Privacy Policy

At DoctorAssist.AI, safeguarding your privacy and the confidentiality of health information is a top priority. This policy explains how we collect, use, share, and protect your information in compliance with international data protection standards, including HIPAA (USA), GDPR (EU), and India’s Digital Personal Data Protection Act (DPDP), as well as other applicable regional laws.

Information We Collect

• Basic identifiers: name, email address, phone number, and professional details (if applicable)
• Health and clinical data: medical history, diagnostic results, treatment inputs, consultation notes (when provided by you or authorized providers)
• Usage data: device information, IP address, log files, and interactions with our platform for security and optimization
• Optional research data: anonymized or de-identified datasets used for improving AI models and scientific studies

How We Use the Information

• Deliver AI-enabled clinical decision support, documentation, and related healthcare services
• Enhance platform performance, reliability, and personalization of the user experience
• Support healthcare research, clinical insights, and model improvement (using only de-identified data)
• Ensure compliance with medical, regulatory, and legal obligations (e.g., HIPAA, GDPR, NABH/JCI)
• Protect the safety and integrity of our systems against fraud, misuse, or unauthorized access

Data Security and Compliance

DoctorAssist.AI employs multi-layered safeguards including:

• End-to-end encryption of data in transit and at rest
• Strict role-based access controls and audit logging
• ISO 27001-aligned information security practices
• Regular vulnerability testing and third-party security audits
• Data residency controls, ensuring compliance with local regulations

Data Sharing

• Shared only with authorized healthcare professionals, institutions, or partners, and always with user consent or legal basis
• Personal data is never sold, rented, or monetized
• Disclosures occur only when required by law, regulation, or court order

International Data Transfers

If data is transferred across borders, we apply appropriate safeguards such as Standard Contractual Clauses (SCCs), HIPAA Business Associate Agreements, or equivalent legal frameworks to ensure your information remains protected globally.

Your Rights

You have the right to:

• Access, review, and request corrections to your personal data
• Request deletion or anonymization of your personal information (subject to legal/clinical record-keeping requirements)
• Restrict or object to certain processing activities
• Withdraw consent at any time, without affecting lawful processing carried out prior to withdrawal

To exercise these rights, contact us at [email protected].

Retention of Data

We retain personal and clinical data only as long as necessary for the purposes outlined, or as required by law, regulation, or contractual obligation with healthcare institutions.

Children’s Privacy

Our services are designed for licensed healthcare professionals and institutions. Any data relating to minors is processed strictly under parental/guardian consent and applicable pediatric privacy regulations.

Updates to This Policy

We may update this policy to reflect regulatory changes, technological advancements, or new service offerings. Updates will be posted on this page with the date of revision clearly indicated.
Last updated: September 23, 2025