Privacy Policy of MaNTrA — Maa Navjaat Tracking App

This Privacy Policy ("Policy") describes how the National Health Mission, Government of Uttar Pradesh ("we", "us", "our", or "NHM-UP") collects, uses, discloses, retains and protects your personal information when you use the MaNTrA — Maa Navjaat Tracking App mobile application and the related website at https://upnrhm.gov.in (collectively, the "Service").

This Policy is published in accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA) of India, and is also designed to align with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Google Play User Data Policy and Data Safety requirements.

By downloading, installing, registering for, or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, please do not use the Service.

1. Data Controller and Contact Details

Data Fiduciary / Controller: National Health Mission, Department of Medical, Health and Family Welfare, Government of Uttar Pradesh, India.
Address: 19-A, Vidhan Sabha Marg, Lucknow, Uttar Pradesh - 226001, India.
Email (Privacy / Grievance Officer): gmmhup2019@gmail.com
Technical Support: mantranhmup2022@gmail.com
Website: https://upnrhm.gov.in

2. Scope and Applicability

The MaNTrA app is an official, internal labour-room management application of the Government of Uttar Pradesh. It is used only by authorized clinical staff posted in labour rooms of Government health facilities — namely Auxiliary Nurse Midwives (ANMs), Staff Nurses and Gynecologists / Obstetricians — to manage the entire delivery episode of a pregnant woman, from admission to the labour room through delivery and post-delivery discharge of the mother and newborn. The Service is administered by authorized NHM administrators who provision and manage user accounts and oversee operation, monitoring and reporting.

To support these functions, the MaNTrA app is integrated with the following Government information systems:

• UIDAI — for Aadhaar-based authentication of the pregnant woman / mother at the time of admission, in line with the Aadhaar Act, 2016 and UIDAI authentication guidelines.
• Civil Registration System (CRS), Office of the Registrar General of India — for registration of the birth of the newborn under the Registration of Births and Deaths Act, 1969.
• Financial Accounts Management System (FAMS) of the Government of Uttar Pradesh — for processing the Janani Suraksha Yojana (JSY) and related incentive payments to the delivered woman through her notified bank account.

The MaNTrA app is not a public, consumer-facing application. Members of the public cannot register or open an account in the app. User accounts (User IDs) are created, modified, suspended and deleted only by authorized NHM administrators. Self-registration and self-deletion of accounts are not available.

This Policy applies to: (a) authorized Government users of the app (ANMs, Staff Nurses, Gynecologists / Obstetricians, and NHM administrators), and (b) beneficiaries (pregnant women, mothers and newborns) whose data is recorded in the Service by authorized users in the discharge of public-health functions.

3. Information We Collect

We collect only the minimum information necessary to deliver maternal and newborn health services and meet our public-health and statutory obligations. The categories of data collected are:

Category	Examples of Data Collected	Source
User Account Data	Full name, designation, posting (facility/block/district), mobile number, email (where available), and one of the following Government identifiers used for verification at account creation: eHRMS (Electronic Human Resource Management System) code or ABHA (Ayushman Bharat Health Account) number. Login credentials, where used, are stored only in salted-hashed form. User accounts are created and maintained by NHM administrators using official Government records (eHRMS / ABHA).	NHM administrators verifying users against eHRMS / ABHA records.
Beneficiary Health Data (sensitive personal data)	Pregnant woman / mother's name, age, address, mobile number, LMP / EDD, parity, identified high-risk conditions, partograph and labour-monitoring entries, mode of delivery, delivery date and time, delivery outcome, complications, newborn details (sex, weight, APGAR, immunization at birth), discharge summary and similar labour-room and post-natal records.	Recorded by authorized clinical staff (ANMs, Staff Nurses, Gynecologists) during the delivery episode, with the beneficiary's informed consent.
Aadhaar & UIDAI Authentication Data	Aadhaar number / Virtual ID (VID) of the pregnant woman / mother, captured only for the purpose of Aadhaar-based authentication with UIDAI at the time of admission. Authentication is performed through UIDAI's secure Authentication API; the Aadhaar number itself is not stored in plain text in the MaNTrA database. Only the UIDAI authentication response (success / failure flag, transaction ID, timestamp) and a reference token are retained, in accordance with the Aadhaar Act, 2016, the Aadhaar (Authentication and Offline Verification) Regulations, 2021 and UIDAI's authentication guidelines. No biometric or e-KYC data is stored by MaNTrA.	Provided by the beneficiary at admission; authenticated through UIDAI.
Civil Registration (CRS) Data	Information required for newborn birth registration with the Civil Registration System: place of birth, date and time of birth, sex, weight, parents' names, address, and mother's identifiers, as required under the Registration of Births and Deaths Act, 1969.	Recorded in MaNTrA at delivery and transmitted electronically to CRS.
JSY / FAMS Payment Reference Data	Beneficiary identifier, delivery confirmation, eligibility status, sanctioned amount and payment-reference number used to trigger the JSY payment through the Financial Accounts Management System (FAMS). MaNTrA does not store the beneficiary's bank account number, IFSC, ATM PIN, internet-banking credentials or any other financial credentials. Bank-account details and the actual payment instruction are held in FAMS / treasury systems.	Generated by MaNTrA on confirmation of delivery and exchanged with FAMS.
Identifiers	For users: eHRMS code or ABHA number (used for one-time verification at account creation). For beneficiaries: MCTS / RCH ID, beneficiary ID, ABHA number (where available), CRS reference number (post-registration) and the UIDAI authentication transaction reference. We do not store Aadhaar numbers in plain text, do not collect biometric data and do not collect bank-account numbers or financial credentials within the app.	Government health-information / HR / identity systems.
Location Data	Approximate and (when needed) precise GPS location during home-visits or service delivery, for verification of fieldwork. Location is captured only while the app is in use; it is not collected in the background.	Device GPS, with runtime permission.
Device & Technical Data	Device model, OS version, app version, IP address, language, crash logs, app performance metrics, anonymous installation identifier.	Automatically collected.
Photos / Media (optional)	Photographs of paper records or referral slips, captured by the user only when explicitly initiated.	Camera / file picker, with runtime permission.
SMS / Notifications	OTPs received for login verification (read only with user permission, on supported Android versions).	Telecom SMS / Firebase Cloud Messaging.
Log Data	Pages and screens visited, timestamps, error reports, success/failure of API calls.	Automatically collected.

We do not collect special-category data not listed above, and we do not sell or rent personal data to any third party for advertising or commercial purposes.

4. Permissions Used by the Mobile Application

• Internet / Network State — to synchronize records with the secure NHM server.
• Location (ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION) — to geo-tag home-visits and verify field service delivery (foreground only).
• Camera — to capture photographs of MCP cards / referral slips when the user chooses.
• Storage / Photos & Media — to save and read app data and forms locally for offline use.
• Phone State / Read SMS (where applicable) — to auto-read OTP for login on supported devices.
• Notifications — to deliver service reminders and alerts.

You may revoke any of these permissions at any time through your device settings. Some features may stop working if a required permission is revoked.

5. How We Use Your Information (Purposes of Processing)

1. Admitting a pregnant woman to the labour room, verifying her identity through Aadhaar-based authentication with UIDAI, and creating a delivery-episode record.
2. Recording labour-monitoring observations (including the partograph), delivery details, mode of delivery, complications and outcome for the mother and newborn.
3. Recording post-delivery and discharge information for the mother and newborn.
4. Electronic registration of the newborn's birth with the Civil Registration System (CRS) under the Registration of Births and Deaths Act, 1969.
5. Triggering and tracking the Janani Suraksha Yojana (JSY) incentive payment to the delivered woman through the Financial Accounts Management System (FAMS).
6. Generating MIS reports, dashboards, alerts and analytics for clinical supervisors and program managers, and for public-health surveillance, planning and audit.
7. Authenticating users, securing the Service and preventing fraud or unauthorized access.
8. Improving app stability and user experience using aggregated, de-identified analytics.
9. Complying with applicable laws, court orders and lawful requests from competent Government authorities.

6. Legal Basis for Processing

We process personal data on one or more of the following legal grounds:

• Consent of the user / beneficiary (or her parent / guardian where applicable).
• Performance of a function in the public interest — namely the delivery of maternal and child-health services by the State Government.
• Compliance with a legal obligation under Indian health, public-health and statistical laws.
• Protection of vital interests of the mother or newborn in medical emergencies.
• Legitimate interests in securing, maintaining and improving the Service, where these interests are not overridden by the rights of the data principal.

7. Sharing and Disclosure of Information

We do not sell your personal data. We disclose personal data only to the following categories of recipients, and only to the extent necessary for the purposes set out in this Policy:

• Authorized clinical staff and supervisors within the NHM-UP hierarchy on a strict need-to-know basis.
• Unique Identification Authority of India (UIDAI) — for Aadhaar-based authentication of the pregnant woman / mother at admission, in line with the Aadhaar Act, 2016 and UIDAI's authentication regulations and guidelines. Only the data fields required for the authentication request are sent; no Aadhaar e-KYC or biometric data is stored by MaNTrA.
• Civil Registration System (CRS), Office of the Registrar General of India — for electronic birth registration of the newborn under the Registration of Births and Deaths Act, 1969.
• Financial Accounts Management System (FAMS) of the Government of Uttar Pradesh, and the linked banking / treasury channel, for processing JSY incentive payments to the delivered woman.
• Other integrated Government health-information systems such as RCH / HMIS / ANMOL / PMSMA / U-WIN / ABDM, only for the purpose for which the data was originally collected.
• Cloud and IT service providers (data processors) who host or operate the Service under written contracts requiring confidentiality and security and prohibiting use for any other purpose. Data is hosted on servers located in India (NIC / MeghRaj / equivalent Government-empanelled cloud).
• Statutory, regulatory, judicial, audit or law-enforcement authorities when required by law or to protect the rights, property or safety of any person.

We do not transfer personal data outside India for routine processing. Any cross-border transfer, if ever required, will be carried out only in accordance with Section 16 of the DPDPA, 2023 and other applicable laws.

8. Data Retention

The MaNTrA app handles official records of the Government of Uttar Pradesh. All data in the Service is therefore retained strictly in accordance with applicable Government record-retention, audit, public-health and statistical rules, and only for as long as necessary to fulfil the purposes set out in this Policy. Specific retention periods are:

Data Category	Retention Period	Reason
User account data (Government employee / functionary)	For the entire period that the individual is authorized by NHM-UP to use the Service. On separation, transfer or deactivation by the NHM administrator, the account is disabled. Identifiable account data is then retained for as long as required for audit, vigilance, disciplinary or service-record purposes under applicable Government rules, after which it is archived or anonymized. Self-deletion of accounts by users is not available; account lifecycle is managed solely by the NHM administrator.	Service delivery, official audit trail, hand-over of caseload, vigilance/HR records.
Beneficiary maternal & newborn health records, including delivery and outcome records	Retained as official Government health and audit records as per the prevailing record-retention schedule of the Department of Medical, Health and Family Welfare, Government of Uttar Pradesh, the Ministry of Health and Family Welfare (Government of India) and the National Health Mission — typically a minimum of 10 years for maternal records and longer where required by audit, statistical, medico-legal or programmatic obligations. Records may thereafter be archived or de-identified.	Statutory and Government audit retention for maternal & child-health records; medico-legal evidence; longitudinal public-health analysis.
Incentive / payment records (JSY, JSSK, etc.)	Retained for the period prescribed under General Financial Rules (GFR), Government Accounting Rules and the Comptroller & Auditor General (CAG) audit requirements (typically a minimum of 8 financial years, or longer if under audit / objection).	Government financial audit and accounting compliance.
Location / geo-tag data linked to a service event	Stored with the related service record (and retained for the same period as that record); raw GPS data not linked to any service event is deleted within 90 days.	Verification of fieldwork and service authenticity.
Device, technical and crash logs	Up to 12 months, after which they are deleted or anonymized.	Security monitoring and app stability.
Web-server / application access logs (IP, timestamp, user-agent)	Retained as required under Rule 3(1)(h) of the Information Technology (Intermediary Guidelines) Rules and CERT-In directions — minimum 180 days, and longer where required for incident investigation.	Cyber-security and incident investigation.
Cookies and similar local-storage technologies	Session cookies expire when you close the browser; persistent cookies do not exceed 12 months.	User experience and security.
Encrypted backups	Up to 180 days, after which they are overwritten in the standard backup rotation.	Disaster recovery and business continuity.
Records subject to a legal hold, audit objection or active investigation	Retained until the legal hold, audit objection or investigation is fully concluded.	Legal and audit obligation.

When the applicable retention period ends, or when the personal data is no longer required for the purpose for which it was collected, the data is securely deleted, destroyed or irreversibly anonymized so that it can no longer be associated with an identifiable person.

9. Account Lifecycle & Data Deletion

The MaNTrA app is a closed Government workforce application; users cannot create, modify or delete their own accounts. Account creation, modification, suspension and deletion are centrally managed by authorized NHM administrators, on the basis of official Government postings, transfers, separations and disciplinary records.

• Account creation: NHM administrators provision User IDs only for authorized clinical staff — ANMs, Staff Nurses and Gynecologists / Obstetricians — posted at Government health facilities, after verifying their identity through eHRMS / ABHA records.
• Account changes / deactivation: When a user is transferred, retires, resigns or otherwise ceases to be authorized, the NHM administrator deactivates the account. Access to the Service stops immediately on deactivation.
• Account-deletion request by user: Because the data in the app constitutes official Government records, a user cannot self-delete their account or the records they have entered. A user who believes their personal account information should be corrected or deleted may write to the Grievance Officer (see Section 16). The request will be considered and acted upon to the extent permitted by applicable Government record-retention, audit and service rules.
• Beneficiary records: Maternal, newborn and incentive records are part of the Government's public-health records and are retained for the periods specified in Section 8. Beneficiaries may exercise their rights under Section 10 (including correction of inaccurate data); deletion requests will be honoured to the extent permitted by applicable law and Government record-retention rules.

10. Your Rights

Subject to applicable law, you have the following rights with respect to your personal data:

• Right to Access — obtain confirmation of and a copy of personal data we hold about you.
• Right to Correction — request correction of inaccurate or incomplete data.
• Right to Erasure — request deletion of personal data, subject to statutory retention obligations.
• Right to Withdraw Consent at any time, where processing is based on consent.
• Right to Grievance Redressal — raise a complaint with our Grievance Officer (see Section 16).
• Right to Nominate another individual to exercise your rights in case of death or incapacity (under DPDPA, 2023).
• For users protected under GDPR or CCPA/CPRA: rights of data portability, objection to processing, restriction of processing, and the right to lodge a complaint with the competent supervisory authority.

You can exercise these rights by writing to the Grievance Officer at gmmhup2019@gmail.com. We will respond within the timelines required by applicable law (typically within 30 days).

11. Data Security

We use reasonable administrative, technical and physical safeguards to protect personal data, including:

• HTTPS/TLS encryption for all data in transit.
• Encryption at rest for sensitive databases and backups.
• Role-based access control, least-privilege access, and audit logging.
• Strong password policies and salted-hashed password storage.
• OTP / multi-factor authentication for sensitive operations.
• Periodic vulnerability assessment, penetration testing and security audits in line with CERT-In and MeitY guidelines.
• Staff training on data protection and confidentiality.

Despite these measures, no method of internet transmission or electronic storage is 100% secure. In the event of a personal data breach that is likely to result in risk to your rights, we will notify the Data Protection Board of India and the affected data principals within the timelines required by law.

12. Children's Privacy

The MaNTrA app is a closed Government workforce application and is used only by authorized adult Government employees and engaged health-system functionaries. Members of the public, including children, cannot register or create an account in the app. Account creation is controlled exclusively by NHM administrators using official Government postings.

Where the app records data about a newborn or child as part of maternal and child-health services, such data is entered by authorized health workers in the lawful exercise of public-health functions, on the basis of the consent of the child's parent or lawful guardian, and is processed in accordance with this Policy, the Digital Personal Data Protection Act, 2023 and other applicable law.

13. Cookies and Similar Technologies

The MaNTrA website uses session and persistent cookies to maintain login sessions, remember preferences, ensure security and analyze usage. The mobile app uses local storage (such as SharedPreferences and SQLite databases) to enable offline data entry and synchronization. You can clear browser cookies through your browser settings; you can clear app local storage through your device's app-settings screen. Disabling cookies or local storage may affect the functioning of the Service.

14. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with other Government health-information systems. This Policy does not apply to those external websites and systems, which are governed by their own privacy policies. We encourage you to review their policies before sharing any personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology or our practices. The updated Policy will be posted on this page with a revised "Last Updated" date. Where the changes are material, we will provide a more prominent notice (such as an in-app notification or banner) before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

16. Grievance Officer

In accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, the contact details of our Grievance Officer are:

Name / Designation: General Manager — Maternal Health, NHM Uttar Pradesh
Email: gmmhup2019@gmail.com
Address: National Health Mission, 19-A, Vidhan Sabha Marg, Lucknow, Uttar Pradesh - 226001, India.
Office Hours: Monday to Friday, 10:00 AM to 5:00 PM IST (excluding public holidays).

We will acknowledge your grievance within 48 hours and resolve it within the timelines required by applicable law.

17. Contact Us

If you have any questions, comments or concerns about this Privacy Policy or our data-handling practices, please contact us at mantranhmup2022@gmail.com or write to the address provided in Section 1 above.