Privacy Policy

1. Introduction

JIVANA AI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our healthcare AI solutions, including ThalSaarthi, CuraScript, and other services.

By using our services, you agree to the collection and use of information in accordance with this policy and applicable Indian laws including the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023.

2. Information We Collect

2.1 Personal Information

We may collect the following personal information:

• Name, email address, phone number
• Professional credentials and medical specialty
• Institution and organizational affiliation
• UHID or patient identification (for healthcare providers using our systems)

2.2 Health Information (Sensitive Personal Data)

When using our clinical solutions (e.g., ThalSaarthi, CuraScript), we may process Sensitive Personal Data or Information (SPDI) as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. This includes:

• Patient medical records and health history
• Diagnostic data, lab results, and prescriptions
• Treatment plans and clinical notes
• Voice recordings for AI transcription (with explicit consent)
• Biometric information (if applicable)

2.3 Technical Information

• IP address, browser type, and device information
• Usage data and analytics (pages visited, time spent, etc.)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use collected information for the following purposes:

• To provide, maintain, and improve our healthcare AI services
• To process and fulfill consultation requests and service inquiries
• To send newsletters, updates, and educational content (with your consent)
• To comply with legal and regulatory requirements under Indian laws (Information Technology Act, 2000, Digital Personal Data Protection Act, 2023, Clinical Establishments Act, 2010)
• To detect and prevent fraud, security incidents, and abuse
• To analyze usage patterns and improve user experience
• To conduct research and development (with de-identified data only)

4. Data Security

We implement reasonable security practices and procedures as required under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011:

• End-to-end encryption for sensitive health data
• Secure socket layer (SSL/TLS) technology for data transmission
• Regular security audits and vulnerability assessments
• Access controls and role-based authentication mechanisms
• Compliance with ISO 27001 standards for information security management
• Data backup and disaster recovery procedures
• Employee training on data protection and confidentiality

However, no method of transmission over the internet is 100% secure. While we strive to protect your data using commercially acceptable means, we cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data in the following circumstances:

5.1 With Your Consent

We may share information when you explicitly authorize us to do so.

5.2 Service Providers

We may share information with third-party vendors who perform services on our behalf (e.g., cloud hosting, email delivery, analytics). These providers are bound by confidentiality agreements.

5.3 Legal Compliance

We may disclose information to comply with legal obligations, court orders, or government requests.

5.4 Business Transfers

In the event of a merger, acquisition, or asset sale, your information may be transferred as part of the transaction.

6. Your Rights Under Indian Law

Under the Digital Personal Data Protection Act, 2023 and IT Rules, 2011, you have the following rights:

• Right to Access: Request a copy of your personal and health data we hold
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Data Portability: Request transfer of your data in a structured, commonly used format
• Right to Withdraw Consent: Revoke consent for data processing (may affect service availability)
• Right to Grievance Redressal: Lodge complaints with our Grievance Officer
• Right to Nominate: Nominate another individual to exercise rights on your behalf in case of death or incapacity
• Opt-Out: Unsubscribe from marketing communications at any time

To exercise these rights, please contact our Grievance Officer at support@jivana.org.in

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance user experience, analyze site traffic, and personalize content. You can manage cookie preferences through your browser settings.

Types of cookies we use:

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us understand how users interact with our site
• Preference Cookies: Remember your settings and choices

8. Data Storage and Cross-Border Transfers

Your data is primarily stored on servers located in India. However, some service providers (e.g., cloud hosting, email services) may process data outside India. In such cases:

• We ensure adequate safeguards are in place as per Section 16 of the Digital Personal Data Protection Act, 2023
• We implement Standard Contractual Clauses with international vendors
• Sensitive Personal Data is encrypted during transfer and at rest
• We comply with data localization requirements where mandated by Indian law

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such data, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.

11. Grievance Redressal and Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, you may contact us: