Last Updated: 17th June, 2026
Ayati Devices Private Limited, a company incorporated under the Companies Act, 2013, having its registered/corporate office at Bengaluru, Karnataka, India, is engaged in the development, manufacturing, distribution, support, servicing, and operation of medical technology devices, software applications, digital reports, and related healthcare technology solutions.
In this Privacy Policy, the terms “Ayati”, “Ayati Devices”, “Company”, “We”, “Us”, and “Our” refer to Ayati Devices Private Limited. The terms “You”, “Your”, “User”, and “Data Principal” refer to any individual whose personal data is collected or processed by Ayati, including website visitors, customers, patients, healthcare professionals, doctors, clinics, hospitals, distributors, vendors, employees, consultants, service users, and other individuals interacting with Ayati.
This Privacy Policy applies to the website www.ayatidevices.com, Ayati’s software applications, mobile applications, device-connected applications, cloud-based platforms, digital reports, product demo activities, installation workflows, service support, customer support, clinical screening workflows, research-related workflows, and any other online or offline interaction where Ayati collects or processes personal data.
This Privacy Policy explains how Ayati collects, uses, stores, shares, protects, retains, and otherwise processes personal data, including health-related and device-generated data, in accordance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023, the Digital Personal Data Protection Rules, 2025, the Information Technology Act, 2000, and other applicable laws and regulations.
The DPDP Act requires consent requests to be presented in clear and plain language and gives individuals rights relating to access, correction, grievance redressal, and nomination. The DPDP Rules, 2025 also provide for clear consent notices, security safeguards, breach-related obligations, and phased compliance requirements.
By accessing or using Our website, applications, products, software, services, reports, support channels, or by otherwise providing Your personal data to Us, You agree to the terms of this Privacy Policy.
This Privacy Policy applies to personal data collected or processed by Ayati through:
This Privacy Policy replaces or updates any previous privacy policy used by Ayati, including the earlier policy covering Ayati’s website, applications, user information, cookies, retention, security, third-party sharing, and grievance redressal.
For the purpose of this Privacy Policy:
Personal Data means any data about an individual who is identifiable by or in relation to such data.
Processing means any operation performed on personal data, including collection, recording, storage, organisation, structuring, use, retrieval, analysis, sharing, disclosure, transmission, restriction, erasure, or destruction.
Data Principal means the individual to whom the personal data relates.
Data Fiduciary means any person or entity that determines the purpose and means of processing personal data.
Data Processor means any person or entity that processes personal data on behalf of a Data Fiduciary.
Consent means a freely given, specific, informed, unconditional, and unambiguous indication of the Data Principal’s wishes through a clear affirmative action.
Health Data / Clinical Data means personal data relating to an individual’s health, medical assessment, screening result, device-generated reading, clinical observation, test report, or related medical/healthcare information.
Services means Ayati’s website, applications, software, devices, reports, support, training, demonstrations, installations, customer service, and related business or healthcare technology services.
Ayati may act as a Data Fiduciary when We determine the purpose and means of processing personal data. This may include processing for website enquiries, product demonstrations, customer support, device installation, warranty registration, service records, billing, marketing communication, app account creation, product improvement, and business communication.
Ayati may act as a Data Processor when We process patient data, clinical data, screening data, reports, or device-generated information on behalf of hospitals, clinics, doctors, healthcare institutions, research organisations, distributors, or other customers. In such cases, the respective hospital, clinic, doctor, healthcare institution, research organisation, distributor, or customer may act as the Data Fiduciary, and Ayati will process such data based on contractual instructions and applicable law.
Where Ayati acts as a Data Processor, the concerned healthcare provider, institution, or customer may be responsible for providing notices, obtaining consent, maintaining patient records, and responding to patient requests, unless otherwise agreed in writing.
Depending on Your interaction with Ayati, We may collect the following categories of personal data.
We may collect Your name, email address, phone number, address, city, state, country, pin code, organisation name, designation, department, hospital or clinic name, distributor details, delivery address, billing details, and other contact information.
We may collect information such as doctor name, healthcare professional details, clinic/hospital name, department, role, medical speciality, distributor details, service team details, business communication records, training attendance, and product usage context.
Where applicable, Ayati may collect or process health-related or clinical information, including:
We may collect device ID, serial number, software version, app version, firmware version, operating system, browser type, IP address, device logs, diagnostic logs, error logs, connectivity logs, calibration data, service records, hardware information, date and time of use, usage frequency, feature usage, crash reports, and other technical information.
When You access Our website, We may automatically collect information such as IP address, browser type, device type, operating system, pages visited, time spent on pages, referring URLs, cookies, analytics identifiers, and other usage information.
We may collect details shared during product demonstrations, installations, training sessions, clinical camps, service visits, repair requests, troubleshooting, warranty support, software support, and customer service interactions.
Where permitted by law, contract, institutional approval, ethics approval, or consent, We may collect or process data for research, product validation, clinical evaluation, quality control, training, product improvement, regulatory documentation, and scientific analysis.
Where possible, such data will be anonymised, aggregated, or pseudonymised.
Ayati may collect personal data in the following ways:
Ayati may process personal data for the following purposes:
Where consent is required under applicable law, Ayati will seek consent through a clear affirmative action. Consent requests will be presented in clear and plain language and will describe the personal data being collected, the purpose of processing, and how You may exercise Your rights.
By using Our website, applications, software, devices, reports, support channels, or services, or by providing personal data to Us directly or through authorised representatives, healthcare professionals, hospitals, clinics, distributors, or partner institutions, You consent to the collection and processing of Your personal data as described in this Privacy Policy.
Where Ayati processes patient data in a hospital, clinic, camp, research, or healthcare setting, the concerned healthcare provider, institution, or authorised professional may be responsible for providing the required privacy notice and obtaining necessary consent, unless Ayati directly collects such data as a Data Fiduciary.
You may withdraw Your consent at any time by contacting Us using the details provided in this Privacy Policy. Withdrawal of consent will not affect processing already completed before such withdrawal. However, withdrawal may affect Our ability to provide certain services, reports, support, warranty, device functionality, or software access.
The DPDP framework recognises consent withdrawal and requires Data Fiduciaries to act in accordance with applicable law when processing personal data based on consent.
In addition to consent-based processing, Ayati may process personal data where permitted under applicable law, including for legitimate uses such as:
Ayati products and services are generally intended for use by healthcare professionals, clinics, hospitals, distributors, and authorised adult users.
Where personal data of a child or a person with disability requiring lawful guardian support is processed, Ayati or the relevant healthcare provider/institution will obtain verifiable consent from the parent or lawful guardian wherever required under applicable law.
Ayati does not knowingly process children’s personal data for behavioural monitoring, profiling, or targeted advertising.
The DPDP Rules, 2025 include specific requirements relating to verifiable consent for children and persons with disabilities.
Ayati recognises that health-related and clinical information is sensitive in nature and requires appropriate care.
Ayati may process health data and clinical data only for purposes connected with product use, clinical assessment, digital reporting, support, service, research, validation, quality improvement, regulatory documentation, or as otherwise permitted by law, contract, or consent.
Ayati will take reasonable safeguards to protect health-related information, including access control, confidentiality obligations, technical safeguards, and restrictions on unauthorised use or disclosure.
Where Ayati processes patient or clinical data on behalf of a hospital, clinic, doctor, healthcare institution, research organisation, or distributor, such processing will be carried out in accordance with the instructions of the relevant Data Fiduciary and applicable law.
Ayati may use anonymised, aggregated, de-identified, or pseudonymised data for research, product improvement, clinical validation, quality assurance, training, scientific publications, product development, regulatory documentation, and business analytics.
Where identifiable personal data is used for research or clinical validation, Ayati will do so only where permitted by applicable consent, contract, institutional approval, ethics approval, or law.
Anonymised or aggregated data that does not identify an individual may be retained and used by Ayati for lawful business, research, product development, and analytical purposes.
Ayati may share personal data with the following categories of recipients:
Ayati will endeavour to share only such personal data as is necessary for the relevant purpose.
Ayati may engage third-party service providers and Data Processors for hosting, storage, analytics, communication, customer support, logistics, payment processing, software development, device servicing, maintenance, cybersecurity, and other business operations.
Ayati will take reasonable steps to ensure that such service providers process personal data only for authorised purposes and maintain appropriate confidentiality, security, and contractual safeguards.
However, third-party websites, applications, app stores, payment gateways, cloud platforms, and external services may have their own privacy policies. Ayati is not responsible for the privacy practices, security, or content of such third-party services.
Ayati may use cloud, software, analytics, communication, or technical service providers that may store or process data outside India.
Where personal data is transferred outside India, Ayati will take reasonable steps to ensure that such transfer is carried out in accordance with applicable Indian law, contractual safeguards, and security requirements.
If the Government of India restricts the transfer of any category of personal data to any country or territory, Ayati will comply with such restrictions.
Ayati is committed to protecting personal data through reasonable technical, organisational, physical, and managerial safeguards.
These safeguards may include:
The DPDP Rules, 2025 require Data Fiduciaries to maintain reasonable security safeguards and processes for breach reporting and user rights management.
However, no method of transmission over the internet, wireless network, mobile application, or electronic storage is completely secure. Therefore, while Ayati takes reasonable safeguards, We cannot guarantee absolute security.
Users, healthcare providers, distributors, and institutions are responsible for maintaining the confidentiality of login credentials, exported reports, device access, patient records, and files under their control.
In the event of a personal data breach, Ayati will take reasonable steps to contain, assess, investigate, and remediate the incident.
Where required under applicable law, Ayati will notify affected Data Principals and/or the relevant authority. Such notification may include:
Where Ayati acts as a Data Processor, Ayati will notify the relevant Data Fiduciary in accordance with the applicable contract and law.
The DPDP Rules require breach-related processes, including notifying affected individuals in plain language and providing relevant details of the breach and mitigation steps.
Ayati will retain personal data only for as long as necessary for the purpose for which it was collected or processed, including for product support, warranty, service records, regulatory compliance, legal obligations, audit requirements, dispute resolution, safety documentation, research records, and business records.
Clinical, patient, or health-related data may be retained in accordance with applicable healthcare, regulatory, institutional, contractual, research, or legal requirements.
When personal data is no longer required, Ayati may delete, anonymise, aggregate, archive, or securely restrict access to such data, unless continued retention is required by law or legitimate business need.
Where required under applicable law, Ayati will provide appropriate notice or follow applicable procedures before erasing stored personal data.
Subject to applicable law, You may have the following rights:
To exercise these rights, You may contact Ayati using the details provided in the “Grievance Redressal and Privacy Contact” section.
Ayati may verify Your identity before processing such requests. Ayati may deny or limit a request where permitted by law, including where retention is required for legal, regulatory, medical device, product safety, clinical, contractual, audit, dispute resolution, or legitimate business purposes.
The DPDP Act recognises rights relating to access, correction, erasure, grievance redressal, and nomination.
You are responsible for ensuring that the personal data You provide to Ayati is accurate, complete, and up to date.
You must not impersonate another person, provide false information, suppress material information, or submit information that You are not authorised to provide.
Where You provide personal data of another individual, including a patient, child, employee, healthcare professional, or representative, You confirm that You have the necessary authority, consent, or legal basis to provide such information to Ayati.
Ayati may use cookies, pixels, tags, analytics tools, and similar technologies to improve website performance, understand visitor behaviour, remember preferences, improve content, support security, and enhance user experience.
Cookies may help Us understand which pages are useful, how users interact with Our website, and how We can improve Our content and services.
You may disable cookies through Your browser settings. However, some areas or features of Our website may not function properly if cookies are disabled.
Where required by law, Ayati will seek consent for non-essential cookies or tracking technologies.
Ayati may use Your contact details to send product information, service updates, training information, event updates, educational content, newsletters, offers, or other communications relating to Ayati products and services.
You may opt out of marketing communications by following the unsubscribe instructions in the communication or by contacting Us.
Even if You opt out of marketing communications, Ayati may still send important transactional, service, safety, warranty, legal, or product-related communications.
Our website, applications, reports, emails, or communications may contain links to third-party websites, applications, payment gateways, app stores, cloud platforms, or partner services.
Once You leave Ayati’s website or platform, Ayati does not control such third-party websites or services. Ayati is not responsible for the privacy practices, content, security, or policies of such third parties.
You should review the privacy policy of any third-party website or service before sharing personal data with them.
Ayati is not responsible for the authenticity, accuracy, or completeness of information supplied by users, healthcare providers, distributors, institutions, or third parties.
If any information provided to Ayati is found to be false, inaccurate, outdated, incomplete, misleading, or unauthorised, Ayati may suspend or restrict access to the relevant service, account, report, or workflow, where appropriate.
Ayati may update this Privacy Policy from time to time to reflect changes in law, technology, products, services, business operations, or data processing practices.
The updated Privacy Policy will be posted on Our website with the revised “Last Updated” date.
Your continued use of Ayati’s website, applications, software, devices, reports, or services after publication of the updated Privacy Policy will be deemed acceptance of the updated Privacy Policy, unless separate consent is required under applicable law.
If You have any questions, requests, grievances, or complaints regarding this Privacy Policy or the processing of Your personal data, You may contact:
Grievance Officer / Privacy Contact
Ayati Devices Private Limited
Block 1, 2nd Floor, DERBI Foundation,
Dayananda Sagar University, Kudlu Gate,
Bengaluru / Bangalore – 560068, Karnataka, India
Email: help@ayatidevices.com
Phone: +91 (080) 47498080
Ayati will make reasonable efforts to respond to privacy-related requests and grievances within the timelines required under applicable law.
If You are not satisfied with Ayati’s response, You may have the right to approach the appropriate authority or Data Protection Board under applicable Indian data protection law.
This Privacy Policy shall be governed by and interpreted in accordance with the laws of India.
Subject to applicable law, the courts at Bengaluru / Bangalore, Karnataka, India shall have exclusive jurisdiction over disputes arising out of or in connection with this Privacy Policy.
If any provision of this Privacy Policy is held to be invalid, unlawful, or unenforceable, the remaining provisions shall continue to remain valid and enforceable.
The invalid or unenforceable provision shall be replaced with a valid and enforceable provision that most closely reflects the original intent.
While Ayati takes reasonable steps to protect personal data, no system, network, software, device, application, or method of electronic transmission is completely secure.
Ayati shall not be responsible for any unauthorised access, disclosure, loss, alteration, or misuse of personal data arising from events beyond Our reasonable control, including cyberattacks, hacking, malware, unauthorised access to user devices, third-party system failures, force majeure events, or user negligence.
Users, healthcare providers, distributors, and institutions are responsible for maintaining appropriate safeguards for devices, accounts, passwords, exported reports, downloaded files, printed records, and patient data under their control.