Loading Ascle AI...
Chat on WhatsAppLoading Ascle AI...
Disclaimer: This Privacy Policy is provided for informational purposes and does not constitute legal advice. Healthcare facilities and institutions are advised to review this policy with their legal counsel to ensure compliance with all applicable laws and regulations.
Notice: Ascle AI is not currently HIPAA-compliant. SOC2 Type II and HIPAA compliance are on our development roadmap. Please contact us for updates on our compliance certifications.
Ascle AI Private Limited (“Ascle AI,” “we,” “our,” or “us”) is a healthcare technology company providing WhatsApp-based, telephone-based, and web-based automation solutions for appointment scheduling, reminders, and prescription management to Indian hospitals, clinics, outpatient department (OPD) centers, and diagnostic centers (collectively, “Healthcare Facilities”).
This Privacy Policy (“Policy”) describes how we collect, process, store, protect, and dispose of Personal Data and Personally Identifiable Information (“PII”) in connection with our Services. This Policy applies to all individuals (“Data Principals”) whose data is processed through our platform, including patients, their representatives, and Healthcare Facility staff.
Ascle AI is committed to full compliance with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and any rules or regulations promulgated thereunder. This Policy is designed to meet or exceed all requirements set forth under the DPDP Act regarding the lawful processing of digital personal data in India.
Effective Date: January 10, 2026
In the course of providing our Services, Ascle AI collects and processes the following categories of Personal Data:
Data is collected through the following authorized channels: WhatsApp Business API, automated and live telephone systems, and web-based interfaces provided to Healthcare Facilities. The lawful basis for processing includes explicit consent obtained from Data Principals and the fulfillment of healthcare services requested by patients through Healthcare Facilities.
Important: Ascle AI collects Personal Data only with the explicit consent of patients and/or Healthcare Facilities. No data is collected without prior authorization, and all collection practices are disclosed to Data Principals at the point of collection.
🛡️ This section details our core data protection commitment and is critical to understanding Ascle AI's privacy-first approach.
All Personally Identifiable Information is stripped and anonymized at the moment of receipt, before any processing, storage, or analysis takes place. This means that PII such as patient names and telephone numbers are immediately converted to anonymized identifiers that cannot be reverse-engineered to identify individuals.
Ascle AI staff members never view, access, or process PII in any form. All human-readable personal information is accessible only to the Healthcare Facility's authorized personnel through their secured dashboard.
Appointment details and prescription metadata are retained temporarily—for a maximum period of six (6) months—solely for the purpose of service delivery, including appointment reminders, rescheduling, and follow-up communications. This metadata is stored in anonymized form and cannot be used to identify individual patients.
Upon expiration of the six (6) month retention period, all data—including anonymized appointment metadata—is permanently and irrevocably deleted from all Ascle AI systems, including primary databases, backup storage, and disaster recovery systems.
Exception: Data may be retained beyond six months only where retention is mandated by applicable Indian healthcare laws, regulations, or court orders. In such cases, data will be retained only for the minimum period required and will be deleted immediately upon expiration of the legal retention requirement.
Ascle AI utilizes the following third-party service providers (Subprocessors) for data processing and storage:
| Service Provider | Purpose |
|---|---|
| Supabase | Primary database and encrypted data storage |
| OVHCloud | Secondary server infrastructure and backup storage |
| Meta / WhatsApp Business API | WhatsApp message routing and delivery |
| Jambonz | Voice call automation and IVR processing |
| SMS Service Provider | SMS reminders and notifications |
All third-party data processors are contractually bound to maintain strict confidentiality, implement adequate security measures, and comply with the DPDP Act. Data transferred to these processors is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 encryption.
A complete and current list of all subprocessors is available upon request by contacting us at the email address provided in Section 12 of this Policy. Ascle AI will provide thirty (30) days' advance notice before making any material changes to its list of subprocessors.
Patients, their authorized representatives, and Healthcare Facilities may request the deletion of all Personal Data held by Ascle AI at any time. Upon receipt of a valid deletion request, Ascle AI will complete the deletion of all applicable data within fourteen (14) calendar days (two weeks) from the date of request.
Upon completion of the deletion process, Ascle AI will provide written confirmation to the requestor via email, detailing the categories of data deleted and the date of deletion.
Deletion requests will result in the permanent removal of the following data categories:
Exception: Deletion may be deferred or limited where retention is required by Indian healthcare laws or regulatory requirements. In such cases, Ascle AI will inform the requestor of the legal basis for retention and the expected retention period.
Data deletion requests may be submitted through either of the following channels:
Ascle AI implements comprehensive technical and organizational security measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction:
Note: SOC2 Type II certification and HIPAA compliance are currently on our development roadmap and will be implemented in future releases.
In the event of a personal data breach, Ascle AI will take the following actions in accordance with the DPDP Act:
Breach notifications will be delivered via email and Healthcare Facility communication channels, and will include: the nature and extent of the breach, categories of data affected, remediation steps taken, and contact information for the Ascle AI Data Protection Officer.
Under India's Digital Personal Data Protection Act, 2023, Data Principals (patients and their representatives) have the following rights:
To exercise any of these rights, please contact us at: support@getascleai.com
Data Principals may also lodge complaints with the Data Protection Board of India established under the DPDP Act if they believe their rights have been violated.
Ascle AI's Services are directed exclusively at Healthcare Facilities and healthcare professionals, not at children or minors directly. We do not knowingly or intentionally collect Personal Data from individuals under the age of eighteen (18) years.
Where Personal Data relating to minors is processed through Healthcare Facilities (for example, pediatric appointment scheduling), such data is processed only with the consent of a parent or legal guardian, as obtained by the Healthcare Facility in accordance with applicable law and the DPDP Act.
Ascle AI operates under the exclusive jurisdiction of the Republic of India and is designed to comply with Indian data protection law, specifically the Digital Personal Data Protection Act, 2023.
At present, Ascle AI provides Services only to Healthcare Facilities located within the territory of India. We do not actively solicit or provide services to Healthcare Facilities or patients outside of India.
This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising from or relating to this Policy shall be subject to the exclusive jurisdiction of the courts of India.
Ascle AI is committed to maintaining the highest standards of data protection and regulatory compliance.
Data Protection Contact:
Email: support@getascleai.com
Grievance Redressal: All complaints and grievances will receive a response within thirty (30) days of receipt.
Ascle AI is fully aligned with the provisions of the Digital Personal Data Protection Act, 2023. Healthcare Facilities utilizing Ascle AI's Services act as co-processors of patient data and share responsibility for DPDP Act compliance.
Future Compliance: Ascle AI is actively working towards SOC2 Type II certification and HIPAA compliance as part of our ongoing commitment to data security excellence.
For all privacy-related inquiries, requests, or complaints, please contact us:
Ascle AI Private Limited
India
Policy Updates: Ascle AI reserves the right to update or modify this Privacy Policy at any time. Material changes to this Policy will be communicated to Healthcare Facilities and, where possible, to affected Data Principals at least thirty (30) days in advance of the effective date.
Continued use of Ascle AI's Services following any update to this Privacy Policy constitutes acceptance of the revised terms.
Privacy Policy Version: 2.0
Effective Date: January 10, 2026
Our team is here to help address any privacy concerns or data requests.
Contact Privacy Team