Last Updated: April 28, 2026
Sattvam Enterprise AI ("Sattvam", "we", "us", or "our") is committed to protecting the privacy, confidentiality, and security of the personal and health-related information entrusted to us. This Privacy Policy describes how we collect, use, store, share, and protect information when you access or use our products, services, website, mobile applications, and any related platforms (collectively, the "Services"), including our flagship voice-first AI platform, OBGYN, designed specifically for obstetrics and gynecology practices across India.
This Privacy Policy applies to all individuals who interact with our Services, including but not limited to: healthcare practitioners and their clinical staff who use our platform to manage patient interactions; patients whose health information is processed through our systems during the course of clinical care; visitors who browse our website or marketing materials; business partners, vendors, and third parties who integrate with our platform; and any other person who submits information to us through any channel.
By accessing or using any of our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you are a healthcare provider using our Services on behalf of your patients, you represent and warrant that you have obtained all necessary consents from your patients as required by applicable law and professional ethical standards, including the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and any guidelines issued by the Indian Medical Council and relevant state medical councils.
We recognise that the information we handle — particularly protected health information and voice recordings of clinical consultations — is among the most sensitive categories of personal data. We maintain rigorous technical and organisational safeguards to ensure this data is processed lawfully, fairly, and transparently. Our privacy practices are designed to meet or exceed the requirements of Indian data protection legislation, and where applicable, international standards such as the General Data Protection Regulation (GDPR) of the European Union.
For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below:
We collect personal information that you voluntarily provide to us when you register for an account, subscribe to our Services, request a demonstration, submit enquiries through our contact forms, or otherwise interact with us. This information may include your full name, professional title and designation, email address, phone number, postal address, name of healthcare facility or practice, medical registration number, specialisation details, and preferred language of communication.
For patients whose data is processed through our platform by their healthcare providers, personal information may include the patient's full name, date of birth, age, gender, contact details (phone number, email, address), emergency contact information, government-issued identification numbers (such as Aadhaar, where lawfully collected), ABHA (Ayushman Bharat Health Account) identifiers, insurance details, and demographic information such as occupation, marital status, religion, and socioeconomic indicators relevant to healthcare delivery.
Our OBGYN platform is specifically designed to capture and process health information during the course of clinical care. Through the voice-first interface, we process detailed clinical data including but not limited to: presenting complaints and history of present illness; past medical, surgical, and obstetric histories; menstrual histories and reproductive health information; family history and genetic risk factors; medication lists and drug allergies; vital signs and physical examination findings; provisional and confirmed diagnoses using ICD-10 coding; treatment plans, prescriptions, and dosage information; laboratory test orders and results; imaging and ultrasound reports; antenatal care records including foetal monitoring data; delivery notes and postnatal care information; surgical procedure notes; referral letters and inter-provider communications; and any other clinical documentation generated during the patient encounter.
Voice recordings of clinical consultations constitute a critical component of the health information we process. These recordings are captured in real time through our AI-powered global scribe system, transcribed using advanced speech-to-text technology, and processed by our autonomous AI agents to generate structured clinical documentation. The audio data itself may be retained temporarily for quality assurance and transcription accuracy verification purposes, or deleted immediately after transcription depending on the configuration selected by the healthcare provider.
When you access our Services, we automatically collect certain technical information about your device and usage patterns. This includes your Internet Protocol (IP) address, browser type and version, operating system and platform, device type and unique device identifiers, screen resolution and display settings, referring URLs and exit pages, pages visited and features used within our platform, date and time of access, session duration and frequency of use, clickstream data and navigation paths, error logs and performance metrics, and network connection type and speed. This information is collected through server logs, analytics tools, and embedded tracking technologies.
We use cookies, web beacons, pixel tags, local storage, and similar tracking technologies to collect usage information, remember your preferences, authenticate your sessions, and analyse how our Services are used. These technologies help us deliver a more personalised experience, maintain security, and improve the performance and reliability of our platform. A detailed description of the specific cookies we use and your options for managing them is provided in Section 12 of this Privacy Policy.
We may receive information about you from third-party sources, including healthcare information exchanges, laboratory and diagnostic service providers, pharmacy networks, government health databases (such as ABDM/ABHA registries, subject to your consent), insurance providers, referring healthcare facilities, professional networking platforms, and business partners. We may also receive information from publicly available sources, such as medical council registration databases, for the purpose of verifying the credentials of healthcare providers who register to use our platform.
We use your information to deliver, operate, and maintain our Services as contracted. This includes creating and managing your user account, authenticating your identity and controlling access, processing patient data to generate clinical documentation, managing appointment scheduling and calendar functions, generating prescriptions, discharge summaries, and referral letters, maintaining patient records and medical histories, facilitating billing and invoicing workflows, providing customer support and technical assistance, and delivering notifications and service-related communications.
Our platform employs 21 autonomous AI agents that process your data to deliver intelligent healthcare automation. These agents perform tasks such as structuring unstructured clinical narratives into coded medical records, suggesting provisional diagnoses based on symptom analysis, generating contextually appropriate prescriptions with drug interaction checks, producing clinical summaries and patient-facing documents, identifying patterns and risk factors in obstetric care, automating ICD-10 coding and billing code assignment, and performing quality checks on clinical documentation.
Our AI models are powered by Google Gemini and proprietary algorithms trained on anonymised and aggregated medical knowledge bases. We do not use individual patient data to train general-purpose AI models without explicit, informed consent. Any use of de-identified data for model improvement purposes is governed by strict de-identification protocols that meet or exceed the safe harbour standards prescribed under applicable data protection regulations. Healthcare providers always retain final clinical authority over AI-generated outputs, and our AI agents are designed to assist, not replace, professional medical judgement.
Voice data is at the core of our platform's functionality. When a healthcare provider activates the voice input feature during a patient consultation, the audio stream is transmitted in real time to our speech-to-text processing engine (powered by Google Cloud Speech-to-Text and Deepgram). The audio is converted to text, and the resulting transcript is then processed by our AI agents to generate structured clinical documentation. Audio data is encrypted during transmission using TLS 1.3 and is processed in secure, access-controlled environments. Depending on the healthcare provider's configuration preferences, raw audio may be retained for a limited period (not exceeding 72 hours) for transcription quality assurance, after which it is permanently deleted. Transcribed text is retained as part of the clinical record in accordance with medical record retention requirements.
We use aggregated, anonymised, and de-identified data to analyse usage patterns, identify areas for improvement, conduct research and development of new features, benchmark platform performance, generate industry insights and analytics reports, and improve the accuracy and reliability of our AI models. When we use data for these purposes, we ensure that all personally identifiable information and protected health information has been removed or irreversibly anonymised such that the data cannot be re-identified.
We may use your contact information to send you service-related notifications (such as account verification, security alerts, maintenance updates, and billing reminders), respond to your enquiries and support requests, send product updates and feature announcements, and, where you have opted in, deliver marketing communications about new products, events, and promotional offers. You may opt out of marketing communications at any time by following the unsubscribe instructions included in each communication or by contacting us directly.
We process personal data as necessary to comply with our legal obligations, including responding to lawful requests from government authorities, regulatory bodies, and law enforcement agencies; fulfilling tax, accounting, and financial reporting requirements; maintaining records as required by healthcare regulations, the Clinical Establishments (Registration and Regulation) Act, 2010, and applicable state rules; complying with court orders, subpoenas, and other legal processes; and enforcing our terms of service and protecting our legal rights.
We process personal data only where we have a valid legal basis to do so. The specific legal basis depends on the type of data and the purpose of processing:
Under the DPDP Act, 2023, consent is the primary basis for processing personal data. We obtain free, specific, informed, unconditional, and unambiguous consent from Data Principals before processing their personal data. For health data and other sensitive personal information, we obtain explicit consent that clearly identifies the nature of the data being collected, the specific purposes for which it will be processed, and the categories of recipients with whom it may be shared. Consent may be provided directly by the Data Principal or, in the case of patient data, through the healthcare provider who has a pre-existing clinical relationship with the patient and has obtained the necessary consents in accordance with their professional obligations. Consent may be withdrawn at any time by contacting us, and we will cease processing the relevant data unless another legal basis applies.
Processing is necessary for the performance of a contract to which the Data Principal is a party, or in order to take steps at the request of the Data Principal prior to entering into a contract. This includes processing required to provide the Services you have subscribed to, manage your account, process payments, and fulfil our obligations under our service agreements.
Processing is necessary for compliance with a legal obligation to which Sattvam is subject. This includes obligations under the DPDP Act, the Information Technology Act, 2000 and its rules, healthcare regulations mandating record retention and reporting, tax and financial regulations, and any directives or orders issued by the Data Protection Board of India or other competent authorities.
Where applicable under the GDPR or other international frameworks, we may process personal data based on our legitimate interests, provided that such interests are not overridden by the fundamental rights and freedoms of the Data Principal. Our legitimate interests include ensuring the security and integrity of our platform, preventing fraud and abuse, conducting internal analytics and business intelligence, improving and optimising our Services, and protecting our legal rights and enforcing our terms of service. We conduct a legitimate interest assessment for each processing activity relying on this basis and maintain records of these assessments.
We do not sell, rent, or trade your personal data or health information to third parties for their marketing purposes. We share your information only in the following circumstances:
Patient data processed through our platform is accessible to the healthcare provider (and their authorised clinical staff) who entered or generated that data in the course of providing clinical care. Where a patient is referred to another healthcare provider, data may be shared with the receiving provider with the patient's consent and in accordance with standard medical referral practices. Data sharing within healthcare networks is limited to what is clinically necessary and is governed by the principle of minimum necessary disclosure.
We engage trusted third-party service providers to assist us in operating and delivering our Services. These sub-processors include cloud infrastructure and hosting providers (such as MongoDB Atlas, Render, and Google Cloud Platform), AI model and natural language processing providers (such as Google Gemini), speech-to-text transcription services (such as Google Cloud Speech-to-Text and Deepgram), text-to-speech services (such as ElevenLabs), email and communication services, payment processing providers, and analytics and monitoring tools. All sub-processors are contractually bound to process personal data only on our instructions, maintain appropriate security measures, and not use the data for any purpose other than providing the contracted services. We maintain a current list of sub-processors and conduct regular due diligence to ensure their compliance with applicable data protection standards.
We may disclose your information where required to do so by law, regulation, or legal process, including in response to requests from government agencies, regulatory bodies, courts, or law enforcement authorities. We may also disclose information where we believe in good faith that disclosure is necessary to protect the safety, rights, or property of Sattvam, our users, or the public; to prevent or investigate possible wrongdoing, fraud, or security threats; to enforce our terms of service; or to comply with mandatory reporting obligations under public health laws, including the reporting of notifiable diseases and adverse medical events.
In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy. Any successor entity will be required to honour the commitments made in this Privacy Policy with respect to data collected prior to the transfer.
We may share your information with third parties when you have given us explicit consent to do so. This includes situations where you authorise the sharing of your health records with insurance providers, occupational health services, or other parties for purposes you have specified. You may withdraw your consent at any time, and we will promptly cease sharing your data with the relevant third parties, except to the extent required by law.
We implement robust technical and organisational security measures designed to protect personal data and health information against unauthorised access, alteration, disclosure, or destruction. While no system can guarantee absolute security, we employ industry-leading practices that include the following:
All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.3 or higher. Data at rest in our databases and storage systems is encrypted using AES-256 encryption. Voice data is encrypted in transit using secure WebSocket (WSS) connections and at rest using encryption keys managed through dedicated key management services. Encryption keys are rotated on a regular schedule and are stored separately from the data they protect, with access restricted to authorised personnel only.
Access to personal data and health information is restricted on a need-to-know basis and governed by role-based access control (RBAC) policies. All access is authenticated using secure session management with industry-standard hashing algorithms. Administrative access to production systems requires multi-factor authentication (MFA). We maintain detailed audit logs of all data access events, including who accessed the data, when, and for what purpose. These audit logs are retained for a minimum of one year and are regularly reviewed for anomalous activity.
Our Services are hosted on enterprise-grade cloud infrastructure provided by reputable providers that maintain SOC 2 Type II, ISO 27001, and other relevant security certifications. Our database layer utilises MongoDB Atlas, which provides network isolation, automated backups, and continuous monitoring. We employ web application firewalls (WAF), intrusion detection and prevention systems (IDS/IPS), distributed denial-of-service (DDoS) protection, and regular vulnerability scanning and penetration testing. Our development practices follow secure coding standards, and all code changes undergo peer review before deployment.
We maintain a comprehensive incident response plan that outlines procedures for detecting, containing, investigating, and remediating security incidents involving personal data. In the event of a data breach that poses a risk to the rights and freedoms of Data Principals, we will notify the Data Protection Board of India (or other competent authority) and affected individuals within the timelines prescribed by the DPDP Act and applicable regulations. Our incident response team conducts regular drills and tabletop exercises to ensure preparedness, and we maintain cyber liability insurance to mitigate the financial impact of security incidents.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods depend on the type of data and the applicable legal requirements:
When data is no longer required for any of the above purposes, it is securely deleted or irreversibly anonymised using industry-standard data destruction methods. We periodically review our retention practices to ensure compliance with evolving legal requirements.
