Privacy Policy

1. Introduction

At Eldovian Simplify, we take your privacy and the security of health information with the utmost seriousness. This Privacy Policy describes how we collect, use, and protect information when you use our clinical documentation platform.

Eldovian Simplify is designed for healthcare professionals. We act as a "Business Associate" under HIPAA and a "Data Processor" under the Indian Digital Personal Data Protection (DPDP) Act 2023 for our covered entity/Data Fiduciary customers.

2. Information We Collect

3. How We Use Information

We use the collected information solely to:

• Provide and maintain our clinical documentation services.
• Generate accurate SOAP notes and medical summaries.
• Comply with legal and regulatory requirements (HIPAA).
• Detect and prevent fraudulent or unauthorized access.

4. Data Security, HIPAA & DPDP Act

We implement a Dual-Layer Encryption architecture. All patient data is encrypted at rest using AES-256 at the database level. Additionally, we employ Application-Level Encryption (ALE) using AES-256-GCM for clinical notes. These notes are encrypted in memory on our servers before being sent to the database, ensuring that even in the event of a database compromise, all Protected Health Information (PHI) remains completely unreadable ciphertext. Our database is hosted on Supabase and localized in the AWS ap-south-1 (Mumbai) region to ensure data sovereignty within Indian borders.

Audio recordings are never retained. Clinical notes are securely stored and can be archived to comply with National Medical Commission (NMC) 3-year retention guidelines, balancing the DPDP Act's Right to Erasure with medico-legal requirements.

5. Your Rights

As a practitioner (Data Fiduciary), you have the right to access, correct, or delete your account information. Regarding patient data (Data Principals), we comply with your organization's requests as your data processor, subject to superseding medical retention laws (e.g., NMC guidelines).