Privacy Policy

Dawnbreak AI Private Limited (“Company”, “Dawnbreak AI”, “we”, “us”, or “our”) is a corporation incorporated under the Indian Companies Act, 2013 (Act No. 18 of 2013), having CIN: U62013KA2025PTC197558 with its registered office located at [Registered Office Address]. Dawnbreak AI specializes in providing hospitals with an innovative medical documentation solution, leveraging advanced speech-to-text technology powered by Large Language Models (LLMs). (“Client”, “you”, “your”). This Platform is made available to the you and your Authorized Users, as defined under the Terms and Conditions.

The Privacy Policy outlined herein serves to apprise you for the usage of the Platform regarding the categories of information that we may collect from you. Additionally, it aims to elucidate the terms under which we utilise and disclose this information, as well as the rights pertaining to the data thus acquired. It is imperative to note that with each usage of the Platform, the prevailing iteration of this Privacy Policy shall be in effect. Consequently, we kindly request you to ascertain the date of this Privacy Policy, which is prominently displayed at the outset of this document, and to review any amendments made since their previous engagement with the Platform. Should we implement any significant alterations to this Policy, an announcement may be made on the Platform. Subsequently, your continued utilisation of the Platform shall be construed as an acceptance of the modified Privacy Policy. 

By accessing the Platform and/or furnishing your information and the information provided by you, you hereby agree and provide your consent for us to receive, store, process, transfer, and utilise the personal and identifiable information (including sensitive personal information as defined by applicable laws, such as Information Technology Act-2000, Information Technology (reasonable security Practices and Procedures, Sensitive Personal Data or Information) Rules-2025 (as amended from time to time), Digital Personal Data Protection 2023 and other relevant applicable laws, that may be applicable to you.

Personal information governed by this Privacy Policy is exclusively collected and retained by us. We function in the capacity of a Data Processor, as we collect and process Personal Information and Personal Data as collected by you on our behalf and you concurrently serve as the Data Controller, pursuant to a legally binding written agreement between both parties.

By visiting the Platform or providing the information, you explicitly consent to be bound by the terms and conditions delineated in this Privacy Policy. Furthermore, should you dissent from these terms, we kindly request that you refrain from using or accessing our Platform.

Merely by visiting this Platform, you explicitly grant consent, except where restricted by applicable law, that all your and the personal information collected by you for the Platform may be employed and disclosed in accordance with the provisions outlined in this Policy.

This Privacy Policy pertains exclusively to the information gathered on the Platform. 

The Platform is designed to perform the services enumerated in our Terms and Conditions. Upon registration, Platform securely stores your preferences for your convenience, enhancing your overall experience through personalised features.

1. What Personal Information Do We collect from You? 

   1. The primary purpose of collecting your personal information is to enhance its functionality and optimise the utilization of Services. This includes refining your interactions, improving service delivery, and adapting the Platform’s offerings to better align with your preference. Such data may be processed and utilized through means deemed necessary and appropriate, provided they remain within the ambit of applicable law and regulatory requirements.

   2. Information You Provide

      1. We receive and securely store any information that you provide to us in connection with the Services you access through our Platform. This includes, but is not limited to, the following categories of data: 

   3. Your/Patient Data: 

      1. Information entered by you on the Platform, such as name, field of specialization, location, expertise, and publications; actual recordings of audio notes, which may include medical history, patient details, or any other information you choose to record; (near) verbatim transcriptions of audio recordings, containing medical history, patient details, and other relevant information; standardized notes in SOAP (Subjective, Objective, Assessment, Plan) format or any other format deemed appropriate based on specific requirements, including medical history, symptoms, past visits, diagnoses, and treatment details; data retrieved from the your Electronic Health Record (EHR) system for the sole purpose of displaying specific or aggregated patient information to the Authorized Users; your name and related identifiers; details regarding the rest of the care team; medical history, including symptoms, past visits, diagnoses, treatments, and prescribed medications; your preferences related to Platform functionalities and customization.

