Cookie Policy

Introduction

Curefleet Technologies Private Limited ("Curefleet", "Company", "we", "us", or "our") operates a healthcare technology platform and healthcare services aggregator that helps users discover and access doctors, clinics, hospitals, ambulance providers, diagnostic centres, pharmacies, home healthcare providers, vaccination providers, and other third-party healthcare vendors (collectively, "Healthcare Partners") through our website, web application, and mobile applications (collectively, the "Platform").

This Cookie Policy describes how we use cookies, web beacons, software development kits (SDKs), local storage, and other tracking technologies (collectively, "Cookies" or "Tracking Technologies") when you visit or interact with the Platform, what information these technologies collect, why we use them, and how you can exercise control over them.

This Cookie Policy forms an integral part of, and should be read together with, the Curefleet Privacy Policy and the Curefleet Terms of Service. Where any term is defined in the Privacy Policy and not separately defined here, that definition shall apply equally to this Cookie Policy. In the event of any conflict between this Cookie Policy and the Privacy Policy specifically in relation to cookies and tracking technologies, this Cookie Policy shall prevail to the extent of such conflict.

This Cookie Policy applies to all visitors, users, registered patients, caregivers, Healthcare Partners, and other persons who access or use the Platform (collectively, "you" or "User"), regardless of whether you have created an account with us.

This Cookie Policy is governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 and the rules framed thereunder ("IT Act"), and other applicable data protection and privacy laws in force from time to time (collectively, "Applicable Law").

Definitions

For the purposes of this Cookie Policy, the following terms shall have the meanings set out below, unless the context requires otherwise. Capitalised terms used but not defined herein shall have the meaning assigned to them in the Privacy Policy or the Terms of Service, as applicable.

What Are Cookies

A cookie is a small text file that a website or application places on, or retrieves from, your computer, smartphone, tablet, or other device when you visit it. Cookies allow the site or app to recognise your device, remember information about your visit, and operate certain features correctly.

Cookies are typically stored by your web browser and are sent back to the originating server, or to a different server that the cookie belongs to, on subsequent visits. A cookie usually contains: the name of the server it came from, an expiry date (if persistent), a randomly generated unique identifier, and any other value the issuing server has chosen to store.

In addition to traditional browser cookies, we and our service providers also use related technologies that perform a similar function, including:

• Web beacons / pixel tags — tiny transparent graphic images embedded in web pages or emails that indicate a page was viewed or a message was opened.
• Software Development Kits (SDKs) — pieces of code embedded in our mobile applications that allow us, or our service providers, to collect device and usage information.
• Local storage and session storage — browser-based storage mechanisms (such as HTML5 local storage) that allow larger amounts of data to be stored on your device than traditional cookies.
• Device and advertising identifiers — identifiers generated by your mobile operating system (such as an Android Advertising ID or an iOS Identifier for Advertisers) that can be used in a manner similar to a cookie.

For convenience, this Cookie Policy refers to all such technologies collectively as "Cookies", except where we specifically distinguish between them.

Why We Use Cookies

We use Cookies for a range of purposes necessary to operate a reliable, secure, and user-friendly healthcare aggregation platform. Broadly, we use Cookies to:

• Operate the Platform — enable core functionality such as page navigation, account login, and access to secure areas of the Platform.
• Maintain security — detect and prevent fraud, unauthorised account access, scraping, and other malicious or abusive activity.
• Remember your preferences — such as language, location, saved Healthcare Partners, and display settings, so you do not need to re-enter them on each visit.
• Facilitate healthcare services — support functions such as appointment booking, doctor consultations, ambulance dispatch requests, pharmacy orders, and diagnostic test bookings.
• Measure and improve performance — understand how the Platform is used, identify errors, and improve loading speed, navigation, and overall usability.
• Understand usage patterns — through aggregated and, where required, anonymised or pseudonymised analytics, to inform product and service improvements.
• Communicate with you — including, where you have consented, to measure the effectiveness of service-related notifications and communications.

We do not use Cookies to make automated decisions that produce legal effects concerning you or that significantly affect you, except as may be strictly necessary for fraud prevention and security purposes, and subject always to Applicable Law.

Types of Cookies We Use — Overview

We classify the Cookies used on the Platform into the categories summarised below. Each category is explained in further detail in the sections that follow.

