Legal · Privacy

Privacy Policy

Kyuro is a platform for booking physiotherapy at home. This policy explains, in plain terms, what personal information we collect when you use our mobile apps and website, why we collect it, who we share it with, and the choices and rights you have.

Last updated · 18 April 2026

01

About this policy

This Privacy Policy applies to the Kyuro mobile applications (for patients and physiotherapists), the Kyuro website at kyuro.app, and any related services we offer (together, the "Service"). It describes how we handle personal information in line with the Digital Personal Data Protection Act, 2023 and other applicable Indian laws.

Using the Service means you have read this policy and understood how we handle your information. If you do not agree with it, please do not use Kyuro.

02

Who we are

"Kyuro," "we," "us," and "our" refer to the team operating the Kyuro Service in India. Kyuro acts as a data fiduciary for the personal information you share with us while using the Service.

Service
Kyuro — physiotherapy at home
Contact
support@kyuro.app
Phone
+91 93158 03147
Launch city
Hyderabad, India
03

Information we collect

We only collect what we need to run the Service. The exact information we collect depends on whether you use Kyuro as a patient, as a physiotherapist, or simply as a visitor to our website.

a. Information you give us directly

  • Account details — your name, email address, phone number, password (stored in hashed form), and whether you are registering as a patient or a physiotherapist.
  • Patient profile & treatment details — date of birth or confirmation that you are 18+, saved addresses and area within Hyderabad, the concern you are seeking help for (such as "knee injury" or "back pain") and any description you add, and preferences like gender or language.
  • Physiotherapist profile & verification documents — your professional name, photograph, qualifications, registration or certification details, years of experience, specializations, languages, service areas, session pricing and package configuration, and any supporting certificates you upload for verification.
  • Session data — bookings, consultation details, scheduled slots, public notes (which we share with you as the patient) and private clinical notes (visible only to your physiotherapist), session completion status, and progress across your package.
  • Reviews & communications — ratings and reviews you leave, messages you send us through support channels, and responses you give to feedback prompts or surveys.
  • Waitlist signups — if you join our waitlist on kyuro.app, we collect your email address and whether you are signing up as a patient or a physiotherapist.

b. Information collected automatically

  • Device and technical information — device model, operating system and version, app version, language, time zone, IP address, and crash reports.
  • Usage information — the screens you visit, features you use, search terms, and anonymous product-analytics events that help us understand how Kyuro is being used.
  • Push notification tokens — if you allow notifications, we store a device token so we can send you booking and session reminders.
  • Location (area-level only) — we use the Hyderabad area you select for matching with nearby therapists. We do not continuously track your device location.
We do not ask for — or store — any payment card or bank-account details. Payments for sessions are settled directly between patients and physiotherapists in cash or via UPI. See Section 6 below.

c. Sensitive information

Concerns, consultation notes and session notes may describe aspects of your health. We treat this information with additional care. We only collect it with your consent and share it only as described in Section 5.

04

How we use your information

We use the information above for the following purposes.

  • To run the Service. Creating and maintaining your account, showing relevant physiotherapists, enabling bookings, consultations, packages and session scheduling, and tracking your progress.
  • To verify physiotherapists. Reviewing qualifications and certificates submitted by physiotherapists before marking them as verified on the platform.
  • To keep you informed. Sending booking confirmations, session reminders, recommendation notifications, important service announcements and responses to your support requests via push notification, email or SMS.
  • To improve Kyuro. Understanding how the Service is used, diagnosing crashes and bugs, testing new features, and measuring the quality of physiotherapy outcomes through aggregated, de-identified data.
  • To keep Kyuro safe. Preventing fraud, abuse, fake profiles or reviews, and enforcing our Terms of Service.
  • To meet legal obligations. Complying with applicable laws, regulations, court orders or requests from government authorities.
05

How your information is shared

Kyuro connects patients and physiotherapists. Some information must be shared between the two for the Service to work. We never sell your personal information.

a. Between patients and physiotherapists

  • Patients see, about their chosen therapist: professional name, photograph, qualifications and experience, specializations, languages, service areas, pricing, reviews, and public responses to past reviews.
  • Physiotherapists see, about their own patients: name, phone number, the address you have chosen for sessions, the concern and description you shared at booking, session history with the therapist, and any public notes from past sessions.
  • Private clinical notes written by a physiotherapist about a patient are visible only to that physiotherapist and never shown to the patient in-app.

b. Service providers

We use a small set of well-known service providers to run the Service. These providers process your information only on our instructions and under contractual confidentiality and security obligations. See Section 7 for the full list.

c. Legal and safety reasons

We may share information with courts, law-enforcement, regulators or other authorities when we are required to do so by law, or when we believe in good faith that disclosure is necessary to protect the safety of our users, the public, or the integrity of the Service.

d. Business transfers

If Kyuro is involved in a merger, acquisition, reorganisation or sale of assets, your information may be transferred as part of that transaction. We will let you know before your information becomes subject to a different privacy policy.

06

Payments — we do not process them

Payments for consultations, sessions and packages are settled directly between the patient and the physiotherapist in cash or via UPI at prices the physiotherapist has set. Kyuro is not a party to these payments.

Because we do not handle your money, we do not collect, see, or store card numbers, UPI IDs, bank account numbers or any other payment credentials.

The platform only records that a package was started and how many sessions have been completed. Any receipts, refund requests or disputes about payment are handled directly between the patient and the physiotherapist. We may, at our discretion, help mediate, but we are not responsible for settlement.

07

Third-party services we rely on

To run Kyuro reliably, we use the following service providers. They process your information on our behalf.

  • Google Firebase (Google LLC) — authentication, database (Cloud Firestore), file storage (Cloud Storage), push notifications (FCM), crash reporting (Crashlytics), and anonymous usage analytics (Firebase Analytics). Firebase is our main technical backbone.
  • MSG91 — sending SMS such as one-time codes and booking-related alerts to Indian phone numbers.
  • Google Maps Platform — estimating travel times between addresses and therapist service areas. We share approximate pick-up and drop-off areas, not continuous location.
  • Google Workspace & Google Sheets — receiving waitlist signups from our website before our apps are available.
  • Netlify — hosting the Kyuro website.

These providers are well-established services with their own privacy practices, which you can find on their official websites.

08

How long we keep your information

We keep your information only for as long as it is necessary for the purposes described in this policy.

  • Account data — for as long as your account is active. If you ask us to delete your account, we remove or anonymise your personal information from active systems within a reasonable period, typically 30 days.
  • Session and consultation records — retained after your account is closed for a reasonable period for record-keeping, clinical continuity for the treating physiotherapist, and to handle any follow-up or dispute. Private clinical notes remain under the control of the therapist who wrote them.
  • Aggregated or de-identified data — may be kept for longer to analyse product performance and improve the Service.
  • Information we are required to keep by law — will be retained for the period required, even if you have asked us to delete it.
09

How we protect your information

We take reasonable technical and organisational measures to protect your information, including:

  • Encryption of traffic in transit between your device and our servers (HTTPS / TLS).
  • Industry-standard encryption at rest within our infrastructure provider (Google Firebase).
  • Role-based access controls so that patients, physiotherapists and administrators see only the information they need.
  • Password hashing and secure authentication handled by Firebase Authentication.
  • Monitoring of crashes and abnormal activity, and regular review of access and security rules.

No system is completely secure. If we become aware of a personal data breach that affects you, we will notify you and the Data Protection Board of India as required by law, and take prompt steps to address it.

10

Your rights

Subject to applicable law, including the Digital Personal Data Protection Act, 2023, you have the following rights in respect of your personal information.

  • Right to access — ask us for a summary of the personal information we hold about you and how we process it.
  • Right to correction and erasure — ask us to correct inaccurate information or delete personal information that is no longer necessary for the purposes for which it was collected.
  • Right to withdraw consent — where we rely on your consent, you can withdraw it at any time. Withdrawing consent does not affect processing done before the withdrawal.
  • Right to nominate — nominate another individual to exercise your rights in the event of your death or incapacity.
  • Right of grievance redressal — raise a complaint with our Grievance Officer, and escalate to the Data Protection Board of India if unresolved.

To exercise any of these rights, write to us at support@kyuro.app. We may need to verify your identity before acting on a request. You can also manage most of your information directly from inside the Kyuro app.

11

Children's privacy

Kyuro is intended for adults aged 18 and over. We do not knowingly collect personal information directly from children. Where a physiotherapy session is booked for a minor in the household, the Kyuro account must be held and managed by a parent or legal guardian, and any health information shared about the minor is the responsibility of that parent or guardian.

If you believe a child has created an account on their own, please contact us and we will remove it.

12

International transfers

Our infrastructure providers, in particular Google Firebase, operate servers both in India and in other countries. Where your personal information is transferred outside India, we take reasonable steps to ensure that it continues to be protected in a manner consistent with this policy and applicable law.

13

Changes to this policy

We may update this policy from time to time. When we make a material change, we will let you know through the app, by email, or by prominently posting a notice on kyuro.app before the change takes effect. The date at the top of this page is always updated to reflect the latest version. Continuing to use Kyuro after a change means you accept the updated policy.

14

Grievance Officer & Contact

If you have any questions, concerns or complaints about this policy or the way your personal information is handled, please get in touch with our Grievance Officer.

Role
Grievance Officer, Kyuro
Email
support@kyuro.app
Phone
+91 93158 03147
Response
We aim to acknowledge grievances within 72 hours and resolve them within 30 days.
Questions? support@kyuro.app
PrivacyTerms