Your patient's data stays in India.
One Learn AI is built with privacy by design. Your clinical, diagnostic and personal health information is processed and stored exclusively on Indian data centres, governed by Indian law.
Data residency · India
Every audio file, scan, PDF and structured record stays on Indian data centres. No cross-border data flow.
End-to-end encryption
Encrypted in transit and at rest. Role-based access ensures only the treating team sees the patient's record.
No training on your data
Your hospital's data is yours. We don't train models on it without explicit, contractual consent.
DPDP-aligned consent
Patient consent flows built in. Auto-redaction of identifiers in any data ever used for improvement.
Section 01
Your rights under Indian law
As a user of One Learn AI, you have the following rights under applicable Indian data protection laws, including the Digital Personal Data Protection Act (DPDP) 2023 and the Information Technology Act, 2000.
Right to Access & Portability
Request a copy of your personal and medical data in a structured, machine-readable format at any time.
Right to Rectification
Request correction of any inaccurate or incomplete personal or medical data we hold about you.
Right to Erasure
Request deletion of your personal data when it is no longer necessary for the purpose it was collected.
Right to Restrict Processing
Request restriction of processing of your personal data in certain circumstances under applicable law.
Right to Object
Object to the processing of your personal data for direct marketing or legitimate-interest purposes.
Right to Lodge a Complaint
Lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.
We may share your data with the following categories of recipients, all located within India:
- Healthcare providers directly involved in your care and treatment
- Authorised laboratory and diagnostic service partners
- Cloud infrastructure providers with data centres located in India
- Regulatory and government authorities as required by Indian law
Safeguards for third-party data transfers
- Contractual obligations ensuring data protection standards are maintained
- Regular audits of third-party security practices and compliance
- Data Processing Agreements (DPAs) with all third-party vendors
- Incident response protocols and breach notification processes in place
- Access controls: only authorised personnel can access personal data
Section 03
Data retention policy
| Data category | Retention period | Legal basis |
|---|---|---|
| Medical records / reports | As per applicable medical record retention laws | Legal obligation |
| Patient records | 7 years from last interaction | Regulatory |
| Account data | Duration of account + 30 days | Contract |
| Usage analytics | 24 months | Legitimate interest |
| Audit logs | 3 years | Legal / security |
| Marketing data | Until consent is withdrawn | Consent |
| Security & access logs | As required under ISO 27001 / SOC 2 | Security |
Section 04
AI-specific privacy practices
One Learn AI uses artificial intelligence to process and analyse medical data. We are committed to transparency and ethical AI practices.
Training data & model development
- AI models are trained on de-identified, anonymised datasets only
- No individual patient data is used for training without explicit consent
- Training datasets undergo rigorous quality and bias assessments
Automated decision-making & human oversight
- All AI-generated reports and diagnoses are recommendations only
- Final clinical decisions always rest with qualified healthcare professionals
- Users can request human review of any AI-generated output at any time
Algorithm transparency & accountability
- Documentation of AI model architectures and training methodologies
- Regular bias audits and fairness assessments are conducted
- AI performance metrics are monitored and reported transparently
Section 05
Children's privacy & pediatric data
One Learn AI takes special care when processing data related to minors (under 18 years of age).
- Parental or guardian consent required before processing any minor's health data
- Pediatric data is subject to enhanced security controls and access restrictions
- We do not use children's data for AI model training or any secondary purposes
- Parents / guardians may request access, correction, or deletion of their child's data at any time
One Learn AI uses cookies and similar technologies to enhance your experience.
Essential cookies
Required for platform functionality, authentication and security. These cannot be disabled.
Functional cookies
Used to remember your preferences, language settings and customised interface options.
Analytics cookies
Help us understand how users interact with our platform to improve services. All analytics data is anonymised.
You can manage cookie preferences through your browser settings or our cookie consent banner.
Section 07
Changes to this privacy policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
- Material changes will be communicated via email to all registered users
- Non-material updates will be reflected here with an updated 'Last Modified' date
- Continued use of One Learn AI after changes constitutes acceptance of the updated policy
- Previous versions of this policy are available upon request
Section 08
Contact information
For any privacy-related questions, concerns, or to exercise your data protection rights, please contact us.
- Data Protection Officer
- One Learn AI Privacy Team
- Privacy email
- privacy@onemedai.com
- General inquiries
- info@onelearnai.com
- Response time
- Within 30 business days
Indian data residency, by design.
See how One Learn AI handles your data in practice. Book a demo or get in touch with our privacy team.