Privacy Policy

Last Updated: 24th March, 2026

This EarlyFit Privacy Policy (“Privacy Policy”) sets forth how EarlyFit Health Private Limited (“we,” “us,” “our,” or “EarlyFit”) obtains, monitors, and processes Personal Data (as defined below) that we collect in the ordinary course of business. This Privacy Policy is an integral part of our internal control and risk/compliance management system to meet our legitimate needs and is incorporated into our Terms and Conditions.

This Privacy Policy complies with applicable Indian laws, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”). This Privacy Policy applies to users of the Platform as well as other individuals whose personal data may be processed by us in connection with our business operations.

Definitions

Throughout this Privacy Policy, we use the following terms with the meanings ascribed below:

• Platform: Collectively refers to our App and Website.
• Processor: A natural or legal person, or any other entity, that processes Personal Data on our behalf.
• Processing: Any operation or set of operations performed on Personal Data, whether by automatic means or otherwise, such as collection, recording, organization, storage, adaptation, retrieval, use, disclosure, dissemination, alignment, combination, blocking, erasure, or destruction.
• Third-Party: Any natural or legal person, public authority, agency, or entity other than you, us, the Processor, or persons authorized to process Personal Data under our direct authority.
• User or You/Your: Any user or third person to whom the Personal Data relates.
• Personal Data: Information related to an identified or identifiable person, including but not limited to:
  • Your full name, age, date of birth, gender, email address, mobile phone number, mailing address (including city, state, and PIN code), username, password (stored in hashed, encrypted format), subscription plan details, and payment history;
  • Payment method details (e.g., credit/debit card type, last four digits, expiry date, or UPI ID), processed by third-party payment gateways;
  • Technical data such as IP address, browser type/version, device type/identifiers, App version, login data, crash reports, and usage patterns;
  • Communications with us (e.g., emails to support@early.fit, chat messages with Care Team, feedback);
  • Referral program data (e.g., names and emails of referred individuals, with their consent);
  • Medical data, including past/current illnesses, surgeries, chronic conditions, family medical history, allergies, medications, diet, exercise, sleep, stress, tobacco/alcohol use, weight management goals, consultation notes, daily side-effect check-ins, diagnostic blood test results, and e-prescriptions;
  • Data from integrated devices/platforms (with your consent), such as Continuous Glucose Monitors (CGMs), Early smart scale, and third-party fitness trackers (via Apple HealthKit, Google Health Connect);
  • Survey responses for “My Metabolic Print” (e.g., weight loss history, eating habits, health conditions);
  • Food and beverage logs (item names, quantities, nutritional information);
  • Personal Data shared orally during telephone or video calls;
  • Any other information you choose to share with us.

Sensitive Personal Data or Information (“SPDI”): Shall have the same meaning as that under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”).

Any term not defined herein shall have the meaning ascribed in EarlyFit’s Terms and Conditions.

Before disclosing another person’s Personal Data to us, you must obtain their consent for both the disclosure and Processing in accordance with this Privacy Policy.

1. Scope of the Privacy Policy

This Privacy Policy applies to:

• All individuals providing Personal Data to us, including users, associates, job applicants, employees, retirees, contractors, service providers, consultants, advisors, and vendors;
• All methods of contact, including in-person, written, internet, direct mail, telephone, or facsimile;
• All locations where we operate, even where local regulations do not exist.

This Privacy Policy informs all persons of their obligations to protect the privacy of individuals who interact with us and the security of their Personal Data. We will continue to evaluate and adjust our policies to ensure compliance with applicable laws.

You acknowledge that all Personal Data provided to us is accurate, complete, and not misrepresented. We comply with applicable privacy laws, rules, and regulations in all material respects.

Our designated Data Protection Officer is Sagar Khurana, contactable at sagar@early.fit, for privacy-related matters.

