Privacy Policy
1. Introduction
Please read this Privacy Policy (“Privacy Policy”) before using our Service including the Website. This Privacy Policy governs the types of information and data we collect and how we use and share this information. Your access to and use of the Service are available for your use only on the condition that you agree to the Terms of Service available under the following address: nidana.io/terms (“Terms of Service”) which include the terms of the Privacy Policy set forth below. Nidana, Inc. (“Company”) operates the Service. We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms of Service.
2. Definitions
At Nidana, your privacy is our priority. This Privacy Policy describes how we collect, use, process, and disclose your information, including personal data, in conjunction with your access to and use of Nidana.io
Cookies are small files stored on your Device.
Device means a computer or a mobile device.
Data Controller means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of your data.
Data Processors (or Service Providers) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Data Subject is any living individual who is the subject of Personal Data.
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Service means the Website and the Application.
Usage Data is data collected automatically either generated by the use of Service or from Service infrastructure itself (for example, the duration of a page visit).
User is the individual using our Service. User corresponds to the Data Subject, who is the subject of Personal Data.
Website means web pages located at Nidana.io
3. The Data Controller
The controller of your Personal Data is: Nidana, Inc.
4. Information Collection and Use
We collect several different types of information for various purposes to provide and improve our Service to you.
5. Types of Data Collected
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”), including:
Email address
Phone number
First name and last name
Profile picture
Cookies and Usage Data
Communication Data : SMS message content, voice call recordings, call transcripts, AI-generated clinical summaries, call metadata (duration, direction, timestamps), and document sharing records - collected when clinics opt in to our communication features
Voice Data: Audio recordings of phone calls between clinic staff and pet owners, where call recording is enabled by the clinic
Cookies and Tracking Data: We use cookies to track the activity on our website and store certain information.
Usage Data: This includes information about how you use our website, such as the pages you view, the time spent on pages, and other relevant data.
6. Use of Data
Nidana, Inc. uses the collected Personal Data for various purposes:
to provide and maintain our Service; type of Personal Data: email address, Phone number, first name and last name, Profile Picture, Cookies and Usage Data, Google Integration Data, Google Calendar Data; necessity for the performance of a contract to which you are a party;
to assist in scheduling and managing appointments through integration with Google Calendar; type of Personal Data: Google Calendar Data; necessity for the performance of a contract to which you are a party.
to notify you about changes to our Service; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; necessity for the performance of a contract to which you are a party;
to allow you to participate in interactive features of our Service when you choose to do so; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; necessity for the performance of a contract to which you are a party;
to provide customer support; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; necessity for the performance of a contract to which you are a party;
to gather analysis or valuable information so that we can improve our Service; type of Personal Data: email address, first name and last name, profile picture, Cookies and Usage Data; legitimate interests of the Data Controller;
to monitor the usage of our Service; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; legitimate interests of the Data Controller;
to detect, prevent and address technical issues; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; legitimate interests of the Data Controller;
to fulfil any other purpose for which you provide it; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; necessity for the performance of a contract to which you are a party;
to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; necessity for the performance of a contract to which you are a party;
to provide you with notices about your account and/or subscription, including expiration and renewal notices, email-instructions, etc.; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; necessity for the performance of a contract to which you are a party;
to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; upon your consent;
to facilitate communication between veterinary clinics and their clients, including sending transactional SMS messages, making and receiving voice calls, recording calls for quality and clinical documentation purposes, transcribing recorded calls, generating AI-powered clinical summaries, and sharing medical and financial documents securely; type of Personal Data: phone number, communication content (messages, call recordings, transcripts), clinical context; necessity for the performance of a contract to which you are a party;
in any other way we may describe when you provide the information; type of Personal Data: email address, first name and last name, Profile Picture, Cookies and Usage Data; necessity for the performance of a contract to which you are a party.
7. Communication Services
Nidana provides communication features that enable veterinary clinics to interact with their clients (pet owners) through SMS text messaging and voice calls. These features are available to clinics that opt in to our communication services and are used for healthcare-related, transactional, and care coordination purposes. All communication is facilitated through Twilio, a third-party communications platform. By using a clinic's communication services powered by Nidana, you acknowledge and agree to the data practices described in this section.
Clinics that opt in to SMS messaging may send and receive text messages with their clients. SMS is used for transactional and informational purposes including appointment confirmations, reminders, updates, and cancellations; sharing medical documents such as vaccination certificates, prescriptions, diagnostic reports, and medical records; sharing financial documents such as invoices, receipts, credit notes, and treatment estimates; preventive care reminders for upcoming vaccinations or checkups; and post-visit follow-up communications. Clinic staff may also engage in two-way conversational messaging with pet owners for care coordination, such as answering questions about post-visit care or clarifying treatment plans. Data collected and stored includes phone numbers, message content, message delivery status, timestamps, and sender identification. All messages are stored in our database and linked to the relevant clinic and pet owner records. Pet owners may opt out of receiving SMS messages at any time by replying STOP to any message.
