Pranik.ai - Democratising Quality Healthcare

Privacy Policy

Last Reviewed: March 2025

1. OVERVIEW AND SCOPE

Pranik Technologies Private Limited, operating under the brand name Pranik.ai ("Company," "We," "Us," or "Our"), is committed to protecting the privacy and security of the Personal Data of Registered Medical Practitioners ("Doctor," "You") who use the P4D (Pranik for Doctors) application ("P4D App").

This Privacy Policy ("Policy") explains how we collect, use, process, store, share, and protect your Personal Data. It also addresses the special and sensitive nature of Doctor's Input Data (your image and voice) used to create your Digital Twin, and your rights as a Data Principal under Indian law.

This Policy is prepared in compliance with:

The Digital Personal Data Protection Act, 2023 ("DPDP Act") and rules made thereunder;
The Information Technology Act, 2000 and the IT-SPDI Rules, 2011;
The Telemedicine Practice Guidelines, 2020;
The Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2002;
Other applicable laws governing health data, professional registration, and financial services in India.

Important: You occupy a dual role on this platform. You are both (a) a service provider (Doctor) facilitating medical consultations, and (b) a Data Principal whose Personal Data - including biometric-like data for the Digital Twin - is processed by the Company. This Policy addresses both roles.

2. DATA FIDUCIARY - WHO IS RESPONSIBLE FOR YOUR DATA

Data Fiduciary

Pranik Technologies Private Limited (Pranik.ai)

Data Protection Officer (DPO)

[Name of DPO to be inserted]

DPO Email

dpo@pranik.ai

Doctor Support

support@pranik.ai

Website

https://pranik.ai

3. KEY DEFINITIONS

"Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act, 2023.
"Sensitive Personal Data" means Personal Data relating to health, biometric data (including voice and facial likeness used for AI avatar creation), financial data, and other prescribed categories.
"Doctor's Input Data" means the Doctor's photograph, voice samples, and curated medical knowledge base content provided to create and train the Digital Twin.
"Digital Twin" means the AI-powered physician avatar created within P4D based on the Doctor's Input Data.
"Biometric-Like Data" refers to the Doctor's voice and facial image used for Digital Twin creation. While not biometric authentication data in the traditional sense, such data is treated with equivalent sensitivity under this Policy.
"Patient Data" means Personal Data of Patients (P4P App users) transmitted to the P4D App for consultation purposes.
"Consent" means a free, specific, informed, unconditional, and unambiguous indication of agreement to data processing for a specified purpose.
"Data Principal" means the individual to whom the Personal Data relates - in this context, the Doctor.
"Anonymized Data" means data from which all personally identifiable information has been irreversibly removed.

4. PERSONAL DATA WE COLLECT ABOUT YOU

4.1 Professional Identity and Verification Data

Full name, date of birth, gender.
Government-issued photo identity document (Aadhaar, Passport, Voter ID - number only).
State Medical Council Registration Number and NMC Unique ID (UID).
Medical qualifications, specialization, and years of experience.
Professional photograph.
Proof of address (utility bills, rent agreement, or government ID with address).

4.2 Account and Contact Data

Email address, mobile phone number.
Username and encrypted password.
Profile photograph.
Device identifiers (Device ID, OS version, app version).

4.3 Doctor's Input Data for Digital Twin (Biometric-Like Sensitive Data)

This is the most sensitive category of data we collect about you. It is used exclusively for the creation and training of your Digital Twin.

Facial photograph(s) and/or video frames for avatar generation.
Voice samples (audio recordings) for voice cloning and synthesis.
Medical knowledge base content: clinical notes, treatment preferences, FAQ responses, drug interaction knowledge, and other professional knowledge you voluntarily upload or record within the App to train your Digital Twin.

This data is treated as Sensitive Personal Data. It is processed only with your explicit, informed, and separately obtained consent. It is never shared with third parties for any purpose other than Digital Twin creation and platform improvement (in anonymized form). You may revoke this consent and request deletion at any time.

