Privacy Policy

This Privacy Policy ("Privacy Policy") describes how HSL Gram Sewa Private Limited, operating under the brand Nest by Oumni (together with its affiliates, group entities, successors, assigns, and permitted transferees, "Nest", "we", "us", or "our"), collects, receives, uses, stores, processes, discloses, transfers, and protects information when you access or use our website, digital tools, forms, content, communications, concierge interactions, programs, and related offerings (collectively, the "Platform").

By using the Platform and/or submitting your information, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your information as described herein, subject to applicable law.

If you do not agree with this Privacy Policy, please do not use the Platform.

1. Scope and Applicability

This Privacy Policy applies to information collected through or in connection with:

• our website and landing pages
• callback and inquiry forms
• assessments, questionnaires, quizzes, and digital tools
• communications via email, phone, SMS, WhatsApp, or similar channels
• concierge, navigation, retreat, and program-related interactions
• payment, scheduling, analytics, CRM, hosting, and related tools used in connection with the Platform

This Privacy Policy does not apply to third-party websites, clinics, hospitals, doctors, labs, therapists, wellness providers, payment gateways, logistics/hospitality partners, or other service providers that may be linked to, integrated with, or referred through the Platform, each of which may operate under its own privacy policy and legal terms.

2. Nature of the Platform

Nest is a platform for education, information, care navigation, concierge support, coordination, and related services. Nest is not a hospital, clinic, emergency service provider, or treating medical provider merely by virtue of your use of the Platform.

If you choose to engage with any third-party provider (including a doctor, clinic, lab, hospital, therapist, or wellness partner), your information may be separately collected and processed by such provider in accordance with their own policies and legal obligations. Nest is not responsible for the independent data-handling practices of such third parties.

3. Categories of Information We Collect

We may collect the following categories of information, depending on how you interact with the Platform:

3.1 Information You Provide Directly

This may include:

• full name
• phone number
• email address
• city, state, or country
• age or age range
• marital/relationship status (if voluntarily provided)
• preferences, interests, and user inputs
• callback/inquiry details and form responses
• communication content (including emails, messages, WhatsApp interactions, and call notes)
• booking, scheduling, and service-related information (if applicable)

3.2 Health, Wellness, and Lifestyle Information (Voluntarily Provided)

If you choose to share it, we may collect limited health- or wellness-related information, including:

• fertility-related goals or concerns
• menstrual/reproductive history (if shared)
• pregnancy/postpartum status (if shared)
• menopause/hormonal concerns (if shared)
• lifestyle habits and wellness preferences
• non-emergency health context shared for navigation or support purposes

Important: Please do not submit highly sensitive, unnecessary, or excessive medical information unless specifically requested through an appropriate and relevant process.

3.3 Technical, Device, and Usage Information

We and/or our service providers may automatically collect:

• IP address
• browser type and version
• device type, identifiers, and operating system
• approximate location (derived from IP or device settings, where available)
• pages viewed, time spent, and navigation paths
• referral source/UTM data
• clicks, scrolls, interactions, and performance data
• cookies, pixels, tags, and similar identifiers

3.4 Information from Third Parties

We may receive information from third-party tools or partners, such as:

• form and scheduling providers
• CRM and communication platforms
• analytics and advertising platforms
• payment processors (limited transaction metadata; not full card details unless explicitly stated)
• partner providers, where you request or authorize coordination

3.5 Aggregated or De-Identified Data

We may aggregate, anonymize, or de-identify the information we collect (so that it no longer identifies you) and use, share, license, or sell such data without restriction or further notice.

4. Purpose of Collection and Use

We may collect and process your information for the following purposes:

• to respond to inquiries and callback requests
• to provide concierge, navigation, and support services
• to generate informational tool outputs, summaries, or assessments
• to personalize your experience and communications
• to coordinate care-navigation requests with third-party providers (where requested/authorized)
• to process bookings, registrations, payments, and scheduling (if applicable)
• to send service-related updates, reminders, and transactional communications
• to send promotional/marketing communications, where permitted by law
• to improve the Platform, services, content, tools, and user journeys
• to monitor usage, analytics, and performance
• to maintain business records and internal operations
• to detect, prevent, investigate, or respond to fraud, misuse, or security incidents
• to enforce our Terms and other legal rights
• to comply with legal, regulatory, contractual, or law enforcement obligations
• to create, use, monetize, license, or sell aggregated, anonymized, or de-identified data derived from your information for any lawful purpose, including commercial, research, advertising, product development, or statistical purposes
• for any other commercial or business purpose permitted by applicable law

5. Legal Basis, Consent, and User Acknowledgements

By submitting information through the Platform, you consent to our collection, processing, storage, and use of your information for the purposes described in this Privacy Policy, to the extent required under applicable law.

