Privacy Policy

Swizton Medtech Pvt. Ltd.
Overview: Swizton Medtech Pvt. Ltd. respects the privacy of users and is committed to protecting personal and health data processed through the HeartIQ Score platform. This policy is aligned with the Digital Personal Data Protection Act, 2023 (India).

1. Introduction

This Privacy Policy (“Privacy Notice”) describes how HeartIQ Score from Swizton Medtech Pvt. Ltd. (referred to as “HeartIQ”, “us”, “we”, “our”) handles Personal Information collected when Users visit our websites, including https://heartiqscore.com/, social media accounts, and other online features (collectively, our “Digital Properties”).

2. Definitions

  • Data Principal: The individual accessing or using the Service, to whom personal data relates.
  • Data Fiduciary: HeartIQ (Swizton Medtech Pvt. Ltd.), which determines the purposes and means of processing personal data.
  • Personal Data: Any information that relates to an identified or identifiable individual, including names, contact details, addresses, and usage data.
  • Health Data: A subset of personal data specifically concerning an individual's physical health information.

3. Categories of Data Collected

HeartIQ may collect the following categories of data:

  • Identity and contact information.
  • Demographic details.
  • Health and lifestyle data (Patient-Generated Health Data).
  • Diagnostic reports (Medical history, Lab results, Imaging reports, Risk factors, etc.).
  • System usage and audit logs (IP address, Device data, Cookies).

4. Purpose of Data Processing

Data is processed strictly for the following purposes:

  • Cardiac risk assessment.
  • Providing personalized risk insights.
  • Care coordination and service delivery.
  • Enabling lab/imaging coordination as requested by the Data Principal.
  • Platform security and fraud prevention.
  • Regulatory compliance.
  • Anonymized research and algorithm improvement.

5. Lawful Basis & Consent

HeartIQ Score processes personal and health data in accordance with the Digital Personal Data Protection Act, 2023.

  • Data is processed only after explicit, informed consent.
  • Consent is obtained digitally prior to registration.
  • Users may withdraw consent at any time, subject to legal obligations.

By using our services, you expressly consent to the collection, use, and sharing of your information as outlined in this Privacy Policy. If you do not agree, you must immediately discontinue use of the services.

6. Data Minimization & Purpose Limitation

  • Only data necessary for stated purposes is collected.
  • Data is not used for unrelated or unauthorized purposes.

7. Data Sharing & Disclosure

Personal data may be shared only with:

  • Authorized laboratories for sample collection (if requested).
  • Registered medical practitioners (if requested).
  • CTA centres for imaging appointments and Radiologists for reporting.
  • Payment providers.
  • Operational services for appropriate care coordination.
  • Government authorities when legally required.

The Data Fiduciary does not sell Personal or Health data to advertisers or external commercial entities.

8. Data Storage & Retention

Data is stored securely within controlled environments. Retention is limited to:

  • Medical necessity.
  • Requirement for service delivery.
  • Algorithm validation.
  • Legal and regulatory requirements.

Users may request deletion as per the DPDPA and internal policy.

9. Data Security Safeguards

We implement industry-standard administrative, technical, and physical security measures, including:

  • Encryption and access controls.
  • Regular security reviews.
  • Audit logs.
  • Role-based permission systems.

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security against all possible threats.

10. Rights of Data Principals (DPDP Act)

Users have the right to:

  • Access their personal data.
  • Request correction or updating of any inaccuracies.
  • Withdraw consent.
  • Request erasure where legally permissible.
  • Lodge grievances.
  • Obtain anonymized summaries.

11. Children’s Privacy

HeartIQ is not intended for individuals under 18. Any data processed for minors shall be collected only with verifiable consent from a parent or legal guardian.

12. Cookies

The platform may use cookies for usage analytics and performance optimization. Where required by law, users will be provided with appropriate notice and choice regarding the use of cookies.

13. Cross-Border Data Transfer

HeartIQ does not generally transfer data outside India. If required (e.g., for algorithm improvement), data transfers will comply with DPDP Act requirements and government-notified restrictions.

14. Grievance Redressal

Swizton Medtech provides a grievance mechanism to address privacy concerns and resolve complaints within reasonable timelines. Data Principals may contact the call centre or operations for any such requests.

15. Policy Updates

We will update this Privacy Notice on an ongoing basis. When we post changes, we will revise the “Last Updated” date. Continued use of HeartIQ Score implies acceptance of the latest version.

© 2026 Swizton Medtech Pvt. Ltd. All rights reserved.