Privacy Policy

Introductory Statement, Definitions & Legal Applicability

This Privacy Policy (“Policy”) constitutes a comprehensive legal instrument governing the collection, receipt, access, storage, processing, analysis, transmission, disclosure, retention, protection, and lawful usage of information that is provided by, generated from, associated with, or otherwise linked to individuals who access, download, register on, interact with, or otherwise use the Clora mobile application, its related interfaces, application programming interfaces (APIs), software modules, web components, and associated services (collectively, the “Platform”).

The Platform is owned, operated, and managed by Autumn HealthLabs Private Limited, a company incorporated under the Companies Act, 2013, (“Autumn HealthLabs”, “Company”, “we”, “us”, “our”, “Clora”).

This Policy applies exclusively to end-user patients of the Clora application. Healthcare professionals, clinics, laboratories, vendors, partners, advertisers, or any other third parties are governed by separate contractual agreements and are not covered under this Policy.

By accessing or using the Platform, the user irrevocably acknowledges, agrees, and consents to the terms of this Policy.

Platform Character, Role & Limitation of Responsibility

Clora is a technology-enabled facilitation, aggregation, and informational platform. For the avoidance of doubt, it is expressly clarified that:

• Clora does not practice medicine.
• Clora does not provide medical diagnosis.
• Clora does not prescribe medication.
• Clora does not provide treatment plans.
• Clora does not replace licensed healthcare professionals.
• Clora does not supervise or control medical decision-making.

The Platform merely enables:

• informational access;
• technological communication;
• discovery of independent third-party services;
• facilitation of user-initiated interactions.

All healthcare services are rendered solely by independent third parties, and all professional, medical, clinical, ethical, or legal responsibility arising therefrom rests exclusively with such third parties.

Eligibility, Age Threshold & Consent Representation

The Platform may be accessed by individuals aged eleven (11) years and above.

Where a user is between 11 and 17 years of age, such user represents and warrants that:

• they have obtained valid, informed, and continuing consent from a parent or legal guardian;
• such consent authorises the use of the Platform and sharing of information;
• Autumn HealthLabs is entitled to rely upon such representation without independent verification.

Autumn HealthLabs expressly disclaims liability arising from:

• misrepresentation of age;
• lack of guardian consent;
• unauthorised access by minors.

Categories of Information Collected

4.1 Information Voluntarily Provided by Users

Information voluntarily provided by users may include, without limitation:

• personal identifiers, including name, age, and gender;
• contact details, including phone number and email address;
• geographic indicators, including city and state;
• menstrual cycle information, including dates, duration, flow, cramps, and symptoms;
• general health-related information voluntarily shared;
• emotional, lifestyle, academic, professional, or relationship-related context;
• responses, queries, and interactions with Clo;
• preferences, feedback, surveys, and support communications.

All such information is provided voluntarily, at the user’s discretion.

4.2 System-Generated & Automatically Collected Information

For the purposes of this Policy, “System-Generated and Automatically Collected Information” refers to data generated as a technical consequence of a user’s interaction with the Platform, without requiring conscious or direct user input.

4.2.1 Device Identifiers

“Device Identifiers” include, without limitation:

• device model and manufacturer;
• operating system type and version;
• application version;
• anonymised device or installation identifiers;
• network identifiers and configuration metadata.

Device identifiers are collected solely for purposes including:

• platform compatibility;
• performance optimisation;
• fraud detection;
• security monitoring;
• error diagnosis and system stability.

Such identifiers do not independently identify an individual.

4.2.2 Usage & Interaction Data

Usage data includes:

• session duration;
• navigation patterns;
• feature interaction frequency;
• click events;
• timestamps.

This data is analysed primarily in aggregated or anonymised form to improve usability, enhance performance, detect misuse, and maintain operational integrity.

4.2.3 Network, Log & Diagnostic Data

Network-level data, including IP addresses and access logs, may be collected for security audits, legal compliance, abuse prevention, and forensic investigation where required by law.

Artificial Intelligence Companion (“Clo”)

5.1 Clo Does Not Provide Medical Advice

Clo is an AI-enabled informational interface. While interacting with Clo, if a user voluntarily shares symptoms, concerns, sensations, or experiences, Clo is designed to respond as follows:

• Clo may provide general lifestyle guidance or commonly known home-care measures only where symptoms are widely recognised as common, non-urgent, not indicative of a medical emergency, and reasonably understood to be manageable through observation or basic self-care.
• Clo is explicitly trained to recommend immediate professional medical consultation in any instance where symptoms are severe, persistent, worsening, abnormal, may reasonably require medical evaluation, where delay in medical attention may pose health risks, or where professional diagnosis, treatment, or intervention may be required.

At no point shall Clo’s responses be construed as:

• diagnosis;
• treatment;
• prescription;
• clinical opinion;
• professional medical advice.

Responsibility for medical decision-making rests solely with the user.

5.2 Third-Party AI Infrastructure Disclosure

Clo utilises artificial intelligence models accessed via third-party APIs, including those provided by OpenAI. Accordingly:

• the AI models are owned and operated by third parties;
• outputs are generated probabilistically;
• Autumn HealthLabs does not guarantee accuracy or completeness of AI outputs.

5.3 AI Conversation Storage & Data Handling

• Conversations may be stored in encrypted form within Autumn HealthLabs’ infrastructure;
• stored conversations are used for continuity, quality assurance, and safety monitoring;
• stored conversation data is not shared with OpenAI beyond real-time processing requirements;
• stored data is not used to train external AI models.

Purpose Limitation & Data Processing Grounds

Information is processed strictly for:

• enabling Platform functionality;
• facilitating user-initiated consultations;
• improving service quality;
• legal and regulatory compliance;
• security and misuse prevention.

Any use beyond the stated purposes is expressly disclaimed.

Data Sharing & Disclosure Framework

Data may be disclosed to:

• independent healthcare professionals upon user initiation;
• payment processors;
• infrastructure service providers;
• governmental authorities under legal mandate.

Autumn HealthLabs does not sell personal data.

Doctor Liability, Data Security & Limitation of Liability

Doctor & Third-Party Liability Disclaimer

Healthcare professionals accessible via Clora operate independently. Autumn HealthLabs does not employ doctors, does not supervise medical services, and does not assume liability for clinical outcomes. All professional responsibility rests solely with the healthcare provider.

Data Security & Residual Risk Acknowledgement

Reasonable technical and organisational safeguards are implemented. Users acknowledge that no digital system is entirely risk-free.

Limitation of Liability

To the maximum extent permitted by law, Autumn HealthLabs disclaims liability for indirect damages, reputational harm, third-party actions, and AI-generated outputs.

Data Retention, Deletion & User Rights

Data is retained as necessary for:

• operational continuity;
• legal obligations;
• audit requirements.

Deletion requests may be denied where retention is legally mandated.

User rights are subject to:

• identity verification;
• legal permissibility;
• operational feasibility.