2. Collection of Personal Data

We collect your Personal Data through various methods, based on your interaction with our Platform and the consents you provide, as follows:

2.1 Directly from You (User-Provided Data)

• Account Registration and Onboarding: When you sign up for an Account, purchase a subscription plan, and complete onboarding, including medical history questionnaires (e.g., name, gender, age, height, weight, BMI, comorbidities, medications, allergies) and lifestyle assessments (e.g., eating habits, physical activity, sleep, stress).
• Platform Usage and Data Logging: When you use Platform features to log meals, physical activities, body weight, symptoms, side effects, “My Metabolic Print” survey responses, reminders, and profile updates.
• Communications with Care Team: During interactions with doctors, nutritionists, physical therapists, or psychologists via secure in-App chat, audio, or video consultations.
• Support and Feedback: When you contact customer support (e.g., via support@early.fit or the “Help and Support” feature) or provide feedback, reviews, or testimonials.
• Oral Communication: When you provide information during telephone or video calls with Early staff or Care Team members.
• Referral Program: If you participate in the "Invite Friends & Get Rewarded" program, we collect referral information (e.g., names, emails) with their consent.

2.2 From Integrated Devices and Platforms (With Your Authorization)

When you connect and authorize data sharing from:

• Continuous Glucose Monitors (CGMs): Glucose level readings and timestamps.
• Early Smart Scale: Body weight, BMI, body fat percentage, muscle mass, visceral fat, subcutaneous fat, BMR, metabolic age, bone mass, protein mass, and water weight.
• Third-Party Fitness Trackers/Platforms: Via Apple HealthKit, Google Health Connect, or direct integration, including steps, active minutes, calories burned, sleep data, heart rate, blood pressure, blood oxygen levels, and workout details.

2.3 From Your Care Team (Generated During Service Provision)

Care Team members create and record information, including professional notes, consultation observations, assessments, diet/exercise plans, e-prescriptions, and updates to your "Your Journey" record.

2.4 From Laboratory Partners (With Your Authorization)

When you undergo diagnostic blood tests, NABL-accredited (or equivalent) laboratory partners share test results with Early, uploaded to your health record for review by you and your Care Team.

2.5 Automatically Through Technology (Cookies, Analytics)

• Cookies and Similar Technologies: Used to enable essential functionalities, remember preferences, gather analytics, and (if applicable, with explicit consent) deliver personalized content or ads.
• Platform Usage Analytics: Data on features accessed, screens visited, time spent, button clicks, navigation paths, crash reports, and performance data to improve Platform usability.

2.6 Recorded Consultations (Audio/Video)

We may record audio and/or video consultations conducted through our Platform only with your explicit consent, obtained before the consultation begins. These recordings may capture your face, voice, surroundings, and—when medically required—images of your body or body parts (for example, demonstration of medication injection on the stomach or arm).

Recordings are collected for the following limited purposes:

• Ensuring accuracy and continuity of medical care;
• Safety supervision (including medication administration or procedure guidance);
• Quality assurance, training, and operational oversight;
• Legal, regulatory, and dispute-resolution requirements.

All recordings are encrypted, stored securely in accordance with applicable laws, and accessible only to authorized personnel on a strict need-to-know basis. Recordings are retained only for as long as necessary for the purposes stated above or as required by law. If you do not wish to be recorded, you must inform us before the consultation begins, and we will provide alternative options where feasible.

3. Use of Personal Data

We may use your Personal Data, with your explicit consent where required, for the following purposes:

• Manage user registration, account creation, identity verification, and ongoing account management;
• Deliver our medically driven weight loss program, including personalized diet plans, exercise recommendations, and lifestyle coaching;
• Facilitate teleconsultations with Care Team members;
• Using audio/video recordings (only when you have provided explicit consent) to support medical accuracy, safety supervision, quality assurance, and compliance requirements;
• Enable doctors to generate and manage e-prescriptions;
• Track health progress, medication adherence, and provide feedback/support;
• Enable Platform features like reminders, meal logging, activity tracking, “My Metabolic Print,” “My Care Circle,” “My Plan,” “My Progress,” “My Weekly Habits,” and “Your Journey”;
• Coordinate diagnostic blood tests with partner laboratories;
• Facilitate ordering prescribed medications from partner pharmacies;
• Process subscription payments, renewals, cancellations, refunds, and billing inquiries;
• Administer the referral program;
• Send essential transactional/service-related communications (e.g., account activation, appointment reminders, payment receipts);
• Send configured reminders for medication, appointments, and logging activities;
• Respond to queries, feedback, and support requests;
• Send marketing communications (with explicit opt-in consent, withdrawable at any time);
• Analyze usage patterns and technical data to improve user experience and Platform performance;
• Conduct internal research and statistical analysis to enhance program effectiveness;
• Comply with Indian laws, regulations, court orders, or government requests;
• Protect the rights, property, or safety of EarlyFit, users, Care Team, or the public;
• Detect, prevent, investigate, and address fraud, security breaches, or misuse;
• Enforce our Terms and Conditions and other policies;
• Manage recruitment, hiring, and onboarding processes, including evaluation of applications, interviews, and background checks (where permitted by law);
• Administer the employment relationship, including payroll, compensation and benefits, reimbursements, attendance, performance management, training, and career development;
• Comply with applicable labour, employment, tax, and social security laws, including maintenance of statutory records and filings;
• Ensure workplace safety, security, system access control, monitoring of IT systems (in accordance with applicable law and internal policies), and prevention of fraud or misuse; and
• Manage internal operations, including communications, project allocation, audits, investigations, grievance handling, disciplinary actions, and separation/exit processes.

Each category of Personal Data collected under Section 3 is processed only to the extent necessary for the corresponding purposes described in this section.

4. Data Sharing and Disclosure

We do not sell your Personal Data. We may share it only in the following circumstances, with appropriate safeguards towards ensuring that the recipient maintains the same or better level of protection as required under applicable data protection laws, including the SPDI Rules:

• With Your Care Team: Doctors, nutritionists, therapists, and psychologists access relevant Personal Data for personalized consultations, plan adjustments, and progress monitoring, limited to their role-specific needs.
• With Partner Laboratories: Name, contact details, and test requisitions are shared with NABL-accredited laboratories to conduct diagnostic tests.
• With Partner Pharmacies: E-prescription details, name, contact information, and delivery address are shared with licensed pharmacies to dispense and deliver medications.
• With Payment Gateway Providers: Transaction data is shared with providers like Razorpay or Cashfree Payments for secure payment processing.
• With Technology Service Providers: Cloud hosting, database management, and performance monitoring providers process data under our instructions with Data Processing Agreements (DPAs).
• For Aggregated Analytics: Anonymized/aggregated data may be shared with analytics providers to improve services (with DPAs, if engaged).
• For Legal Obligations and Safety: Disclosure may occur to comply with laws, enforce Terms, address fraud/security, or protect rights, property, or safety.
• In Business Transfers: Personal Data may be shared in mergers, acquisitions, or reorganizations, with notification and recipient agreement to protect data.
• With HR, Payroll, and Benefits Service Providers: Personal Data of employees, contractors, and similar individuals may be shared with third-party service providers for payroll processing, benefits administration, insurance, and related services, subject to appropriate contractual safeguards.
• With Professional Advisors: Personal Data may be shared with legal, financial, accounting, or other professional advisors on a need-to-know basis for compliance, audit, or advisory purposes.
• With Explicit Consent: For purposes not covered above, we will seek specific consent, detailing the purpose and data involved.

5. Data Security Practices

We implement reasonable security measures commensurate with the nature of data being processed as well as our business activities in accordance with applicable laws:

• Encryption: TLS 1.2+ for data in transit; AES-256 for data at rest.
• Access Controls: Role-based access, strong password policies, and multi-factor authentication where feasible.
• Recording data is encrypted, and access is strictly limited to authorized personnel on a need-to-know basis.
• Technical Safeguards: Firewalls, intrusion detection, regular security assessments, and secure development practices.
• Administrative and Physical Safeguards: Data protection policies, employee training, confidentiality agreements, secure storage, and disposal procedures.
• User Responsibility: You are responsible for maintaining Account password confidentiality and device security.
• Disclaimer: No transmission or storage method is 100% secure; we strive for commercially acceptable protection but cannot guarantee absolute security.

