Privacy Policy

Last updated: March 2026

Overview

AyurvedaRx.ai (“we”, “our”, “the Platform”) is committed to protecting the privacy of doctors and their patients. This policy explains how we collect, use, store, and protect personal and clinical data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA).

Data We Collect

Doctor Account Data

  • Name, email, phone number
  • BAMS registration number and verification details
  • Clinic name and address
  • Subscription and billing information

Patient Data (entered by doctors)

  • Name, age, gender
  • Complaints, symptoms, medical history
  • Prakriti and Agni assessments
  • Consultation records and treatment plans
  • Uploaded diagnostic reports

Usage Data

  • Pages visited, features used, consultation flow interactions
  • Device type, browser, IP address (for security)
  • Error logs (never containing patient-identifiable information)

How We Use Data

  • Clinical Decision Support: Patient data is processed by our deterministic CDSS engine to generate Ayurvedic treatment recommendations for the treating doctor.
  • AI Report Parsing: Uploaded diagnostic reports may be processed by AI (Claude API) to extract lab values. AI is used only for data extraction — never for clinical recommendations.
  • Account Management: Doctor contact details for authentication, billing, and support.
  • Platform Improvement: Anonymized usage patterns to improve the CDSS and user experience.

Data Storage & Security

  • All data stored in India (Turso database, India region)
  • Encryption at rest and in transit (TLS 1.3)
  • Access controls — only the treating doctor can access their patients' data
  • Audit trail on all data access and modifications
  • Regular backups with point-in-time recovery (30 days)
  • Patient data never used for AI model training

Your Rights (DPDPA 2023)

  • Right to Access: Request a copy of all data we hold about you or your patients.
  • Right to Correction: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your data (subject to medical record retention requirements — 7 years for clinical records).
  • Right to Withdraw Consent: Withdraw consent for data processing at any time.
  • Right to Grievance Redressal: File a complaint with our Data Protection Officer or the Data Protection Board of India.

Data Retention

  • Patient consultation records: 7 years (Indian Medical Council requirement)
  • Treatment records and diagnostic reports: 7 years
  • Doctor accounts: lifetime + 1 year after deletion
  • Audit logs: 3 years
  • After retention period: data is anonymized or securely deleted

Third-Party Services

  • Cloudflare: Hosting, CDN, and DDoS protection (data may transit through Cloudflare infrastructure)
  • Anthropic (Claude API): AI report parsing only — no patient data used for training, inference only
  • Razorpay: Payment processing (PCI-DSS compliant, we do not store card details)

Contact

For privacy inquiries, data requests, or to contact our Data Protection Officer:

Email: privacy@ayurvedarx.ai