Medilite AI
powered by Sarvam AI
Legal

Privacy Policy

Last updated: June 2026

1. What we collect

We collect clinic staff account details (name, email, role) and patient information entered during clinical workflows (name, phone, visit records, prescriptions, reports). Audio recordings made during AI-assisted consultations are processed to generate transcripts and are not retained beyond the consultation session.

2. Tenant isolation

Each clinic's data is strictly isolated by a clinic_id enforced at the database level. No cross-clinic data access is possible within the platform.

3. How we use your data

Data is used solely to provide the Medilite AI service to your clinic. We do not sell data to third parties. AI transcription is powered by Sarvam AI; audio is transmitted over encrypted connections and processed under data processing agreements.

4. DPDP Act compliance

We process data in accordance with India's Digital Personal Data Protection Act, 2023. As the clinic is the data principal for its patients' personal data, clinics are responsible for obtaining patient consent as required by applicable regulations.

5. Data retention

Patient records are retained for the duration of your clinic's subscription. Upon account termination, data can be exported on request and is purged within 90 days.

6. Security

All data is encrypted in transit (TLS 1.3) and at rest. Staff sessions are HMAC-signed and short-lived. We use Supabase Row Level Security to enforce per-clinic data boundaries at the database layer.

7. Contact

Privacy questions or data requests? support@medilite.ai

← Back to sign in