Effective Date: May 2026

Privacy Policy

At CareScribe, your privacy and the security of your personal and health-related information are of utmost importance to us. This Privacy Policy explains how we collect, use, store, and share information when you use our healthcare SaaS platform and related services. We are committed to complying with all applicable Indian data protection laws, including the Information Technology Act, 2000, and the Sensitive Personal Data or Information (SPDI) Rules, 2011.

1. Information We Collect

We collect different types of information to provide you with our services effectively and securely.

1.1 Personal Information

When you register or use our platform, we may collect:

  • Your full name, email address, phone number, professional details, and login credentials.
  • Identification information, such as government-issued IDs when required for verification.

1.2 Health-Related Information

As a healthcare SaaS provider, we may receive and process:

  • Medical records, treatment history, prescriptions, diagnostic data, and other sensitive health information submitted by healthcare professionals or patients through the platform.
  • Data related to appointments, clinical notes, and patient outcomes.

1.3 Usage Data and Cookies

We automatically collect information on how you use our website and platform, including IP addresses, browser type, pages visited, and session duration.

Cookies and similar technologies are used to enhance your experience and collect analytics data.

1.4 AI Feature Data Processing

When you explicitly opt-in to use our AI-assisted clinical note generation features, the platform processes the following data:

  • Voice Recordings: Audio of doctor-patient consultations is collected solely to transcribe and summarize the clinical session.
  • Demographic Context (Age & Gender): Patient age and gender are processed alongside the audio recording to personalize the note output (e.g., helping the AI use correct pronouns, appropriate pediatric/geriatric reference ranges, and accurate medical terminology).
  • No Direct Identifiers Shared: No other personal patient identifiers (such as names, contact info, or government-issued IDs) are transmitted to or processed by the AI service.

2. How We Use Your Information

Your data is used solely to deliver and improve our services responsibly and in compliance with applicable laws.

  • To create and manage your account and provide customer support.
  • To facilitate healthcare-related workflows, such as appointment scheduling, record keeping, and communication between healthcare providers and patients.
  • To send you important updates, service notifications, and reminders.
  • To conduct data analysis and improve our platform's functionality and security.
  • To comply with legal obligations, resolve disputes, and enforce our policies.
  • To personalize your experience by showing relevant content and features.

4. Information Sharing and Disclosure

We respect the confidentiality of your data and do not sell or rent your information.

4.1 Third-Party Service Providers

We engage trusted vendors (e.g., cloud hosting, analytics, email, and SMS providers) who assist us in operating our platform. These providers are contractually bound to safeguard your information and use it only for specified purposes.

4.2 Legal Compliance

We may disclose information when required by law, regulation, or government authority, or to protect rights and safety.

4.3 Business Transfers

In case of mergers, acquisitions, or asset sales, user data may be transferred as part of the business assets with appropriate safeguards.

4.4 Third-Party AI Services & Subprocessors

To generate clinician-reviewed clinical documentation, CareScribe may securely transmit the following de-identified data to our third-party AI processors:

  • Patient Age — Used as clinical context to personalise note output
  • Patient Gender — Used as clinical context to personalise note output
  • Clinical Audio Recording — Doctor-patient consultation audio for transcription
  • Transcript Text and Related Clinical Context — Generated from the audio for note summarization

This data is transmitted to the following AI processors:

  • Google Gemini AI (Google LLC) — Used for clinical note transcription and summarization.
  • OpenAI (OpenAI, Inc.) — Used for clinical note transcription and summarization.

CareScribe uses a PII protection layer to avoid sending personally identifiable information to these AI processors. Data is transmitted only to provide CareScribe's clinical documentation features and is handled under confidentiality, security, and data-protection obligations. CareScribe does not use this data for advertising or unrelated purposes.

  • No Model Training: These processors are bound by strict data protection agreements and do not use your data to train, retrain, or improve public AI models.
  • Consent & Control: We only transmit this data after obtaining your explicit, in-app consent. You can decline or withdraw consent at any time, which will disable AI features while allowing access to all other core app features.

5. Cookies and Tracking Technologies

Our website and platform use cookies to improve usability and gather analytics data:

  • Types of Cookies: Session cookies, persistent cookies, and third-party cookies (e.g., Google Analytics).
  • Purpose: Authentication, user preferences, performance analytics, and targeted content.
  • Managing Cookies: You can control cookie settings through your browser preferences. Blocking cookies may affect some functionalities.

6. Data Security

We implement comprehensive security measures to protect your information:

  • Encryption of data at rest and in transit using industry-standard protocols.
  • Access controls limiting data access to authorized personnel only.
  • Regular security audits, vulnerability assessments, and compliance checks.
  • Secure backup and disaster recovery procedures.

Despite these measures, no online system is completely secure; users are encouraged to use strong passwords and keep their credentials confidential.

7. Data Retention

We retain your personal and health data only as long as necessary to provide our services and fulfill legal requirements. When data is no longer needed, it is securely deleted or anonymized.

8. Your Rights

Under Indian laws, you have the following rights regarding your personal data:

  • Access: You can request access to the information we hold about you.
  • Correction: You can request correction of inaccurate or incomplete data.
  • Deletion: Where legally permissible, you can request deletion of your data.
  • Consent Withdrawal: You may withdraw consent for processing at any time, subject to legal or contractual restrictions.
  • Objection and Restriction: You can object to or request restriction of certain types of processing.

To exercise your rights or for any privacy-related inquiries, please contact us at [email protected].

9. Children's Privacy

Our services are intended for healthcare professionals and individuals aged 18 or above. We do not knowingly collect personal data from children under 18.

10. International Data Transfers

If data is transferred outside India (for example, to cloud providers in other countries), we ensure adequate protections as required by applicable laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any material changes will be communicated via email or platform notifications and posted here with an updated effective date.

12. Mobile Application

Our mobile app (available on iOS and Android) requests access to the following device features:

  • Microphone: Used for AI-powered voice recording of clinical notes and doctor-patient consultation documentation.
  • Camera: Used for capturing and uploading medical documents, prescriptions, and patient records.
  • Photo Library (Read): Used for selecting and uploading medical documents and images from your device gallery.
  • Photo Library (Write/Save): Used for saving generated reports and medical documents to your device.
  • Bluetooth: Used for connecting external audio devices (such as headsets) during voice recording sessions.
  • Background Audio: Used to continue voice recording when the app is minimized during an active clinical session.
  • File Storage / Downloads: Used for downloading and saving generated PDF reports, discharge summaries, and medical documents to your device.

All permissions are requested only when the relevant feature is used. You may revoke any permission at any time through your device Settings.

13. Contact Us

If you have questions or concerns about this Privacy Policy or your data, please contact:

CareScribe

Email: [email protected]

Phone: +91-7708254778

Address: No. 21, Gandhi Street, Chitlapakkam, Chennai - 600064, Tamil Nadu, India