Welcome to Nirahyana

NIRIKHYANA PURI is a district-level Digital Maternal and Child Health Monitoring System implemented by the Puri District Swasthya Samiti under the Puri District Administration, Government of Odisha, in partnership with the National Health Mission (NHM), India.

This Privacy Policy governs the collection, use, storage, processing, sharing, and protection of personal data and health information across all components of the NIRIKHYANA PURI ecosystem, including the mobile application (Android), official web portal, SMS notification system, IVR-based communication, and AI-enabled automated calling features.

We are fully committed to protecting the privacy, dignity, and confidentiality of all individuals who interact with this system, including pregnant women (beneficiaries), healthcare workers (ASHA, ANM, HW(F), CHO), USG centre staff, block-level officers, and district administration officials.

This Privacy Policy applies to all users and data subjects who interact with the NIRIKHYANA PURI platform operated under Puri District. It covers:

• The NIRIKHYANA PURI Mobile Application (Android)
• The NIRIKHYANA PURI Official Web Portal — nirikhyanapuri.in
• SMS alert and notification systems
• IVR and AI-based automated voice calling systems
• Administrative dashboard and data management tools
• All data entered, collected, transmitted, stored, or processed through the above

NIRIKHYANA PURI collects only the minimum information necessary for the delivery of public health services under the NHM framework. Data collection is purpose-limited and proportionate.

4.1 Personal Information

• Full name of the beneficiary
• Mobile number (primary identifier for communication)
• Residential address (Ward, Village/GP, Block, District)
• Age and date of birth
• Husband's / guardian's name
• ABHA ID (Ayushman Bharat Health Account) — if available
• HPR ID (Health Professional Registry) — for health workers
• Aadhaar number (optional, as per beneficiary consent)

4.2 Health and Medical Information Sensitive Personal Data

• Pregnancy registration details (date of registration, LMP, EDD)
• Antenatal care (ANC) visit records including ANC 1, 2, 3, 4 details
• Clinical measurements: Haemoglobin (Hb), Blood Pressure (BP), weight, MUAC
• Trimester classification (1st, 2nd, 3rd)
• Ultrasound (USG) examination records, reports, and findings
• Risk classification (Normal / High Risk / Emergency)
• Pre-existing medical conditions and complications
• Doctor's notes, referrals, and prescriptions (where applicable)
• Delivery outcome details and baby birth information
• Post-natal care (PNC) records

4.3 Administrative and Technical Data

• Device type, operating system, and app version
• IP address and network information
• Session logs and app usage patterns
• Login activity and role-based access records
• Crash reports and performance logs
• Audit trail records for all data entry and modifications

4.4 Communication and Feedback Data

• AI call interaction records (call status, responses via DTMF keypad)
• SMS delivery logs
• Feedback responses collected post-USG or health service
• Grievance submission details (name, mobile, block, ward, description)

4.5 Location Data

Location data is collected only when operationally necessary for service delivery and only by authorized health workers. Beneficiaries are not mandated to share live location.

All data collected under NIRIKHYANA PURI is used exclusively for public health service delivery and programme management. The specific purposes include:

• Registration and tracking of pregnant women throughout their antenatal period
• Scheduling and coordination of ANC check-ups and USG examinations
• Identification, monitoring, and follow-up of high-risk pregnancies
• Delivery of SMS notifications, appointment reminders, and health alerts
• Execution of AI-based automated outbound calls for health advisory and feedback
• Assessment of service quality through automated feedback collection post-USG
• Grievance registration and redressal at block and district levels
• Generating analytics and reports for administrative oversight and programme improvement
• Compliance with Government of Odisha and NHM reporting requirements
• Audit, quality assurance, and accountability tracking

Data is processed under the following legal bases:

• Public health mandate under the National Health Mission (NHM) framework
• Government programme execution under Puri District Administration
• State government directives for maternal and child health monitoring
• Informed consent of beneficiaries at the point of registration
• Legitimate government interest for healthcare delivery and service improvement
• Compliance with applicable Indian laws, including the IT Act 2000, SPDI Rules 2011, and DPDPA 2023

NIRIKHYANA PURI deploys advanced automated systems to enhance the reach and quality of maternal health services. These systems operate strictly within the boundaries of service delivery.

