Bilateral Contract

Data Processing Agreement (DPA)

Last updated: May 19, 2026

Bilateral Legal Protection

This Data Processing Agreement ("DPA") forms a legally binding bilateral contract between you (the "Customer" or "Data Fiduciary") and Eldovian Technologies (the "Processor" or "Data Processor", collectively operating as Eldovian, pending incorporation as Eldovian Technologies Private Limited, India, represented by its co-founders Sureshwar Udayashankar, Vinay Singh B, and Prem Kumar who are jointly and severally bound). It governs the secure processing of Patient Personal Data and Protected Health Information (PHI) under HIPAA and the Digital Personal Data Protection (DPDP) Act 2023.

1. Scope & Relationship

This DPA applies to all processing of Patient Personal Data, medical audio, and consultation records initiated by the Customer through the Eldovian Simplify platform.

  • Customer Role: Data Fiduciary (under DPDP) / Covered Entity (under HIPAA). You retain complete ownership, control, and legal responsibility for patient data. This includes obtaining explicit patient consent and providing clear notice regarding AI-assisted transcription and clinical note generation.
  • Eldovian Role: Data Processor (under DPDP) / Business Associate (under HIPAA). We process patient data solely on your explicit instructions.

2. Strict Processing Obligations

Eldovian Technologies covenants and agrees to:

  • Limited Processing: Process Patient Personal Data only to generate clinical documentation as requested by the Customer. We will never sell, lease, or use patient data for marketing.
  • Zero Audio Storage: Stream audio recordings to secure RAM in real-time. Once clinical notes are generated, the raw audio is permanently deleted and never written to non-volatile disk storage.
  • No AI Foundational Training: Never use Customer clinical data, transcripts, or patient details to train, fine-tune, or improve general foundational LLM models.

3. Indian DPDP Act 2023 Compliance

To support the Customer's compliance as a Data Fiduciary under the DPDP Act 2023, Eldovian Technologies shall:

  • Consent Verification Support: Ensure that the Customer has access to interactive patient consent checklists prior to recording audio.
  • Customer Ownership of Rights: The Customer, as the Data Fiduciary, retains sole responsibility to promise and manage patient (Data Principal) rights to access, correction, blockages, or erasure.
  • Processor Erasure Execution: Execute all data erasure and correction actions promptly upon the direct instructions of the Customer, within technical and legal limits.
  • Breach Notification: In the event of a confirmed security incident affecting Customer data, notify the Customer within 24 hours to enable compliance with Cert-In and regulatory reporting.

4. Security Measures & Encryption

We implement industry-grade administrative, technical, and physical safeguards. All data is encrypted with AES-256 at rest and TLS 1.3 in transit. Access to data is guarded strictly by role-based access rules within your clinic.

5. Clinical Responsibility & Medical Disclaimers

Eldovian Simplify is an assistive AI documentation tool designed to aid clinicians in generating clinical summaries. The Customer acknowledges and agrees that:

  • Assistive Nature Only: The platform and any generated outputs (including SOAP notes, summaries, and transcripts) are provided for documentation assistance only and do not constitute clinical advice, diagnosis, or treatment. They are not a substitute for professional medical judgment.
  • Sole Medical Responsibility: The Customer (including all participating doctors, clinicians, and healthcare practitioners) retains full, final, and sole medical responsibility for all patient care, clinical decisions, diagnoses, treatments, and patient outcomes.
  • Mandatory Verification: The practitioner is legally and professionally obligated to thoroughly review, verify, and edit all AI-generated notes for accuracy and completeness before final inclusion in any patient record.

6. Limitation of Liability & Indemnification

To the maximum extent permitted by applicable law, the parties agree to the following liability allocations:

  • Clinical Liability Disclaimer: Eldovian Technologies, its founders, and employees shall not be liable for any patient harm, misdiagnosis, adverse medical outcome, or clinical decision resulting from the use or misuse of AI-generated summaries.
  • Consequential Damages Excluded: Eldovian Technologies is not liable for any indirect, incidental, special, or consequential losses, including platform downtime, data inaccuracies, or loss of practice revenue.
  • Liability Cap: Eldovian Technologies' total aggregate liability in connection with this Agreement during the beta pilot/testing period, whether in contract, tort (including negligence), or otherwise, shall be strictly capped at INR 50,000 (Rupees Fifty Thousand). This cap does not limit liability for fraud, gross negligence, or wilful misconduct.
  • Customer Indemnity: The Customer agrees to defend, indemnify, and hold harmless Eldovian Technologies, its founders, and employees from and against any claims, losses, damages, liabilities, and legal fees arising from (a) the Customer's failure to obtain valid, informed patient consent as required under Section 1, (b) any clinical decision or patient treatment based on platform output, or (c) unauthorized credentials sharing or platform misuse.

7. Governing Law & Execution

This DPA is governed by the laws of India and subject to the jurisdiction of courts in Bengaluru.

Execution Clause: By registering an account, entering into a service order, or using the Eldovian Simplify platform, the Customer and Eldovian Technologies mutually agree to, execute, and accept all clauses in this Data Processing Agreement, establishing a formal bilateral contract.