   4. Automatic Information/Usage Data

      1. We automatically collect and store certain types of information pertaining to use of Services from our Platform. We may use cookie(s) and other unique identifiers, and we may obtain certain types of information when you access Services through the Platform. The list of such automatic information collected by us are listed below-

         1. IP address; 

         2. Device type and related identifiers; 

         3. Authorised User’s ID or your ID associated with Platform access; 

         4. Email address, password, and Single Sign-On (SSO) credentials; 

         5. Platform usage times and session durations; 

         6. Recording timestamps for audio entries; 

         7. Your location, as provided by the you or the Authorised Users;

         8. Payment and credit card information for billing purposes; 

         9. Phone number for authentication and support.

            
            

2. Purpose of the Information collected by Us?

   1. We may also employ your information or the information provided by you for the enhancement of the Services and Platform. We shall have the right to utilize the personal information collected from you and stored on the Platform in accordance with its operational requirements, business purposes, and applicable policies. Such information may be accessed, processed, or used as and when required to enhance user experience, improve Platform functionality, ensure compliance with legal and regulatory obligations, or for any other legitimate purpose deemed necessary by us and for the Platform. We reserve the exclusive right to establish and modify the criteria for such utilization at our sole discretion, without any obligation to disclose or explicitly mention such criteria anywhere on the Platform. We reserve the right to utilise the information provided by you. 

   2. We may track your navigation within the Platform to improve functionality, optimize interface design. This data is analyzed in aggregate without collecting personally identifiable information.

   3. We may utilise your information to provide Services that align with your interests, the identification of your preferences, and the customization of your experience with our Services. Additionally, we may generate aggregated data to derive insights, furthering our understanding of the behaviour, patterns, and trends, with the aim of gaining deeper insights into your preferences.

   4. We may use the data to enhance the functionality, analyse performance, and enhance the usability and efficacy of our Services.

   5. We may use your personal information to communicate with you in relation to Services through different modes (e.g., by phone, e-mail, chat, Platform).

   6. We may utilise your personal information to proactively prevent and detect instances of fraud and abuse, thereby safeguarding the security of data as provided by you.

   7. We may use your personal information for processing, disclosing, transmitting, and/or sharing the data/information with our subsidiaries, affiliates, associates, partners, and other third parties which have business or contractual dealings with us.

      
      

3. Sharing of Personal Information?

   1. Any information provided to us by you constitutes a vital aspect of our operations. We do not engage in the practice of selling and commercialising personal information, whether received directly, indirectly, or through you, to any third party. We may, however, share the personal information received by us under the circumstances described below, and only with our subsidiaries, affiliates, and associates. These entities are either subject to the provisions of this Privacy Policy and applicable laws or adhere to practices that are, at a minimum, as protective as those articulated in this Privacy Policy. Furthermore, anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined, terminated, or be subject to other remedial measures  if they fail to meet these obligations.

   2. We release accounts and other personal information when we believe release is appropriate to: 

      1. Comply with the law; 

      2. Enforce or apply our Terms and Conditions and other agreements; or

      3. Protect the rights, property, or safety of us and yours. 

      4. This includes exchanging information with other companies and organisations for fraud protection.

   3. Other than as set out above, you will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share the information.

   4. We have appropriate contracts in place with our third party service providers and partners. This means that they cannot do anything with your personal information or information provided by you which is outside of the scope permitted by us. They hold it securely and retain it only for the period specified in our contracts with them.

   5. We may share non-personally identifiable information publicly and with our partners — like publishers, advertisers, developers. For example, we share information publicly to know about the general use of our services. We also allow our partners to collect information from the Platform for advertising and measurement purposes using their own cookies or similar technologies.

   6. If we are involved in a merger, acquisition, or sale of assets, we’ll continue to ensure the confidentiality of your personal information and give affected users notice before personal information is transferred or becomes subject to a different privacy policy.

   7. Anybody else that we’ve been instructed to share your personal information with by you.

      
      

4. How Secure is the Information shared by you?

   1. We are committed to protecting the personal information in our custody. We take reasonable steps to ensure appropriate physical, technical and managerial safeguards are in place to protect the personal information from unauthorised access, alteration, transmission, and deletion. We work to protect the security of the personal information during transmission by using encryption protocols. We use multi-layered controls to help protect our infrastructure, constantly monitoring and improving our applications, systems, and processes to meet the growing demands and challenges of security. We ensure that the third parties who provide services to us under appropriate contracts, take appropriate security measures to protect your personal information in line with our policies. Notwithstanding the foregoing, transmissions over the Internet and/or a mobile network are not one hundred percent (100%) secure and we do not guarantee the security of transmissions. We are not responsible for any errors by you in submitting Personal information or Personal Data to us.

