Welcome to Samsara

Samsara (“we,” “us,” “our,” or “Company”) is committed to protecting your privacy and ensuring transparency in our data practices.

This Privacy Policy applies to your use of our Services (as described below). We provide you with choices regarding the collection, use, and sharing of your personal data, as outlined in this Privacy Policy, our Cookie Policy, in-app Privacy Settings, and the resources available in our Help Centre.

This Privacy Policy serves as your comprehensive guide to understanding how we collect, process, use, store, and protect your personal information when you interact with our wellness application and related services.

Our Privacy Commitment

We believe that privacy is a fundamental right, and we are dedicated to:

• Transparency: Providing clear, understandable information about our data practices
• Security: Implementing robust technical and organizational measures to protect your data
• Compliance: Adhering to applicable privacy laws and regulations worldwide
• Accountability: Taking responsibility for our data processing activities

Who does this Privacy Policy apply to?

This Privacy Policy applies to all individuals (“You”) who access, register, or use Samsara’s Services, including but not limited to individuals residing in India, the United States, Singapore, European Union (EU), and the United Kingdom (UK).

Which laws govern this Privacy Policy?

We follow globally recognized privacy standards and comply with relevant data protection laws, including:

• The General Data Protection Regulation (GDPR) applicable in the EU and the UK
• The California Consumer Privacy Act (CCPA) applicable in California, USA
• The Health Insurance Portability and Accountability Act (HIPAA) protecting Protected Health Information (PHI) in the USA.
• The Digital Personal Data Protection Act (DPDP Act) applicable in India
• The Personal Data Protection Act (PDPA) applicable in Singapore
• Other applicable local data protection laws 

Information We Collect

2.1 Categories of Personal Information Collected

We collect various categories of personal data, which may include:

Account Information:

Full name, email address, phone number

General location data (city, country)

Profile photograph and biographical information

Date of birth, gender identity, and age

Language preferences and accessibility settings

Account creation date and last activity

Collection Method:

Direct user input during registration and profile setup

Purpose:

Account management, service personalization, and user identification

Health and Wellness Data:

Vital Signs: Heart rate, blood pressure, body temperature, respiratory rate

Body Metrics: Weight, height, BMI, body fat percentage, muscle mass

Medical Information: Chronic conditions, medications, allergies, injuries

Fitness Data: Exercise routines, workout duration, calories burned, steps taken

Yoga Practice: Session duration, poses practiced, difficulty levels, progress tracking

Meditation: Session length, meditation types, mindfulness scores, mood tracking

Sleep Data: Sleep duration, sleep quality, sleep stages, wake times

Nutrition: Meal logging, caloric intake, nutritional information, dietary preferences

Wellness Goals: Target weights, fitness objectives, health milestones

Collection Method:

Direct information provided by you when signing up or using features

Integration with third-party health applications and wearables (with your permission)

Information provided by wellness coaches and trainers within our platform

Customer support interactions

Integration with wearable devices (as permitted under their privacy term)

Purpose:

Personalized wellness recommendations, progress tracking, health monitoring

Device and Usage Information

Device identifiers (IP address, device ID)

App browsing patterns and preferences

Operating system and browser version

Usage Analytics: Feature usage patterns, session duration, screen interactions, navigation paths

Performance Data: App crashes, loading times, error logs, system performance metrics

Interaction logs (buttons clicked, pages viewed)

Mobile network information

Collection Method:

Automated collection via your device during app usage

Purpose:

Service optimization, technical support, security monitoring, feature development

Communications Data

Messages: Communications with trainers, coaches, and nutritionists

Customer service inquiries, feedback, bug reports

Community Participation: Forum posts, comments, social interactions

Notification Preferences: Communication settings, frequency preferences

Feedback, surveys, and ratings

Customer support communications (emails, calls)

Collection Method:

User-initiated communications and interactions

Purpose

Customer support, service improvement, community building, user engagement

Payment Information

Payment transaction details (processed via secure third-party gateways)

Subscription plan details and preferences

Purchase History: In-app purchases, premium feature access, refund records

Collection Method:

Payment processing during subscription and purchase transactions

Purpose:

Payment processing, subscription management, financial record keeping

*Sensitive Personal Data – We collect sensitive personal data, such as health data and biometric indicators, with your explicit consent as required by law. This information is handled with enhanced security controls.

Data Minimization

We adhere to data minimization principles by collecting only necessary information for stated purposes, providing granular consent options for different data types, implementing purpose limitation controls and regularly reviewing and purging unnecessary data.

How we process your data? 

