Ayati Devices

PRIVACY POLICY

Last Updated: 17th June, 2026

Ayati Devices Private Limited, a company incorporated under the Companies Act, 2013, having its registered/corporate office at Bengaluru, Karnataka, India, is engaged in the development, manufacturing, distribution, support, servicing, and operation of medical technology devices, software applications, digital reports, and related healthcare technology solutions.

In this Privacy Policy, the terms “Ayati”, “Ayati Devices”, “Company”, “We”, “Us”, and “Our” refer to Ayati Devices Private Limited. The terms “You”, “Your”, “User”, and “Data Principal” refer to any individual whose personal data is collected or processed by Ayati, including website visitors, customers, patients, healthcare professionals, doctors, clinics, hospitals, distributors, vendors, employees, consultants, service users, and other individuals interacting with Ayati.

This Privacy Policy applies to the website www.ayatidevices.com, Ayati’s software applications, mobile applications, device-connected applications, cloud-based platforms, digital reports, product demo activities, installation workflows, service support, customer support, clinical screening workflows, research-related workflows, and any other online or offline interaction where Ayati collects or processes personal data.

This Privacy Policy explains how Ayati collects, uses, stores, shares, protects, retains, and otherwise processes personal data, including health-related and device-generated data, in accordance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025, the Information Technology Act, 2000, and other applicable laws and regulations.

The DPDP Act requires consent requests to be presented in clear and plain language and gives individuals rights relating to access, correction, grievance redressal, and nomination. The DPDP Rules, 2025 also provide for clear consent notices, security safeguards, breach-related obligations, and phased compliance requirements.

By accessing or using Our website, applications, products, software, services, reports, support channels, or by otherwise providing Your personal data to Us, You agree to the terms of this Privacy Policy.

1. Scope of this Privacy Policy

This Privacy Policy applies to personal data collected or processed by Ayati through:

  1. Our website, applications, software, and digital platforms;
    b. Ayati medical devices and device-connected applications;
    c. Digital reports, clinical assessment outputs, test records, images, waveforms, pressure maps, screening records, and related device-generated data;
    d. Product enquiries, demonstrations, installations, training sessions, and service support;
    e. Customer support, warranty support, troubleshooting, and maintenance interactions;
    f. Clinical camps, screening programs, hospital/clinic workflows, research activities, and product validation activities;
    g. Email, phone, WhatsApp, physical forms, distributor interactions, and other communication channels; and
    h. Any other interaction where Ayati collects or processes personal data.

This Privacy Policy replaces or updates any previous privacy policy used by Ayati, including the earlier policy covering Ayati’s website, applications, user information, cookies, retention, security, third-party sharing, and grievance redressal.

2. Definitions

For the purpose of this Privacy Policy:

Personal Data means any data about an individual who is identifiable by or in relation to such data.

Processing means any operation performed on personal data, including collection, recording, storage, organisation, structuring, use, retrieval, analysis, sharing, disclosure, transmission, restriction, erasure, or destruction.

Data Principal means the individual to whom the personal data relates.

Data Fiduciary means any person or entity that determines the purpose and means of processing personal data.

Data Processor means any person or entity that processes personal data on behalf of a Data Fiduciary.

Consent means a freely given, specific, informed, unconditional, and unambiguous indication of the Data Principal’s wishes through a clear affirmative action.

Health Data / Clinical Data means personal data relating to an individual’s health, medical assessment, screening result, device-generated reading, clinical observation, test report, or related medical/healthcare information.

Services means Ayati’s website, applications, software, devices, reports, support, training, demonstrations, installations, customer service, and related business or healthcare technology services.

3. Ayati’s Role as Data Fiduciary or Data Processor

Ayati may act as a Data Fiduciary when We determine the purpose and means of processing personal data. This may include processing for website enquiries, product demonstrations, customer support, device installation, warranty registration, service records, billing, marketing communication, app account creation, product improvement, and business communication.

Ayati may act as a Data Processor when We process patient data, clinical data, screening data, reports, or device-generated information on behalf of hospitals, clinics, doctors, healthcare institutions, research organisations, distributors, or other customers. In such cases, the respective hospital, clinic, doctor, healthcare institution, research organisation, distributor, or customer may act as the Data Fiduciary, and Ayati will process such data based on contractual instructions and applicable law.

Where Ayati acts as a Data Processor, the concerned healthcare provider, institution, or customer may be responsible for providing notices, obtaining consent, maintaining patient records, and responding to patient requests, unless otherwise agreed in writing.

4. Personal Data We Collect

Depending on Your interaction with Ayati, We may collect the following categories of personal data.

4.1 Personal and Contact Information

We may collect Your name, email address, phone number, address, city, state, country, pin code, organisation name, designation, department, hospital or clinic name, distributor details, delivery address, billing details, and other contact information.

4.2 Professional and Institutional Information

We may collect information such as doctor name, healthcare professional details, clinic/hospital name, department, role, medical speciality, distributor details, service team details, business communication records, training attendance, and product usage context.

4.3 Patient, Health, and Clinical Information

Where applicable, Ayati may collect or process health-related or clinical information, including:

  1. Patient ID, name, age, gender, contact details, and demographic details;
    b. Diabetic foot screening records;
    c. Neuropathy assessment data;
    d. Vibration, temperature, monofilament, or sensory assessment results;
    e. Vascular assessment data, including ABI/TBI values, Doppler waveforms, pressure readings, and related reports;
    f. Plantar pressure assessment data, footprint maps, pressure maps, gait-related records, and screening outputs;
    g. Thermal, perfusion, blood-flow, or imaging-related data generated by Ayati devices;
    h. Wound-related observations, foot images, limb images, clinical notes, and assessment remarks, where entered by authorised users;
    i. Device-generated reports, PDF reports, graphs, values, charts, images, screenshots, and other medical assessment outputs; and
    j. Any other information entered into or generated by Ayati’s devices, applications, or software during clinical use.

4.4 Device, Technical, and Usage Information

We may collect device ID, serial number, software version, app version, firmware version, operating system, browser type, IP address, device logs, diagnostic logs, error logs, connectivity logs, calibration data, service records, hardware information, date and time of use, usage frequency, feature usage, crash reports, and other technical information.

4.5 Website and Cookie Information

When You access Our website, We may automatically collect information such as IP address, browser type, device type, operating system, pages visited, time spent on pages, referring URLs, cookies, analytics identifiers, and other usage information.

4.6 Demo, Installation, Service, and Support Information

We may collect details shared during product demonstrations, installations, training sessions, clinical camps, service visits, repair requests, troubleshooting, warranty support, software support, and customer service interactions.

4.7 Research, Validation, and Quality Improvement Data

Where permitted by law, contract, institutional approval, ethics approval, or consent, We may collect or process data for research, product validation, clinical evaluation, quality control, training, product improvement, regulatory documentation, and scientific analysis.

Where possible, such data will be anonymised, aggregated, or pseudonymised.

5. How We Collect Personal Data

Ayati may collect personal data in the following ways:

  1. When You visit Our website or submit an enquiry form;
    b. When You contact Us by email, phone, WhatsApp, website form, social media, or other communication channels;
    c. When You request product information, demo, pricing, installation, training, support, or service;
    d. When You purchase, register, install, activate, or use an Ayati device, software, application, or report system;
    e. When You create an account or use features on Our applications or software;
    f. When healthcare professionals, hospitals, clinics, distributors, or authorised users enter data into Ayati systems;
    g. When device-generated data is captured through Ayati products;
    h. When You participate in a clinical camp, screening activity, product validation, training, or research workflow;
    i. When You provide information to Our sales, service, support, distributor, or installation teams;
    j. Through cookies, analytics tools, device logs, and automated technologies; and
    k. From third parties such as hospitals, clinics, doctors, distributors, logistics partners, service partners, payment processors, research partners, or authorised representatives.

6. Purpose of Processing Personal Data

Ayati may process personal data for the following purposes:

  1. To provide, operate, maintain, and improve Our medical devices, software, applications, digital reports, and related services;
    b. To enable clinical screening, assessment, measurement, reporting, storage, retrieval, and review of device-generated outputs;
    c. To support doctors, clinics, hospitals, distributors, and healthcare professionals in using Ayati products;
    d. To provide product demonstrations, installation support, training, warranty support, service support, troubleshooting, maintenance, and technical assistance;
    e. To generate, store, retrieve, export, or share digital reports and clinical assessment outputs;
    f. To verify user identity, manage accounts, and provide secure access to applications or software;
    g. To process orders, invoices, payments, deliveries, warranty registrations, and service requests;
    h. To communicate with You regarding products, services, updates, safety notices, service reminders, training, support, and business enquiries;
    i. To improve device performance, software functionality, user experience, product quality, and customer support;
    j. To conduct internal audits, quality assurance, product validation, research, clinical evaluation, regulatory documentation, and scientific analysis;
    k. To detect, prevent, investigate, and respond to fraud, misuse, unauthorised access, security incidents, technical errors, or unlawful activity;
    l. To comply with applicable legal, regulatory, tax, audit, cybersecurity, medical device, product safety, and law enforcement requirements;
    m. To enforce Our Terms of Use, contracts, policies, and legal rights; and
    n. For any other purpose disclosed to You at the time of collection or based on Your consent.

7. Consent and Notice under DPDP

Where consent is required under applicable law, Ayati will seek consent through a clear affirmative action. Consent requests will be presented in clear and plain language and will describe the personal data being collected, the purpose of processing, and how You may exercise Your rights.

By using Our website, applications, software, devices, reports, support channels, or services, or by providing personal data to Us directly or through authorised representatives, healthcare professionals, hospitals, clinics, distributors, or partner institutions, You consent to the collection and processing of Your personal data as described in this Privacy Policy.

Where Ayati processes patient data in a hospital, clinic, camp, research, or healthcare setting, the concerned healthcare provider, institution, or authorised professional may be responsible for providing the required privacy notice and obtaining necessary consent, unless Ayati directly collects such data as a Data Fiduciary.

You may withdraw Your consent at any time by contacting Us using the details provided in this Privacy Policy. Withdrawal of consent will not affect processing already completed before such withdrawal. However, withdrawal may affect Our ability to provide certain services, reports, support, warranty, device functionality, or software access.

The DPDP framework recognises consent withdrawal and requires Data Fiduciaries to act in accordance with applicable law when processing personal data based on consent.

8. Legitimate Uses and Legal Processing

In addition to consent-based processing, Ayati may process personal data where permitted under applicable law, including for legitimate uses such as:

  1. Compliance with legal obligations;
    b. Responding to medical, legal, regulatory, or law enforcement requirements;
    c. Employment-related processing, where applicable;
    d. Processing required for safety, emergency, product support, or legal claims;
    e. Processing voluntarily provided data for the specified purpose; and
    f. Any other lawful basis recognised under applicable Indian law.

9. Children and Persons with Disabilities

Ayati products and services are generally intended for use by healthcare professionals, clinics, hospitals, distributors, and authorised adult users.

Where personal data of a child or a person with disability requiring lawful guardian support is processed, Ayati or the relevant healthcare provider/institution will obtain verifiable consent from the parent or lawful guardian wherever required under applicable law.

Ayati does not knowingly process children’s personal data for behavioural monitoring, profiling, or targeted advertising.

The DPDP Rules, 2025 include specific requirements relating to verifiable consent for children and persons with disabilities.

10. Health Data and Clinical Data

Ayati recognises that health-related and clinical information is sensitive in nature and requires appropriate care.

Ayati may process health data and clinical data only for purposes connected with product use, clinical assessment, digital reporting, support, service, research, validation, quality improvement, regulatory documentation, or as otherwise permitted by law, contract, or consent.

Ayati will take reasonable safeguards to protect health-related information, including access control, confidentiality obligations, technical safeguards, and restrictions on unauthorised use or disclosure.

Where Ayati processes patient or clinical data on behalf of a hospital, clinic, doctor, healthcare institution, research organisation, or distributor, such processing will be carried out in accordance with the instructions of the relevant Data Fiduciary and applicable law.

11. Research, Product Improvement, and Anonymised Data

Ayati may use anonymised, aggregated, de-identified, or pseudonymised data for research, product improvement, clinical validation, quality assurance, training, scientific publications, product development, regulatory documentation, and business analytics.

Where identifiable personal data is used for research or clinical validation, Ayati will do so only where permitted by applicable consent, contract, institutional approval, ethics approval, or law.

Anonymised or aggregated data that does not identify an individual may be retained and used by Ayati for lawful business, research, product development, and analytical purposes.

12. Sharing and Disclosure of Personal Data

Ayati may share personal data with the following categories of recipients:

  1. Hospitals, clinics, doctors, healthcare professionals, diagnostic centres, clinical users, and authorised institutional users;
    b. Distributors, installation teams, service partners, logistics partners, and customer support providers;
    c. Cloud hosting providers, software vendors, analytics providers, payment processors, email/SMS/communication providers, IT service providers, and cybersecurity vendors;
    d. Research partners, academic institutions, clinical validation partners, and regulatory consultants, where permitted by law, contract, consent, or ethics approval;
    e. Auditors, legal advisors, accountants, consultants, insurers, and professional advisors;
    f. Government authorities, courts, regulators, law enforcement agencies, and statutory bodies where required by law;
    g. Potential investors, acquirers, successors, or business partners in connection with a merger, acquisition, restructuring, financing, asset sale, insolvency, or transfer of business; and
    h. Any other person or entity where You have provided consent or where disclosure is required for the purpose disclosed to You.

Ayati will endeavour to share only such personal data as is necessary for the relevant purpose.

13. Third-Party Service Providers and Data Processors

Ayati may engage third-party service providers and Data Processors for hosting, storage, analytics, communication, customer support, logistics, payment processing, software development, device servicing, maintenance, cybersecurity, and other business operations.

Ayati will take reasonable steps to ensure that such service providers process personal data only for authorised purposes and maintain appropriate confidentiality, security, and contractual safeguards.

However, third-party websites, applications, app stores, payment gateways, cloud platforms, and external services may have their own privacy policies. Ayati is not responsible for the privacy practices, security, or content of such third-party services.

14. International Data Transfers

Ayati may use cloud, software, analytics, communication, or technical service providers that may store or process data outside India.

Where personal data is transferred outside India, Ayati will take reasonable steps to ensure that such transfer is carried out in accordance with applicable Indian law, contractual safeguards, and security requirements.

If the Government of India restricts the transfer of any category of personal data to any country or territory, Ayati will comply with such restrictions.

15. Data Security

Ayati is committed to protecting personal data through reasonable technical, organisational, physical, and managerial safeguards.

These safeguards may include:

  1. Role-based access controls;
    b. Password protection and authentication controls;
    c. Encryption where appropriate;
    d. Secure storage and transmission practices;
    e. Audit logs and access monitoring;
    f. Device, application, and software security measures;
    g. Backup and recovery processes;
    h. Internal confidentiality obligations;
    i. Vendor due diligence and contractual safeguards;
    j. Employee and service team training;
    k. Secure development and testing practices;
    l. Incident response procedures; and
    m. Measures to prevent unauthorised access, misuse, alteration, disclosure, or destruction of personal data.

The DPDP Rules, 2025 require Data Fiduciaries to maintain reasonable security safeguards and processes for breach reporting and user rights management.

However, no method of transmission over the internet, wireless network, mobile application, or electronic storage is completely secure. Therefore, while Ayati takes reasonable safeguards, We cannot guarantee absolute security.

Users, healthcare providers, distributors, and institutions are responsible for maintaining the confidentiality of login credentials, exported reports, device access, patient records, and files under their control.

16. Personal Data Breach

In the event of a personal data breach, Ayati will take reasonable steps to contain, assess, investigate, and remediate the incident.

Where required under applicable law, Ayati will notify affected Data Principals and/or the relevant authority. Such notification may include:

  1. The nature of the breach;
    b. The personal data affected;
    c. The likely consequences of the breach;
    d. Measures taken by Ayati to address the breach;
    e. Recommended steps for affected individuals; and
    f. Contact details for assistance.

Where Ayati acts as a Data Processor, Ayati will notify the relevant Data Fiduciary in accordance with the applicable contract and law.

The DPDP Rules require breach-related processes, including notifying affected individuals in plain language and providing relevant details of the breach and mitigation steps.

17. Data Retention

Ayati will retain personal data only for as long as necessary for the purpose for which it was collected or processed, including for product support, warranty, service records, regulatory compliance, legal obligations, audit requirements, dispute resolution, safety documentation, research records, and business records.

Clinical, patient, or health-related data may be retained in accordance with applicable healthcare, regulatory, institutional, contractual, research, or legal requirements.

When personal data is no longer required, Ayati may delete, anonymise, aggregate, archive, or securely restrict access to such data, unless continued retention is required by law or legitimate business need.

Where required under applicable law, Ayati will provide appropriate notice or follow applicable procedures before erasing stored personal data.

18. Your Rights as a Data Principal

Subject to applicable law, You may have the following rights:

  1. The right to access information about Your personal data processed by Ayati;
    b. The right to request correction of inaccurate or misleading personal data;
    c. The right to request completion of incomplete personal data;
    d. The right to request updating of outdated personal data;
    e. The right to request erasure of personal data, where retention is no longer necessary or legally required;
    f. The right to withdraw consent where processing is based on consent;
    g. The right to raise a grievance regarding processing of Your personal data; and
    h. The right to nominate another individual to exercise Your rights in the event of death or incapacity.

To exercise these rights, You may contact Ayati using the details provided in the “Grievance Redressal and Privacy Contact” section.

Ayati may verify Your identity before processing such requests. Ayati may deny or limit a request where permitted by law, including where retention is required for legal, regulatory, medical device, product safety, clinical, contractual, audit, dispute resolution, or legitimate business purposes.

The DPDP Act recognises rights relating to access, correction, erasure, grievance redressal, and nomination.

19. Duties of Data Principals

You are responsible for ensuring that the personal data You provide to Ayati is accurate, complete, and up to date.

You must not impersonate another person, provide false information, suppress material information, or submit information that You are not authorised to provide.

Where You provide personal data of another individual, including a patient, child, employee, healthcare professional, or representative, You confirm that You have the necessary authority, consent, or legal basis to provide such information to Ayati.

20. Cookies and Tracking Technologies

Ayati may use cookies, pixels, tags, analytics tools, and similar technologies to improve website performance, understand visitor behaviour, remember preferences, improve content, support security, and enhance user experience.

Cookies may help Us understand which pages are useful, how users interact with Our website, and how We can improve Our content and services.

You may disable cookies through Your browser settings. However, some areas or features of Our website may not function properly if cookies are disabled.

Where required by law, Ayati will seek consent for non-essential cookies or tracking technologies.

21. Marketing Communications

Ayati may use Your contact details to send product information, service updates, training information, event updates, educational content, newsletters, offers, or other communications relating to Ayati products and services.

You may opt out of marketing communications by following the unsubscribe instructions in the communication or by contacting Us.

Even if You opt out of marketing communications, Ayati may still send important transactional, service, safety, warranty, legal, or product-related communications.

22. Links to Other Websites

Our website, applications, reports, emails, or communications may contain links to third-party websites, applications, payment gateways, app stores, cloud platforms, or partner services.

Once You leave Ayati’s website or platform, Ayati does not control such third-party websites or services. Ayati is not responsible for the privacy practices, content, security, or policies of such third parties.

You should review the privacy policy of any third-party website or service before sharing personal data with them.

23. Accuracy of Information

Ayati is not responsible for the authenticity, accuracy, or completeness of information supplied by users, healthcare providers, distributors, institutions, or third parties.

If any information provided to Ayati is found to be false, inaccurate, outdated, incomplete, misleading, or unauthorised, Ayati may suspend or restrict access to the relevant service, account, report, or workflow, where appropriate.

24. Changes to this Privacy Policy

Ayati may update this Privacy Policy from time to time to reflect changes in law, technology, products, services, business operations, or data processing practices.

The updated Privacy Policy will be posted on Our website with the revised “Last Updated” date.

Your continued use of Ayati’s website, applications, software, devices, reports, or services after publication of the updated Privacy Policy will be deemed acceptance of the updated Privacy Policy, unless separate consent is required under applicable law.

25. Grievance Redressal and Privacy Contact

If You have any questions, requests, grievances, or complaints regarding this Privacy Policy or the processing of Your personal data, You may contact:

Grievance Officer / Privacy Contact
Ayati Devices Private Limited
Block 1, 2nd Floor, DERBI Foundation,
Dayananda Sagar University, Kudlu Gate,
Bengaluru / Bangalore – 560068, Karnataka, India

Email: help@ayatidevices.com
Phone: +91 (080) 47498080

Ayati will make reasonable efforts to respond to privacy-related requests and grievances within the timelines required under applicable law.

If You are not satisfied with Ayati’s response, You may have the right to approach the appropriate authority or Data Protection Board under applicable Indian data protection law.

26. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and interpreted in accordance with the laws of India.

Subject to applicable law, the courts at Bengaluru / Bangalore, Karnataka, India shall have exclusive jurisdiction over disputes arising out of or in connection with this Privacy Policy.

27. Severability

If any provision of this Privacy Policy is held to be invalid, unlawful, or unenforceable, the remaining provisions shall continue to remain valid and enforceable.

The invalid or unenforceable provision shall be replaced with a valid and enforceable provision that most closely reflects the original intent.

28. Disclaimer

While Ayati takes reasonable steps to protect personal data, no system, network, software, device, application, or method of electronic transmission is completely secure.

Ayati shall not be responsible for any unauthorised access, disclosure, loss, alteration, or misuse of personal data arising from events beyond Our reasonable control, including cyberattacks, hacking, malware, unauthorised access to user devices, third-party system failures, force majeure events, or user negligence.

Users, healthcare providers, distributors, and institutions are responsible for maintaining appropriate safeguards for devices, accounts, passwords, exported reports, downloaded files, printed records, and patient data under their control.