Store medications, prescriptions, diagnostic reports, hospital records, and family health data — all protected with client‑side AES‑256‑GCM encryption. Your records never leave your control.
A complete health record system — private by design, encrypted by default, always with you.
All records are encrypted client-side using AES-256-GCM before reaching the server. Only you hold the key — we literally cannot read your data.
Track ongoing medications with schedules and dosage, and manage prescriptions with doctor details, expiry, and status.
Store lab results, scan findings, and diagnostic reports. Attach the original PDF or image directly to each entry.
Maintain a complete history of hospitalizations, surgeries, and procedures — with dates, hospitals, and clinical details.
One vault, the whole family. Manage records for up to 6 members and add dependents who don’t have their own login.
Attach PDFs, JPGs, and scanned documents to any record. Scan on the spot using your phone camera — no separate app needed.
We believe health data is deeply personal — it should be private, secure, and fully in your hands.
We envision a future where personal health records are not locked inside hospital systems or distant cloud servers beyond your reach — but stored securely in a vault that belongs entirely to you. ArogyaKosha is built to give every family that power, regardless of where they live or who treats them.
Our mission is to provide a simple, encrypted health vault that puts patients — not hospitals, not insurers, not tech companies — in control of their own medical data. We build for privacy first, with zero tracking, zero ads, and zero compromise on your family’s health information.
Your privacy is the foundation of ArogyaKosha. Here is exactly how we handle your data.
ArogyaKosha collects only the minimum information required to operate the service:
We do not collect location data, device identifiers, behavioural analytics, advertising IDs, or any information beyond what you explicitly enter.
All medical record fields are encrypted in your browser using AES-256-GCM before being transmitted to or stored on the server. The server stores and serves ciphertext only — it never has access to the plaintext content of your health records.
Your Vault PIN derives an encryption key via PBKDF2-SHA256 (600,000 iterations) with a per-user random salt. This key is held only in your browser's sessionStorage and is never sent over the network.
Passwords are hashed using bcrypt. Sessions are stored server-side, tied to HTTP-only, SameSite=Lax cookies. Google OAuth is an optional alternative login method.
All data travels over HTTPS with TLS. HTTP connections are automatically redirected to HTTPS.
No. We do not sell, rent, trade, or share your personal data or health records with any third party, ever.
Google Sign-In is an optional authentication method only. If you use it, Google authenticates your identity — your health records are never shared with Google. You may use email or phone login to avoid any Google interaction entirely.
Your data is retained for as long as your account is active. You have full control at all times:
Upon deletion, no backup copies are retained by us. Server-level backups maintained by a self-hosting operator are outside our direct control.
ArogyaKosha uses a single session cookie (ak_session) to maintain your login state. This cookie is:
We use no tracking cookies, advertising cookies, or any third-party cookies of any kind.
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of ArogyaKosha after changes constitutes acceptance of the updated policy. For significant changes, we will make reasonable efforts to notify registered users.
Last updated: May 2026 · Effective: May 2026
Please read this carefully before using ArogyaKosha.
ArogyaKosha is a personal record-keeping application. It is not a medical device, clinical decision support system, diagnostic tool, or healthcare service. It is not regulated or approved by any medical regulatory authority (such as CDSCO, FDA, CE, or equivalent bodies).
The application is designed solely to help individuals store and organise their own personal health information in a secure and accessible manner.
Nothing within ArogyaKosha — including any feature, template, suggestion, or displayed content — constitutes medical advice, diagnosis, treatment recommendation, or a substitute for the advice of a qualified healthcare professional.
ArogyaKosha stores information exactly as entered by the user. We do not verify, validate, or cross-check any medical data entered into the system. The accuracy, completeness, and currency of all health records stored is entirely the responsibility of the user.
Records stored in ArogyaKosha should not be used as the sole authoritative source of medical truth in any clinical setting without independent verification by a qualified professional.
To the fullest extent permitted by applicable law, Polytechnique System Services LLP and the ArogyaKosha team shall not be liable for any direct, indirect, incidental, special, consequential, or punitive damages arising from:
Use of ArogyaKosha is entirely at your own risk.
The Vault PIN is the sole key to your encrypted health records. If you forget your Vault PIN, your records cannot be recovered by anyone — including us. This is by design: true privacy means no backdoor, not even for the service provider.