1. Information We Collect
We collect different types of information to provide you with our services effectively and securely.
1.1 Personal Information
When you register or use our platform, we may collect:
- Your full name, email address, phone number, professional details, and login credentials.
- Identification information, such as government-issued IDs when required for verification.
1.2 Health-Related Information
As a healthcare SaaS provider, we may receive and process:
- Medical records, treatment history, prescriptions, diagnostic data, and other sensitive health information submitted by healthcare professionals or patients through the platform.
- Data related to appointments, clinical notes, and patient outcomes.
1.3 Usage Data and Cookies
We automatically collect information on how you use our website and platform, including IP addresses, browser type, pages visited, and session duration.
Cookies and similar technologies are used to enhance your experience and collect analytics data.
1.4 AI Feature Data Processing
When you explicitly opt-in to use our AI-assisted clinical note generation features, the platform processes the following data:
- Voice Recordings: Audio of doctor-patient consultations is collected solely to transcribe and summarize the clinical session.
- Demographic Context (Age & Gender): Patient age and gender are processed alongside the audio recording to personalize the note output (e.g., helping the AI use correct pronouns, appropriate pediatric/geriatric reference ranges, and accurate medical terminology).
- No Direct Identifiers Shared: No other personal patient identifiers (such as names, contact info, or government-issued IDs) are transmitted to or processed by the AI service.
2. How We Use Your Information
Your data is used solely to deliver and improve our services responsibly and in compliance with applicable laws.
- To create and manage your account and provide customer support.
- To facilitate healthcare-related workflows, such as appointment scheduling, record keeping, and communication between healthcare providers and patients.
- To send you important updates, service notifications, and reminders.
- To conduct data analysis and improve our platform's functionality and security.
- To comply with legal obligations, resolve disputes, and enforce our policies.
- To personalize your experience by showing relevant content and features.
3. Legal Basis for Processing
In accordance with Indian data protection law, we process your data based on:
- Your explicit consent where applicable.
- The necessity to perform a contract or provide services you requested.
- Compliance with legal and regulatory obligations.
- Legitimate interests in maintaining security and improving services.
4. Information Sharing and Disclosure
We respect the confidentiality of your data and do not sell or rent your information.
4.1 Third-Party Service Providers
We engage trusted vendors (e.g., cloud hosting, analytics, email, and SMS providers) who assist us in operating our platform. These providers are contractually bound to safeguard your information and use it only for specified purposes.
4.2 Legal Compliance
We may disclose information when required by law, regulation, or government authority, or to protect rights and safety.
4.3 Business Transfers
In case of mergers, acquisitions, or asset sales, user data may be transferred as part of the business assets with appropriate safeguards.
4.4 Third-Party AI Services & Subprocessors
To generate clinician-reviewed clinical documentation, CareScribe may securely transmit the following de-identified data to our third-party AI processors:
- Patient Age — Used as clinical context to personalise note output
- Patient Gender — Used as clinical context to personalise note output
- Clinical Audio Recording — Doctor-patient consultation audio for transcription
- Transcript Text and Related Clinical Context — Generated from the audio for note summarization
This data is transmitted to the following AI processors:
- Google Gemini AI (Google LLC) — Used for clinical note transcription and summarization.
- OpenAI (OpenAI, Inc.) — Used for clinical note transcription and summarization.
CareScribe uses a PII protection layer to avoid sending personally identifiable information to these AI processors. Data is transmitted only to provide CareScribe's clinical documentation features and is handled under confidentiality, security, and data-protection obligations. CareScribe does not use this data for advertising or unrelated purposes.
- No Model Training: These processors are bound by strict data protection agreements and do not use your data to train, retrain, or improve public AI models.
- Consent & Control: We only transmit this data after obtaining your explicit, in-app consent. You can decline or withdraw consent at any time, which will disable AI features while allowing access to all other core app features.
6. Data Security
We implement comprehensive security measures to protect your information:
- Encryption of data at rest and in transit using industry-standard protocols.
- Access controls limiting data access to authorized personnel only.
- Regular security audits, vulnerability assessments, and compliance checks.
- Secure backup and disaster recovery procedures.
Despite these measures, no online system is completely secure; users are encouraged to use strong passwords and keep their credentials confidential.
7. Data Retention
We retain your personal and health data only as long as necessary to provide our services and fulfill legal requirements. When data is no longer needed, it is securely deleted or anonymized.
8. Your Rights
Under Indian laws, you have the following rights regarding your personal data:
- Access: You can request access to the information we hold about you.
- Correction: You can request correction of inaccurate or incomplete data.
- Deletion: Where legally permissible, you can request deletion of your data.
- Consent Withdrawal: You may withdraw consent for processing at any time, subject to legal or contractual restrictions.
- Objection and Restriction: You can object to or request restriction of certain types of processing.
To exercise your rights or for any privacy-related inquiries, please contact us at [email protected].
9. Children's Privacy
Our services are intended for healthcare professionals and individuals aged 18 or above. We do not knowingly collect personal data from children under 18.
10. International Data Transfers
If data is transferred outside India (for example, to cloud providers in other countries), we ensure adequate protections as required by applicable laws.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Any material changes will be communicated via email or platform notifications and posted here with an updated effective date.
12. Mobile Application
Our mobile app (available on iOS and Android) requests access to the following device features:
- Microphone: Used for AI-powered voice recording of clinical notes and doctor-patient consultation documentation.
- Camera: Used for capturing and uploading medical documents, prescriptions, and patient records.
- Photo Library (Read): Used for selecting and uploading medical documents and images from your device gallery.
- Photo Library (Write/Save): Used for saving generated reports and medical documents to your device.
- Bluetooth: Used for connecting external audio devices (such as headsets) during voice recording sessions.
- Background Audio: Used to continue voice recording when the app is minimized during an active clinical session.
- File Storage / Downloads: Used for downloading and saving generated PDF reports, discharge summaries, and medical documents to your device.
All permissions are requested only when the relevant feature is used. You may revoke any permission at any time through your device Settings.
13. Contact Us
If you have questions or concerns about this Privacy Policy or your data, please contact:
CareScribe
Email: [email protected]
Phone: +91-7708254778
Address: No. 21, Gandhi Street, Chitlapakkam, Chennai - 600064, Tamil Nadu, India