4.4 Consultation and Clinical Activity Data

Appointment schedule: accepted, rejected, and completed consultation records.
Pre-consultation SOAP summaries received from P4P (patient-reported data; not generated by you).
Live Scribe: raw voice audio of consultations - processed through a secure anonymization pipeline and permanently deleted within 24 hours of pipeline completion. The resulting structured text transcript is retained as part of the clinical record. Raw audio is not retained as a record.
Live consultation video feeds - processed in real-time only. No video files of the consultation are written to or stored on our servers at any point.
Draft and e-signed prescriptions generated or approved through the App.
CDSS Lite interaction logs (recommendations reviewed and accepted, modified, or rejected by you).
Doctor's notes and clinical decisions recorded through the App.

4.5 Payment and Financial Data

Bank account details (account number, IFSC code, account holder name) for consultation fee disbursements.
Payment disbursement records and transaction history.
GST registration details (where applicable).

4.6 Device and Usage Data

Device type, operating system, IP address, and app version.
Session logs, feature usage patterns, and crash reports.
Login timestamps and session duration.

4.7 Patient Data - Data Fiduciary Roles and Your Obligations

Patient Personal Data transmitted from the P4P App to the P4D App exists at the intersection of two independent Data Fiduciary relationships, which operate simultaneously on the same data:

Pranik.ai's Role

For the bounded activity of transmitting, storing, and making Patient Personal Data accessible for consultation purposes - the Consultation Facilitation Sphere - Pranik.ai acts as Data Processor on your behalf as Data Fiduciary. Pranik.ai also acts as an independent Data Fiduciary for platform infrastructure decisions (security, sub-processors, retention implementation, and AI model improvement through anonymized data) that you do not direct. These two roles are separate and operate in distinct spheres.

Your Role as an Independent Data Fiduciary

As the treating Doctor, you independently determine the purposes and means of processing Patient Personal Data within your clinical relationship - what you ask, what you record, what you diagnose, what you prescribe. This makes you an independent Data Fiduciary under the DPDP Act, 2023 for the Clinical Sphere of processing. Your obligations as a Data Fiduciary exist independently of and in addition to Pranik.ai's obligations. They are not delegated to Pranik.ai and cannot be.

What This Means in Practice

Patients have rights against you directly - access, correction, and grievance redressal in respect of your clinical notes, diagnoses, and prescriptions - not only against Pranik.ai.
You are responsible for ensuring that your clinical use of Patient data complies with the DPDP Act, 2023, the IT-SPDI Rules, 2011, and applicable medical ethics codes, independently of Pranik.ai's own compliance.
You may not use Patient data accessed through P4D for any purpose outside providing healthcare to that specific patient.
You must immediately notify Pranik.ai at dpo@pranik.ai if you become aware of any unauthorised access to or disclosure of Patient data through your account.

The full framework governing Pranik.ai's obligations as Data Processor for consultation facilitation - including security obligations, breach notification procedures, audit rights, and retention - is set out in the Pranik Data Processing Agreement, incorporated into the P4D Professional Agreement by reference and available at pranik.ai/legal/dpa.

[LAWYER REVIEW FLAG - DUAL FIDUCIARY] This section reflects the three-sphere fiduciary framework set out in the DPA Recitals. The reviewing lawyer should confirm that this characterisation is consistent with the DPA and that notice to doctors of their own fiduciary status is adequate under the DPDP Rules 2025.

4.8 Data We Do NOT Collect

Traditional biometric authentication data (fingerprints, iris scans) from Doctors.
Raw payment card numbers (all patient-side payments are tokenized through PCI-DSS-compliant gateways).
Video recordings of any kind - live consultation video feeds are processed in real-time only. The system architecture has no video recording capability.
Raw voice audio beyond the Live Scribe processing window - raw audio is permanently deleted within 24 hours of pipeline completion.

5. HOW WE COLLECT YOUR PERSONAL DATA

Directly from you: During registration, account setup, credential verification, knowledge base uploads, and Digital Twin training sessions.
Through app usage: Consultation activity, CDSS Lite interactions, appointment management, and Live Scribe recordings.
From regulatory databases: NMC and State Medical Council credential verification (with your consent).
Automatically: Device metadata, session logs, and crash reports collected via analytics tools.

