VaniOS← Back
Privacy · DPDP Act, 2023

Privacy Policy

Data residency

All patient and clinician data is stored on Indian-region cloud infrastructure. Backups stay within India.

What we collect

  • Clinician profile (name, registration number, contact)
  • Patient records (entered by you with verbal consent)
  • Audio and transcripts from consultations
  • Audit log of every read/write to clinical data

Your patients' rights (DPDP §11–14)

Patients may request access, correction, or erasure of their data. Doctors are the data fiduciaries; we assist with exports and deletion within 7 working days of your request.

Consent

Verbal consent is captured at the start of each recording (the "stamp"). Patients can withdraw consent at any time — corresponding records are flagged for deletion.

Sharing

We do not sell data. We share with sub-processors only as needed to operate the service: cloud hosting (India region), AI inference (text-only, no audio), and SMS/WhatsApp delivery.

Retention

Clinical records: retained as long as your account is active or as required by Indian medical record-keeping rules. Audit logs: 7 years. On account deletion you have 30 days to export.

Security

TLS 1.2+ in transit, AES-256 at rest, row-level access control, full audit trail. Annual security review.

Your rights as a clinician

Export, correction, deletion — from Settings → Account. Or email privacy@vanios.com.

Grievance Officer

Per DPDP Act §8(9): grievance@vanios.com · response within 7 working days.

Version 1.0 · May 5, 2026