Privacy Policy

Last updated: March 19, 2026 | Effective: March 19, 2026

1. Who We Are

TALOE MED ("we," "us," "our") is a Clinical Decision Support System (CDSS) operated by TaloeMed Technologies Pvt. Ltd.. We assist registered medical practitioners by recording doctor-patient consultations, generating structured clinical notes, and providing AI-assisted clinical reasoning.

Data Fiduciary: TaloeMed Technologies Pvt. Ltd.
Contact: privacy@taloemed.com | privacy@taloemed.com
Address: Hyderabad, Telangana, India

2. What Data We Collect

Data Type	Examples	Purpose
Audio Recordings	Doctor-patient consultation audio (Telugu-English)	Transcription and SOAP note generation
Patient Demographics	Name, age, sex, phone number (entered by doctor)	Clinical document identification
Clinical Data	SOAP notes, diagnoses, medications, ICD-10 codes	Clinical decision support and export
Doctor Profile	Name, qualifications, registration number, clinic details	Document letterhead and authentication
Usage Data	Session timestamps, consultation count, feature usage	Service improvement and usage metering
Device Data	Browser type, screen size (no device fingerprinting)	UI optimization only

What we DO NOT collect: Aadhaar numbers (unless via ABDM consent flow), financial data, biometric data (beyond voice for transcription), location data, social media profiles.

3. How We Use Your Data

Transcribing audio recordings into text using AI speech recognition (Sarvam AI)
Converting transcripts into structured SOAP clinical notes using AI (Google Gemini)
Running clinical reasoning: differential diagnosis, drug interaction checks, ICD-10 coding
Validating output quality through 12-layer deterministic quality gates (TrustGate)
Generating exportable clinical documents (PDF, DOCX, prescriptions)
Improving our AI models and clinical accuracy (anonymized, aggregated data only)

We NEVER use patient data for advertising, marketing, or sale to third parties.

4. Legal Basis for Processing

Under the Digital Personal Data Protection Act 2023 (DPDP Act), we process data based on:

Consent: The treating physician initiates recording with patient awareness
Legitimate Use (Section 7): Processing necessary for providing medical services
Medical Purpose (Section 7(c)): Processing for health services by a health professional

5. Who We Share Data With

Category	Purpose	Data Shared	Retention
Speech Recognition Provider (India)	Proprietary ZeroLoss™ transcription pipeline	Audio segments (encrypted in transit)	Not retained after processing
AI Clinical Engine Provider	TaloeCore™ SOAP generation and clinical reasoning	De-identified clinical text (PHI redacted)	Not retained after processing
Redundancy AI Provider	Failover processing for service continuity	De-identified clinical text	Not retained after processing
Cloud Infrastructure Provider (Asia-Pacific)	Secure application hosting	Encrypted session data	Duration of service agreement
Content Delivery Network	Secure content delivery and DDoS protection	No patient data (static assets only)	N/A

We do not sell, rent, or trade personal data to any third party.

6. Cross-Border Data Transfer

Some of our service providers are located outside India (USA, Singapore). We ensure adequate protection through:

Proprietary de-identification pipeline strips all patient identifiers before external processing
Stateless API-mode processing — providers do not retain data after generating results
Compliance with DPDP Act Section 16 requirements for permitted jurisdictions
Active migration to India-hosted infrastructure for full data residency compliance

7. Your Rights (Data Principal Rights — DPDP Act)

Right	Description	How to Exercise
Right to Access	Request a copy of your data	Email privacy@taloemed.com
Right to Correction	Request correction of inaccurate data	Doctor can edit SOAP notes; or email us
Right to Erasure	Request deletion of your data	Email privacy@taloemed.com — processed within 30 days
Right to Grievance	File a complaint about data handling	Email privacy@taloemed.com
Right to Nominate	Nominate someone to exercise rights on your behalf	Email privacy@taloemed.com

To exercise any right, contact our Data Protection Officer at privacy@taloemed.com. We will respond within 30 days.

8. Data Retention

Data Type	Retention Period	After Expiry
Audio Recordings	30 days from consultation	Auto-deleted from encrypted archive
Session Data (SOAP, reasoning)	7 years (medical record requirement)	Securely deleted
Doctor Profile	Duration of account + 1 year	Deleted on account closure
Usage Analytics	2 years (aggregated)	Anonymized and archived

9. Data Security

We implement industry-standard security measures aligned with OWASP ASVS 4.0 Level 2:

Encryption in transit: TLS 1.3 on all connections (HTTPS enforced)
Encryption at rest: AES encryption for clinical audio; infrastructure-level disk encryption
Multi-layer authentication with credential hashing and session management
Rate limiting and brute-force protection on all authentication endpoints
Role-based access control with minimum-privilege principle
Comprehensive audit logging with automated PHI redaction
Continuous vulnerability scanning and automated security testing in CI/CD pipeline
TrustGate™ 12-layer deterministic quality validation on all AI outputs

10. AI and Automated Decision-Making

TaloeMed is advisory software, not a medical device. All AI-generated outputs (SOAP notes, diagnoses, drug recommendations) are suggestions only. The treating physician reviews, edits, and approves all clinical content before it becomes part of the patient record.

AI does not make autonomous clinical decisions
All outputs pass through 12 deterministic quality validation gates
Hallucination detection (HalluciGuard) flags potentially fabricated claims
The doctor always has the final say — this is architecture, not a disclaimer

11. Cookies and Tracking

TaloeMed uses minimal cookies:

Cookie	Purpose	Duration
taloemed_token	Authentication (JWT)	Session (24 hours)
taloemed_user	User preferences (theme, language)	Persistent (localStorage)

We do NOT use: Google Analytics, Facebook Pixel, advertising cookies, cross-site tracking, or any third-party analytics. We do not fingerprint devices.

12. Children's Privacy

TaloeMed processes pediatric patient data only when entered by the treating physician for clinical purposes. We do not directly collect data from minors. Pediatric consultations follow the same security and privacy standards as adult consultations.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via:

Banner notification in the TaloeMed app
Email to registered practitioners
Updated "Last updated" date on this page

14. Grievance Redressal

Data Protection Officer: TaloeMed Technologies Pvt. Ltd.

Email: privacy@taloemed.com

Response Time: Within 30 days of receiving your request

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India under Section 8 of the DPDP Act 2023.

15. Contact Us

TALOE MED
TaloeMed Technologies Pvt. Ltd.
Email: privacy@taloemed.com
Website: taloemed.com
Hyderabad, Telangana, India

TALOE MED v0.8.2 | DPDP Act 2023 Compliant | HIPAA Aligned