Privacy guide

Is your health app safe? What we found on Indian healthcare websites.

Privacy questions for Indian health apps and healthcare sites: trackers, sensitive data, consent, ads and policy gaps.

The simple answer

Health data feels more sensitive because it can reveal symptoms, medicines, appointments, tests, doctors and family conditions. A health website should treat that context with extra care.

The risk grows when health journeys sit beside advertising, analytics, session replay or identity tools. Users may think they are just booking care; the page may be sending signals elsewhere.

What to check

1
Check whether trackers load on appointment or medicine pages.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Look for health, medical or sensitive data language.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Ask whether ad pixels run on health-intent pages.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Check deletion and retention options.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

Medical intent is not ordinary browsing.

State of Privacy treats healthcare pages as especially important because the context itself can be revealing. Even a visit to a health page can say more than a normal shopping click.

What to do next

1
Avoid typing symptoms into random forms.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Use privacy settings and blockers for sensitive searches.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Ask health platforms to explain vendors and retention clearly.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

Is health app data sensitive?

Yes. Health-related data and context can be sensitive and should be handled carefully.

Can health apps use ads?

They may use marketing tools, but sensitive contexts need stronger disclosure and purpose limits.

What should I check first?

Check what data is collected, whether trackers load, and how to delete account or health records.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience