Decades
PrivacyTermsDPDP

DPDP notice (India)

Last updated: 20 May 2026.

This page is the India-specific part of our privacy story. It is required by the Digital Personal Data Protection Act, 2023 (everyone calls it the DPDP Act). It sits alongside our main Privacy notice.

1. Who is responsible for your data?

Decades is the “Data Fiduciary” for the personal information you give us. That is the DPDP Act's formal way of saying: we are the people responsible. You can reach us at privacy@decades.app.

2. What we use your data for

  • Running the actual service you signed up for — your personal health record, risk scores, screening calendar and library.
  • Running the AI features (the AI Coach, the Lab Decoder) only when you ask them to — once per use, with your consent.
  • Sending you essential service emails (login confirmation, password reset). Marketing emails are sent only if you tick the optional box.

3. What kinds of data we hold about you

  • Who you are: name, email, date of birth, sex, country.
  • Your health information: the answers you give us — habits, screenings, mood and sleep, lab values.
  • Numbers we calculate from your information: the risk scores and the overall Decades score.
  • Technical bits: minimal logs to keep the service running.

4. Our legal basis for processing

We use your data based on the consent you tick at sign-up and each time you use an AI feature. You can withdraw that consent any time, going forward, by deleting your account or simply by not using the AI features.

5. When data leaves India

Your records sit in Mumbai, on servers in India. The one exception is the AI features — when you use the Decades AI Coach or the Lab Decoder, the text or image you send is sent to Google's Gemini API, which is the smart language model we use behind the scenes. Google's servers process that request outside India. If the Government of India later restricts transfers to specific countries under Section 16(1) of the DPDP Act, we will update this notice and you will hear from us in the app.

6. Your rights as a person whose data we hold

  • You can know what is happening with your data — that is the whole purpose of this page and the Privacy notice.
  • You can ask for a copy of your data — go to Settings → Export at any time.
  • You can correct or delete your data — edit your inputs in the app; delete your full account from Settings → Danger zone.
  • You can raise a grievance — if anything feels wrong, email grievance@decades.app. We will write back within 7 days and try to fix it within 30 days.
  • You can nominate someone else to act for you if something happens to you (death, incapacity). Email us to set this up.

7. Children

Decades is for adults — 18 and older. We do not knowingly hold any data about children. If you think a minor has signed up, please tell us and we will delete the account.

8. Keeping your data safe

We use standard industry security — TLS while data is moving and AES while it is stored — plus row-level access controls so nobody (including other Decades users) can read your rows. If a breach affecting your personal data ever happens, we will tell you and the Data Protection Board of India, as the law requires.

9. Grievance officer

Until a dedicated officer is appointed under Section 8(9) of the Act, all grievances are handled by the Decades founding team. Send any concern to grievance@decades.app.