Depending on the nature of processing, we may rely on one or more of the following lawful grounds (where applicable):

• your consent
• performance of services requested by you
• compliance with legal or regulatory obligations
• our legitimate business interests (including service delivery, Platform improvement, fraud prevention, security, and business operations), subject to applicable law

You acknowledge and agree that:

• you are voluntarily providing information to us
• you are responsible for the accuracy and completeness of information submitted
• if you provide information on behalf of another person, you are authorized to do so and have obtained any required permissions/consents
• inaccurate or incomplete information may impact our ability to provide support or coordination

You may withdraw consent for certain processing activities (such as marketing communications), subject to legal, technical, and operational limitations.

This Privacy Policy serves as the required notice under the Digital Personal Data Protection Act, 2023. By submitting information or using the Platform, you explicitly consent to the processing of your data (including the creation and commercial use of aggregated or de-identified datasets) for all purposes listed in this Privacy Policy, including future monetization activities. This consent remains valid even if we later sell, license, or transfer such data.

6. Communications and Contact Consent

If you provide your contact details, you consent to receive communications from Nest (directly or through authorized service providers) through:

• phone calls
• SMS
• WhatsApp
• email
• other channels you provide or enable

We may contact you for:

• responding to your inquiry or callback request
• scheduling and service coordination
• reminders and follow-up communications
• sharing information you requested
• service, support, or transactional updates
• marketing or promotional communication (where permitted by law)

You may opt out of marketing communications at any time, but we may still send essential service, transactional, legal, compliance, or security-related communications.

7. Cookies, Analytics, and Tracking Technologies

We and our third-party service providers may use cookies, pixels, tags, SDKs, and similar technologies to:

• operate and secure the Platform
• remember user preferences
• analyze traffic and user behavior
• improve performance and user experience
• measure campaigns and attribution
• support analytics and advertising functions (if used)

You can control cookies through your browser settings or device controls. Disabling certain cookies may affect Platform functionality.

If we use third-party analytics or advertising tools (such as Google Analytics, Meta Pixel, or similar tools), those providers may process data according to their own privacy terms.

8. Sharing and Disclosure of Information

We do not sell your identifiable personal information for monetary consideration except as expressly permitted in this Privacy Policy or with your separate consent.

We may share or disclose your information only in the following circumstances:

8.1 Service Providers and Processors

We may share information with vendors and service providers who support our operations, such as:

• website hosting and infrastructure providers
• form, scheduling, and CRM tools
• communication and messaging platforms
• analytics and attribution tools
• payment processors
• cloud storage, productivity, and support vendors

These service providers are authorized to process information only as needed to provide services to us, subject to contractual, technical, or operational safeguards.

8.2 Third-Party Care, Wellness, and Service Partners

Where you request, authorize, or engage care-navigation/referral support, we may share relevant information with third-party providers (including clinics, hospitals, doctors, labs, therapists, wellness partners, or logistics/hospitality partners) to facilitate your request.

Nest does not control and is not responsible for the privacy, security, legal compliance, or professional practices of such third parties.

8.3 Legal, Regulatory, and Protection Purposes

We may disclose information if we believe in good faith that such disclosure is necessary to:

• comply with applicable law, court order, legal process, or governmental request
• respond to regulatory inquiries or enforcement actions
• protect our rights, users, systems, operations, or property
• investigate fraud, abuse, misuse, or security incidents
• enforce our Terms, contracts, or policies

8.4 Corporate Transactions, Business Transfer, or Sale

In the event of a merger, acquisition, financing, restructuring, insolvency, sale of shares, sale of assets, business transfer, or similar transaction, your information may be shared with and transferred to a prospective or actual purchaser, investor, lender, successor, transferee, or affiliate as part of due diligence or transaction completion.

By using the Platform, you acknowledge and consent to such transfer, assignment, or disclosure, subject to applicable law. Following such transaction, your information may be processed by the successor/transferee in a manner substantially consistent with this Privacy Policy (or as otherwise lawfully notified).

8.5 Data Monetization

We may sell, license, share, or otherwise monetize aggregated, anonymized, or de-identified data (which does not identify any individual) to third parties for any lawful purpose without additional notice or consent. We may also transfer personal data in connection with a business sale, merger, acquisition, or similar transaction (see 8.4).

9. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• respond to inquiries and provide services
• maintain records and service history
• support continuity and follow-up communications
• comply with legal, tax, accounting, regulatory, or contractual requirements
• resolve disputes and enforce rights

Retention periods vary depending on the type of information, the purpose of processing, and applicable legal requirements. We may retain anonymized or aggregated information for analytics, research, security, and service improvement for longer periods. Aggregated or de-identified data may be retained indefinitely for analytics, research, or commercial purposes.

10. Data Security

We implement reasonable administrative, technical, and organizational measures to protect information against unauthorized access, misuse, loss, alteration, or disclosure.

However, no method of internet transmission, digital storage, or system security is fully secure. To the fullest extent permitted by law:

• we do not guarantee absolute security of information
• transmission of information is at your own risk
• you are responsible for using secure devices, networks, and communication channels when interacting with us

In the event of an actual or suspected security incident, we may take steps we deem appropriate, including investigation, containment, remediation, and notification where required by applicable law. While we take reasonable steps to protect your information, no internet transmission or storage method is 100% secure. You acknowledge and accept this risk.

11. Your Rights and Choices

Subject to applicable law, you may have rights to:

• request access to certain personal information we hold about you
• request correction of inaccurate or incomplete information
• request deletion of certain information
• withdraw consent for specific processing activities
• object to or restrict certain processing (where applicable)
• opt out of marketing communications

To submit a request, contact us using the details in Section 17 ("Contact Us"). We may require reasonable verification of identity before processing your request.

We may decline, limit, or defer requests where permitted or required by law, including where such action is necessary for legal compliance, fraud prevention, security, enforcement, or protection of rights of others.

12. Third-Party Links and External Services

The Platform may contain links to third-party websites, forms, scheduling tools, payment pages, clinics, providers, social platforms, or other services.

We do not control and are not responsible for the privacy practices, content, security, or data handling of such third parties. Your use of third-party services is governed by their respective terms and privacy policies. Your use of any third-party services is at your own risk, and we accept no responsibility or liability for their privacy practices, security, or data handling.

13. Cross-Border Data Processing and Transfers

Nest and/or its service providers may process or store information in jurisdictions outside India.

By using the Platform and submitting information, you acknowledge and consent to cross-border transfer, processing, and storage of your information, subject to reasonable safeguards and applicable legal requirements.

14. Children and Minors

The Platform is not intended for direct use by persons under 18 years of age without parental or guardian involvement (where legally permitted). We do not knowingly collect or process data from children under 18 without verifiable parental consent where required by law. If you believe a child's information has been submitted without proper authorization, please contact us, and we will take steps as appropriate under applicable law.

15. Compliance with Indian Law

Nest intends to process information in accordance with applicable Indian law, including relevant requirements relating to information technology, digital data protection, consumer protection, and other sectoral legal obligations, as applicable to the nature of the Platform and services.

Nothing in this Privacy Policy limits or excludes any non-waivable statutory rights available under applicable law.

16. Privacy-Related Disclaimer and Limitation

To the fullest extent permitted by law:

• Nest shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages arising out of or related to privacy, data processing, data breaches, or your use of the Platform
• Nest shall not be responsible for acts, omissions, breaches, downtime, failures, or misconduct of third-party platforms, vendors, healthcare providers, telecom operators, payment processors, analytics providers, or external service partners
• Nest shall not be liable for disclosures, misuse, or unauthorized access resulting from your acts or omissions, including shared devices, insecure networks, wrong contact details, or forwarding of communications by you or persons authorized by you
• We implement reasonable security measures as required by law, but make no representations or warranties (express or implied) that the Platform or your information will be completely secure or free from unauthorized access, loss, or breach; transmission of information and use of the Platform is entirely at your own risk
• We are not liable for any data breach or incident unless it results directly from our gross negligence or willful misconduct

Nothing in this Privacy Policy excludes or limits liability to the extent such exclusion or limitation is prohibited under applicable law.

17. Contact Us

For privacy-related questions, concerns, or requests, please contact:

18. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time. The updated version will be posted on the Platform with a revised "Last Updated" date.

Your continued use of the Platform after the updated Privacy Policy is posted constitutes your acceptance of the revised Privacy Policy. It is your responsibility to review this Privacy Policy periodically.