Ambanax Privacy Policy

Welcome to Ambanax the App, we, us, our. Ambanax is founded by Dr. Chandana Malakar the Founder Controller. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Ambanax system, which includes three interfaces used for pre-hospital diagnosis inside ambulances before patients reach the hospital. If you do not agree with the terms below, please do not use the App or its services.

1. Definitions

• Scope: User you your any person patient, paramedic, hospital staff using Ambanax’s interfaces. This Policy applies to data collected via our mobile app, backend servers, APIs, offline capture in ambulances, and related web services.
• Personal Data / Personal Information: information that identifies or can identify you directly or indirectly.
• Health Data / Sensitive Health Data: medical/clinical details, vital signs, diagnosis, test results, etc.
• Interfaces / Modules: the three parts of Ambanax used in ambulances e.g. paramedic interface, remote physician interface, hospital interface.
• Controller / Processor: Ambanax and its agents determine processing purposes and means.
• Third Parties: external service providers, partner hospitals, analytics providers, regulatory authorities, etc.

2. What Information We Collect

We collect various types of information, including:

a) Information You Provide

• Identity contact data: name, age, gender, contact phone, address, emergency contact.
• Health medical data: symptoms, medical history, vitals e.g. ECG, blood pressure, SpO2, images or scans, diagnostic notes, medication, lab test results.
• Usage Device data: device identifiers, operating system version, app version, logs, timestamp, network info.
• Location data: real-time and historical GPS coordinates of the ambulance, route, geolocation metadata.
• Communication data: call logs, chat transcripts, video/audio exchanges done in the app bw if used.
• Consent authentication data: login credentials, digital signatures, consent forms, biometric identifiers if employed.

b) Automatically Collected Data

• Analytics information: e.g. which modules are used, latency, errors.
• Crash reports, usage metrics.
• Network telemetry, performance metrics.

c) From Third-Party Sources

• Hospital information: if shared with us.
• Partner systems: e.g. EHR EMR integration.
• Public or regulatory databases: if needed for identity verification or health records.

3. Purpose of Processing Legal Basis

We process your data for the following purposes:

• Providing the core service: enabling real-time diagnosis, transmitting data between ambulance and hospital, decision support, alerts.
• Medical clinical care: to help paramedics, remote physicians, and receiving hospitals make decisions.
• Emergency response: routing, ambulance dispatch, predictive routing, geolocation.
• Quality improvement analytics: aggregated, de-identified data to measure performance, improve algorithms, train models, detect trends.
• Security, fraud prevention, safety: detect misuse, ensure integrity, audit trails.
• Compliance legal obligations: regulatory reporting, responding to lawful requests, audits.
• User support: communications help desk, notifications, updates.

Legal basis India regionally may include: Consent explicit for health data processing Legal or regulatory obligation Performance of contract or service Legitimate interest for operational needs, where not overridden by rights.

4. Disclosure Sharing of Information

We do not sell your personal or health data. We may disclose information only as follows:

• Hospitals Emergency Departments: to share patient data ahead of arrival for better preparedness.
• Paramedics physicians medical staff: as needed for care coordination.
• Service providers vendors: e.g. cloud hosting, analytics, telemedicine providers, under strict confidentiality agreements.
• Regulatory legal authorities: as required by law, court orders, audits.
• Aggregate de-identified data shared for research or public health: no personally identifying info.
• Business transfer: in case of merger, acquisition, or sale with notice to users.

We will require all third parties to implement appropriate safeguards and use data only for allowed purposes.

5. Data Security, Retention Fraud Prevention

a) Security Measures

We implement industry-standard safeguards to protect your data:

• Encryption in transit TLS and at rest
• Access controls, role-based permissions
• Audit logs and trail of access
• Secure authentication multi-factor where possible
• Regular vulnerability assessments and security reviews
• Pseudonymization anonymization techniques where feasible

b) Retention Policy

• Health medical data: Retained for 5 years from the date of collection, unless longer retention is required by law or for clinical audit.
• Operational logs crash reports usage data: Retained for up to 5 years for troubleshooting and analytics, then anonymized.
• Backups: Automatically deleted or anonymized within 5 years.
• Legal exceptions: If a regulatory obligation requires longer storage, data may be retained as mandated, but only for that purpose.

c) Fraud Prevention

We actively monitor, detect, and prevent fraudulent or unauthorized activities, including but not limited to:

• Identity verification: Strong authentication to ensure only authorized medical personnel and patients access data.
• Access monitoring: Role-based controls and real-time logging of user actions.
• Anomaly detection: Automated checks for unusual activity patterns e.g., unauthorized downloads, suspicious logins, data tampering.
• Reporting escalation: Any suspected fraud is immediately escalated to compliance teams and, where required, reported to law enforcement.

User responsibilities: Users are expected to maintain confidentiality of login credentials and report suspected misuse.

6. User Rights Controls

Depending on jurisdiction, you likely have rights including:

• Access: request a copy of your personal data
• Correction rectification: fix inaccurate or incomplete data
• Erasure deletion: ask to delete, when not legally needed
• Restriction of processing: limit how your data is used
• Objection: object to processing in certain conditions
• Portability: request data in a structured, machine-readable format
• Withdraw consent: at any time for processing based solely on consent
• Lodge complaint: with relevant data protection authority

We will respond to requests as required by applicable law, typically within a fixed time e.g. 30 days.

7. Children Vulnerable Populations

If users are minors below legal age or incapable, data must be processed with guardian consent, and we will take extra precautions. The App is not intended for use by children without adult supervision as this a emergency medical app.

8. Cross-Border Transfers

If data is transferred or stored outside your country e.g. in overseas cloud servers, we ensure appropriate safeguards such as:

• Standard contractual clauses
• Encryption
• Other legal mechanisms under data protection law

We will inform you which countries data may travel to.

9. Cookies Similar Technologies for Web Portal

If Ambanax has a web portal Use cookies, web beacons, local storage to track usage, preferences:

• Types: essential cookies, analytics cookies, performance cookies
• You may disable or manage cookies via browser settings but core app functions may be affected

10. Changes to Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you via email, in-app notice before changes go into effect. The Effective date at top will be updated. Your continued use after changes signifies acceptance of the new Policy.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your data, contact us:

Founder Controller: Dr. Chandana Malakar
Email: contact@ambanax.com
Phone support: 7099636948