Privacy Policy.

1. Introduction

Nidana, Inc. operates a veterinary clinic management platform and an AI-powered post-visit follow-up system. Users must agree to the Terms of Service to access the Service. The company collects and uses data to provide and improve its offerings.

2. Definitions

• Cookies: Small files stored on devices.
• Device: Computer or mobile device.
• Data Controller: Entity determining purposes and manner of personal data processing. Nidana serves this role.
• Data Processors / Service Providers: Process data on behalf of the controller.
• Data Subject: Living individual who is the subject of personal data.
• Personal Data: Information identifying a living individual.
• Service: Website and application.
• Usage Data: Automatically collected information from service use.
• User: Individual using the service.
• Website: Web pages at Nidana.io.

3. The Data Controller

Nidana, Inc. controls users’ personal data.

4. Information Collection and Use

The company collects various information types to provide and improve its service.

5. Types of Data Collected

Personal data collected includes:

• Email address
• Phone number
• First and last name
• Profile picture
• Cookies and usage data
• Communication data (SMS content, voice recordings, transcripts, AI summaries, metadata)
• Voice data (phone call audio recordings when enabled)
• Tracking and usage information

6. Use of Data

Nidana uses collected personal data for:

• Service provision and maintenance
• Appointment scheduling through Google Calendar integration
• Sending transactional emails through connected Gmail accounts
• Service change notifications
• Interactive feature participation
• Customer support
• Service improvement analysis
• Usage monitoring
• Technical issue detection and prevention
• Contract obligations and billing
• Account notifications and subscription management
• Marketing communications (with consent)
• Veterinary clinic-client communication including SMS, calls, recordings, transcription, AI summaries, and document sharing
• Other stated purposes

7. Communication Services (SMS and Voice)

7.1 SMS Data Sharing Disclosure

No mobile information or SMS opt-in data will be shared with third parties or affiliates for marketing or promotional purposes. Data sharing with service subcontractors is permitted only for operational purposes, with contractual prohibitions on other uses.

7.2 SMS Messaging

Clinics may send and receive texts for transactional purposes including appointment confirmations, reminders, medical and financial document sharing, preventive care reminders, and follow-up communications. Data includes phone numbers, message content, delivery status, timestamps, and sender identification.

7.3 Consent Records

SMS consent is collected during patient intake. Consent records (including method, timestamp, staff member, and disclosure version) are retained for the clinic’s active account plus seven years, or longer if healthcare laws require.

7.4 Revocation of Consent

Users may revoke SMS consent by replying STOP, contacting the clinic directly, or emailing privacy@nidana.io or support@nidana.io. Revocations are honored within 24 hours.

7.5 Voice Calls and Recordings

Clinics may make and receive calls through Twilio VoIP. When recording is enabled, calls are automatically recorded for clinical documentation and quality purposes. Data includes phone numbers, call direction, status, duration, timestamps, staff identity, and audio recordings. Using a clinic’s phone services with recording enabled constitutes consent to recording.

7.6 Transcription and AI-Generated Summaries

Recorded calls may be automatically transcribed using Cloud Speech-to-Text. Transcripts may be processed by AI to generate clinical summaries including findings, recommendations, and outcome categorization. Both are stored alongside call records.

7.7 Document Sharing

Clinics may share medical and financial documents via secure, time-limited links through SMS or chat. Files are stored in AWS S3 and served via signed URLs with limited validity. Data includes document metadata, access records, expiration timestamps, and staff member identity.

7.8 Cross-Border Data Handling

Canadian pet owner data is handled under PIPEDA. U.S. data is handled under applicable state privacy laws. Data may be transferred to and processed in the United States.

8. Google API Services

Nidana integrates with Google services to provide core platform functionality. This section describes how we access and use data from Google APIs.

8.1 Google Calendar Integration

Clinics may connect their Google Calendar to sync appointments. We request access to create, read, and modify calendar events. Calendar data is used solely for appointment scheduling and synchronization within the Nidana platform.

