ZautoAI Logo
Privacy

ZautoAI Privacy Policy

Last updated: 17 November 2025

This Policy explains how ZautoAI Private Limited complies with the Digital Personal Data Protection Act 2023 (DPDP), GDPR, CCPA, HIPAA, and Meta's WhatsApp Business terms when we collect and process information through our website, WhatsApp Business API, and offline lead forms.

1. Purpose & Scope

ZautoAI Private Limited ("ZautoAI", "we", "us") provides voice automation, provider relationship management, and revenue intelligence services for hospitals. This Privacy Policy covers Personal Data collected through our website, WhatsApp Business API conversations, QR codes, live events, and customer implementation projects. We act as the data controller for marketing leads and as a DPDP/GDPR processor (HIPAA Business Associate) for customer-provided patient information. All processing follows DPDP 2023, GDPR, CCPA, HIPAA, the WhatsApp Business Solution Terms, and the Meta Commerce and Privacy policies.

2. Data We Collect & How It Is Used

We only collect the data required to deliver the communications and services you requested:

  • Identity & contact data: name, hospital, title, work email, WhatsApp number, preferred language.
  • Product content & patient data: dictated notes, ambient audio, EMR excerpts, referral/order context, prescriptions, claims, and PRM/revenue data that you or your hospital submit to voice EMR, Dialogue, PRM, Revenue Insights, and other ZautoAI modules.
  • WhatsApp conversation content: message text, attachments, call summaries, order or support context, and delivery/read receipts that allow us to provide demos, order updates, and transactional notifications.
  • Preference & consent records: opt-in checkbox status, timestamp, IP address, form URL, and the template you agreed to so we can prove consent to Meta or regulators.
  • Usage & device data: browser/device type, security telemetry, and application logs that help us authenticate sessions, prevent fraud, and maintain audit trails.

We use this data to (a) deliver WhatsApp messages you asked for (transactional, service, or promotional where a separate opt-in exists); (b) respond to support tickets and clinical-safety escalations; (c) personalise product updates; (d) enforce security controls; and (e) comply with legal, regulatory, and billing obligations. We do not sell personal information.

3. Product Deployments & Platform Usage

When you use Voice EMR, Dialogue Intelligence, Provider Relationship Management (PRM), Revenue Insights, or any other ZautoAI workflow, we process the data you and your systems submit so we can deliver documentation, automation, and analytics outputs.

  • Clinical capture & automation: voice streams, ambient room audio, templates, agent notes, and output artifacts (structured SOAP notes, prescriptions, worklists) that power our AI models and integrations with your EMR/HIS.
  • Workflow connectors: appointment schedules, CRM/PRM statuses, billing identifiers, and assignment metadata required to sync with HIS, LIS, PACS, insurance portals, or ticketing tools.
  • Quality assurance & analytics: manual review comments, redlines, and performance metrics that help us monitor accuracy, improve prompts, and provide dashboards to your administrators.
  • Product improvement: de-identified or aggregated usage data that we may use to tune models, train automations, or publish benchmarks, but only after removing direct identifiers or as permitted in your BAA/DPA.

Customer-provided PHI and business records remain under the control of the subscribing organisation. We operate under BAAs/DPAs, enforce least-privilege access, and maintain full audit trails for user actions, exports, and WhatsApp template triggers. Administrators can configure retention, region (India/EU), prompt libraries, and allowed channels directly within the product.

4. Cookies & Tracking Technologies

We use cookies, SDKs, pixels, and similar technologies across our websites and products to keep sessions secure and understand how our services perform:

  • Essential/session cookies: maintain authentication, language preferences, and load balancing for dashboard and admin tools.
  • Analytics & performance: Google Analytics, Meta Business Tools, and custom telemetry scripts that capture page paths, device identifiers, and template performance metrics so we can improve onboarding funnels and WhatsApp delivery.
  • Security & fraud prevention: device fingerprinting, CSRF tokens, and rate-limiting cookies that help us detect unusual activity and enforce geographic controls.

You can control cookies through your browser settings. Blocking cookies may impact authentication, dashboard rendering, or analytics accuracy. Where legally required we provide consent banners to enable or disable non-essential cookies.

5. WhatsApp-Specific Consent

ZautoAI only sends WhatsApp messages after clear, affirmative action from the user:

  • Every website/contact form includes an unchecked statement that reads “I agree to receive messages from ZautoAI on WhatsApp regarding demos, onboarding, and product updates.” You must actively tick this box or reply “YES” to our double-opt-in message.
  • Offline forms, QR codes, and event badges include the same language, and our team records the time, form name, and consent method.
  • We store the consent log (name, number, channel, template, timestamp, IP/device, and staff member capturing consent) for at least five (5) years so we can demonstrate compliance to Meta, DPDP authorities, or any customer audit.
  • If you contact us first on WhatsApp, we will still present the consent statement and ask you to confirm before sending any additional communication.

By sharing a WhatsApp number you confirm it belongs to you, you are authorised to give consent, and you understand the types of messages described below.

6. WhatsApp Message Types & Frequency

We believe in transparent expectations:

  • Transactional & service-critical: appointment scheduling, onboarding tips, integration alerts, incident notifications, and billing confirmations (1–3 messages per workflow, only when triggered by you or your organisation).
  • Product education & policy notices: feature launches, maintenance windows, regulatory updates (no more than 2 messages per month).
  • Promotional or event invitations: webinar reminders, pilot program offers (maximum 4 per month and only if you opted in for marketing content).

Each template identifies ZautoAI, states the message purpose, and repeats the opt-out instructions.

7. Opt-Out & Preference Management

You can withdraw consent at any time without affecting services you already receive:

  • Reply STOP, UNSUBSCRIBE, or END to any WhatsApp message—we will automatically suppress the number within one business day.
  • Email privacy@zauto.ai or call +91427-4510394 to update preferences, delete your number, or request proof of consent.
  • Submit a request through contact.html or your in-product settings.

Opt-outs are added to a suppression list kept for thirty-six (36) months to ensure we do not message you again unless you opt in anew.

8. Retention, Storage & Security

Default retention periods (or stricter timelines from your contract) apply:

  • Identity & contact data: 36 months from last interaction.
  • WhatsApp conversation logs & attachments: 18 months, then deleted or anonymised unless regulatory obligations require longer storage.
  • Consent and opt-out logs: minimum 5 years.
  • Support and incident tickets: 24 months.

Personal data is hosted on encrypted infrastructure in AWS ap-south-1 (Mumbai) and eu-central-1 (Frankfurt) with AES-256 at rest, TLS 1.2+ in transit, strict role-based access, SOC 2 Type II controls, and 35-day encrypted backups. Additional regional storage can be requested in the Order Form.

9. Third-Party Sharing

We never sell Personal Data. Sharing is limited to:

  • Meta/WhatsApp and our Meta-approved Business Solution Provider to transport messages and provide template analytics.
  • Cloud hosting (AWS), email/SMS gateways, and CRM/support tools necessary to run our operations, each bound by DPAs/BAAs.
  • Regulators, accreditation bodies, or law enforcement when legally required.
  • Your organisation’s administrators, when you use ZautoAI under a corporate contract.

Meta Business Tools: We rely on Meta Business Manager, WhatsApp Business Platform APIs, and related SDKs/pixels to measure template delivery, route conversations, and troubleshoot your campaigns. These tools may share device identifiers, engagement signals, or template metadata with Meta pursuant to the Meta Business Tools Terms. Meta processes that information as an independent controller.

Any international transfer follows DPDP Chapter III, GDPR Chapter V, and applicable standard contractual clauses.

10. Children's Privacy

ZautoAI products and communications are designed for adults working in healthcare and business operations. We do not knowingly collect or solicit Personal Data from anyone under 13 years of age (or a higher age where local law imposes stricter requirements). If you are under 13, do not use our services, submit forms, or provide any personal information. If we learn that we have collected Personal Data from a child under 13, we will delete it as quickly as possible. Parents or guardians who believe we may have information about a child should contact privacy@zauto.ai.

11. Your Privacy Rights

Depending on where you live, you have the right to:

  • Access or know what data we hold (DPDP Section 12, GDPR Art. 15, CCPA §1798.110).
  • Rectify inaccurate information or update contact details.
  • Port certain data to another provider in a machine-readable format.
  • Request deletion/erasure, subject to legal retention requirements.
  • Withdraw consent or object to processing/marketing at any time.
  • Lodge a complaint with the DPDP Data Protection Board, your EU supervisory authority, or the California Attorney General.

Submit requests via privacy@zauto.ai or follow the step-by-step instructions on our Data Deletion page. We respond within seven (7) business days and verify identity via the WhatsApp number, business email, or other evidence you provide.

12. ZautoAI Interpreter - Chrome Extension

The ZautoAI Interpreter Chrome extension is designed to enhance clinical documentation workflows by providing real-time transcription and AI-powered assistance within your browser. This section specifically addresses the data practices for our Chrome extension.

Extension Functionality

The ZautoAI Interpreter extension provides:

  • Real-time voice transcription: Captures and processes audio input from your microphone to generate clinical documentation
  • AI-powered clinical assistance: Provides intelligent suggestions for medical terminology, diagnoses, and treatment recommendations
  • EMR integration support: Facilitates seamless integration with electronic medical record systems
  • Secure data transmission: Encrypts and transmits clinical data to our secure processing servers

Data Collection & Processing

When you use the ZautoAI Interpreter extension, we collect and process:

  • Audio data: Voice recordings captured through your microphone during clinical documentation sessions
  • Clinical content: Transcribed text, medical terminology, patient information, and clinical notes generated through the extension
  • Usage analytics: Extension performance metrics, error logs, and feature usage statistics to improve functionality
  • Authentication data: User credentials and session tokens necessary for secure access to ZautoAI services

Permissions & Security

The extension requires specific permissions to function effectively:

  • Microphone access: Required for voice capture and transcription functionality
  • Active tab access: Necessary to interact with EMR systems and clinical workflows
  • Storage permissions: Used to cache preferences, authentication tokens, and temporary clinical data
  • Network access: Required for secure communication with ZautoAI servers

All data transmission occurs over encrypted channels (TLS 1.3+), and clinical data is processed in compliance with HIPAA, GDPR, and DPDP 2023 requirements. The extension does not store sensitive clinical data locally beyond necessary caching for performance optimization.

User Control & Data Rights

Extension users can:

  • Revoke microphone permissions at any time through Chrome settings
  • Clear cached data and preferences through the extension interface
  • Disable or uninstall the extension without affecting existing ZautoAI services

For healthcare organizations, administrator controls are available through the ZautoAI management dashboard to configure extension policies, user permissions, and data retention settings.

13. Contact & Escalation

Reach our Data Protection Office using the details below. Please include your name, WhatsApp number, and the request type.

ZautoAI Private Limited
Old No. 2/103, New No. 2/199
Doctors' Colony, Sakthi Puram, Jahir Reddipatty
Salem, Tamil Nadu 636302, India
Phone: +91427-4510394 (Mon–Fri, 9 AM–7 PM IST)
Email: privacy@zauto.ai

If you believe we have not addressed your concern, you may escalate to Meta via the WhatsApp Business support channel, or to the appropriate data protection authority.

Take the Next Step

Experience the Future of Hospital Intelligence

Join leading hospitals transforming clinical workflows, recovering lost revenue, and delivering exceptional patient experiences with AI that actually works.

See Automation in Action

No credit card required. 30-day pilot program available. Free integration support included.