We primarily process and/or store your data to provide services which include but are not limited to –

• Personalized wellness program recommendations
• Customized workout and yoga routines
• Tailored meditation and mindfulness sessions
• Individualized nutrition plans and meal suggestions
• Progress tracking and achievement monitoring
• Goal setting and milestone celebrations

In addition to the above, we may also use your data to –

• Match you with a trainer specialised in the areas of wellness that you choose
• To share skill-based professional recommendations with you
• Availability and scheduling coordination
• To integrate and allow performance and rating systems
• To support geographic proximity considerations
• For communication facilitation like messaging and video consultations
• Progress tracking, sharing and feedback and
• To maintain up to date professional consultation records and training session documentation

Our services also support health monitoring and tracking using –

• Vital sign monitoring and trend analysis
• Health risk assessment and alerts (SOS intimation)
• Medication reminder systems
• Symptom tracking and reporting
• Wellness score calculations

In addition to the above, we may also use your data to improve our services, to optimise our features and to share new feature announcements and personalised offers.

We do not use your personal data to train AI models for third parties.

Cookies and Tracking Technologies

We use cookies, pixels, and similar tracking technologies to:

• Facilitate basic app functionality
• Improve user experience
• Analyze service usage patterns
• Offer personalized content

You can manage cookies through device settings or our in-app cookie preference center.

DATA STORAGE, SECURITY, AND RETENTION

We use reputed and secured cloud service providers to store all Personal and confidential data. All our data centres are localised and secured in accordance with standard industry practises – 

Our data centres are located at Mumbai in India: Mumbai 

Backup and Disaster Recovery

We take data availability and reliability seriously and have implemented robust backup and disaster recovery protocols to ensure minimal service disruption. Our systems follow these key principles:

• Uptime Commitment: We target and maintain a 95% uptime guarantee for core services, excluding scheduled maintenance windows.

• Recovery Time Objective (RTO): In the event of a major service outage, we aim to restore full operational capability within 4 hours.

• Recovery Point Objective (RPO): We are committed to limiting potential data loss to a maximum of 1 hour of data activity through continuous backup and synchronization processes.

Data Retention

We follow a structured data retention framework designed to balance user preferences, operational requirements, and legal compliance:

• User-Generated Health Data: Retained for the duration of your account’s active status or as per your selected preferences within your account settings. You may request deletion at any time.

• Automatically Collected Data (e.g., device information, app usage): Retained for a period of 3 years from the date of collection to enable service improvements and fraud prevention.

• Aggregated and Anonymized Analytics Data: Retained for 5 years for statistical analysis, research, and product development purposes. This data does not identify individual users.

• Data Deletion: When you delete your account with us, all data attached to your account shall also be deleted. Any subsequent use of the account shall require you to create a new account.

USER RIGHTS AND CONTROL MECHANISMS

We are committed to upholding your rights over your personal data, regardless of your jurisdiction. You are provided with clear, accessible options to manage and control how your information is used.

Universal User Rights

All users of our Services have the following fundamental rights:

• Right to Access (Right to Know): You have the right to request confirmation of whether we process your personal data and to access the specific personal data we hold about you, including details on how it is used and with whom it is shared.

• Right to Rectification (Right to Correct): You have the right to request correction of inaccurate or incomplete personal data held by us, ensuring that your information remains accurate and up to date.

• Right to Deletion (Right to Erasure): You have the right to request the deletion of your personal data where applicable, such as when data is no longer required for the purpose collected, when you withdraw consent, or where processing was unlawful, subject to certain legal and operational exceptions.

Region Specific Rights

California (United States) – California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

If you are a resident of California, you have specific rights under the CCPA/CPRA, including:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the purposes of collection, and third parties with whom we share data.
• Right to Access: You may request a copy of your personal information in a portable and readily usable format.
• Right to Deletion: You may request the deletion of personal information we have collected, subject to legal exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the sale or sharing of your personal information for targeted advertising purposes. While we do not “sell” data for monetary value, California law considers certain sharing arrangements as “sales.”
• Right to Limit Use of Sensitive Personal Information: You may limit how your sensitive personal data (such as health data) is used to only what is necessary to provide requested services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

You can exercise these rights via your account settings or by contacting support@samsarawellness.in.

“Do Not Sell or Share My Personal Information” link is available in the app/website footer for easy opt-out.

European Union (EU) and United Kingdom (UK) – General Data Protection Regulation (GDPR)

If you are located in the EU or UK, you are entitled to the following rights under the GDPR:

• Right to Access: Obtain confirmation as to whether your personal data is being processed and request a copy of your data.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure (“Right to be Forgotten”): Request the deletion of your data in certain circumstances (e.g., withdrawal of consent, unlawful processing).
• Right to Restrict Processing: Limit how your data is processed in certain cases (e.g., pending rectification).
• Right to Data Portability: Receive your data in a machine-readable format and transfer it to another controller.
• Right to Object: Object to data processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw consent at any time without affecting previous lawful processing.
• Right to Lodge a Complaint: File a complaint with your national data protection authority.

