Privacy Policy – DiaX.ai

01

Introduction

DiabWellness Private Limited ("Company", "We", "Our", or "Us"), incorporated under the Companies Act, 2013, and registered in Kumbakonam, India, operates www.diax.ai and associated mobile and digital applications (the "Platform").

We provide a health technology SaaS platform for healthcare providers — including doctors, nurses, labs, pharmacies, and administrators — along with a patient-facing application enabling digital healthcare delivery, including electronic medical records (EMR), consultations, billing, and AI-assisted clinical decision support systems (CDSS).

We are committed to protecting the privacy, confidentiality, and security of your personal
        data.

02

Scope

This Privacy Policy applies to:

Healthcare providers (doctors, nurses, clinics, hospitals)
Patients and caregivers
Visitors and users of the Platform
Third-party integrations (labs, pharmacies, diagnostics)

03

Definitions

        Personal Data

        Any information that identifies an individual.

        Sensitive Personal Data

        Includes health records, medical history, biometric data, and financial data.

        Health Data

        Medical records, prescriptions, lab reports, vitals, and treatment history.

        User

        Any person accessing or using the Platform.

        Healthcare Provider

        Doctors, nurses, and clinics using the SaaS system.

04

Consent

By using the Platform, you

consent to the collection, storage, and processing of your data, and acknowledge that health data is necessary for service delivery.

You may withdraw consent at any time, subject to legal and medical obligations.

05

Data We Collect

Personal & Health Data

Name, phone, email, address & demographics, medical history, prescriptions, lab reports, vitals & diagnostics, treatment plans, and consultation records.

Healthcare Provider Data

Professional credentials, practice details, and prescribing patterns.

Device & Technical Data

IP address, browser type, device identifiers, and usage patterns.

Payment Data

Billing details are processed via secure third-party payment gateways.

Permissions-Based Data

Camera, microphone (teleconsultation)

File storage (medical records upload)

Gmail integration (read-only for health-related data extraction)

06

How We Use Data

Deliver healthcare services and maintain EMR

Enable AI-based clinical decision support (CDSS)

Provide prescriptions and treatment recommendations

Facilitate doctor-patient communication

Improve platform performance and personalization

Conduct research using anonymized datasets

Comply with legal obligations

07

AI & Machine Learning Usage

Our Platform uses Artificial Intelligence (AI) and Machine Learning (ML) models based on historical clinical datasets.

Key Principles

AI outputs are assistive, not a replacement for medical judgment.

Final decisions are made by qualified healthcare professionals.

Data used for ML training is

anonymized or pseudonymized wherever possible
processed under strict access controls.

We may use data for:

Predictive analytics for diabetes management
Treatment optimization
Risk stratification
Population health insights

        We do NOT use identifiable patient data for AI training without appropriate safeguards and
        permissions.
      

08

Data Sharing

Healthcare Ecosystem

Doctors, nurses, labs, pharmacies (as required for treatment)

Service Providers

Cloud hosting providers
Payment processors
Analytics providers

Legal Authorities

When required by law or regulatory authorities

Business Transfers

In case of mergers, acquisitions, or restructuring

We do NOT sell your personal data.

09

Data Retention

We retain data

As long as required for healthcare delivery
As mandated by applicable medical/legal regulations
For audit and compliance purposes

Users may request deletion, subject to

Legal retention requirements
Medical record obligations

10

Data Security

We implement

End-to-end encryption (data in transit & at rest)
Role-based access control (RBAC)
Secure cloud infrastructure
Audit logs & monitoring
Regular security assessments

However, no system is 100% secure, and we cannot guarantee absolute security.

11

USER RIGHTS

You have the right to

Access your data
Correct inaccuracies
Request deletion (subject to regulations)
Withdraw consent
Restrict processing
Data portability (where applicable)

To exercise your rights, contact us at info@diax.ai

12

TELECONSULTATION & RECORDINGS

Consultations may be recorded for

Medical documentation
Legal compliance

Users will be informed before recording

Consent is required

13

GOOGLE API & EMAIL INTEGRATION

Gmail access is read-only

Used only to extract

Medical reports
Appointments

Complies with Google API Services User Data Policy

14

COOKIES & TRACKING

We use cookies for:

Session management
Analytics
Personalization

Users can disable cookies via browser settings.

15

CHILDREN’S PRIVACY

The Platform is not intended for individuals under 18 without parental/guardian consent.

16

Cross-Border Data Transfer

Your data may be stored or processed outside India.

We ensure:

Equivalent data protection standards
Contractual safeguards

17

LIMITATION OF LIABILITY (IMPORTANT)

AI/CDSS recommendations are support tools only

Final clinical decisions are the responsibility of the healthcare provider

The Platform does not replace professional medical advice

18

THIRD-PARTY SERVICES

We are not responsible for privacy practices of:

External websites
Third-party integrations

19

CHANGES TO POLICY

We may update this Privacy Policy periodically. Continued use implies acceptance.

20

GRIEVANCE REDRESSAL

Email info@diax.ai

21

CONTACT US

Email info@diax.ai

Phone +91 9994360912

Address Diabwellness Pvt Ltd, 9, Ramasami Koil West Street, Kumbakonam – 612001, Thanjavur District, Tamil Nadu, India.

22

COMPLIANCE FRAMEWORK

We are aligned with

Information Technology Act, 2000 (India)
SPDI Rules, 2011
HIPAA
GDPR principles and best practices