← Back to Raydian Health
1. Introduction
Raydian Health ("we," "us," "our") is a product of Raydian Tech, a technology company registered in India. Raydian Health is a cloud-based SaaS platform that enables diagnostic laboratories and medical clinics in India to automate medical report delivery, manage patient queues, and facilitate patient communication through WhatsApp.
This Privacy Policy explains how we collect, use, store, protect, share, and delete personal data in compliance with the Digital Personal Data Protection (DPDP) Act, 2023 of India and applicable regulations.
By using our platform or receiving communications from us via WhatsApp, you consent to the practices described in this policy.
2. Data Controller
Raydian Tech
Email: privacy@raydiantech.com
Website: raydianhealth.in
Raydian Tech acts as the Data Fiduciary (data controller) under the DPDP Act 2023. Diagnostic laboratories and clinics that use our platform act as Data Fiduciaries for their own patient relationships; Raydian Tech acts as a Data Processor on their behalf.
3. Data We Collect
We collect and process the following categories of personal data:
3.1 Patient Data (collected via diagnostic labs)
- Mobile phone number — extracted from medical report PDFs uploaded by the laboratory for the purpose of delivering report results via WhatsApp
- Medical report content — text extracted from uploaded PDF reports via OCR (Optical Character Recognition) for generating AI-powered plain-language summaries
- AI-generated report summaries — plain-language interpretations of medical reports, generated by artificial intelligence with mandatory medical disclaimers
- WhatsApp message logs — delivery status, timestamps, and message identifiers for audit and troubleshooting purposes
- Queue management data — token numbers, appointment positions, estimated wait times, and consultation status for clinic queue management
- Q&A chatbot interactions — questions asked by patients via WhatsApp and AI-generated responses based on the lab's uploaded knowledge base documents
3.2 Lab/Clinic Administrator Data
- Name, email address, and phone number of lab administrators
- Lab business information (name, address, business registration details)
- API authentication credentials (encrypted)
- Subscription and billing information
3.3 Doctor Data
- Doctor name, specialty, clinic name, and phone number — provided by labs for doctor advertisement features
- WhatsApp contact numbers for doctor referral links
3.4 Automatically Collected Data
- IP addresses and access logs for security monitoring
- API usage metrics and error logs
- WhatsApp webhook delivery status updates from Meta
4. How We Use Your Data
We process personal data for the following purposes:
- Medical report delivery — Extracting phone numbers from lab reports and delivering report summaries to patients via WhatsApp
- AI summarization — Generating plain-language medical report summaries to help patients understand their results (with mandatory disclaimers to consult a doctor)
- Queue management — Managing real-time patient queues in clinics, sending appointment notifications, and providing wait time estimates via WhatsApp
- Q&A chatbot — Answering patient queries about lab services, test preparation, pricing, and timings using AI powered by the lab's uploaded knowledge base
- Doctor advertisements — Sending relevant doctor referral recommendations to patients after report delivery (only with lab consent, never with Q&A responses)
- Platform administration — Managing lab accounts, enforcing subscription limits, monitoring AI costs, and maintaining platform health
- Security and compliance — Maintaining audit trails, detecting fraud, verifying API authentication, and ensuring DPDP Act compliance
5. Legal Basis for Processing
We process personal data under the following legal bases as defined in the DPDP Act 2023:
- Consent — Labs obtain patient consent for report delivery. Our platform schema supports consent tracking (opted_in / opted_out status).
- Legitimate use — Processing necessary for the performance of services contracted by diagnostic laboratories and clinics.
- Legal obligation — Maintaining audit trails and compliance records as required by Indian healthcare and data protection regulations.
6. Data Storage and Security
All data is stored exclusively in India. Our infrastructure is hosted on Amazon Web Services (AWS) in the Mumbai region (ap-south-1). No personal data is transferred outside of India.