   2. We process personal information and special categories of personal data as per the applicable laws and protect your rights by following the principles of (i) ‘data protection by design and default’ and (ii) ‘least privilege’. Data processing principles such as data minimization at the time of determining the means for Processing and at the time of processing itself will be adhered to. We shall also by default only process Personal Data that is necessary for each specific purpose mentioned above. Such Personal Data of yours will not be made accessible to an indefinite number of persons without your explicit consent.

   3. We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, processing, and disclosure of personal information of Patients. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.

   4. Our Platform offers security features to protect them against unauthorised access and loss of data. You can control these features and configure them based on your needs. 

      
      

5. Limit Use and Disclosure of Sensitive Personal Information

   1. You shall have the right to limit use and disclosures of your sensitive personal information to that use which is necessary to perform the services or deliver the goods, unless you subsequently provide consent for our use or disclosure of your sensitive personal information for additional purposes. Our collection and processing of sensitive personal information without the purpose of inferring characteristics about you is not subject to this right.

   2. Your Rights

      1. ask for access to details of the personal data held by us about you, free of charge and to obtain a copy of your personal data;

      2. to request the rectification, restriction and in some circumstances erasure or restrict (stop any active processing) of your personal data held by us;

      3. to object to the processing of your data in some circumstances (in particular, where we do not have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing);

      4. These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete data which we are required by law to keep or have compelling legitimate interests in keeping.

         
         

6. Legal Compliances and Data transfer

   1. We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it.

   2. Data Storage

      1. We maintain our servers in India, and your information and information provided by you may be stored and processed on cloud servers including GCP (Google Cloud Platform), Cloud Data Store, MongoDB, Firestore. Moreover, we ensure compliance with specific legal frameworks that pertain to the transfer of data.

   3. Security

      1. All our services are built with strong security features that continuously protect your information. The insights we gain from maintaining our services help us detect and automatically block security threats from ever reaching you. And if we do detect something risky that we think you should know about, we’ll notify you.

      2. We work hard to protect you from unauthorised access, alteration, disclosure, or destruction of information we hold, including;

         1. We use AES-256 encryption to keep your data private;

         2. We offer a range of security features, like safe browsing, security checkups, and 2 step verification to help you protect your account;

         3. We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorised access to our systems.;

         4. We ensure that systems are granted only the minimum level of access required to perform their designated tasks, minimizing the risk of unauthorized data access or accidental exposure;

         5. We conduct periodic security audits, at least annually, to assess and enhance the effectiveness of our security controls and compliance measures.

         6. All our employees undergo regular security and privacy training to ensure compliance with industry standards and best practices.

            
            

7. Children’s Privacy 

   1. We consider it paramount to safeguard the online privacy of children. In line with this commitment, we adhere to applicable laws governing the protection of children's privacy. While we may collect Personal Information and Special Categories of Personal Data (such as health information) as part of our Services, we do so only in compliance with relevant legal requirements and with appropriate parental or guardian consent, where applicable. In the event that we become aware of inadvertent collection of such data from individuals below the age thresholds stipulated by law, we will promptly delete such information, unless retention is legally required for medical purposes.

      
      

8. How Long Do We Retain the Information shared by you?

   1. We may retain your personal information for a duration that is essential for delivering our services or for other critical purposes, including compliance with legal obligations, dispute resolution, and the enforcement of our agreements. The retention period will be determined based on the specific data types and purposes involved, and as such, actual retention periods may vary considerably. 

   2. In a situation where we are required to cease processing of your personal information then we shall within a reasonable time securely and permanently delete the personal data or anonymize the personal data so that such data is no longer considered to be personal data and cannot be traced or pseudonymised or securely encrypted.

   3. In a scenario where we are obligated to discontinue the processing of your personal information, we shall promptly, securely, and permanently delete the personal data. Alternatively, we may anonymize the personal data, rendering it no longer identifiable as such, ensuring that the user cannot be traced, pseudonymised or securely encrypted.

      
      

9.  What Information Can You Access?

   1. We recognize that when you engage with us, you maintain rights over your personal information. These rights encompass taking reasonable steps to facilitate your access to personal information, rectify any inaccuracies, and address other related matters. Any information you provide through the usage of the Platform can be accessed by you through reasonable means, in accordance with applicable laws. If, at any point, you are dissatisfied with our response or have unresolved concerns, please do not hesitate to reach out to us for issue resolution via the email provided hereinafter.

      
      

10.  Cookies

    1. Cookies are small text files that websites deposit on your device during their usage of the Platform. In addition to cookies, other forms of trackers are also used. These tools serve multiple purposes, including optimising the functionality and efficiency of websites, as well as furnishing valuable information to the website owners.

    2. These cookies, permissions, and other trackers are utilised on our Platform to gather and process data, thereby enhancing your Platform experience and facilitating the continuous improvement of our services.

    3. However, we use only session cookies to maintain the authentication during active sessions. Session cookies automatically expire once the session ends, either due to being logged-out or inactivity.

       
       

11. Terms of Use

    1. If you elect to utilise our services, such usage and any privacy-related disputes are bound by the terms delineated in this Privacy Policy and our Terms and Conditions. This includes provisions regarding limitations on damages, dispute resolution mechanisms, and adherence to the prevailing Data Protection Law of India.

    2. You acknowledge that the primary usage is between you and us and you shall be responsible for the Authorized Users and as governed under Terms and Conditions and other governing policies. Any information provided by the Patient to us, through the Authorized Users, will be considered as information provided by you and will be used in the course of providing our Services.

    3. Should you possess any concerns related to privacy concerning our operations, we encourage you to reach out to us, providing a comprehensive description of the issue. We are committed to addressing your concerns and striving for resolution.

       
       

12.   Indemnities

    1. You are required to indemnify, defend, and absolve us, at your own expense, from and against all losses, penalties, liabilities, obligations, damages, third-party claims, demands, causes of action, costs, and expenses of any kind or nature (each referred to as a "Claim," and collectively as "Claims"). This includes reasonable legal fees and other expenditures associated with legal defence, arising from, or connected to the following: (i) any negligent acts, omissions, or wilful misconduct on your part; (ii) your access to and utilisation of the Platform; (iii) an actual or alleged breach of any of your duties, representations, warranties, or covenants outlined in this Agreement, except in cases where such indemnification is prohibited by applicable law.

       
       

13.  Governing Law and Disputes

    1. The said Privacy Policy will be governed by the Laws of India. Any dispute, controversy, or claim directly or indirectly arising from, or related to, this Privacy Policy shall be referred to Arbitration. The seat of the Arbitration shall be in Mumbai, Maharashtra, India. The arbitration proceedings will be conducted in accordance with the provisions of the Indian Arbitration and Conciliation Act, 1996. The Arbitration proceedings shall be adjudicated by a sole arbitrator appointed by us. The arbitration process shall be conducted in the English language, and the arbitration award will be issued in writing, binding both the Parties, i.e., you and us.

    2. You unequivocally agree that the courts in Mumbai, Maharashtra, India, shall possess exclusive jurisdiction over any matters stemming from this Privacy Policy.

       
       

14. This Privacy Policy doesn’t apply to:

    1. The information practices of other entities and organisations, which advertise our services; services provided by other companies or individuals, including products or sites they offer that may include our services to which the policy applies, or products or sites displayed to you in any search results, or linked from our services

       
       

15. Changes to this Policy

    1. This Privacy Policy undergoes periodic revisions, we will not diminish your rights under this Privacy Policy without obtaining your explicit consent. We consistently specify the date of the most recent modifications or any significant changes, granting access to archived versions for your perusal. In instances where modifications or any significant changes hold substantial significance, we will issue a more prominent notice, which may include email notifications for privacy policy adjustments, especially for certain services.

       
       

16.  Complaint Forum

    1. You may address any inquiries or grievances regarding the utilisation or disclosure of personal data to our reporting contact as herein mentioned. We will diligently investigate and make efforts to resolve any complaints or disputes pertaining to the use or disclosure of personal data.

    2. We are dedicated to taking all necessary measures to uphold the safety and security of the Platform, mitigating any potential privacy or data security risks. Furthermore, we are committed to utilising the Platform in a professional and ethical manner, aligning with this Privacy Policy, and in strict accordance with relevant laws and regulations.

    3. In the event that the we become aware, discovers, or learns of any unethical behaviour associated with the utilisation of the Platform or detects any misuse of the Platform contrary to our stated commitments or in violation of applicable laws, prompt corrective measures will be taken. These actions will be aimed at curtailing any unethical conduct and ensuring the lawful and proper operation of the Platform.

       
       

17. Reporting Contact

    1. For any inquiries, problems, apprehensions, grievances, or queries, please do not hesitate to reach out to us at the following contact point: support@dawnbreak.ai.