for Termination:
An account may be terminated at the user's discretion at any time by taking one of the following steps:
- Navigating to the App interface: Settings > About > Cancel Account, and confirming the account termination process; or
- Sending a formal request via email to Antara or Drstore as mentioned above in clause 9 (vii).
Upon receipt and verification of the termination request, Antara or Drstore shall initiate a structured and irreversible deletion process.
Scope of Deletion:
Account termination will result in the permanent and complete erasure of the following:
- All user-specific Personal Data and Biometric Health Data stored in the Tracky Health Cloud;
- Access logs, device identifiers, and usage history linked to the user profile;
- Any linked health records or historical data visualizations viewable through the App.
Legal and Compliance Exceptions:
While Antara and Drstore is committed to honoring user deletion requests promptly and comprehensively, it may, in limited and clearly defined circumstances, retain certain records or de-identified data for the following purposes:
- Compliance with statutory obligations, such as under tax, medical records, or public health regulations;
- Fulfillment of legitimate interests in defending legal claims, conducting product audits, or complying with enforceable government directives;
- Research and development, strictly in anonymized or aggregated form that does not identify the individual.
No deleted data will ever be sold, shared, or reused in personally identifiable form.
Consequences of Termination:
Once the account has been deleted:
- Users will no longer be able to access any historical health records or prior App usage information;
- Any services linked to the account, including health monitoring, alerts, or physician dashboards, will be discontinued;
- Re-registration will require creating a fresh user profile from the beginning, with no restoration of previous data possible.
Finality and Disclaimer:
The deletion process is irreversible. Antara and Drstore encourages users to download or backup any personal health data they may wish to retain before initiating account termination. Drstore shall not be liable for any user loss or inconvenience resulting from intentional deletion actions.

14. Policy Updates and Revisions

Scope of Revisions:
Policy updates may include (but are not limited to):

Changes in data collection practices;
Adjustments to lawful bases for processing;
Introduction of new user rights or opt-out mechanisms;
Modifications to data sharing protocols or third-party services;
Enhancements in security measures or storage frameworks.

Notification of Changes:
All material changes to this Privacy Policy will be clearly communicated to users via one or more of the following methods:

In-app notification banners;
Pop-up alerts requiring acknowledgement;
Email notifications sent to the registered user address;
Update notices published on the App Store listing or website.

Where required by applicable law, users will be given a reasonable period to review and provide or withdraw consent to changes that materially alter their rights or the nature of data processing.

Discontinue use of the App; and
Delete their account or request account termination under Clause 13.

Users are encouraged to periodically review this Policy to remain informed of how their data is handled.

15. Contact and Grievance Redressal

Primary Contact for Data Privacy and Compliance Matters:
Antara Assisted Care Services Limited
Address: 2nd Floor, Plot No 65, Landmark House, Sector 44, Gurugram, Haryana-122003
Email: Grievance@antaraseniorcare.com
Grievance Officer: Dr. Mandeep Singh
Secondary Contact for Data Privacy and Compliance Matters:
Drstore Healthcare Services India Pvt Ltd
SA 44, 2nd Floor, Lake City Mall, Ghod Bunder Road,
Thane (West) 400607, Maharashtra, India
Email: info@drstore.in
Grievance Officer: Surbhi Mittal
Associate Director- Strategy & Marketing
Response Timeline:

As per the Digital Personal Data Protection Act, 2023, all grievances shall be acknowledged within 24 hours and responded to within 7 working days from the date of receipt.
Users may also request:
- Access to a summary of data processed;
- Rectification or erasure of inaccurate or outdated data;
- Restriction of processing for certain use cases;
- Portability of specific health data (where technically feasible).
Escalation and Statutory Remedies:
If users are unsatisfied with the resolution offered by Antara or Drstore or do not receive a response within the statutory timelines, they may escalate the matter to:
- Data Protection Board of India under the DPDP Act;
- Any other authority empowered under applicable data protection legislation in India or globally.
For Brand-Related Product Queries or Support:
Please contact Antara exclusively for product-level inquiries, device concerns, or non-personal data-related issues. Antara Assisted Care Services Limited
Plot No. 65, 2nd Floor, Landmark House, Sector – 44, Gurgaon -122001, Haryana
Email: support@ageasybyantara.com
Phone Number +91 9911789911

Issuance Statement:

This Privacy Policy is issued jointly by: Drstore Healthcare Services India Pvt Ltd and Antara Assisted Care Services Limited, as the Data Processor and Data Fiduciary respectively.

Shop

About Us

Need Help

Antara's Legacy

Email:
support@ageasybyantara.com

Phone:
+91 9911789911

Office location:
4th Floor, Plot No. 65, Sector 44, Gurugram, Haryana-122003

Office Hours:
Monday - Friday
9:00 AM - 6:00 PM