1. Introduction
Axoro Corp ("Axoro", "we", "us", or "our") is a technology company incorporated in India and headquartered in Assam, India. We operate the corporate website at axorocorp.com and provide the following products and platforms: Axoro Clinic (Doctor OS), Axoro Fit (Gym OS), Axoro Campus (Education OS), and FitBharat (consumer health application, powered by Axoro).
This Privacy Policy explains what personal data we collect, why we collect it, how we use it, with whom we share it, and what rights you have over it. It applies to all visitors to our website, users of our products, and anyone who contacts us through any channel.
By using our website or any Axoro product you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our services.
2. Data Controller
The data controller responsible for your personal data is:
For privacy-specific inquiries please use the subject line "Privacy Request — [your name]".
3. Personal Data We Collect
3.1 Website visitors
- Contact-form data: full name, work email address, phone number (optional), company or institution name, area of interest, and free-text message.
- Technical data automatically collected when you browse our website: IP address, browser type and version, operating system, referring URL, pages visited, and time-on-page.
- Cookie and analytics data collected via Google Analytics (GA4) — see Section 7 and our Cookie Policy.
3.2 Axoro Clinic users (clinic staff and patients)
- Healthcare professional profile: name, medical registration number, specialisation, contact details.
- Patient records: demographic data, appointment history, diagnoses, prescriptions, medical notes, billing information. This constitutes special-category (sensitive) health data.
3.3 Axoro Fit users (gym operators and members)
- Gym business data: facility name, address, owner contact details.
- Member profiles: name, contact details, membership tier, attendance records, fitness goals, check-in history.
3.4 Axoro Campus users (institutions and students)
- Institution data: name, address, administrator contacts.
- Student records: name, student ID, academic progress, wellness check-in data, campus activity data.
3.5 FitBharat app users
- Account data: name, email address, date of birth, gender (optional).
- Health and fitness data: daily check-in logs (sleep quality, stress levels, physical activity, nutrition entries), computed performance scores, body metrics if voluntarily provided.
- Device data: device model, operating system version, app version, unique device identifier.
- Usage analytics: in-app event data, feature interactions, session duration.
Health and fitness data collected through FitBharat constitutes sensitive personal dataunder India's Digital Personal Data Protection Act 2023 (DPDP Act) and may qualify as special-category data under GDPR. We process it only with your explicit consent.
4. Legal Bases for Processing
We rely on the following legal bases as applicable under GDPR (EU/UK), CCPA/CPRA (California), India's DPDP Act 2023, and other applicable laws:
| Processing Activity | Legal Basis |
|---|---|
| Responding to contact-form submissions | Legitimate interests (responding to business enquiries); consent where required |
| Sending demo or partnership follow-up communications | Legitimate interests / performance of a contract |
| Providing Axoro Clinic, Axoro Fit, Axoro Campus SaaS products | Performance of a contract |
| Processing FitBharat health data | Explicit consent (you may withdraw at any time) |
| Website analytics (Google Analytics GA4) | Consent (via cookie banner) where required by applicable law |
| Security, fraud prevention, rate limiting | Legitimate interests |
| Compliance with legal obligations | Legal obligation |
5. How We Use Your Personal Data
- To respond to enquiries, demo requests, partnership and investment discussions.
- To provision, operate, maintain, and improve our SaaS products.
- To provide personalised health insights and AI-generated guidance within FitBharat.
- To send product updates, service notifications, and (where consented) marketing communications.
- To monitor and improve website performance, user experience, and content relevance.
- To detect, prevent, and investigate security incidents, fraud, or abuse.
- To comply with applicable laws, regulations, court orders, and governmental requests.
- To enforce our Terms of Service and other agreements.
We do not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes.
8. Data Retention
| Data Category | Retention Period |
|---|---|
| Contact-form submissions | Up to 2 years from last interaction, or until you request deletion |
| SaaS customer account data (Axoro Clinic / Fit / Campus) | Duration of the contract + 7 years (statutory financial record requirements) |
| FitBharat health/fitness data | Until you delete your account or withdraw consent; backups purged within 90 days |
| Website analytics data (GA4) | 14 months (default GA4 data-retention setting) |
| Server and application logs | Up to 90 days for security and debugging purposes |
We may retain data for longer periods where required by law or to resolve disputes and enforce agreements.
9. International Data Transfers
Axoro Corp is based in India. Our service providers (including Google and Resend) may process data in the United States, European Economic Area, or other jurisdictions. Where data is transferred outside of India or the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), adequacy decisions, or binding corporate rules to ensure your data receives an adequate level of protection.
10. Your Data Protection Rights
Depending on your location, you may have the following rights:
All users (including India — DPDP Act 2023)
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data (subject to legal retention obligations).
- Right to Grievance Redressal: Lodge a complaint with our data fiduciary contact or with the Data Protection Board of India once operational.
EU / UK users (GDPR / UK GDPR)
- Right to Restriction: Request restriction of processing in certain circumstances.
- Right to Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw at any time without affecting prior lawful processing.
- Right to Lodge a Complaint: With your local data protection supervisory authority.
California residents (CCPA / CPRA)
- Right to Know: Know what personal information is collected, used, disclosed, or sold.
- Right to Delete: Request deletion of personal information we collected.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale / Sharing: We do not sell or share personal information as defined by CCPA. If that changes, we will provide a "Do Not Sell or Share My Personal Information" link.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, email us at [email protected] with the subject line "Privacy Request — [your name]". We will respond within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before processing your request.
11. Children's Privacy
Our corporate website and B2B SaaS products (Axoro Clinic, Axoro Fit, Axoro Campus) are directed at business professionals and are not intended for individuals under 18 years of age.
FitBharat is a consumer wellness application intended for users who are 18 years of age or older (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13 (or the applicable minimum age). If we become aware that we have inadvertently collected data from a child, we will promptly delete it. Parents or guardians who believe we have collected data from a minor should contact us immediately at [email protected].
12. Data Security
We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:
- Encryption of data in transit (TLS/HTTPS) and at rest.
- Access controls and role-based permissions for internal systems.
- Rate limiting and abuse-prevention mechanisms on our APIs.
- Regular security reviews and vulnerability assessments.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law.
13. Third-Party Links
Our website may contain links to third-party websites, integrations, or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Effective Date" at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website. We encourage you to review this page periodically.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: