We comply with relevant health and data protection regulations, including:

• India’s Information Technology Act, 2000
• Digital Personal Data Protection Act (DPDP), 2023
• GDPR (for international users)
• HIPAA-aligned practices for handling personal health information

• Hosted on ISO 27001 and SOC 2 certified cloud infrastructure
• Role-based access control (RBAC) to restrict internal access
• 24/7 monitoring for intrusion detection and system vulnerabilities
• Regular vulnerability scans and third-party security audits

• LifeOnPlus services are built on a consent-based architecture:
• Users retain full control over their data
• Explicit consent is obtained before accessing medical reports or sharing with partner labs, doctors, or wellness centers
• Users can revoke data sharing at any time through the app

All partner clinics, Body Recharge Stations, diagnostic centers, and service providers:

• Sign data protection agreements
• Follow standard operating procedures (SOPs) for safe data handling
• Are vetted for compliance with our privacy and security guidelines

All payments made via the LifeOnPlus platform are processed through PCI-DSS compliant gateways ensuring:

• No storage of CVV or full card details on our servers
• OTP-based 2-factor authentication for all transactions

• Regular prompts and educational content on password safety, phishing protection, and consent rights
• Alerts for any suspicious activity or login attempts

In the rare event of a data breach:

• We have a 72-hour response policy
• Affected users will be notified with full transparency
• We coordinate with cybersecurity experts and legal authorities for remediation

In the rare event of a data breach:

• User data is retained only for as long as necessary for service delivery or as required by law
• Users can request account deletion or data anonymization through the app or support portal
• Contact for Security Concern