8.2 Gmail Integration

Nidana is a PIMS (Practice Information Management System) platform for veterinarians. We allow clinics to use their own Google Workspace accounts to send emails from their own email addresses. We use Gmail’s sending infrastructure to deliver transactional messages such as appointment confirmations, appointment updates, electronic medical records, and PDF documents related to patient appointments.

We request the following permissions:

• Send emails (gmail.send): To send transactional emails on behalf of the clinic, including appointment confirmations, reminders, invoices, prescriptions, vaccination certificates, diagnostic reports, and other clinic-to-client communications.
• Email address (email, openid): To identify the connected Google Workspace account and display it in clinic settings.

We do not read, access, or store the contents of the clinic’s inbox, sent folder, drafts, contacts, or any existing emails. The integration is send-only.

8.3 Limited Use Disclosure

Nidana’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Nidana:

• Uses Google user data only to provide and improve the user-facing features of the Service as described in this policy.
• Does not use Google user data for serving advertisements or retargeting.
• Does not use Google user data for training artificial intelligence or machine learning models.
• Does not use Google user data for credit determination, lending decisions, or insurance underwriting.
• Does not sell Google user data to data brokers or any third party.
• Does not allow humans to read Google user data unless: (a) we have the user’s affirmative consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) our use is limited to internal operations and the data has been aggregated and anonymized.
• Does not transfer Google user data to third parties except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice.

8.4 Revoking Google Access

Clinic administrators may disconnect Google Calendar or Gmail at any time from the clinic settings page. Upon disconnection, Nidana revokes and deletes the stored OAuth tokens. Transactional emails will revert to being sent from Nidana’s default sending address. Users may also revoke access directly from their Google Account permissions page.

9. Retention of Data

Personal data is retained as long as necessary for stated purposes or to comply with legal obligations, resolve disputes, and enforce agreements. Data processed upon consent is retained until consent withdrawal. Usage data is retained for internal analysis or security and functionality improvements. Communication data is retained while the clinic maintains an active account or as required by healthcare record-keeping laws.

10. Transfer of Data

Information may be transferred to computers outside your jurisdiction. International transfers include appropriate security controls and compliance with this Privacy Policy and applicable law.

11. Disclosure of Data

Personal data may be disclosed:

• When required by law or valid public authority requests
• During mergers, acquisitions, or asset sales
• To subsidiaries, affiliates, and employees
• To contractors, service providers, and third parties supporting the business
• To fulfill stated purposes
• With user consent

The company does not sell personal data and does not share SMS opt-in data for marketing purposes.

12. Security of Data

The company employs administrative, technical, and physical safeguards to protect personal data against unauthorized destruction, loss, alteration, access, disclosure, or use. No internet transmission or electronic storage method is 100% secure.

13. Your Rights (GDPR Compliance)

EEA residents have data protection rights including:

• Access: Request copies of stored personal data.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of personal data.
• Objection: Object to personal data processing.
• Portability: Request personal data in a structured, commonly used format.

Requests should be emailed to shivam@nidana.io. Identity verification may be required. Some data may be necessary for service provision.

14. Service Providers

Third-party companies and individuals facilitate the Service and have access to personal data only for performing assigned tasks. They are obligated not to disclose or use data for other purposes.

15. Analytics

Third-party Service Providers may monitor and analyze Service usage.

16. Payments

Paid products and services use third-party payment processors. Payment card details are not stored by Nidana and are governed by the processor’s privacy policy.

17. Links to Other Sites

The Service may contain links to non-Nidana sites. Users should review third-party privacy policies. Nidana is not responsible for third-party content, policies, or practices.

18. Children’s Privacy

The Service does not address anyone under 16. Personal data from children under 16 is not knowingly collected. Parents and guardians aware of child data submission should contact the company.

19. Changes to This Privacy Policy

Updates may occur. Changes are posted on this page with updated effective dates. Continued use after updates constitutes consent to revised practices.

20. Contact Us

Questions about this Privacy Policy should be directed to shivam@nidana.io.