Privacy Policy
Last updated: 27 April 2026
1. What we collect
Account info (name, email, phone, clinic). Patient health data uploaded by clinics. Payment metadata from gateways (we never store card numbers — those stay with Razorpay / PCI-DSS compliant processors).
2. How we use it
(a) Operate and improve the Service. (b) Generate clinic and analytics reports. (c) Communicate critical updates. (d) Comply with legal obligations.
3. Sharing
We do not sell your data. We share with sub-processors strictly as required: Razorpay (payments), AWS / Mongo Atlas (hosting), email & messaging vendors. All sub-processors are bound by DPA agreements.
4. Patient health data
Clinics are the data controller; AUDINEXA is the data processor. Patient data is encrypted (AES-256 at rest, TLS 1.3 in transit). Premium tier offers client-controlled encryption (BYOK) where AUDINEXA cannot decrypt patient PHI even on its own servers.
5. Cookies
Essential cookies for session and CSRF. No third-party advertising trackers.
6. Your rights (DPDP Act 2023)
You may request access, correction, erasure, or portability of your data by emailing support@audinexa.com. We respond within 30 days.
7. Retention
Active accounts: data retained while subscription is active + 60 days. Closed accounts: data deleted within 90 days of termination.
8. Children
Not directed at children under 18. Parents managing patient records on behalf of minors must obtain consent under DPDP guidelines.
9. Changes
We may update this policy. Material changes are notified via email at least 14 days in advance.
10. Contact
Email our DPO at support@audinexa.com.