6. Data Retention

We will retain your Personal Data for as long as is strictly required for the purposes stated in this Privacy Policy or in accordance with applicable laws.

7. Consent

Your explicit consent will be requested separately before any audio or video consultation is recorded. You may decline recording, and where medically feasible, we will provide an unrecorded consultation alternative. Declining recording does not affect access to care unless recording is specifically required for safety, legal, or clinical reasons.

You may withdraw consent at any time via support@early.fit, with comparable ease to giving consent. However, withdrawal of consent may result in our inability to provide certain services, particularly those requiring medical or health-related data.

7.1 User Consent & Communication

Information Collection: You understand that EarlyFit may need to contact you via Email, SMS, RCS, and Voice Calls to provide service updates, security alerts, and communication which may be of interest to you. You can opt out of promotional communication anytime by contacting us.

8. Your Rights

You have the right to:

• Access Personal Data we hold about you, subject to identity verification;
• Seek the redressal of your grievances;
• Withdraw your consent with ease; and
• Request completion, updating, correction, or erasure of Personal Data.

9. Information Provided Orally

Information shared during consultations, whether recorded (with your explicit consent) or unrecorded, may be used to update your medical record and provide services. The collection and processing of such data would be in accordance with applicable data protection laws, including but not limited to the SPDI Rules.

10. Disclosures

We may disclose Personal Data as necessary for purposes outlined in this Privacy Policy, including:

• Government functions related to sovereignty, security, or integrity of India;
• Legal obligations to disclose information;
• Compliance with court orders or judgments;
• Medical emergencies threatening life or health;
• Public health measures during epidemics or threats;
• Safety measures during disasters or public order breakdowns;
• Disclosure to courts/authorities likely to order such disclosure.

11. Access to Personal Data

We ensure Personal Data accuracy and provide reasonable access during normal working hours to update, complete, or correct inaccurate/misleading information upon request, subject to identity verification.

12. Grievance Redressal

• Data Protection Officer: Sagar Khurana, sagar@early.fit, G80, Lajpat Nagar-1, Delhi -110024.
• We acknowledge grievances within a reasonable time and aim to resolve them within one month of receiving your grievance, or as required under applicable laws.

13. Cookies and Tracking Technologies

• Use of Cookies: Cookies, web beacons, pixels, and device identifiers enable core functionalities, remember preferences, gather analytics, and (with explicit consent) deliver personalized content/ads.
• Types of Cookies: Session (expire on browser close) and persistent (remain until deleted or expired) cookies for operations, analytics, and functionality.
• Your Choices: Modify browser settings to decline cookies or receive alerts. Disabling cookies may affect Platform functionality. Refer to browser help documentation for management.

14. Transfer of Personal Data

Currently, all user data is stored and processed on servers in India. If future transfers outside India are contemplated, we will comply with applicable laws, ensuring adequate protection, contractual safeguards, or your explicit consent.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement

15. Updates to this Privacy Policy

We may update this Privacy Policy to reflect changes in data practices or legal requirements. We will notify you via:

• Posting the updated Policy on our Platform with a revised “Last Updated” date;
• Email to your registered address;
• In-App notification.

Your continued use after changes, or affirmative acceptance where required, constitutes agreement to the revised Policy.

16. Children's Privacy

Our services are for individuals 18 years or older. We do not knowingly collect Personal Data from children under 18. If such data is inadvertently collected, we will delete it promptly.

17. Data Breach Notification

In case of a cyber security incident, including a data breach, we will notify affected users as well as the regulators in such form and manner as required under applicable laws.

18. Enforcement

We use a self-assessment approach to ensure compliance, verifying that this Privacy Policy is accurate, comprehensive, prominently displayed, implemented, and accessible. Concerns can be raised via contact information provided, and we will investigate and resolve complaints.

19. Disciplinary Actions

We adopt a zero-tolerance policy for data breaches. Improper or unauthorized access, use, disclosure, alteration, destruction, or loss of Personal Data will result in disciplinary actions, including contract termination.

20. Procedure for Enquiries and Complaints

For corrections, updates, complaints, or questions about this Privacy Policy or our treatment of your Personal Data, contact us at: