Effective Date: 18 August 2025
Entity: Blood Warriors Foundation (“Blood Warriors,” “we,” “us,” “our”)
Scope: This Privacy Policy applies to our websites, mobile apps, WhatsApp/other chat interfaces, AI chatbot(s), communications, and any services or features we offer (collectively, the “Platform”).
We do not treat browsing alone as consent to this Privacy Policy. We ask you to accept our Terms and Privacy Policy before sign-in, registration, or other personal data collection.
1) Key Principles We Follow
- Transparency: We explain what we collect, why we collect it, how we use it, and your choices.
- Purpose Limitation: We only use data for clear, legitimate purposes described here.
- Data Minimization: We collect the minimum information needed to operate and improve the Platform.
- Security: We apply reasonable safeguards appropriate to the nature of data.
- User Control: We provide options to access, update, delete, and control certain uses (e.g., leaderboards).
2) What We Collect
We collect information in three main ways: (A) you provide it, (B) it’s generated through your use of the Platform, (C) it is submitted for public amplification (emergency requests).
A. Information You Provide
- Account & Profile Data: Name, mobile number, email, location, date of birth/age, and other contact details.
- Health & Donation/Transfusion Data (Sensitive): Blood group/type, donation history and eligibility intervals, transfusion schedules/history, test results (including HPLC), notes required to safely coordinate donations and transfusions.
- Minor Patients (via Guardian): If a patient is under 18, a parent/legal guardian provides their own contact details to operate the account on the minor’s behalf.
- Nonprofit toolkit inputs: If you use free nonprofit tools (for example the organizational capacity check-in), we store your responses, organisation details, generated reports, invite responses, and related metadata so you can save progress and access results over time.
- Consent & Preference Records: e.g., your consent for leaderboard visibility; communication preferences; any opt-outs.
- Emergency Request Submissions: Content, attachments, names, contact numbers, medical needs, location, and any other details you submit for public amplification.
B. Information Generated Through Use
- AI Chatbot Conversations: Content of your chats, intents, fallbacks, session metadata (timestamps, language, approximate geolocation if shared by you), and interaction outcomes (e.g., whether a suggestion was useful). We store and analyze these to diagnose misunderstandings, fix “fallback loops,” improve accuracy, and enhance user experience across the Platform.
- Device/Technical Data: IP address, device and browser type, OS version, app version, log files, diagnostic crash data, and cookie/SDK signals required for security, performance, and core functionality.
- Usage & Interaction Analytics (First-Party): Pages/screens viewed, clicks, features used, and time spent. We collect these only after you accept optional analytics cookies in the banner, or when you use features that record share funnel events with the same consent.
C. Public Amplification Inputs (Emergency Requests)
When you ask us to amplify an emergency blood request, you submit information that we store and then publish publicly (e.g., social media, our website, or community channels) purely to increase outreach and speed.
3) What We Do Not Collect or Use
- We do not record government ID numbers unless you voluntarily share them; if you do, we may redact or delete them.
- We do not enable third-party advertising cookies or sell, rent, or trade your personal information.
- We do not ingest third-party data broker lists.
4) How We Use Information
We use information strictly for:
- Core Operations: Matching donors and patients; planning/scheduling donations; coordinating with patients/guardians; sending confirmations, reminders, and updates.
- Safety & Eligibility Coordination: Managing donation intervals and suitability based on information you provide.
- AI Chatbot & Platform Improvement: Debugging and improving conversation flows, reducing fallback loops, and making the Platform more helpful.
- Communications: Service notices, operational alerts, and relevant updates (email/SMS/WhatsApp/in-app).
- Impact Measurement (Aggregated/De-identified): We may produce anonymous statistics (e.g., number of donors, number of bridges) without identifying individuals.
- Security & Abuse Prevention: Fraud prevention, rate limiting, and incident diagnostics.
- Compliance with Requests Properly Addressed to Us: Such as responding to valid safety or emergency disclosure requests per our internal process.
5) Our Sharing & Disclosure Position (Very Limited)
We do not share user personal data with anyone else for their own purposes. Specifically:
- No commercial sharing.
- No third-party advertising.
- No sale of data.
The only types of disclosure we make are:
- Emergency Public Amplification (You Ask Us To): We publish the emergency request content you submit (which may include personal information) to maximize outreach. Once public, others may further share it beyond our control; responsibility for content and permissions remains with the submitter.
- Leaderboards (Optional Name Display): We may display donor names only for recognition on leaderboards; you can opt out anytime on your profile.
- At Your Direction: If you explicitly ask us to share or forward information (e.g., connecting you to a specific donor/patient).
- To Protect Rights or Safety / Legitimate Requests: If we reasonably believe it’s necessary to prevent harm or respond to properly scoped, good-faith requests (e.g., substantiated safety emergencies), following our internal review process.
Other than the above, we do not disclose personal data.
6) Your Choices & Controls
- Profile & Account: View, correct, or delete profile information from your account settings or by contacting us.
- Leaderboard Opt-Out: Toggle off your name display on leaderboards at any time.
- Emergency Posts: You may request correction or takedown of emergency posts you submitted; we will action reasonable requests on a going-forward basis (note: we cannot control prior third-party reshares).
- Communications: Opt out of non-essential messages while continuing to receive essential service communications.
- Chat History & AI Improvement: You may request deletion of specific chat threads; you may also ask us to exclude your conversations from future model improvements where feasible (some usage may remain for safety or diagnostics).