Table 1 — Summary of cookie categories used on the Platform. Detailed cookie-level tables appear within each section below.

Essential Cookies

Essential Cookies are strictly necessary for the Platform to function and cannot be switched off in our systems. They are typically set only in response to actions taken by you that amount to a request for services, such as logging in, setting privacy preferences, or filling in a booking form.

You may block or delete Essential Cookies through your browser settings; however, doing so is likely to prevent core parts of the Platform — including login, secure checkout, and appointment booking — from functioning correctly.

Functional Cookies

Functional Cookies enable the Platform to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages.

• Remembering your preferred language, city, or service area.
• Remembering previously searched Healthcare Partners, specialities, or service categories.
• Pre-filling certain non-sensitive form fields to reduce repetitive data entry.
• Storing your accessibility preferences, such as text size or contrast settings.

If you do not allow these Cookies, some or all of these personalised features may not operate correctly, and certain preferences may need to be re-entered on each visit.

Performance Cookies

Performance Cookies collect information about how visitors use the Platform — for instance, which pages are visited most often, how long pages take to load, and whether users encounter error messages. These Cookies do not collect information that directly identifies a visitor; all information collected is aggregated and used solely to improve how the Platform functions.

We use Performance Cookies to identify slow-loading pages, diagnose technical errors during appointment booking or payment flows, and prioritise engineering fixes that improve reliability of the Platform for all users.

Analytics Cookies

Analytics Cookies help us understand how Users discover, navigate, and engage with the Platform, so that we can improve our services over time. These Cookies may be set by us (first-party analytics) or by third-party analytics providers acting on our instructions (see Section 17).

Information collected through Analytics Cookies typically includes pages visited, time spent on the Platform, navigation paths, referring websites, search terms used within the Platform, and general interaction patterns such as clicks or scroll depth. Where feasible, this information is aggregated or pseudonymised before being used for analysis.

Security Cookies

Security Cookies help us identify and prevent security risks, including attempted unauthorised access to accounts, credential-stuffing attacks, bot traffic, and other malicious activity directed at the Platform.

These Cookies may record signals such as device fingerprint characteristics, login attempt patterns, and risk scores associated with a session. Security Cookies are treated as Essential Cookies for the purposes of this Policy and cannot be disabled, as doing so would materially compromise the safety of patient accounts and Healthcare Partner accounts.

Authentication Cookies

Authentication Cookies confirm that you are logged in and that your session is valid, allowing you to move between pages of the Platform — for example, from your dashboard to a doctor's profile to a booking confirmation page — without being repeatedly asked to log in.

Authentication Cookies typically store an encrypted or tokenised session identifier rather than your password or other credentials in plain text. If an Authentication Cookie is deleted or expires, you will be required to log in again to access your account.

Session Cookies

Session Cookies are temporary Cookies that remain on your device only until you close your browser or application, or until your session otherwise ends (such as through logout or inactivity-based expiry). They are used to support continuity during a single visit — for instance, retaining items in an in-progress appointment booking flow as you move between steps.

Persistent Cookies

Persistent Cookies remain on your device for a defined period after you close your browser or application, or until you delete them manually. They are used to recognise your device on return visits, remember your cookie consent choices, and support functions that should persist across sessions, such as remaining logged in on a trusted device or remembering your preferred service location.

Persistent Cookies set by the Platform are generally set to expire within a period of 1 to 24 months, depending on their purpose, and will not be renewed indefinitely without a further interaction from you.

Preference Cookies

Preference Cookies allow the Platform to remember choices you make — such as your preferred city or service area, language, currency display, or notification settings — to provide a more tailored experience on subsequent visits. Preference Cookies are generally categorised as Functional Cookies for the purposes of the Cookie Preference Centre described in Section 35.

Third-Party Cookies

Certain features on the Platform are provided by third parties, and these third parties may set their own Cookies on your device when you interact with such features. We do not control the content or operation of Third-Party Cookies, and the information they collect is subject to the privacy and cookie practices of the relevant third party, not this Cookie Policy.

Categories of third parties that may set Cookies on the Platform include, without limitation:

• Cloud hosting and content delivery network providers;
• Web and mobile analytics providers;
• Payment service providers and payment gateways;
• Customer support and live-chat tool providers;
• Security, fraud-detection, and bot-mitigation providers;
• Mapping and location-services providers used for ambulance dispatch and clinic discovery; and
• Any future technology partners we may engage to support or improve the Platform.

