ZautoAI Logo
Privacy

ZautoAI Privacy Policy

Effective: 19 October 2025

1. Overview

ZautoAI Private Limited (“ZautoAI”, “we”, “our”) provides clinical documentation, prescription automation, and revenue integrity solutions for healthcare providers. This privacy policy explains how we process Personal Data in compliance with the Digital Personal Data Protection Act 2023 (DPDP), HIPAA, and other applicable regulations.

2. Data We Process

  • Customer account data: names, business email, phone, role, organisation.
  • Clinical data (PHI): dictated notes, structured encounters, prescriptions, billing context, voice/audio captures.
  • Telemetry: product usage metrics, performance analytics, security logs (pseudonymised where possible).
  • Support & success data: communication via email, chat, ticketing systems.

3. Purpose & Legal Basis

  • Deliver contracted services (HIPAA Business Associate obligations, DPDP legitimate use).
  • Provide customer support, product updates, and security notifications.
  • Improve product features through aggregated, anonymised analytics.
  • Comply with legal requests, audits, and dispute resolution.

4. Data Retention

Retention defaults are defined in the BAA/DPA with each customer. Unless otherwise agreed:

  • Audio recordings: 90 days
  • Structured encounter data: 365 days
  • Audit logs: 24 months

Deletion requests are honoured within 24 hours with attested audit logs. Backups follow the same retention and deletion schedule.

5. Sub-Processors

We rely on vetted sub-processors for hosting, messaging, and analytics. The full list with DPDP classification is maintained at trust.html. Customers are notified prior to onboarding new sub-processors.

6. Individual Rights

Data principals may request access, correction, portability, or deletion by emailing privacy@zauto.ai. We respond within 7 business days. For HIPAA requests, we coordinate with the Covered Entity per our BAA.

7. Security

ZautoAI implements administrative, technical, and physical safeguards aligned with SOC 2 Type II and HIPAA. See Trust Center for detailed controls.

8. Cross-Border Transfers

Data is stored in-region (India/EU) unless a customer explicitly opts for an alternate region. Any cross-border transfer follows DPDP Chapter III requirements with contractual assurances and encryption.

9. Contact

Questions about this policy can be sent to:

ZautoAI Private Limited
privacy@zauto.ai
91Springboard, Koramangala, Bengaluru 560095

Take the Next Step

Experience the Future of Hospital Intelligence

Join leading hospitals transforming clinical workflows, recovering lost revenue, and delivering exceptional patient experiences with AI that actually works.

See Automation in Action

No credit card required. 30-day pilot program available. Free integration support included.