6.1 Encryption
- Patient phone numbers are encrypted using AES-256-GCM encryption at the application layer before storage in the database
- Phone numbers are decrypted only at the moment of sending a WhatsApp message, then immediately discarded from memory
- All files (PDFs, documents) are encrypted at rest in AWS S3 using server-side encryption
- All data in transit is encrypted using TLS 1.2+
- Database connections use encrypted PostgreSQL connections
6.2 Access Controls
- Multi-tenant architecture with strict tenant isolation — each lab's data is completely separate
- JWT-based authentication with role-based access control (lab-admin, super-admin)
- API authentication using HMAC-SHA256 signatures with replay protection
- No cross-tenant data access is architecturally possible
6.3 Audit Trail
- All actions (report uploads, message deliveries, admin changes, queue operations) are logged in an immutable audit trail
- Audit logs are retained for a minimum of 3 years as required by regulations
- Audit logs are never automatically deleted
7. Data Retention and Automatic Deletion
We enforce strict data retention policies in compliance with the DPDP Act 2023. Personal data is automatically purged on the following schedule:
| Data Category |
Retention Period |
Deletion Method |
| Patient phone numbers |
30 days |
Nullified (record preserved, PII removed) |
| OCR extracted text |
30 days |
Permanently deleted |
| AI-generated summaries |
90 days |
Permanently deleted |
| WhatsApp message logs |
180 days |
Permanently deleted |
| Ad delivery logs |
90 days |
Permanently deleted |
| Q&A chatbot logs |
90 days |
Permanently deleted |
| Audit logs |
3+ years |
Never auto-deleted (regulatory requirement) |
Automated purge jobs run daily at 02:00 UTC. No manual intervention is required.
8. Data Sharing
We share personal data only with the following parties, and only as necessary:
- Meta Platforms (WhatsApp Business API) — Phone numbers and message content are transmitted to Meta's WhatsApp Cloud API for message delivery. See: WhatsApp Privacy Policy
- Amazon Web Services (AWS) — Data is processed and stored on AWS infrastructure in Mumbai (ap-south-1). See: AWS Privacy Policy
- OpenAI — Medical report text is sent to OpenAI's API for generating plain-language summaries. No patient phone numbers or direct identifiers are sent to OpenAI. See: OpenAI Privacy Policy
- Diagnostic laboratories and clinics — Labs access their own patients' data through our admin dashboard for monitoring and management purposes
We never sell personal data to third parties. We never share patient data across labs or with unauthorized parties.
9. Your Rights Under DPDP Act 2023
As a data principal (individual whose data is being processed), you have the following rights:
- Right to Access — You may request information about what personal data we hold about you.
- Right to Correction — You may request correction of inaccurate personal data.
- Right to Erasure (Data Deletion) — You may request deletion of your personal data at any time.
- Right to Grievance Redressal — You may raise a complaint regarding data processing. Contact our Grievance Officer at privacy@raydiantech.com.
- Right to Nominate — You may nominate another individual to exercise your rights in case of your death or incapacity, as provided under the DPDP Act.
To exercise any of these rights, contact us at privacy@raydiantech.com. We will respond within 30 days of receiving your request.
10. WhatsApp Business Platform
Raydian Health uses the Meta WhatsApp Business Cloud API to send messages to patients on behalf of diagnostic laboratories. Specifically:
- We send medical report summaries and download links to patients via pre-approved WhatsApp message templates
- We send doctor advertisement messages (only after report delivery, never with Q&A responses)
- We send queue status notifications to patients
- We receive and respond to patient queries via our AI-powered Q&A chatbot
All WhatsApp communications are logged in our message audit trail. Patients can opt out of receiving messages by contacting their diagnostic laboratory directly.
11. Cookies and Tracking
Our web-based admin dashboard may use essential cookies for session management and authentication. We do not use advertising cookies or third-party tracking pixels. We do not track patients through cookies.
12. Children's Data
Our platform processes medical reports which may belong to minors. In such cases, the diagnostic laboratory is responsible for obtaining appropriate consent from the parent or guardian. We do not knowingly collect data directly from children under the age of 18.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered lab administrators via email of any material changes. The "Last Updated" date at the top of this page indicates when this policy was last revised.
14. Contact Us
For any privacy-related inquiries, data access requests, or complaints:
Raydian Tech — Privacy Office
Email: privacy@raydiantech.com
General Inquiries: info@raydiantech.com
Website: raydianhealth.in
We will acknowledge your request within 48 hours and provide a substantive response within 30 days.