Advertising Technologies

As of the Effective Date of this Cookie Policy, Curefleet does not knowingly use third-party advertising Cookies to serve targeted or retargeted advertisements to Users based on their activity on the Platform. Should we introduce advertising technologies in the future, we will update this Cookie Policy accordingly and, where required under Applicable Law, seek your prior consent before deploying such technologies.

If advertising technologies are introduced, they may involve providers that use Cookies or similar identifiers to measure the performance of advertising campaigns and to limit the number of times you see a particular advertisement. Any such use will be disclosed through an updated version of this Cookie Policy and made manageable through the Cookie Preference Centre referenced in Section 35.

Analytics Providers

We may engage reputable third-party analytics providers to help us understand Platform usage and improve our services. These providers act as our processors / data processors and are contractually restricted from using information collected on our behalf for their own independent purposes, except as disclosed in their respective privacy policies.

Analytics providers we use, or may use, from time to time may include web and mobile analytics platforms (such as Google Analytics, described separately in Section 18), crash-reporting and diagnostics tools, and product-analytics platforms used to understand feature adoption.

Google Analytics Disclosure

The Platform may use Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses Cookies to help us analyse how Users use the Platform. The information generated by these Cookies (including your truncated or pseudonymised IP address, where applicable) may be transmitted to and stored by Google on servers, potentially located outside India, including in the United States.

Google will use this information for the purpose of evaluating your use of the Platform, compiling reports on Platform activity, and providing other services relating to Platform activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

You may opt out of Google Analytics tracking by adjusting your preferences in our Cookie Preference Centre (Section 35), through your browser settings (Section 36), or by installing the Google Analytics Opt-out Browser Add-on made available by Google. Use of Google Analytics is also governed by Google's own privacy policy.

Device Information Collection

Cookies and related technologies may collect certain information about the device you use to access the Platform, including device type, operating system and version, unique device identifiers, hardware model, screen resolution, and general device settings relevant to displaying the Platform correctly.

This information is used principally to ensure the Platform renders correctly on your device, to diagnose technical issues, and to support fraud-prevention and security functions described in Section 32.

Browser Information Collection

We, and our service providers, may collect information about the browser you use to access the Platform, including browser type and version, browser language settings, time zone setting, and certain browser configuration details. This information helps us ensure compatibility, troubleshoot display issues, and detect anomalous or automated (bot) traffic.

IP Address Collection

Your Internet Protocol ("IP") address is automatically collected when you access the Platform. We use IP address information to approximate your general geographic location (for example, to show nearby Healthcare Partners or dispatch the nearest available ambulance), to support network and security diagnostics, and to detect and prevent fraudulent or abusive activity.

Where required under Applicable Law or where feasible for the relevant purpose, IP addresses may be truncated, hashed, or otherwise processed to reduce identifiability before being used for analytics purposes.

Log Data Collection

Our servers automatically record certain information in log files when you use the Platform ("Log Data"), which may include your IP address, browser type, the page or feature accessed, the date and time of access, referring and exit pages, and, in the event of errors, diagnostic information about the error.

Log Data is used for security monitoring, fraud detection, technical troubleshooting, and capacity planning, and is retained in accordance with Section 38 (Data Retention).

Mobile Device Technologies

Where you access the Platform through our mobile applications, we and our service providers may use mobile-specific technologies in addition to, or instead of, traditional browser cookies, including:

• Mobile advertising identifiers (such as Android Advertising ID or Apple's IDFA), where permitted by your device settings;
• Push notification tokens, used to deliver service-related alerts such as appointment reminders or ambulance status updates, where you have enabled notifications;
• In-app analytics SDKs, used to understand feature usage and diagnose crashes within the mobile application; and
• Device permissions data (such as location or camera access status), used solely to enable features you have specifically authorised, such as live ambulance tracking or document upload for diagnostic reports.

You can manage most mobile device technologies through your device's operating system settings, including limiting ad tracking, resetting advertising identifiers, and revoking specific app permissions.

Pixels and Similar Technologies

We may use web beacons or pixel tags within the Platform and in service-related email communications. These small graphic elements allow us to determine whether an email has been opened or a particular page has been viewed, helping us understand engagement with appointment confirmations, reminders, and other service communications.

Pixels used in transactional and service emails (such as appointment confirmations) are necessary for confirming delivery and are treated as Essential for the purpose of this Policy. Pixels used in optional marketing communications, where sent, may be disabled by opting out of such communications.

Local Storage Technologies

In addition to traditional cookies, the Platform may use browser-based local storage and session storage (such as HTML5 localStorage and sessionStorage) to store larger amounts of data on your device, such as a partially completed booking form, draft messages to a Healthcare Partner, or cached content to improve load times.

Local storage data is generally not transmitted automatically with every request to our servers (unlike traditional cookies) but remains accessible to the Platform when you return. You may clear local storage data through your browser's site-data or privacy settings.

Healthcare Platform Functionality Cookies

Given the nature of our services, certain Cookies are specifically used to support healthcare-related functionality on the Platform. These Cookies are designed to make the experience of finding and booking healthcare services smoother and safer, and are described in further detail in Sections 27 to 31 below.

Appointment Booking Cookies

When you search for or book an appointment with a doctor, clinic, or hospital through the Platform, Cookies may be used to: retain your search filters (such as speciality, location, or available time slots); maintain the state of a multi-step booking flow as you move between screens; and temporarily reference a booking-in-progress so that, if interrupted, you can resume without losing previously entered information.

These Cookies typically store a booking-session reference identifier rather than clinical details, and expire shortly after the booking is completed, abandoned, or after a defined period of inactivity.

Doctor Consultation Cookies

Where the Platform facilitates online or tele-consultations with doctors, Cookies may be used to maintain the security and continuity of the consultation session — for example, verifying that you are the authenticated patient joining a scheduled consultation, maintaining connection state during a video or chat consultation, and supporting post-consultation feedback or rating prompts.

Consultation content itself (such as clinical notes, prescriptions, or chat transcripts) is handled through secure backend systems described in our Privacy Policy, and is not stored within browser Cookies.

Ambulance Booking Cookies

Given the time-sensitive nature of ambulance requests, Cookies and related technologies may be used to: maintain an active ambulance-request session so that dispatch status can be tracked in real time; support live location sharing that you have explicitly enabled for the purpose of ambulance tracking; and retain recently used pickup locations to speed up future requests, where you have permitted this.

We treat ambulance-request session continuity as a safety-critical function. Disabling Essential Cookies may prevent successful submission or tracking of an ambulance request.

Pharmacy Service Cookies

Where the Platform facilitates ordering of medicines or other pharmacy products through partner pharmacies, Cookies may be used to maintain your shopping cart or order-in-progress, remember a previously used delivery address for convenience (subject to your preferences), and support order-tracking functionality after an order is placed.

Prescription documents and related clinical details, where uploaded, are stored through secure document-management systems described in the Privacy Policy and are not stored as cookie data.

Diagnostic Service Cookies

Where the Platform facilitates booking of diagnostic tests or sample collection through partner diagnostic centres or laboratories, Cookies may be used to retain selected test packages or panels during the booking flow, remember a previously selected diagnostic centre or collection slot, and support order- and report-status tracking once a booking is confirmed.

Diagnostic test reports and results are made available through secure, access-controlled areas of the Platform and are not stored within browser Cookies.

Fraud Prevention Technologies

We use Cookies and related technologies to help detect and prevent fraud, abuse, and misuse of the Platform, including fraudulent bookings, fake Healthcare Partner profiles, payment fraud, account takeover attempts, and automated scraping of Platform content.

These technologies may analyse signals such as device characteristics, behavioural patterns (for example, unusually rapid form submissions), and historical risk indicators associated with a session, in order to assign a risk score and, where appropriate, trigger additional verification steps.

Fraud-prevention Cookies are treated as Essential for the purposes of this Policy, given their role in protecting Users, Healthcare Partners, and the integrity of the Platform, and cannot be disabled through the Cookie Preference Centre.

Security Monitoring Technologies

In addition to fraud-prevention measures, we use Cookies and related technologies to monitor the Platform for security threats, including distributed denial-of-service (DDoS) attempts, malicious bot traffic, vulnerability scanning attempts, and unauthorised access attempts to administrative or Healthcare Partner systems.

