ScribeMedScribeMed← Back to home

Legal

Privacy Policy

Last updated: April 16, 2026

1. Introduction

ScribeMed (“we”, “our”, “us”) is committed to protecting the privacy of our users (“you”, “your”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI medical scribe application and related services. We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian data protection regulations.

2. Information We Collect

We collect the following categories of information:

  • Account Information: Name, email address, phone number, medical registration number, clinic/hospital details.
  • Patient Data: Patient demographics, vitals, medical history, consultation recordings, and clinical notes — collected only with explicit patient consent.
  • Usage Data: Device information, IP address, browser type, pages visited, and feature usage analytics.
  • Payment Information: Billing details processed through our secure payment partner (Razorpay). We do not store card numbers.

3. How We Use Your Information

  • To provide and maintain our AI medical scribe services
  • To generate clinical notes, prescriptions, and orders from consultation recordings
  • To improve our AI models and transcription accuracy (using anonymized data only)
  • To communicate service updates, security alerts, and support
  • To comply with legal obligations and regulatory requirements

4. Data Storage & Security

All data is stored on servers located within India, ensuring compliance with data localization requirements. We use end-to-end encryption for data at rest and in transit. Access to patient data is restricted to authorized personnel only and is protected by multi-factor authentication.

5. Patient Consent

ScribeMed requires explicit patient consent before any consultation recording begins. The consent flow is built into our application and maintains a complete audit trail. Patients have the right to withdraw consent at any time.

6. Data Retention & Deletion

You can configure data retention policies (7 days, 90 days, or 365 days) based on your practice needs. All data is automatically deleted after the retention period expires. You or your patients may request immediate deletion of all personal data at any time (Right to Erasure under DPDP Act).

7. Third-Party Sharing

We do not sell, trade, or rent your personal data. We share data only with: (a) AI processing services for transcription and note generation, (b) cloud infrastructure providers for data storage, (c) payment processors for billing, and (d) when required by law or regulatory authorities.

8. Your Rights (DPDP Act 2023)

  • Right to Access: Request a copy of your personal data
  • Right to Correction: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Grievance Redressal: File complaints regarding data processing
  • Right to Nominate: Nominate a representative to exercise your rights

9. Contact Us

For privacy-related questions or to exercise your rights, contact our Data Protection Officer at fahad@scribemed.in.

ScribeMed
New Delhi, Delhi
India 110001