Back to Overview
Trust Center

Privacy Policy

Last Updated: May 29, 2026 • Version 1.0 (Pilot Phase)

Summary: We act as a secure data processor. Your clinic retains 100% ownership of clinical and patient records. We never sell, share, or market patient health information.

1. Introduction & Scope

Audaya (“we,” “our,” or “us”) provides the Audaya Clinic OS software platform, designed to assist medical practitioners and clinical teams in streamlining operations, managing calendars, transcribing consultations, and arranging patient records.

This Privacy Policy explains how we collect, process, and safeguard information when you use our platform. Because Audaya is a specialized software service for healthcare providers, our handling of data is split between operational accounts (for clinic staff) and clinical data (entered about patients). We place the highest priority on data transparency and isolation.

2. Data Collection

We collect and process the minimum amount of information necessary to deliver and improve our clinical platform services:

  • Account Information: Names, business email addresses, phone numbers, and professional credentials (such as medical license numbers) of doctors and clinic personnel who register to use the platform.
  • Usage & Technical Data: IP addresses, browser types, device operating systems, and platform interaction logs. This helps us ensure platform security, perform threat audits, and improve user interface performance.
  • Clinical Operational Data: Patient names, demographics, contact details, consultation transcripts, and medication records uploaded or created by clinic users.

3. Clinic Data Ownership

Core Ownership Guarantee

All patient health information, medical history, clinical dictations, transcriptions, and doctor notes uploaded or generated in the Audaya environment remain the sole, exclusive property of the clinic.

Audaya acts strictly as a data processor on behalf of the clinic (the data controller). We do not claim ownership rights, copyright, or any proprietary interest in your clinical patient records. Your records can be exported or purged at your request in compliance with local record retention regulations.

4. Patient Data Handling

We understand that patient data is highly sensitive and subject to strict confidentiality expectations. Our treatment of patient data is governed by the following core principles:

  • No Monetization: We will never sell, lease, rent, or trade patient health information to third parties. We will never use clinical data for advertising, marketing, or profiling.
  • Strict Isolation: Patient records are stored in logically isolated databases per clinic tenant to prevent cross-contamination or unauthorized access.
  • Minimal Sub-Processing: We only transmit patient data (such as ambient voice files for consultation transcription) to trusted technical infrastructure providers that have executed written confidentiality agreements with us.

5. Security Practices

We implement industry-standard safeguards designed to keep clinical operations secure and resilient:

  • Encryption: All data is encrypted in transit using Transport Layer Security (TLS 1.3) and at rest using Advanced Encryption Standard (AES-256).
  • Access Logging: Any staff access to patient records is logged in audit logs to ensure accountability.
  • Vulnerability Management: We conduct continuous vulnerability scanning of our code dependencies to identify and address security flaws.

6. Contact Information

If you have questions about how your clinic's data is handled during the pilot, contact your clinic administrator or submit an inquiry through the contact form.

Go to contact form