Clinics that opt in to voice communication may make and receive phone calls with their clients through Twilio VoIP. Voice calls are used for appointment scheduling, care coordination, and general client communication. Data collected and stored includes phone numbers, call direction (inbound or outbound), call status, call duration, timestamps, and the identity of the clinic staff member who initiated or answered the call.
When a clinic enables the call recording feature, voice calls between clinic staff and pet owners may be automatically recorded. Call recordings are stored securely. Data collected and stored includes audio recordings of calls, recording duration, and associated call metadata. Recordings are retained until the clinic requests deletion or as required by applicable law. By using a clinic's phone services where recording is enabled, you acknowledge and consent to the recording of your calls. Clinics are responsible for ensuring compliance with applicable call recording and consent laws in their jurisdiction, including providing appropriate notice to callers where required.
Recorded calls may be automatically transcribed using Cloud Speech-to-Text. The transcription process includes speaker identification to distinguish between clinic staff and the pet owner during the conversation. Data collected and stored includes full text transcripts of calls with speaker labels and timestamps. Transcripts are stored in our database and linked to the corresponding call record.
Call transcripts may be further processed by artificial intelligence to generate clinical summaries for the attending veterinarian. These summaries are designed to extract key findings, follow-up recommendations, and relevant clinical context from the conversation to assist in patient care. Data collected and stored includes AI-generated summary text, call outcome categorization, key findings, and follow-up recommendations. Summaries are stored in our database alongside the corresponding call and transcript records.
Clinics may share medical and financial documents with pet owners via secure links delivered through SMS or chat. Shared documents are accessible through a secure, time-limited page that expires after 7 days. Data collected and stored includes document metadata, share page access records, document expiration timestamps, and the identity of the clinic staff member who initiated the share. Document files are stored securely in AWS S3 and served via signed URLs with limited validity.
8. Retention of Data
We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. Your Personal Data processed upon your consent will be stored for as long as the relevant consent is not withdrawn and until the expiration of claims resulting from the Service. We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. Communication data such as SMS messages, call recordings, transcripts, and AI-generated summaries are retained for as long as the clinic maintains an active account or as required by applicable healthcare record-keeping laws, unless earlier deletion is requested.
9. Transfer of Data
Your information, including Personal Data, may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there. The Company will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information. When we transfer your Personal Data to other countries, we will protect that Personal Data as described in this Privacy Policy and in accordance with applicable law.
10. Disclosure of Data
We may disclose Personal Data you provide:
under certain circumstances, if required to do so by law or in response to valid requests by public authorities;
if we or our subsidiaries are involved in a merger, acquisition or asset sale;
to our subsidiaries, affiliates, employees;
to contractors, service providers, and other third parties we use to support our business;
to fulfil the purpose for which you provide it;
with your consent in any other cases.
We do not sell or otherwise share your Personal Data, except as described in this Privacy Policy.
11. Security of Data
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. We use appropriate administrative, technical and physical safeguards to protect the Personal Data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use, e.g. we maintain backup copies and only authorized personnel may access the Personal Data.
12. Your Rights (GDPR Compliance)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. Nidana.io aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.
a. Access: You can request access to or copies of your personal data stored by us.
b. Rectification: If your data is inaccurate or incomplete, you have the right to have it corrected.
c. Erasure: You can request the erasure of your personal data.
d. Objection: You can object to our processing of your personal data.
e. Portability: You can request a copy of your personal data in a structured, commonly used format.
If you wish to execute any of the above-mentioned rights, please email us at shivam@nidana.io Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide Service without some necessary data.
13. Service Providers
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide Service on our behalf, perform Service-related services or assist us in analysing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
14. Analytics
We may use third-party Service Providers to monitor and analyse the use of our Service.
15. Payments
We may provide paid products and/or services within Service. In that case, we use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.
16. Links to Other Sites
Our Service may contain links to other sites that are not operated by us. If you click a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
17. Children's Privacy
Our Service does not address anyone under the age of 16 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
18. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating “effective date” at the top of this page, unless another type of notice is required by the applicable law. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. By continuing to use our Service or providing us with Personal Data after we have posted an updated Privacy Policy, or notified you if applicable, you consent to the revised Privacy Policy and practices described in it.
19. Contact Us
If you have any questions about this Privacy Policy, please contact us at shivam@nidana.io
