Nahl Technologies

Legal

Privacy Policy

Last updated: April 7, 2026

Nahl Technologies Inc. ("Nahl Technologies," "we," "us," or "our") operates the website nahltech.com and the Hafsa Sastho (হাফসা স্বাস্থ্য) mobile application (collectively, the "Services"). This Privacy Policy explains what information we collect, how we use it, and what rights you have.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.

1. About Hafsa Sastho

Hafsa Sastho is a health information and tracking application designed to assist mothers with postpartum care and early childhood health management. Hafsa Sastho is NOT a medical device and does NOT provide medical advice, diagnosis, or treatment. All health information in the app is for general awareness only. Always consult a qualified healthcare professional for medical decisions.

2. Information We Collect

Information You Provide Directly

  • Account Information: Name, email address, and password when you create an account.
  • Mother's Health Data: Mood, sleep, pain level, bleeding status, breastfeeding information, and Edinburgh Postnatal Depression Scale (EPDS) responses — voluntarily provided through daily check-ins.
  • Baby's Health Data: Name, birth date, gender, feeding logs, sleep logs, diaper logs, growth measurements (weight, height), and vaccine records — voluntarily entered by you.
  • Location (Non-GPS): Division and district selection from a dropdown menu during onboarding. We do NOT collect GPS or precise location data.
  • AI Conversations: Messages you send to the Hafsa AI assistant, and the AI's responses. This includes text and voice input (converted to text before processing).
  • Beta Signup: Name, email address, and optional phone number when you apply to beta test.
  • Contact Form: Name, email address, and your message when you contact us.

Information Collected Automatically

  • Device type and operating system version
  • App usage data: screens visited, features used, session duration
  • Crash reports and error diagnostics
  • AI response feedback (thumbs up/down ratings)
  • Standard server logs including IP address and browser type

Information We Do NOT Collect

  • GPS or precise location data
  • Biometric data (fingerprints, face data)
  • Contacts, photos, or files from your device
  • Data from other apps on your device

3. How We Use Your Information

  • Service Delivery: To operate the app, provide personalized health tracking, generate insights, and power the AI assistant.
  • Health Alerts: To generate vaccine reminders, feeding alerts, postpartum recovery guidance, and health notifications based on data you provide.
  • AI Improvement: AI conversation data with your feedback (thumbs up/down) may be used to improve the AI assistant's responses. This data is anonymized before use in any training or research.
  • Analytics: To understand how the app is used, identify issues, and improve features. Analytics data is aggregated and cannot identify individual users.
  • Research (Anonymized Only): We may use irreversibly anonymized and aggregated data for public health research and partnerships with organizations such as WHO, UNICEF, or academic institutions. This data cannot identify any individual.
  • Communication: To send you product updates, health alerts, and important notices. You may opt out at any time.
  • Legal Compliance: To comply with applicable laws and regulations.

4. How We Store and Protect Your Data

  • Local Storage: Health data is stored locally on your device first (offline-first architecture). The app works without internet connectivity.
  • Cloud Storage: When connected to the internet, data syncs to our cloud database (Supabase) hosted on secure servers. Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • AI Processing: Messages sent to the AI assistant are processed through a secure server-side proxy. Your AI API key is never stored on your device.
  • Row-Level Security: Every database table has row-level security policies ensuring you can only access your own data. No other user can see your information.
  • Retention: We retain your data for as long as your account is active. Inactive accounts are deleted or anonymized after 24 months.

5. Data Sharing

We do NOT sell your personal data. Ever.

We may share data only in these cases:

  • Service Providers: Trusted technology providers (Supabase for database, Anthropic for AI processing) bound by confidentiality agreements.
  • Anonymized Research: Irreversibly anonymized, aggregated data may be shared with health organizations for public health research. No individual can be identified from this data.
  • Legal Requirements: If required by valid legal process or to protect the safety of our users.

6. Third-Party Services

Our Services use the following providers:

  • Supabase — Database, authentication, and cloud storage (supabase.com)
  • Anthropic — AI language model powering the Hafsa AI assistant (anthropic.com)
  • Expo / EAS — App build and distribution (expo.dev)
  • Google Analytics — Website usage analytics (analytics.google.com)
  • Vercel — Website hosting (vercel.com)

Each provider has their own privacy policy. We encourage you to review them.

7. Your Rights

You have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate information.
  • Deletion: Delete your account and all associated data directly from the app (Settings → Delete Account). Upon deletion, all identifiable data is permanently removed within 30 days. Anonymized aggregate data (which cannot identify you) may be retained.
  • Data Export: Request an export of your data in a readable format.
  • Withdraw Consent: Stop future data processing by deleting your account or contacting us.

To exercise any rights, use the in-app settings or contact us at the address in Section 10. We respond to verified requests within 30 days.

8. Children's Privacy

Hafsa Sastho is intended for users aged 18 and above (mothers and caregivers). We do not knowingly collect personal data directly from children. Health data about infants and newborns is provided and managed solely by a parent or legal guardian, and is governed by this policy.

9. Bangladesh Data Protection

This policy is designed to align with the principles of the Bangladesh Personal Data Protection Ordinance (PDPO) 2025, including:

  • Data minimization — we collect only necessary information
  • Purpose limitation — data used only for stated purposes
  • Consent-based processing — you explicitly consent before data collection
  • Right to erasure — you can delete all your data at any time
  • Data breach notification — we will notify affected users if a breach occurs

10. Contact

For questions about this Privacy Policy or to exercise your data rights:

Nahl Technologies Inc.
Indiana, United States
Email: info@nahltech.com
Website: nahltech.com/contact

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via in-app notification or email. The "Last updated" date at the top will reflect the latest revision. Continued use of our Services constitutes acceptance of the updated policy.

© 2026 Nahl Technologies Inc. All rights reserved.