Privacy Policy

1. Who We Are

Zenia Care is a healthcare technology company building AI-powered infrastructure for hospitals, clinics, and patients. Our registered office is located in Bangalore, Karnataka, India. We operate as a data controller for personal data collected through our platform and as a data processor for health information submitted by our healthcare provider customers.

If you have any questions about this Privacy Policy or our data practices, you can reach our privacy team through our Contact Us page. We aim to respond to all privacy-related enquiries within 5 business days.

2. Data We Collect

We collect information in the following ways — directly from you, automatically through your use of the Service, and from third parties where applicable.

Information you provide directly:

• Account registration details (name, email address, phone number, role)
• Professional credentials for healthcare providers (licence number, specialty, institution)
• Patient demographic information (name, date of birth, contact details)
• Appointment and scheduling information
• Voice recordings submitted to the EHR Assistant feature
• Clinical notes, diagnoses, prescriptions, and medical history
• Communications with our support team

Information collected automatically:

• Device information (type, operating system, browser, unique identifiers)
• Usage data (pages visited, features used, session duration, clicks)
• IP address and approximate geographic location
• Log data (access times, error reports, performance data)

3. How We Use Your Data

We use your personal data only for the purposes for which it was collected or for compatible purposes. Our primary uses are:

• Providing, maintaining, and improving the Zenia platform and its features
• Processing and storing clinical notes, appointments, and medical records
• Enabling AI-assisted transcription and EHR generation through the EHR Assistant
• Sending transactional communications (appointment confirmations, account alerts)
• Providing customer support and responding to your enquiries
• Ensuring the security and integrity of our platform
• Complying with legal obligations and resolving disputes
• Conducting analytics to understand how the Service is used and to improve it

We do not use your health data for advertising, profiling for commercial purposes, or sale to third parties. Ever.

4. Legal Basis for Processing

Where GDPR applies, we rely on the following legal bases to process your personal data:

• Contract performance — processing necessary to provide the Service you have signed up for
• Legitimate interests — analytics, security monitoring, fraud prevention, and platform improvement, where not overridden by your rights
• Legal obligation — compliance with applicable laws, court orders, or regulatory requirements
• Explicit consent — processing of special category data (health data) where required; you may withdraw consent at any time without affecting prior processing
• Vital interests — in rare circumstances where processing is necessary to protect life

For health data specifically, we rely on explicit consent or, where applicable, the provision of healthcare or the management of healthcare systems as permitted under Article 9(2)(h) of the GDPR.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

• Healthcare providers: Patient data is shared with the treating clinician or hospital as part of the appointment and records workflow
• Service providers: Trusted third-party vendors who help us operate the platform (cloud hosting, analytics, support tooling), bound by data processing agreements
• Legal requirements: When required by law, court order, or to protect the rights, property, or safety of Zenia, its users, or the public
• Business transfers: In the event of a merger, acquisition, or sale of assets, with prior notice provided to you

All third-party service providers are contractually required to process data only on our instructions, maintain appropriate security standards, and not use your data for their own purposes.

6. Health & Medical Data

Health data is a special category of personal data requiring the highest level of protection. Zenia treats all health information — including clinical notes, diagnoses, prescriptions, voice recordings, and medical history — with additional safeguards above and beyond our standard data handling practices.

• Health data is encrypted at rest using AES-256 and in transit using TLS 1.2+
• Access to health data is strictly limited to authorised personnel on a need-to-know basis
• Health data is never used for advertising, profiling, or sold to any third party
• Voice recordings used for EHR generation are retained only for the period necessary to generate the record, then permanently deleted unless you opt to retain them
• We maintain a comprehensive audit log of all access to health records

7. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and understand how you use our platform. We do not use third-party advertising cookies.

• Essential cookies: Required for authentication, session management, and core platform functionality. Cannot be disabled.
• Functional cookies: Remember your preferences such as language and display settings.
• Analytics cookies: Help us understand aggregate usage patterns to improve the Service. These are anonymised and do not identify individual users.

You can manage your cookie preferences through your browser settings. Disabling essential cookies will prevent the Service from functioning correctly. Our platform does not respond to "Do Not Track" signals at this time.

8. Data Retention

We retain your personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account data: Retained for the duration of your account and for up to 3 years after account closure for legal and audit purposes
• Medical records: Retained in accordance with applicable medical record retention laws in your jurisdiction (typically 7–10 years in India)
• Voice recordings: Deleted within 30 days of EHR generation unless you request extended retention
• Usage and log data: Retained for up to 12 months for security and analytics purposes
• Support communications: Retained for up to 3 years

When data is no longer required, we securely delete it using crypto-shredding or equivalent methods to ensure it cannot be recovered.

9. International Data Transfers

Zenia is based in India and our primary data storage is in India-based cloud regions. We do not transfer personal health information outside India except where required to provide the Service and where an appropriate legal mechanism is in place.

Where transfers to other countries are necessary — for example, for customer support or infrastructure redundancy — we ensure such transfers comply with applicable data protection laws, including through the use of standard contractual clauses (SCCs) or other approved transfer mechanisms.

We will always tell you if we intend to transfer your health data outside your home jurisdiction and give you the opportunity to object.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data. We will respond to all valid requests within 30 days (or within the shorter period required by applicable law).

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your data, subject to legal retention requirements
• Right to restriction: Request that we limit how we process your data in certain circumstances
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, please contact us through our Contact Us page. We may need to verify your identity before processing your request. There is no charge for submitting a rights request.

11. Children's Privacy

The Zenia platform is intended for use by adults aged 18 and over, or by healthcare professionals acting on behalf of patients of any age in a clinical context. We do not knowingly collect personal data from children under the age of 13 for non-clinical purposes.

If you are a parent or guardian and believe your child has provided personal data to us outside of a clinical context, please contact us and we will promptly delete the relevant information.

Where minors are patients whose records are managed by a healthcare provider through our platform, such processing is carried out under the direction of the healthcare provider as data controller, and subject to the provider's own consent and safeguarding procedures.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by email or in-app notification.

We encourage you to review this page periodically. Your continued use of the Service after any changes take effect constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your data, please reach out to us:

• Privacy enquiries: Visit our Contact Us page and select "Privacy" as the subject
• Data subject requests: Submit via our Contact Us page
• Response time: Within 5 business days; rights requests within 30 days