Privacy Policy

We collect information that patients or caregivers provide during intake, including name, age, gender, phone number, city, emergency contact, symptoms, message history, uploaded medical records, and physician-reviewed care instructions.

We also collect operational metadata such as timestamps, device or request telemetry needed for security, abuse prevention, reliability, and auditability.

We use patient data to provide clinical intake, prepare draft summaries for physician review, deliver physician-approved instructions in the patient portal, maintain audit trails, investigate safety issues, and improve operational reliability.

We may also use de-identified or aggregated information for quality improvement, model evaluation, safety analytics, and system monitoring where lawful and appropriate.

For this pilot, patient-facing processing is primarily grounded in explicit patient consent and the need to provide requested care coordination under doctor supervision.

Because health information is sensitive, the clinic should treat consent, necessity, purpose limitation, and access control as strict operating requirements even when local law evolves.

Patient data is shared with the supervising physician, authorized clinic staff, infrastructure providers, and AI/model providers only to the extent needed to operate the service and deliver doctor-supervised care.

We do not sell identifiable patient health data. We do not share identifiable patient data with advertisers.

When a patient uploads a PDF or image, the system may use deterministic text extraction and image-based vision analysis to reduce the chance of missing charts, handwritten notes, scans, or mixed-content pages.

AI analysis is used to support physician review, not to replace physician judgment.

For the current pilot, data may be stored in India-hosted infrastructure selected by the clinic. Access should be restricted to authorized users with a legitimate operational or clinical need.

Records may be retained for continuity of care, safety review, backups, fraud prevention, compliance, and dispute resolution. Retention periods should be finalized by the clinic and counsel before broad rollout.

Subject to applicable law and clinical record obligations, patients may request correction of inaccurate information, clarification about how the service is used, and help contacting the clinic regarding privacy concerns.

Some requests may be limited where retention is required for safety, fraud prevention, legal compliance, or medical recordkeeping.

If a caregiver uses the service on behalf of another person, the caregiver must have appropriate authority to provide information and receive follow-up for that patient.

Additional safeguards should be applied for minors, dependent adults, and other vulnerable patients.

This policy draft is version 2026-03-06-draft, effective March 6, 2026. The clinic may update it as the pilot matures, legal review completes, or product workflows change.

Privacy questions and correction requests can be directed to privacy@bitfoundry.ai.