7.1 SMS Notification System

SMS alerts are sent to registered mobile numbers for: pregnancy registration confirmation, ANC appointment reminders, USG booking details, high-risk pregnancy alerts, USG completion notification, and grievance status updates. All SMS communications are registered under CDAC DLT with approved templates and Sender IDs.

7.2 AI-Based Automated Voice Calling

The system uses AI-enabled outbound calling for:

• Post-USG feedback collection: calls are initiated to beneficiaries after USG completion to assess service satisfaction via keypad responses (DTMF)
• High-risk pregnancy advisory calls: beneficiaries identified as high-risk receive scripted advisory calls informing them of their status and directing them to health workers
• Missed visit reminders: calls are placed for beneficiaries who have missed scheduled ANC or USG appointments

7.3 Grievance Call Redressal (Non-AI)

Grievances may be collected through the mobile application and are escalated to block officers. Unresolved grievances are automatically escalated to district level after 7 days.

Data may be shared only with the following categories of authorized recipients and solely for healthcare service purposes:

8.1 Government Authorities

• Government of Odisha — Health and Family Welfare Department
• National Health Mission (NHM), India
• Puri District Administration and district health officials
• Block-level health programme officers
• Relevant government audit bodies and regulatory authorities

8.2 Authorized Healthcare Personnel

• ASHA workers and ANMs (restricted to their assigned ward/area only)
• Community Health Officers (CHO) and HW(F) staff
• Doctors and medical officers at government health facilities
• Empanelled USG centre staff (restricted to their facility data only)

8.3 Approved Technical Service Providers

• Cloud infrastructure and hosting providers under government-approved agreements
• SMS gateway providers registered under TRAI and CDAC DLT framework
• AI and voice calling technology vendors under formal contractual obligations

All third-party service providers are contractually bound by confidentiality obligations and data protection requirements. They are prohibited from using data for any purpose beyond their defined service scope.

The NIRIKHYANA PURI platform implements multi-layered security measures in accordance with IT Act 2000, SPDI Rules 2011, and applicable government cybersecurity guidelines:

9.1 Technical Safeguards

• Encrypted data transmission using HTTPS/TLS protocols
• Data encryption at rest on secure server infrastructure
• Role-Based Access Control (RBAC) ensuring each user accesses only their authorized data scope
• Automated session timeout for inactive users
• Comprehensive audit trail: all data entries, modifications, and access events are logged with user ID, timestamp, and action type
• Regular security vulnerability assessment and penetration testing

9.2 Administrative Safeguards

• Designation of a Data Protection Officer (DPO) or equivalent authorized person
• Access provisioning only upon official authorization
• Mandatory data protection training for all system administrators and field users
• Incident response and breach management protocols
• Regular internal audits of data access and usage patterns

9.3 Limitation of Liability

Despite implementing robust security measures, no digital system can guarantee absolute security. The Authority shall not be liable for unauthorized access, data loss, or breaches resulting from events beyond reasonable technical control, including cyberattacks of unprecedented nature. Users are advised to safeguard their login credentials and not share system access with unauthorized individuals.

Data is retained in accordance with Government of Odisha archival policies, NHM data governance guidelines, and applicable Indian laws:

Archived data is stored securely with restricted access and is not used for any secondary purpose without a specific legal or regulatory requirement.

In accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), and applicable government frameworks, users of the NIRIKHYANA PURI system are entitled to the following rights:

Requests for data access, correction, or grievances may be submitted by contacting the designated support channel. Responses will be provided within a reasonable timeframe in accordance with applicable regulations.

NIRIKHYANA PURI handles maternal and child health data which qualifies as Sensitive Personal Data under SPDI Rules 2011. The following safeguards are specifically applied:

• Health and pregnancy data is accessible only to authorized healthcare workers assigned to the respective beneficiary's ward or facility
• No health data is visible to beneficiaries directly through the app; they receive service-related updates only through SMS
• Newborn and child health data is collected by authorized ANM/ASHA staff and treated with the same level of protection as maternal health data
• Risk classification data (high-risk tags) is visible only to authorized healthcare workers and programme administrators, and is not shared with unauthorized parties
• USG reports uploaded to the system are accessible only to the treating health worker and authorized medical officers

NIRIKHYANA PURI provides a structured and time-bound grievance redressal mechanism for all data privacy concerns:

• Beneficiaries or users may submit a grievance through the mobile application or official web portal
• Grievances are first addressed at the block officer level within 7 (seven) working days
• If unresolved within 7 days, the grievance is automatically escalated to the district-level Data Protection Officer or designated authority
• All grievance submissions are acknowledged with a reference number and tracked to resolution

For data privacy specific grievances (such as unauthorized access or data misuse), users may also contact: nirikhyanapuri@gmail.com

The NIRIKHYANA PURI web portal may use session cookies and analytics tools for the following limited purposes:

• Maintaining user session security during administrative dashboard access
• Analyzing website performance and page load metrics
• Improving navigation and user experience for officers accessing the portal

Cookies used on the web portal are strictly non-commercial and non-advertising in nature. No behavioral profiling or cross-site tracking is conducted. Users may manage cookie preferences through their browser settings. Disabling cookies may affect dashboard functionality for administrative users.

NIRIKHYANA PURI may integrate with the following categories of third-party service providers under formal agreements:

• Cloud infrastructure and server hosting providers (Government of India / State-approved cloud services preferred)
• SMS gateway operators registered and compliant with CDAC DLT and TRAI frameworks
• AI voice calling technology providers operating under TRAI-compliant outbound call regulations
• Analytics and system monitoring tools (non-personal data only)

All third-party providers are required to comply with applicable Indian data protection laws and are prohibited from accessing, using, or disclosing NIRIKHYANA PURI data beyond their defined service scope. Users interacting with NIRIKHYANA PURI may also encounter links to external government websites (such as NHM, Odisha Government portals). These external sites have their own privacy policies, and NIRIKHYANA PURI is not responsible for their data practices.

In the event of a confirmed or suspected personal data breach:

• Immediate containment measures will be activated to limit the scope of the breach
• Affected systems will be secured and investigated without delay
• The relevant supervisory authority (CERT-In) will be notified as required under applicable law
• Affected data subjects will be informed if the breach is likely to result in high risk to their rights and freedoms
• A detailed post-incident report will be prepared and submitted to the designated authority within prescribed timelines

The NIRIKHYANA PURI mobile application complies with all applicable Google Play Store policies and requirements:

• Data Safety: All data collection and usage is declared transparently in the Google Play Store Data Safety section. Users are informed of data types collected, purposes, and sharing practices at the time of app installation.
• Permissions: The application requests only those device permissions that are strictly necessary for health service functionality. Excessive or irrelevant permissions are not requested.
• Sensitive Data: Health and medical data collected through the app is classified as Sensitive Personal Data and is handled with the highest level of security in compliance with Play Store policies.
• No Misleading Practices: The application does not contain deceptive functionality, misleading claims, or conduct hidden data collection.
• Advertising: The NIRIKHYANA PURI application does not display advertisements or use data for advertising purposes.
• User Consent: Informed consent is obtained from users at the point of registration and before collection of sensitive data.
• Privacy Policy Link: This Privacy Policy is accessible within the application and on the official website, as required by Google Play Developer Policy.

The Puri District Swasthya Samiti reserves the right to update or modify this Privacy Policy at any time to reflect changes in legal requirements, programme operations, or technological practices. Material changes will be communicated through:

• Updated policy on the official website
• In-app notification to registered users
• Official communication through government channels where appropriate

The policy version date will be updated with every revision. Continued use of the NIRIKHYANA PURI platform following notification of changes constitutes acceptance of the revised policy. Users are advised to review this policy periodically.

While the Puri District Swasthya Samiti implements all reasonable and practicable technical and administrative measures to protect user data, it cannot guarantee absolute data security against all forms of unauthorized access, cyberattacks, or technical failures beyond its control.

This platform is a public health monitoring tool. It does not provide medical diagnosis, treatment, or professional medical advice. All clinical decisions remain the exclusive responsibility of qualified healthcare professionals. AI-based communication systems are advisory and service-oriented only and do not replace medical consultation.

The NIRIKHYANA PURI platform and its Privacy Policy operate under the jurisdiction of the applicable laws of India and the State of Odisha.

By registering for, downloading, installing, or accessing the NIRIKHYANA PURI mobile application, web portal, or any associated service, the user acknowledges that they have read, understood, and agree to the terms of this Privacy Policy including:

• The collection and processing of personal and health data as described herein
• The receipt of service-related SMS notifications and automated communications
• The use of data for programme monitoring, analytics, and government reporting purposes
• The sharing of data with authorized government and healthcare stakeholders as specified