Privacy Policy.

1. Introduction

Nidana, Inc. operates a veterinary clinic management platform and an AI-powered post-visit follow-up system. Users must agree to the Terms of Service to access the Service. The company collects and uses data to provide and improve its offerings.

2. Definitions

• Cookies: Small files stored on devices.
• Device: Computer or mobile device.
• Data Controller: Entity determining purposes and manner of personal data processing. Nidana serves this role.
• Data Processors / Service Providers: Process data on behalf of the controller.
• Data Subject: Living individual who is the subject of personal data.
• Personal Data: Information identifying a living individual.
• Service: Website and application.
• Usage Data: Automatically collected information from service use.
• User: Individual using the service.
• Website: Web pages at Nidana.io.

3. The Data Controller

Nidana, Inc. controls users’ personal data.

4. Information Collection and Use

The company collects various information types to provide and improve its service.

5. Types of Data Collected

Personal data collected includes:

• Email address
• Phone number
• First and last name
• Profile picture
• Cookies and usage data
• Communication data (SMS content, voice recordings, transcripts, AI summaries, metadata)
• Voice data (phone call audio recordings when enabled)
• Tracking and usage information

6. Use of Data

Nidana uses collected personal data for:

• Service provision and maintenance
• Appointment scheduling through Google Calendar integration
• Service change notifications
• Interactive feature participation
• Customer support
• Service improvement analysis
• Usage monitoring
• Technical issue detection and prevention
• Contract obligations and billing
• Account notifications and subscription management
• Marketing communications (with consent)
• Veterinary clinic-client communication including SMS, calls, recordings, transcription, AI summaries, and document sharing
• Other stated purposes

7. Communication Services (SMS and Voice)

7.1 SMS Data Sharing Disclosure

No mobile information or SMS opt-in data will be shared with third parties or affiliates for marketing or promotional purposes. Data sharing with service subcontractors is permitted only for operational purposes, with contractual prohibitions on other uses.

7.2 SMS Messaging

Clinics may send and receive texts for transactional purposes including appointment confirmations, reminders, medical and financial document sharing, preventive care reminders, and follow-up communications. Data includes phone numbers, message content, delivery status, timestamps, and sender identification.

7.3 Consent Records

SMS consent is collected during patient intake. Consent records (including method, timestamp, staff member, and disclosure version) are retained for the clinic’s active account plus seven years, or longer if healthcare laws require.

7.4 Revocation of Consent

Users may revoke SMS consent by replying STOP, contacting the clinic directly, or emailing privacy@nidana.io or support@nidana.io. Revocations are honored within 24 hours.

7.5 Voice Calls and Recordings

Clinics may make and receive calls through Twilio VoIP. When recording is enabled, calls are automatically recorded for clinical documentation and quality purposes. Data includes phone numbers, call direction, status, duration, timestamps, staff identity, and audio recordings. Using a clinic’s phone services with recording enabled constitutes consent to recording.

7.6 Transcription and AI-Generated Summaries

Recorded calls may be automatically transcribed using Cloud Speech-to-Text. Transcripts may be processed by AI to generate clinical summaries including findings, recommendations, and outcome categorization. Both are stored alongside call records.

7.7 Document Sharing

Clinics may share medical and financial documents via secure, time-limited links through SMS or chat. Files are stored in AWS S3 and served via signed URLs with limited validity. Data includes document metadata, access records, expiration timestamps, and staff member identity.

7.8 Cross-Border Data Handling

Canadian pet owner data is handled under PIPEDA. U.S. data is handled under applicable state privacy laws. Data may be transferred to and processed in the United States.

8. Retention of Data

Personal data is retained as long as necessary for stated purposes or to comply with legal obligations, resolve disputes, and enforce agreements. Data processed upon consent is retained until consent withdrawal. Usage data is retained for internal analysis or security and functionality improvements. Communication data is retained while the clinic maintains an active account or as required by healthcare record-keeping laws.

9. Transfer of Data

Information may be transferred to computers outside your jurisdiction. International transfers include appropriate security controls and compliance with this Privacy Policy and applicable law.

10. Disclosure of Data

Personal data may be disclosed:

• When required by law or valid public authority requests
• During mergers, acquisitions, or asset sales
• To subsidiaries, affiliates, and employees
• To contractors, service providers, and third parties supporting the business
• To fulfill stated purposes
• With user consent

The company does not sell personal data and does not share SMS opt-in data for marketing purposes.

11. Security of Data

The company employs administrative, technical, and physical safeguards to protect personal data against unauthorized destruction, loss, alteration, access, disclosure, or use. No internet transmission or electronic storage method is 100% secure.

12. Your Rights (GDPR Compliance)

EEA residents have data protection rights including:

• Access: Request copies of stored personal data.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of personal data.
• Objection: Object to personal data processing.
• Portability: Request personal data in a structured, commonly used format.

Requests should be emailed to shivam@nidana.io. Identity verification may be required. Some data may be necessary for service provision.

13. Service Providers

Third-party companies and individuals facilitate the Service and have access to personal data only for performing assigned tasks. They are obligated not to disclose or use data for other purposes.

14. Analytics

Third-party Service Providers may monitor and analyze Service usage.

15. Payments

Paid products and services use third-party payment processors. Payment card details are not stored by Nidana and are governed by the processor’s privacy policy.

16. Links to Other Sites

The Service may contain links to non-Nidana sites. Users should review third-party privacy policies. Nidana is not responsible for third-party content, policies, or practices.

17. Children’s Privacy

The Service does not address anyone under 16. Personal data from children under 16 is not knowingly collected. Parents and guardians aware of child data submission should contact the company.

18. Changes to This Privacy Policy

Updates may occur. Changes are posted on this page with updated effective dates. Continued use after updates constitutes consent to revised practices.

19. Contact Us

Questions about this Privacy Policy should be directed to shivam@nidana.io.