Information collected for security-monitoring purposes is accessed on a restricted, need-to-know basis and retained in accordance with Section 38 (Data Retention) and our internal information-security policies.

Consent Management

Where required under Applicable Law, we obtain your consent before placing non-essential Cookies (such as Functional, Performance, and Analytics Cookies) on your device. Essential Cookies, including Security and Authentication Cookies, do not require consent as they are strictly necessary to provide the Platform and the services you request.

On your first visit to the Platform, you will generally be presented with a cookie banner or notice allowing you to accept all non-essential Cookies, reject all non-essential Cookies, or customise your preferences by category through the Cookie Preference Centre described in Section 35. Your choices are recorded and will be respected for future visits, subject to renewal as described below.

You may withdraw or modify your consent at any time, with effect from the time of withdrawal, by accessing the Cookie Preference Centre. Withdrawing consent will not affect the lawfulness of any processing carried out before such withdrawal. Where you do not make an active choice, only Essential Cookies will be set, in accordance with applicable consent requirements.

Cookie Preferences

You can review and update your Cookie preferences at any time using our Cookie Preference Centre. The Preference Centre allows you to toggle non-essential Cookie categories on or off and to view illustrative examples of the Cookies within each category.

Essential Cookies, including those covering security and authentication, cannot be disabled through the Preference Centre as the Platform cannot function safely without them. Changes you make in the Preference Centre take effect immediately for future page loads and are stored for up to 12 months, or until you change them again, whichever is earlier.

Browser Controls

Most web browsers allow you to control Cookies through their settings, including viewing the Cookies stored on your device, deleting some or all Cookies, and blocking Cookies from some or all websites. You can typically find these controls in the "Settings," "Privacy," or "Security" section of your browser.

• Google Chrome: Settings → Privacy and security → Cookies and other site data.
• Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data.
• Apple Safari: Preferences → Privacy → Manage Website Data.
• Microsoft Edge: Settings → Cookies and site permissions.

Third-Party Opt-Out Methods

In addition to browser-level controls and our Cookie Preference Centre, certain third-party providers offer their own opt-out mechanisms:

• Google Analytics — Google Analytics Opt-out Browser Add-on, available from Google.
• Mobile advertising identifiers — "Limit Ad Tracking" (iOS) or "Opt out of Ads Personalization" (Android) settings within your device's privacy settings.
• Industry opt-out platforms — where applicable, self-regulatory advertising opt-out portals operated by digital advertising industry bodies.

These opt-out mechanisms are operated and controlled by the relevant third parties, not by Curefleet, and we do not guarantee their continued availability, accuracy, or effectiveness.

Data Retention

Information collected through Cookies is retained only for as long as reasonably necessary to fulfil the purposes described in this Cookie Policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements, after which it is deleted, anonymised, or aggregated such that it no longer identifies you.

Table 2 — Indicative retention periods. Actual durations may vary based on the specific Cookie, security requirements, and Applicable Law.

International Data Transfers

Some of our service providers, including certain cloud hosting, analytics, and security providers, may process information collected through Cookies on servers located outside India. Where such cross-border transfer occurs, we seek to ensure that appropriate contractual and technical safeguards are in place, consistent with the requirements of the DPDP Act and other Applicable Law.

As permitted under the DPDP Act, Curefleet may transfer Personal Data collected via Cookies to countries or territories outside India, except where the Central Government has, by notification, restricted such transfer. We will update this Cookie Policy if our cross-border data transfer practices change materially.

Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in the Cookies and similar technologies we use, changes in Applicable Law, or changes to our business and the Platform, including the addition of new Healthcare Partner categories or third-party service providers.

Where changes are material, we will provide notice through the Platform, by updating the "Last Updated" date at the top of this Cookie Policy, or, where required under Applicable Law, by seeking your renewed consent before applying the change. We encourage you to review this Cookie Policy periodically. Continued use of the Platform following the posting of changes constitutes your acceptance of the updated Cookie Policy, to the extent permitted by Applicable Law.

Contact Information

If you have any questions, concerns, or requests regarding this Cookie Policy or our use of Cookies and similar technologies, please contact us using the details below.

For requests relating to your rights as a Data Principal under the DPDP Act in respect of Personal Data collected via Cookies, please refer to the Grievance Redressal and Data Principal Rights sections of our Privacy Policy, which apply equally to Cookie-related data.