Legal

Privacy Policy

Last updated: March 2026

1. Information We Collect

ArogyaSync processes clinical telemetry data (vital signs captured by edge devices) and administrative data (hospital staff credentials, device metadata). We do not collect data directly from patients; all data flows through hospital-controlled infrastructure.

2. How We Use Your Data

Clinical data is used exclusively for real-time monitoring, alert generation, and historical trend analysis within the subscribing hospital. Administrative data is used for authentication, audit logging, and system operations.

3. Data Storage and Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Infrastructure is hosted on AWS ap-south-1 with PostgreSQL RDS. Blockchain-anchored audit trails provide tamper-evident records of clinical data batches.

4. Data Retention

Clinical vitals are retained per the subscribing hospital's policy. Audit logs are retained for a minimum of 7 years. Patients may exercise their right to data export or deletion through their hospital's administration (GDPR/DPDP compliant endpoints are available).

5. Third-Party Sharing

We do not sell or share personal data with third parties for marketing. Data may be shared with insurance verification partners only when the hospital has an active integration and patient consent is on record.

6. Contact

For privacy inquiries, contact our Data Protection Officer at privacy@arogyasync.com.