privacy-policy

Privacy Policy

Healyantra Healthcare Innovations Pvt Ltd

H No. 345, C.A. Road, Nagpur – 440008, Maharashtra, India

Last Updated: April 2026

1. Introduction

Healyantra Healthcare Innovations Pvt Ltd (“Healyantra”, “we”, “us”) operates the Elphie dental imaging and AI-assisted clinical platform (“Elphie”, “the Platform”). This Privacy Policy explains how we collect, use, store, and protect personal and health data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian regulations.

2. Data We Collect

2.1 Doctor/Staff Data

– Full name, email address, phone number

– Clinic name, address, registration number

– Professional qualifications and specialization

– Login credentials (encrypted, never stored in plain text)

2.2 Patient Data (collected by the doctor through Elphie)

– Patient name, date of birth, gender, mobile number, address

– Clinical records: chief complaint, examination findings, diagnosis, treatment plan, prescriptions

– Dental images (intraoral camera snapshots)

– Procedure recordings (video)

– AI-assisted caries detection results

2.3 Technical Data

– Device information, IP address, browser type

– Session timestamps, feature usage analytics

– Error logs for troubleshooting

3. How We Use Data

– To provide the Elphie dental imaging and clinical documentation platform

– To enable AI-assisted caries detection (on-device processing, images are not sent to external AI services)

– To generate clinical reports and prescriptions

– To enable live streaming for specialist consultations (only with explicit patient consent)

– To improve the platform through anonymized usage analytics

– To comply with regulatory requirements (CDSCO, IMC, DPDPA)

4. Data Storage and Security

– All patient data is stored in AWS (Amazon Web Services) data centers in Mumbai, India (ap-south-1 region)

– Data at rest is encrypted using AWS KMS (Key Management Service) with AES-256 encryption

– Data in transit is encrypted using TLS 1.2+

– Access to patient data requires authenticated login with JWT tokens

– Session timeouts: 8-hour maximum session, 30-minute idle timeout

– Local data on the Qt desktop app is encrypted with PIN-derived keys

5. Data Sharing

We do NOT sell, rent, or share patient data with any third party except:

– When the doctor explicitly shares a live stream link with a specialist (with patient consent)

– When required by law or regulatory authority (CDSCO, court order)

– With AWS as our cloud infrastructure provider (under AWS Data Processing Agreement)

6. Data Retention

– Patient clinical data: Minimum 3 years as per Indian Medical Council guidelines

– Session recordings and snapshots: Retained as long as the doctor’s account is active

– Deleted patient data: Soft-deleted (hidden from doctor), retained for 3-year compliance period, then eligible for permanent deletion by admin

– Audit logs: 1 year retention

7. Patient Consent

– Doctors must obtain verbal or written patient consent before starting any procedure in Elphie

– The platform enforces a consent confirmation dialog before each procedure

– Live stream sharing requires separate patient consent confirmation

– Patients can request access to or deletion of their data through their treating doctor

8. Your Rights (Under DPDPA 2023)

As a Data Principal, you have the right to:

– Access your personal data held by us

– Request correction of inaccurate data

– Request erasure of your data (subject to regulatory retention requirements)

– Withdraw consent for data processing

– File a grievance with our Data Protection Officer

9. AI Disclaimer

Elphie’s AI caries detection is an assistive tool only. It does NOT constitute a clinical diagnosis. All AI-generated findings must be independently verified by a qualified dental professional. Healyantra is not liable for clinical decisions made based on AI suggestions.

10. Children’s Data

Elphie may process dental data of minors (patients under 18) only through their treating doctor with parental/guardian consent as required by DPDPA Section 9.

11. Data Protection Officer

For any privacy-related queries or requests:

– Email: privacy@healyantra.com

– Address: H No. 345, C.A. Road, Nagpur – 440008, Maharashtra, India

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be notified through the platform and updated on this page. Continued use of Elphie after changes constitutes acceptance.

13. Governing Law

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000.