Legal · OneKinAI India Private Limited

Privacy Notice

Effective 27 June 2026  ·  Version 1.0  ·  Governed by the laws of India

This Privacy Notice should be read together with any agreement between OneKinAI and its hospital customers, including applicable Data Processing Agreements.

Important: Naadi Health is a software platform provided to hospitals and healthcare institutions. Where applicable under the Digital Personal Data Protection Act, 2023 ("DPDP Act"), hospitals are the Data Fiduciary in relation to patient personal data. OneKinAI India Private Limited generally acts as a data processor or service provider on behalf of hospitals and under their instructions. Nothing in this Privacy Notice creates any contractual rights beyond those provided by applicable law or your written agreement with us.

1. Who We Are

OneKinAI India Private Limited ("OneKinAI", "we", "us", "our") develops and operates Naadi Health, a clinical documentation and hospital management software platform. We are a technology company incorporated under the Companies Act, 2013. We provide software — we do not provide healthcare, medical advice, or clinical services. Hospitals and licensed healthcare professionals provide healthcare.

AI-generated outputs within the Naadi platform are intended solely as decision-support tools for licensed healthcare professionals and must be independently assessed by the treating healthcare professional before being relied upon in clinical care. OneKinAI does not determine the medical necessity, accuracy, diagnosis, treatment, or appropriateness of clinical decisions recorded within the platform.

OneKinAI India Private Limited

1158, Paduvana Road, 2nd Cross, TK Layout, Ramakrishna Nagar

Mysore, Karnataka 570022, India

CIN: U62099KA2026PTC218387

Grievance Officer: Dhanya Tatachar

Email: dafanetilabs@onekinai.com

Phone: +91 78920 28791

Generally available Monday to Friday, 10 AM – 6 PM IST

2. Our Role — Software Provider

Where applicable under the DPDP Act, hospitals are the Data Fiduciary for patient personal data. OneKinAI generally acts as a data processor or service provider, processing patient information primarily and in accordance with the instructions of hospitals.

Hospitals are responsible for:

If you are a patient with questions about how your health records are managed, please contact your hospital directly.

3. Who This Notice Applies To

This Privacy Notice applies to patients whose health information is processed through the Naadi platform on behalf of hospitals, hospital staff and administrators who use the platform, and visitors to naadi-health.com. Website visitors generally provide only limited information such as contact form submissions and limited technical information.

4. What Information We Process

4.1 Patient Information (processed on behalf of hospitals)

4.2 Staff Information

4.3 Technical Information

5. How We Use This Information

We process patient and clinical information primarily to deliver the Naadi platform on behalf of hospitals — enabling clinical documentation, care coordination, administrative workflows, and patient communication where authorised by the hospital. We process personal information only for purposes compatible with those instructed by the hospital or otherwise permitted under applicable law.

We do not sell patient data, use it for advertising, share it across hospitals without authorisation, or use it to train general-purpose AI models except where expressly authorised by the hospital with appropriate legal basis and consent where required by law. We do not disclose personal data to third parties except as described in this Notice or unless required by applicable law.

OneKinAI does not determine the medical necessity, accuracy, diagnosis, treatment, or appropriateness of any clinical decision recorded within the platform.

6. Where We Store Your Data

Data is primarily stored in secure cloud infrastructure located in India unless otherwise agreed with the customer or required for lawful processing. Certain service providers we engage may access or process data outside India under appropriate contractual, technical and organisational safeguards, including providers of cloud infrastructure, AI processing, and monitoring services.

7. How Long We Retain Your Data

We retain information only for as long as reasonably necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Patient clinical records are retained in accordance with applicable law, contractual obligations, and hospital instructions. Staff and system logs are retained for security and compliance purposes. We will delete or anonymise data upon contract termination in accordance with our agreement with the hospital.

8. Third-Party Service Providers

We engage carefully selected third-party service providers who are contractually required to process data only as instructed by us and under appropriate confidentiality and data protection obligations. These include providers of:

9. Data Security

We implement industry-standard administrative, technical, and organisational safeguards to protect the information we process, including encryption, role-based access controls, audit logging, authentication controls, monitoring, and secure software development practices. Our security controls are continually reviewed and improved. While we implement reasonable and appropriate safeguards, no electronic system can be guaranteed to be completely secure. In the event of a breach affecting patient data, we will notify the relevant hospital promptly in accordance with our Data Processing Agreement and applicable law.

10. Patient Rights

As hospitals are generally the Data Fiduciary for patient health records, patients should contact their hospital directly to exercise rights of access, correction, deletion, or portability of their health records. Hospitals manage these requests in accordance with their obligations under applicable Indian law. OneKinAI will support hospitals in fulfilling such requests within the capabilities of the platform.

11. Cookies

The Naadi clinical platform uses only essential session cookies required for authentication and platform operation. We do not use advertising, tracking, or analytics cookies on the clinical platform. Our public website (naadi-health.com) may use basic analytics to understand site traffic.

12. Children

Naadi Health processes clinical records for patients of all ages in the course of healthcare delivery. For patients under 18, hospitals are responsible for ensuring that appropriate parental or guardian consent is obtained in accordance with applicable law.

13. Business Transfers

If OneKinAI undergoes a merger, acquisition, restructuring, financing, sale of assets, or similar corporate transaction, personal information may be transferred to the acquiring or successor entity as part of that transaction, subject to applicable law and appropriate confidentiality obligations.

14. Changes to This Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or applicable law. We will update the effective date and notify hospital administrators of material changes. We encourage you to review this Notice periodically to stay informed of any updates.

15. Governing Law

This Privacy Notice shall be governed by the laws of India. Any disputes arising in connection with this Notice shall be subject to the jurisdiction of the courts having competent jurisdiction at Mysuru, Karnataka.

16. Contact — Grievance Officer

For privacy-related questions, complaints, or to exercise any rights under applicable law, please contact our Grievance Officer:

Dhanya Tatachar — Grievance Officer

OneKinAI India Private Limited

1158, Paduvana Road, 2nd Cross, TK Layout, Ramakrishna Nagar

Mysore, Karnataka 570022, India

Email: dafanetilabs@onekinai.com

Phone: +91 78920 28791

We will endeavour to respond to all privacy-related queries and complaints in a timely manner.