6. PURPOSES OF PROCESSING AND LEGAL BASIS

We process your Personal Data only for specified, clear, and lawful purposes. The table below sets out each processing activity, the data involved, the purpose, the legal basis under the DPDP Act, 2023, and - where we rely on Legitimate Use - a written justification confirming that our interest does not override your rights as a Data Principal:

Processing Activity

Data Involved

Purpose

Legal Basis

Justification (Legitimate Use balancing test)

Professional Identity Verification (KYC)

Name, NMC UID, Qualifications, Govt. ID, Photo

KYC compliance; verify registered medical practitioner status

Consent; Legal Obligation

Mandatory under KYC regulations and Telemedicine Practice Guidelines 2020. Unverified practitioners could endanger patients. Privacy impact proportionate - limited to credential verification only.

Account Creation & Authentication

Name, email, phone, password, profile photo

Create and manage account; enable secure login

Contract; Consent

Necessary to perform the service contract. Only credentials required for authentication are collected.

Digital Twin - Facial Image

Face photograph(s), optional video frames

Create visual AI avatar for Doctor's Digital Twin

Explicit Consent (separate, granular)

Biometric-like Sensitive Personal Data - processed only with separate explicit consent. Purpose strictly limited to Digital Twin rendering. Never used for advertising, surveillance, or general model training.

Digital Twin - Voice

Voice recordings; synthesized voice model

Create voice component of Doctor's Digital Twin

Explicit Consent (separate, granular)

Biometric-like Sensitive Personal Data - processed only with separate explicit consent. Stored in encrypted restricted-access environment. Revocable at any time with deletion within 30 days.

Digital Twin - Knowledge Base

Clinical notes, treatment preferences, FAQ responses uploaded by Doctor

Train Digital Twin to reflect Doctor's expertise and practice style

Explicit Consent (separate, granular)

Doctor retains ownership of all uploaded content. Licence to P4D is limited to Digital Twin operation and anonymized platform improvement. Fully revocable at account closure.

Teleconsultation Platform

Appointment schedule, SOAP summaries, audio/video, chat, clinical notes

Facilitate teleconsultations; appointment management

Consent; Contract

Necessary to deliver the core contracted service. Processing is inseparable from providing the teleconsultation platform.

Live Scribe Transcription

Consultation audio (processed then discarded); generated transcript

Post-consultation documentation

Consent

Explicit consent of both Doctor and Patient required before activation. Audio not retained after transcription. Doctor reviews and approves before record is finalised.

CDSS Lite Interaction Logs

Patient pre-consult data reviewed; recommendations accepted/modified/rejected

Clinical decision support; quality assurance

Consent

Optional feature - Doctor opt-in required. Logs record Doctor's clinical choices. Used for platform quality assurance only - not patient profiling.

Draft Prescription Generation

Consultation transcript, CDSS suggestions, Doctor's digital signature

Draft documentation aid; generate prescriptions for Doctor review

Consent

Active opt-in required. No prescription generated without Doctor's final review and digital signature. A documentation aid - not an autonomous clinical function.

Payment Disbursement

Bank account details, IFSC code, GST registration, disbursement records

Consultation fee disbursement to Doctor

Contract; Legal Obligation

Necessary to perform the payment contract. Required under GST and Income Tax Act for financial record-keeping.

Fraud Prevention & Security

Device signals, login timestamps, anomaly indicators

Detect unauthorized access; protect professional accounts

Legitimate Use

It is in our and Doctors' legitimate interests to protect clinical credentials from misuse. Limited to anomaly detection - not profiling. Directly benefits Doctors by protecting their professional accounts and patients from imposters.

Platform Analytics

Anonymized/aggregated usage patterns, crash logs

Improve platform performance; identify errors

Legitimate Use

It is in our and Doctors' legitimate interests to maintain a reliable clinical platform. All data anonymized or aggregated before use. No individual is identifiable at this stage.

AI Model Training on Consultation Data

Consultation transcripts and CDSS logs (irreversibly anonymized)

Improve Live Scribe, CDSS Lite, and clinical AI models

Consent for anonymization; post-anonymization: Legitimate Use

Consent obtained for the anonymization step. Post-anonymization, data is not Personal Data under the DPDP Act. Legitimate interest in improving clinical AI accuracy benefits all Doctors and their patients. Re-identification is technically impossible.

Regulatory Compliance & Audit Trails

Name, appointment history, prescription records, payment records, activity logs

Satisfy legal obligations; maintain audit trails

Legal Obligation

Required under Telemedicine Practice Guidelines 2020, Drugs & Cosmetics Act, Income Tax Act, GST, and DPDP Act 2023. Processing does not exceed what applicable law mandates.

Service Notifications

Name, email, phone, appointment schedule

Appointment reminders; compliance alerts; platform communications

Contract; Consent

Necessary to perform the service contract. Transactional in nature - not marketing.

Marketing (opt-in only)

Name, email, phone, specialization

Platform updates and professional development offers

Consent (opt-in)

Consent only - not sent without active opt-in. Fully revocable via App settings or email.

Note: 'Legitimate Use' under the DPDP Act, 2023 is functionally analogous to 'Legitimate Interests' under GDPR. Where we rely on it, we have conducted an internal balancing test confirming that our interest does not override the fundamental rights and privacy interests of the Data Principal. The balancing test outcome is summarised in the Justification column above.

7. SPECIAL PROVISIONS FOR DIGITAL TWIN DATA

Given the uniquely sensitive nature of the Doctor's Input Data, the following additional provisions apply exclusively to the processing of data used to create and maintain your Digital Twin:

7.1 Separate Explicit Consent

Collection and processing of your face images, voice samples, and knowledge base content for Digital Twin creation requires your separate, explicit, written consent, obtained distinctly from your general acceptance of the Terms and Conditions. This consent is granular - you may consent to voice alone, image alone, or both, and you may separately consent to knowledge base training.

7.2 Purpose Limitation

Your Doctor's Input Data is used solely for:

Creating and rendering your Digital Twin within the P4D App.
Training your Digital Twin using your knowledge base.
Improving the technical quality of the Digital Twin feature (in anonymized and aggregated form only).

Your Doctor's Input Data will never be: sold to third parties; used for advertising; used to train general AI models outside of P4D; shared with any party other than our vetted Digital Twin technology sub-processors.

7.3 Sub-Processors for Digital Twin

The Company uses vetted third-party AI technology providers (Sub-Processors) to render the Digital Twin. These Sub-Processors are bound by data processing agreements that restrict use of your data to the contractually specified purpose only and require compliance with applicable data protection standards. A list of current Digital Twin Sub-Processors is available on request from dpo@pranik.ai.

7.4 Right to Revoke and Erasure

You may revoke your consent for Digital Twin data at any time. Upon revocation:

The Company shall cease all new processing of your voice and image data for the Digital Twin.
Your Digital Twin avatar will be deactivated within the App.
Underlying biometric-like training data will be deleted or irreversibly anonymized, subject to any mandatory log retention obligations under applicable law (minimum 1-year audit log retention).
Anonymized or aggregated data already incorporated into platform-level AI models cannot be individually extracted or reversed.

To exercise this right, contact dpo@pranik.ai or use the "Manage Digital Twin" settings within the App.

7.5 Security of Digital Twin Data

Doctor's Input Data (face and voice) is stored in encrypted form (AES-256 at rest; TLS 1.2+ in transit) in restricted-access storage environments. Access is limited to authorized personnel with a documented need-to-know basis. Regular security audits are conducted on systems holding this data.

7.6 Credential Security and Third-Party Misuse

If a third party gains access to your Digital Twin through your compromised or shared account credentials, the Company is not liable for any resulting harm. You are responsible for keeping your credentials confidential and must notify us immediately at support@pranik.ai upon any suspected breach.

8. USE OF ANONYMIZED DATA FOR AI MODEL TRAINING

Certain categories of data generated through your use of P4D may be used for AI model training after undergoing a rigorous, irreversible anonymization process. The following explains precisely which data is used and how:

8.1 Categories of Data Used

Live Scribe consultation transcripts: raw voice audio is permanently deleted within 24 hours of the anonymization pipeline completing. Only the resulting anonymized text transcript - from which all identifiable information has been stripped - is used for improving Live Scribe accuracy and clinical summarization models.
CDSS Lite interaction logs (anonymized): your acceptance, modification, and rejection patterns are used to refine drug recommendation and treatment suggestion models. These are de-identified before use.
Knowledge base content (where aggregated and anonymized): used to improve general clinical AI models with no individual attribution.

8.2 We Never Sell Your Data

We do not sell, rent, or transfer your Personal Data - including your consultation transcripts, CDSS logs, Doctor's Input Data, or any anonymized derivative thereof - to any third party for commercial gain. Your data is used solely to improve the clinical AI services provided through P4D. No third-party advertiser, data broker, or commercial entity receives your data in any form for their own purposes.

8.3 Consent and Right to Withdraw

You provide explicit consent for this anonymized data use through the Consent Notice at registration. You may withdraw this consent at any time by contacting dpo@pranik.ai. Anonymization is irreversible - data already incorporated into aggregate models cannot be individually extracted. This is a technical characteristic of anonymization, not a restriction of your rights.

9. SHARING AND DISCLOSURE OF YOUR PERSONAL DATA

9.1 With Patients

Your name, photograph, qualifications, specialization, and consultation availability are shared with Patients (P4P App users) for the purpose of appointment booking and teleconsultation. You consent to this sharing by registering as a Doctor on the Platform.

9.2 With Data Processors (Service Providers)

We share your data with vetted third-party Data Processors, including:

Cloud hosting and data storage providers (data centres in India).
Payment processing partners for consultation fee disbursement.
NMC and State Medical Council credential verification APIs.
Digital Twin technology providers (Sub-Processors - see Section 7.3).
Analytics and security monitoring services.

All Data Processors are bound by data processing agreements requiring compliance with applicable data protection laws and restricting data use to specified purposes.

9.3 For Legal and Regulatory Compliance

We may disclose your Personal Data to government authorities, regulatory bodies (including the NMC or State Medical Councils), or courts of competent jurisdiction when required by applicable law, court order, or regulatory directive. We will, where legally permissible, notify you of such disclosure.

9.4 In the Event of Regulatory Action

In the event that a regulatory body initiates proceedings against you as a medical practitioner, and such proceedings require disclosure of consultation records or platform activity related to your practice on P4D, we may be required to disclose relevant data pursuant to applicable law.

9.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred to the successor entity, subject to the successor assuming the obligations of this Policy. You will be notified.

9.6 We Do Not Sell Your Data - Explicit Confirmation

We do not sell, rent, barter, or otherwise transfer your Personal Data, Doctor's Input Data, or any data derived from your use of P4D to any third party for commercial purposes. We do not use your data to build advertising profiles. We do not allow third parties to target you based on your professional or clinical data. This is an unconditional commitment - not qualified by business model considerations.

10. YOUR OBLIGATIONS REGARDING PATIENT DATA

As the treating Doctor, you independently access Patient Personal Data through the P4D App. In this capacity:

You are bound by your own obligations under the IT-SPDI Rules, 2011, the DPDP Act, 2023, and your professional ethics code to maintain the confidentiality of all Patient data.
You must not download, copy, or transfer Patient data outside the P4D App without the Patient's explicit consent and a lawful purpose.
You must not use Patient data accessed through the P4D App for any purpose other than providing healthcare services to that Patient.
You must immediately notify the Company at dpo@pranik.ai if you become aware of any unauthorized access to or disclosure of Patient data accessed through your P4D account.

11. DATA ABOUT NON-USERS AND THIRD-PARTY DATA

This section addresses Personal Data of individuals who are not registered on the P4D platform but whose data may enter the platform through Patient data received from the P4P App or other third-party transmissions.

11.1 Patient Data Received from P4P

Patient Personal Data - including pre-consultation SOAP summaries, health history, and lab results - is transmitted from the P4P App to the P4D App solely to facilitate the Patient's consultation with the treating Doctor. This data is:

Processed solely for the purpose of the specific consultation for which it was transmitted.
Not used for any secondary purpose, including Digital Twin training or platform analytics, without a separate lawful basis.
Subject to the same security and access controls as all Sensitive Personal Data on the platform.
Accessible only to the treating Doctor for the relevant consultation, subject to applicable record-keeping obligations.

11.2 Incidental Third-Party Data

The P4D platform may incidentally receive references to individuals who are neither Doctors nor Patients - for example, a referring physician named in a Patient's medical history or a laboratory clinician named in a diagnostic report. Such incidental data is not actively collected, is processed only to the extent necessary to complete the clinical record, and is not used for any independent purpose including marketing or AI training.

11.3 Rights of Non-Users

Individuals who are not registered on the P4D platform but whose Personal Data has entered the system through the above channels may contact our Data Protection Officer at dpo@pranik.ai to enquire whether their data is held, and to request correction, deletion, or other rights under the DPDP Act, 2023.

12. AUTOMATED DECISION-MAKING AND THE LIMITS OF AI ASSISTANCE

This section explains precisely what the P4D platform's AI features do and do not decide automatically, and confirms the mandatory human-in-the-loop principle that governs all clinical outputs on the platform.

12.1 What the P4D AI Features Do Automatically

Live Scribe generates a structured draft transcription of consultation audio after the session ends.
CDSS Lite generates draft medicine recommendations, differential diagnoses, and treatment options based on the Patient's pre-consultation data and your interaction during consultation.
The platform generates a draft post-consultation prescription based on the consultation record and CDSS Lite outputs.
The platform sends appointment reminders and schedule notifications automatically.

12.2 What the P4D AI Features Do NOT Do

No AI feature makes, communicates, or finalises any medical diagnosis, treatment decision, or prescription without the Doctor's explicit review, modification where needed, and digital signature or approval.
No AI feature restricts or affects the Doctor's account or practice rights based solely on automated analysis.
CDSS Lite does not communicate directly with Patients - all clinical communications are initiated and controlled by the treating Doctor.
Live Scribe does not finalise a consultation record without the Doctor's explicit review and approval.

12.3 Human Review Is Mandatory

The P4D platform operates on a mandatory human-in-the-loop architecture for all clinical outputs. Every AI-generated draft - whether a transcription, prescription, or clinical recommendation - must be reviewed and explicitly approved by the Doctor before it has any clinical effect. The Doctor's approval constitutes their assumption of full clinical responsibility for the content. No AI-generated output may be communicated to a Patient or included in a finalised medical record without prior Doctor approval.

12.4 Correction of AI Outputs

If you believe that an AI-generated draft contains a factual error about you as a professional (distinct from a clinical judgement in a patient-specific draft), please contact dpo@pranik.ai. Due to the technical complexity of AI language models, retroactive correction of all AI outputs may not always be possible, but we will make every reasonable effort and will inform you of any limitations.

13. SUBPROCESSORS AND THIRD-PARTY DATA PROCESSORS

We engage third-party organisations to process your Personal Data and Patient data on our behalf. All Subprocessors are bound by written data processing agreements requiring restriction of data use to specified purposes, implementation of equivalent security standards, prohibition on further sub-contracting without our prior written authorisation, and compliance with the DPDP Act, 2023.

13.1 Categories of Subprocessors

Cloud Infrastructure and Hosting Providers: Server infrastructure for data storage and application hosting (data centres in India).
Payment Processing Partners: For consultation fee disbursement to Doctors via bank transfer.
KYC and Credential Verification Services: NMC and State Medical Council API verification and government ID document verification.
Digital Twin Technology Providers: AI rendering, voice synthesis, and avatar generation sub-processors, bound by enhanced biometric-like data processing agreements.
Communication Service Providers: SMS, email, and push notification delivery platforms.
Analytics and Crash Reporting Services: Anonymized platform performance and error monitoring tools.
Live Scribe and CDSS Lite Infrastructure: Compute infrastructure for audio transcription and clinical decision support (processing anonymized or pseudonymized data only during inference).

13.2 Subprocessor List - Public Disclosure

We maintain a publicly accessible named Subprocessor List including the category of data processed and the location of each Subprocessor's data processing operations. This list is available at pranik.ai/subprocessors and is updated whenever a Subprocessor is added, changed, or removed. We will provide 30 days' prior written notice to registered Doctors of the addition of any new Subprocessor to allow you to raise an objection.

13.3 Special Obligations for Digital Twin Subprocessors

Digital Twin sub-processors are subject to enhanced contractual obligations including: strict purpose limitation to Digital Twin rendering only; prohibition on retaining original voice or image data beyond the minimum technically required period; mandatory encryption at rest and in transit; and the right for the Company to audit compliance. A list of current Digital Twin Subprocessors is available on request from dpo@pranik.ai.

13.4 Transfers Outside India

Where a Subprocessor processes your Personal Data outside India, we ensure transfer only to countries with adequate data protection under the DPDP Act, 2023, or under contractual arrangements imposing equivalent obligations. For transfers of biometric-like Doctor's Input Data (face and voice) outside India, we will obtain your specific consent in addition to the contractual safeguards described above.

14. DATA STORAGE AND LOCALISATION

Your Personal Data, including Doctor's Input Data, is stored on servers located within the territory of India. Digital Twin processing may involve sub-processors whose servers may be located outside India; in such cases, we ensure adequate safeguards are in place, including data processing agreements requiring compliance with Indian data protection standards, and we obtain your consent for any cross-border transfer of your Doctor's Input Data.

15. DATA RETENTION - THE FIVE DATA BUCKETS

We apply differentiated retention periods based on the nature and legal status of each category of data. Different data has fundamentally different obligations - we do not apply a single blanket period:

Data Bucket

What It Covers

Retention Period

Legal Basis and Notes

Bucket 1: Clinical Records

Consultation transcripts (text), e-signed prescriptions, CDSS Lite logs, doctor's notes, SOAP summaries, audit logs of clinical activity.

Consultation records: minimum 7 years. Prescriptions: minimum 5 years. CDSS logs (identifiable): 1 year.

Telemedicine Guidelines 2020; Clinical Establishments Act; Drugs and Cosmetics Act. Retained after account closure.

Bucket 2: Raw Audio

Raw voice audio from Live Scribe consultation recordings.

Deleted within 24 hours of anonymization pipeline completing. Not retained as a record.

Collected only to generate anonymized transcripts. Deletion is automatic and permanent.

Bucket 3: Raw Video

Live consultation video feeds.

Never stored. Real-time processing only.

System architecture has no video recording capability. No action required on termination.

Bucket 4: Doctor's Input Data

Face photographs, voice samples, and knowledge base content for Digital Twin creation.

Source files: deleted within 30 days of revocation. Audit logs: minimum 1 year post-deletion.

Biometric-like Sensitive Data. Deletion refers to source files. Model weights derived from this data cannot be individually extracted - see Section 7.4.

Bucket 5: Anonymized AI Data

Irreversibly de-identified consultation transcripts and CDSS logs used for AI model training.

Indefinite - no longer Personal Data post-anonymization.

Cannot be traced to any individual. Outside DPDP Act erasure obligations once anonymized.

16. YOUR RIGHTS AS A DATA PRINCIPAL

As a Data Principal under the DPDP Act, 2023, you have the following rights with respect to your Personal Data. Exercise these rights by contacting dpo@pranik.ai or through the App's Privacy Settings:

16.1 Right of Access and Information

You may request a summary of your Personal Data held by us, the purposes for which it is processed, and information about Data Processors and third parties with whom it has been shared.

16.2 Right to Correction and Updation

You may request correction of inaccurate Personal Data and completion of incomplete data. Professional credential corrections may require re-verification with the NMC or relevant State Medical Council.

16.3 Right to Erasure

You may request deletion of your Personal Data upon account closure or withdrawal of consent, subject to mandatory legal retention obligations. Doctor's Input Data (face, voice) will be deleted or anonymized upon revocation of Digital Twin consent (see Section 7.4).

16.4 Right to Data Portability

You may request your Personal Data in a structured, machine-readable format (e.g., JSON or CSV) for transfer to another platform, to the extent technically feasible.

16.5 Right to Withdraw Consent

You may withdraw consent for any specific processing activity at any time. Withdrawal of Digital Twin consent is addressed in Section 7.4. Withdrawal of consent for consultation data use for AI training is addressed in Section 8.

16.6 Right to Grievance Redressal

You may lodge grievances with our DPO at dpo@pranik.ai. We will acknowledge within 72 hours and resolve within 30 days. Unresolved grievances may be escalated to the Data Protection Board of India (once established under the DPDP Act, 2023).

16.7 Right of Nomination

You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. To make a nomination, contact dpo@pranik.ai.

17. SECURITY OF YOUR PERSONAL DATA

We implement the following security measures to protect your Personal Data, with enhanced controls for Doctor's Input Data:

Encryption of all data in transit (TLS 1.2 or higher) and at rest (AES-256).
Strict role-based access controls with least-privilege principles.
Multi-factor authentication for account access.
Separate, restricted-access storage environment for Doctor's Input Data (voice and image), with access limited to authorized engineers on a need-to-know basis.
Regular third-party security audits and penetration testing.
Incident response procedures with breach notification obligations.
Employee confidentiality agreements and privacy training.

18. THIRD-PARTY SERVICES, ABDM INTEGRATION, AND AI INFRASTRUCTURE

18.1 ABDM / NDHM Integration

The P4D App may integrate with the Ayushman Bharat Digital Mission (ABDM) and National Digital Health Mission (NDHM) infrastructure, including ABHA IDs, health lockers, healthcare registries, and consent manager services. Where such integration is enabled:

Data flows through ABDM infrastructure are governed by the ABDM Data Policy and consent framework issued by the National Health Authority, in addition to this Privacy Policy.
Patient ABHA IDs and linked health records accessed through the P4D App are subject to the patient's ABDM consent as well as the consents obtained by P4P.
We will comply with all ABDM sandbox and production integration policies as published by the National Health Authority from time to time.

If and when ABDM integration is activated in the P4D App, this section will be updated with specific details of the relevant data flows. Until then, no data is transmitted to or from ABDM infrastructure.

18.2 Third-Party AI and Machine Learning Infrastructure

We use third-party cloud and AI infrastructure providers as Subprocessors to operate AI features including CDSS Lite, Live Scribe, and the Digital Twin rendering engine. We confirm explicitly:

No Personal Data or Sensitive Personal Data - including patient consultation records, doctor credentials, or Doctor's Input Data (face and voice) - is transmitted to any third-party foundation model provider or general-purpose AI platform.
Third-party AI infrastructure providers process only anonymized or synthetic data. All patient data and Doctor's Input Data is de-identified or pseudonymized before reaching any third-party AI compute environment.
Primary storage and processing of all Personal Data, including Doctor's Input Data and Patient Personal Data, remains on servers located within India. Only anonymized data may be processed on infrastructure outside India, and only under the transfer safeguards described in Section 13.4.

18.3 Cross-Border Transfer - Future Regulatory Compliance

In addition to the safeguards in Section 13.4, the Company will comply with any future notifications, adequacy decisions, or transfer restrictions issued by the Central Government of India under the DPDP Act, 2023, as and when published. Where new transfer rules require changes to our processing arrangements, we will update this Policy and provide notice in accordance with Section 19.

18.4 App Availability in Indian Languages

We are progressively making the P4D App and its key legal notices available in major Indian languages where reasonably practicable. Where you require this Policy or the Consent Notice in a specific Indian language, please contact support@pranik.ai. Language availability will be expanded over time and announced through in-app notifications.

19. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. For material changes, we will provide at least 30 (thirty) days' prior notice via in-app notification or to your registered email address. Your continued use of the P4D App after the notice period constitutes acceptance of the revised Policy. If you do not agree, you must cease use of the App and may request account deletion and data erasure.

20. GRIEVANCE REDRESSAL AND CONTACT

DPO Name

[Name of DPO to be inserted]

Email

dpo@pranik.ai

Response SLA

Acknowledgement within 72 hours; Resolution within 30 days

Escalation

Data Protection Board of India (once constituted under DPDP Act, 2023)

Digital Twin Requests

dpo@pranik.ai - subject line: "Digital Twin Data Request"

21. ACKNOWLEDGEMENT

By registering for and using the P4D App, you confirm that you have read, understood, and agree to the collection and processing of your Personal Data - including your Doctor's Input Data for the Digital Twin - as described in this Privacy Policy.