ReportSense

Privacy Policy

Effective date: 7 May 2026

ReportSense ("we", "our", "us") is committed to protecting your personal and health data. This Privacy Policy explains what data we collect, how we use it, and your rights under India's Digital Personal Data Protection (DPDP) Act 2023.

By using ReportSense, you agree to the practices described in this policy. If you do not agree, please do not use our services.

1. Data we collect

Waitlist data

When you join our waitlist, we collect:

  • Full name
  • Email address
  • Phone number (optional)
  • State of residence (optional)

Account data (when the app launches)

  • Email address and password (via Supabase Auth)
  • Family profile details: name, date of birth, gender, relationship

Health data (when the app launches)

  • Lab report PDFs you upload
  • Extracted parameter values and AI-generated explanations
  • Historical report data for trend tracking

Usage data

  • Device type, browser, and general location (country/state)
  • Pages visited and features used - for improving the product
  • Error logs via Sentry (anonymised where possible)

2. How we use your data

  • To provide the ReportSense service and generate lab report explanations
  • To notify you about the product launch (waitlist) and important updates
  • To improve accuracy of parameter extraction and AI explanations
  • To process payments (Razorpay) for Pro subscriptions
  • To comply with applicable laws and regulations

We will never sell your data to third parties, insurers, employers, or advertisers.

3. Data storage and security

Your data is stored on Supabase (PostgreSQL), hosted on AWS infrastructure in the ap-south-1 (Mumbai) region. All data is encrypted at rest and in transit (TLS 1.2+). Row-level security is enforced - you can only access your own data.

Lab report PDFs are stored in Supabase Storage with access restricted to your account only.

4. Third-party services

We use the following third-party services to operate ReportSense:

  • Supabase - database, authentication, and file storage
  • Anthropic (Claude) - AI processing of lab report content
  • Razorpay - payment processing (we do not store card details)
  • Sentry - error monitoring
  • Vercel - website hosting

Each of these providers has their own privacy policy and data processing terms. Your health data is shared with Anthropic solely for the purpose of generating explanations - it is not used to train their models.

5. Your rights under DPDP Act 2023

As a data principal under India's DPDP Act 2023, you have the right to:

  • Access - request a copy of the personal data we hold about you
  • Correction - request correction of inaccurate or incomplete data
  • Erasure - request deletion of your account and all associated data
  • Grievance redressal - raise a complaint with us or the Data Protection Board
  • Withdraw consent - opt out of data processing at any time (may affect service availability)

To exercise any of these rights, email us at hello@reportsense.in. We will respond within 72 hours.

6. Data retention

Waitlist data is retained until you request deletion or ReportSense permanently shuts down. Account and health data is retained as long as your account is active. Upon account deletion, all personal data and uploaded reports are permanently deleted within 30 days.

7. Children's privacy

ReportSense is not intended for children under 18 as the primary account holder. Family profiles for minors may be created and managed by a parent or guardian.

8. Changes to this policy

We may update this policy as the product evolves. Material changes will be notified via email. Continued use after notification constitutes acceptance.

9. Contact us

For privacy-related questions, data requests, or complaints: