Privacy Policy
📊 Data Collection
Customer Data: Account information, billing details, and system configurations.
End-User Data: Patient feedback, clinical notes, and operational observations, as provided by the Customer.
Usage Data: Metrics on Platform usage (e.g., voice minutes processed) for optimization and research.
🎯 Data Use
Service Delivery: To provide Platform functionality, including transcription, analytics, and task routing.
Compliance: To meet legal obligations under DPDP Act, GDPR, and HIPAA.
Research: Anonymized or aggregated data for research, publications, conferences, or Platform enhancement.
🛡️ Data Security
The Company leverages third-party infrastructure (AWS, Azure, MongoDB, Cloudflare), which may comply with ISO 27001, to process data.
The Customer is responsible for securing its own systems and access credentials.
🤝 Data Sharing
Data is not shared with third parties, except:
• As required by law or regulatory authorities
• With subprocessors (e.g., cloud providers) under strict data protection agreements
Customer Obligations
- The Customer shall obtain and maintain end-user consents for data processing, as required by applicable laws, and provide copies to the Company upon request.
- The Customer shall notify the Company of any data breach involving Platform data within 24 hours.
Data Retention
- Customer and end-user data is retained for the subscription term and up to 30 days post-termination, unless required by law.
- Anonymized data may be retained indefinitely for research and analytics, as per Section 3.4.