For the EU, you may contact your local Data Protection Authority (DPA). For the UK, you may contact the Information Commissioner’s Office (ICO).

Our Data Protection Officer (DPO) can be reached at support@samsarawellness.in.

India – Digital Personal Data Protection Act, 2023 (DPDP Act)

For individuals in India, your rights under the DPDP Act include:

• Right to Access Information: You can request confirmation whether your data is being processed and request access to your personal data.
• Right to Correction and Erasure: Request correction of inaccuracies and request erasure of personal data (subject to legal exceptions).
• Right to Grievance Redressal: You have the right to file grievances with our appointed Grievance Redressal Officer or escalate unresolved issues to the Data Protection Board of India.
• Right to Data Portability: You may request your data in a structured, transferable format where applicable.
• Right to Consent Management: You can manage, give, or withdraw consent via in-app privacy settings.

We comply with the principles of data minimization, purpose limitation, and storage limitation under Indian law.

For Indian users, grievance redressal is available via support@samsarawellness.in and the Grievance Officer legal@samsarawellness.in.

Singapore – Personal Data Protection Act (PDPA)

Singapore users are protected by the Personal Data Protection Act (PDPA), which provides for the following rights:

• Right to Access and Correction: You may request access to your personal data and correction of any errors or omissions.
• Right to Withdraw Consent: Withdraw consent for the collection, use, or disclosure of your personal data. Upon withdrawal, we may not be able to continue providing certain services.
• Right to Data Portability (upon enactment): When effective, you may request to port your data to another organization.
• Notification Obligations: We will notify you of purposes before collecting your personal data and will obtain your consent.
• Right to Complain: You may lodge complaints with Singapore’s Personal Data Protection Commission (PDPC).

To exercise your rights in Singapore, please contact support@samsarawellness.in.

Control Mechanisms

We provide multiple mechanisms to help you exercise these rights and control your data:

• You can manage and update your personal information and privacy preferences directly through the in-app settings.
• We have enabled tools to manage consent, data sharing, marketing preferences, and connected third-party integrations.
• You may reach out to our Data Protection Officer or designated grievance contact for unresolved issues.

We respond to all verified user requests within the legally required timeframes, ensuring transparency and accountability in handling your personal data.

How to Submit Requests

All requests can be submitted through:

• In-app privacy settings
• Email: support@samsarawellness.in
• DPO Contact: legal@samsarawellness.in 

We will verify your identity before processing any rights requests. We respond within legally required timeframes, typically:

• 30 days for EU/UK and Singapore,
• 45 days for California,
• 15 working days for India.

Verification Process:

• Identity Verification: Multi-factor authentication required
• Request Validation: Scope and feasibility assessment
• Legal Review: Compliance and legal impact evaluation
• Technical Implementation: System changes and data processing
• Confirmation: User notification of completion.

Children’s Data

Collection of Children’s Data

Our Services are not intended for children under the age of 17.

In order to ensure we are not onboarding individuals below 17 years of age, we do an initial screening during account creation.

We do not knowingly collect, process, or store personal information from children below the applicable legal age without obtaining verifiable parental or guardian consent, as required by law.

Parental Consent and Verification

If we become aware that personal data has been collected from a child without proper consent, we will take reasonable steps to:

• Promptly delete such data from our records,
• Disable the associated account (if applicable), and
• Notify the parent or guardian where feasible.

Parents or guardians who believe that we may have collected information from a child without appropriate consent can contact us at legal@samsarawellness.in for prompt investigation and action.

Who We Share Your Data With

We may share your data with:

• Authorized Service Providers: including cloud service providers (e.g., AWS, Google Cloud), payment processors, analytics tools, and customer support platforms
• Wellness Professionals: such as trainers, yoga instructors, and nutritionists, for personalized program delivery (with confidentiality safeguards)
• Legal Authorities: when required to comply with applicable laws, government requests, or enforce our terms
• Corporate Affiliates or Successors: in the event of a merger, acquisition, or corporate restructuring, your data may be transferred under continued privacy obligations

We do not sell, rent, or trade your personal information to third parties for monetary gain.

All third-party partners who we may share limited data for the purpose of providing our services, are bound by strict data processing agreements and required to maintain industry-standard data security and confidentiality practices.

Changes to This Privacy Policy

We may periodically update this Privacy Policy. Material changes will be communicated via:

• App notifications
• Email (where applicable)
• Updates posted on our website

Your continued use after notification constitutes acceptance of the updated terms.