Privacy Policy

1. Who This Policy Applies To

This policy applies to:

• Healthcare professionals (doctors, consultants) who create an account on Rivara ICU
• Hospitals and clinics that deploy the platform for their ICU departments

Rivara ICU is a business-to-business (B2B) platform. We do not collect data directly from patients. Patient data is entered by the treating doctor or hospital staff on behalf of and under the instructions of the hospital.

2. What Data We Collect

Account data (about the doctor/user)

• Full name
• Mobile phone number (used for OTP-based login)
• Hospital/clinic name, department, address, and phone number
• Doctor designation and registration number (optional, used in PDF summaries)

Patient data (entered by the doctor)

Patient records entered into Rivara ICU may include:

• Name, age, sex, and unique hospital ID (UHID)
• Admission date, ward, and treating consultant
• Comorbidities and diagnosis
• Daily clinical notes: vitals, lab values, interventions, clinical impression
• Discharge or death summary (AI-generated, doctor-reviewed)
• Uploaded medical documents and their OCR-extracted text

This constitutes Sensitive Personal Data or Information (SPDI) as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Technical data (automatically collected)

• Browser type and version
• Device type
• IP address (logged by Firebase infrastructure for security purposes; not stored by us)
• Authentication logs (OTP requests, login timestamps)

3. Why We Collect This Data

Data	Purpose
Account data	Account creation, login, and personalising the app experience
Hospital profile	Displaying correct hospital name, address, and doctor details on PDF summaries
Patient records	Providing the core service: documenting ICU stays and generating clinical summaries
Technical data	Security, fraud prevention, and service reliability

We do not use patient data for advertising, profiling, or any purpose unrelated to the clinical documentation service.

4. AI-Generated Summaries

Rivara ICU uses Google's Gemini AI service to generate clinical summaries from structured patient data entered by the doctor. The following applies:

• Patient data is transmitted to Google's AI service over an encrypted (HTTPS) connection to generate the summary text.
• Google does not retain patient data from these requests beyond the duration of the API call, under their enterprise API terms.
• No patient names, UHIDs, or identifying details are included in the AI prompt — only clinical values (vitals, labs, interventions).
• The treating doctor reviews and approves every AI-generated summary before use.

5. How We Store and Protect Your Data

Patient records are stored in Google Cloud Firestore (Mumbai region — asia-south1) and uploaded documents in Google Cloud Storage. All patient data is stored within India. Both services are ISO 27001 and SOC 2 certified and encrypt data at rest and in transit.

We implement the following security practices as required under the IT Rules 2011:

• All data transmissions use TLS/HTTPS encryption
• Authentication via one-time passwords (OTP); no stored passwords
• Access controls: each doctor's data is isolated by Firebase security rules
• Firestore security rules prevent any user from reading another user's patient records

6. Data Sharing and Disclosure

We do not sell, rent, or share patient data with any third party for commercial purposes. Data is shared only in the following limited circumstances:

• Google / Firebase: Our cloud infrastructure provider processes data on our behalf under Google's Data Processing and Security Terms. Google acts as a data processor; you (the hospital) are the data controller.
• Legal obligation: If required by Indian law, court order, or a government authority with lawful authority.
• With your explicit consent: For any other purpose not listed here.

7. Data Retention

• Patient records are retained for as long as the account is active.
• On account deletion or written request, all patient data is permanently deleted within 30 days.
• Authentication logs are retained for up to 90 days for security purposes.

8. Your Rights

As a user, you have the right to:

• Access the data we hold about you
• Correct inaccurate account or hospital profile information
• Delete your account and all associated patient records
• Export patient data as PDF before deletion
• Withdraw consent by closing your account

To exercise any of these rights, email privacy@rivarahealth.com.

9. Cookies

The Rivara ICU app uses browser localStorage (not cookies) to store draft notes and session state locally on your device. No tracking cookies or advertising cookies are used. The rivarahealth.com marketing website does not use analytics or tracking cookies.

10. Children's Data

Rivara ICU is intended for use by licensed healthcare professionals only. Paediatric patients may appear as patient records; this data is entered by and under the responsibility of the treating doctor and hospital, who are responsible for obtaining any necessary consent.

11. Applicable Laws

This policy is governed by:

• Information Technology Act, 2000 and its amendments
• IT (Reasonable Security Practices and Procedures and SPDI) Rules, 2011
• Digital Personal Data Protection Act, 2023 (compliance ongoing as rules are notified)

12. Grievance Officer

In accordance with the IT Rules 2011, any grievance related to this Privacy Policy can be directed to our Grievance Officer:

13. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users via the app. The "last updated" date at the top of this page will reflect any revisions.