7) Children & Minor Patients
- The Platform is intended for adults (18+) except where a parent or legal guardian uses it on behalf of a minor patient.
- We rely on your representation that you are (i) at least 18, or (ii) a parent/legal guardian acting for a minor patient. We do not independently verify ages or moderate this.
- If we learn that an account was created by a non-adult without a guardian, we may disable or restrict the account and request a guardian to manage it.
8) Cookies & Local Storage
We use first-party cookies/local storage and similar technologies for:
- Security and session continuity;
- Language/UX preferences;
- First-party analytics to improve functionality.
- We do not use third-party ad cookies. You can manage cookies via your browser/app settings; disabling essential cookies may limit functionality.
9) Data Retention
- Account & Core Records: Retained while your account is active; if you delete your account, we generally delete or de-identify within a reasonable period, subject to limited operational or safety needs (e.g., preventing duplicate abuse).
- AI Chatbot Logs: Retained for improvement and diagnostics; we target a practical retention window (e.g., up to 60 months) and may keep anonymized aggregates longer.
- Emergency Requests (Public): Kept as posted; upon your takedown request, we’ll remove/mark private on our channels going forward (cannot control external reshares).
- Backups/Archives: Time-limited, rolling backups for disaster recovery.
10) User-Generated Content & Public Areas
Content you post or submit for public sharing (e.g., emergency requests; leaderboard recognition) becomes visible to others and may be reshared or archived by third parties beyond our control. You are solely responsible for such content and for obtaining any permissions required to publish it.
11) International Access
Users may access the Platform from different places. Your information may be stored in infrastructure we manage for the Platform. By using the Platform, you consent to this storage and processing location arrangement.
12) Third-Party Links
Our channels may link to third-party sites or embeds. We are not responsible for their practices; please review their policies before engaging.
13) Contact Us
For privacy questions, access/deletion requests, or leaderboard/emergency takedowns, contact us via the Contact Us page on bloodwarriors.in
14) Changes to This Policy
We may update this Privacy Policy from time to time. If changes are material, we will provide a prominent notice on the Platform or by email before they take effect. Your continued use after the effective date constitutes acceptance.
Leaderboard and communication preferences
If you opt in to our public donor leaderboard, we display a masked version of your name, your donation count as recorded in our systems, and a broad location (for example area or state from your profile or pincode). We do not display your full name, phone number, or email on the leaderboard.
We store the fact that you agreed to leaderboard visibility, the time of consent, and the policy version that applied. You can withdraw consent when profile controls are available, or by contacting us.
Future profile tools will let you manage WhatsApp outreach, email, leaderboard inclusion, and related donation visibility separately. This policy will be updated when those features go live.
Data protection notice (India)
Effective addendum: June 2026
Blood Warriors Foundation acts as a data fiduciary for personal data collected through this portal. We process data for blood donation coordination, patient support, communications you opt into, and platform security.
Your rights
- Access and download your data from My profile when signed in
- Correct profile details in My profile
- Request erasure via My profile or by emailing our tech team
- Withdraw consent for optional uses such as public leaderboard display and program outreach messages
- Raise a privacy grievance by emailing tech@bloodwarriors.in
Consent
We ask for affirmative consent before sign-in and when policies change. Program outreach and public leaderboard name display require separate opt-in choices in your profile.
Processors and cross-border processing
We use service providers for hosting, messaging, payments, and AI-assisted features. Some processing may occur outside India under contractual safeguards. See product disclosures for chat and analytics choices.
Retention
Chat operational logs are retained for operations and support and are not automatically deleted. Financial receipt files follow a short retention window. Account deletion anonymizes your profile while retaining de-identified donation facts where required for safety.
Grievance contact
For privacy requests or complaints, contact tech@bloodwarriors.in or visit /grievance.
Service providers and processors
We use trusted third parties only to operate Blood Warriors programs. We do not sell personal data.
- Supabase / cloud hosting: database, authentication, and file storage
- AWS Amplify: application hosting and delivery
- Meta WhatsApp Business: program messaging and chatbot notifications
- SMS OTP providers (via Supabase Auth): mobile verification
- Razorpay: donations and payment processing
- Google Analytics (optional, only after cookie consent): site usage analytics
- AI providers (e.g. OpenAI): Veeru assistant responses when you use in-app chat
- Email delivery providers: transactional email where enabled
These providers process data under contract and only for Blood Warriors activities such as donor coordination, patient support, payments, security, and platform operations. Some processing may occur outside India.
Data retention schedule (summary)
- Account profile: while your account is active; anonymized on deletion request
- Donation and bridge operational records: retained in de-identified form where needed for patient safety and audit
- WhatsApp chatbot message logs: retained for operations and support; not automatically deleted
- Financial receipt PDFs: removed after about 15 days
- Consent and legal acceptance records: retained to demonstrate compliance
- Auth verification audit events: retained for up to 365 days for security investigations
- First-party share funnel analytics: retained for up to 90 days when analytics consent is granted $1 class="policy-append-grievance">
Privacy grievance contact
For privacy requests, corrections, erasure, or complaints under applicable Indian data protection law, contact our designated privacy grievance channel at tech@bloodwarriors.in or visit /grievance. We respond to verified requests within reasonable timelines.
Security measures
We protect personal data using HTTPS encryption in transit, role-based access controls, row-level security in our database, authenticated admin tools, hashed identifiers in security logs, and infrastructure encryption at rest provided by our cloud host. We do not use Aadhaar or PAN collection in public registration flows.