Under the DPDP Act, 2023 and, where applicable, the GDPR and other international data protection frameworks, you have certain rights regarding your personal data. We are committed to facilitating the exercise of these rights in a timely and transparent manner.
You have the right to obtain confirmation as to whether your personal data is being processed by us and, if so, to request access to that data along with information about the purposes of processing, the categories of data concerned, the recipients or categories of recipients to whom the data has been disclosed, the retention period, and the existence of any automated decision-making. We will provide a copy of your personal data in a commonly used, machine-readable electronic format upon request.
You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data. For health information, rectification requests will be processed in consultation with the relevant healthcare provider to ensure that clinical records remain accurate and that any amendments are appropriately documented with an audit trail, as required by medical record-keeping standards.
You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, you have withdrawn your consent and no other legal basis applies, the data has been unlawfully processed, or deletion is required to comply with a legal obligation. Please note that this right is subject to certain limitations, particularly in the healthcare context where retention of medical records may be required by law. We will inform you of any such limitations at the time of your request.
Where applicable under the GDPR, you have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data, the processing is unlawful but you oppose erasure, we no longer need the data but you require it for the establishment, exercise, or defence of legal claims, or you have objected to processing pending verification of whether our legitimate interests override yours.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance from us, where the processing is based on consent or contractual necessity and is carried out by automated means. For health records, we support data portability in formats compatible with ABDM standards and health information exchange protocols, enabling seamless transfer of records to other ABDM-compliant healthcare systems.
Where processing is based on legitimate interests, you have the right to object to such processing at any time. Upon receiving your objection, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defence of legal claims. You have an absolute right to object to processing of your personal data for direct marketing purposes.
Our platform uses AI-powered automated systems to assist in clinical documentation and decision support. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In the healthcare context, all AI-generated clinical outputs (including suggested diagnoses, prescriptions, and treatment plans) are reviewed and approved by the healthcare provider before being finalised, ensuring meaningful human intervention in all clinical decisions. If you believe that an automated decision has been made without appropriate human oversight, you have the right to request a review of that decision by a qualified human operator.
To exercise any of these rights, please contact us using the details provided in Section 17 of this Privacy Policy. We will respond to your request within thirty (30) days, or such shorter period as may be required by applicable law. We may request verification of your identity before processing your request to prevent unauthorised access to personal data.
Our primary data processing facilities are located in India, and we endeavour to store and process personal data within India to the extent practicable. However, some of our sub-processors and service providers may process data in facilities located outside of India, including in the United States, the European Union, and other jurisdictions where cloud infrastructure is hosted.
Where personal data is transferred outside of India, we ensure that appropriate safeguards are in place, including contractual obligations that require the receiving party to maintain data protection standards equivalent to those required under Indian law, the use of standard contractual clauses (SCCs) approved by relevant regulatory authorities, data processing agreements that restrict the purposes for which data may be used and impose security requirements, and compliance with any data localisation requirements imposed by the Central Government of India under the DPDP Act or the Information Technology Act. We will not transfer personal data to any jurisdiction that has been restricted by the Central Government of India under Section 16(1) of the DPDP Act or any rules notified thereunder.
For users in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on approved transfer mechanisms such as SCCs, adequacy decisions, or other approved safeguards under the GDPR to ensure that your personal data receives an adequate level of protection when transferred outside the EEA.
Our Services are intended for use by healthcare professionals and are not directed at individuals under the age of eighteen (18). We do not knowingly collect personal data directly from children or minors. However, in the course of providing obstetric and gynaecological healthcare services, our platform may process health information relating to minors (including neonatal data, paediatric records of newborns, and health data of adolescent patients) as entered by their healthcare provider.
In accordance with Section 9 of the DPDP Act, 2023, any processing of personal data of children (individuals below 18 years of age) requires verifiable consent from the child's parent or lawful guardian. Healthcare providers using our platform are responsible for obtaining such consent before entering minor patient data into the system. We do not engage in tracking, behavioural monitoring, or targeted advertising directed at children. We do not process children's personal data in any manner that could cause harm to their well-being. If we become aware that we have inadvertently collected personal data from a child without appropriate parental consent, we will take steps to delete such data promptly.
Our website and platform use cookies and similar technologies to enhance your experience. This section provides detailed information about the types of cookies we use and how you can manage your preferences.
These cookies are essential for the operation of our Services and cannot be disabled. They include session cookies that maintain your authenticated state, security cookies that prevent cross-site request forgery (CSRF) attacks, load-balancing cookies that ensure optimal server performance, and cookies that remember your cookie consent preferences. These cookies do not store any personally identifiable information and expire at the end of your browser session or within a short defined period.
Functional cookies enable enhanced functionality and personalisation, such as remembering your language preferences, display settings, recently accessed patient records (within your authenticated session), and form auto-fill preferences. These cookies may be set by us or by third-party providers whose services we have integrated into our platform. If you disable these cookies, some features may not function as intended.
These cookies collect information about how visitors use our website and platform, including which pages are visited most frequently, how users navigate between pages, error messages encountered, and page load times. We use this information to improve the performance and usability of our Services. Analytics cookies may be provided by third-party services such as Google Analytics, and the data they collect is aggregated and anonymised. You can opt out of analytics cookies through your browser settings or by using the opt-out mechanisms provided by these third-party services.
Most web browsers allow you to control cookies through their settings. You can configure your browser to block all cookies, accept only first-party cookies, or delete cookies when you close your browser. Please note that disabling or deleting cookies may affect the functionality of our Services and may prevent you from accessing certain features. For specific instructions on managing cookies in your browser, please refer to your browser's help documentation.
Our Services may contain links to, or integrations with, third-party websites, applications, and services that are not operated or controlled by Sattvam. This Privacy Policy does not apply to the practices of third parties, and we are not responsible for the privacy policies or content of any third-party services. We encourage you to review the privacy policies of any third-party services before providing them with your personal data.
The key third-party services integrated into our platform include:
We regularly review our third-party service providers and require each of them to maintain appropriate technical and organisational security measures and to process personal data only in accordance with our instructions and applicable data protection laws.
Sattvam is committed to full compliance with the Digital Personal Data Protection Act, 2023 and all rules, regulations, and guidelines notified thereunder. As a Data Fiduciary processing sensitive health information, we adhere to the following principles mandated by the DPDP Act: lawfulness, fairness, and transparency in all processing activities; purpose limitation, ensuring data is collected only for specific, clear, and legitimate purposes communicated to the Data Principal; data minimisation, collecting only such personal data as is necessary for the stated purpose; accuracy, maintaining reasonable measures to ensure personal data is complete, accurate, and up-to-date; storage limitation, retaining personal data only for the period necessary to fulfil the stated purpose or as required by law; integrity and confidentiality, implementing appropriate security safeguards; and accountability, maintaining records and documentation to demonstrate compliance.
If Sattvam is classified as a Significant Data Fiduciary by the Central Government under Section 10 of the DPDP Act, we will comply with additional obligations including appointing a Data Protection Officer based in India, conducting periodic Data Protection Impact Assessments (DPIAs), engaging an independent data auditor, and publishing the results of periodic audits as required by law.
Our platform is designed to be interoperable with the Ayushman Bharat Digital Mission (ABDM) ecosystem. Where healthcare providers choose to integrate their practice with ABDM, our platform supports the creation and linking of ABHA (Ayushman Bharat Health Account) identifiers, sharing of health records through the Health Information Exchange and Consent Manager (HIE-CM) framework, compliance with ABDM health data management policies and technical specifications, implementation of consent-based health data sharing as per ABDM consent artefact standards, and adherence to the Unified Health Interface (UHI) protocols for interoperable health service delivery.
All ABDM-related data processing is conducted in strict accordance with the National Digital Health Mission Health Data Management Policy, the Information Security Policy, and the ABDM Sandbox and Production guidelines. Health data shared through ABDM channels is subject to granular, purpose-limited consent obtained from the patient through the ABDM consent framework, and we enforce the consent expiry, frequency, and purpose restrictions specified in each consent artefact.
We recognise that medical records are subject to specific retention requirements under Indian healthcare regulations. In accordance with the Indian Medical Council (Professional Conduct, Etiquette, and Ethics) Regulations, 2002, the Clinical Establishments (Registration and Regulation) Act, 2010, and applicable state rules, we retain medical records for a minimum period of three (3) years from the date of the last patient encounter. For obstetric records and records relating to minors, we apply extended retention periods as required by law. Healthcare providers may configure longer retention periods through their account settings. Medical records are not deleted upon account closure if the applicable retention period has not expired; instead, they are archived in a secure, access-restricted storage system until the retention period lapses, at which point they are securely destroyed. Healthcare providers retain primary responsibility for ensuring compliance with medical record retention obligations applicable to their practice, and our platform is designed to support and facilitate such compliance.
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will notify you by posting the updated Privacy Policy on our website with a revised "Last Updated" date, sending a notification to the email address associated with your account, displaying a prominent notice on our platform upon your next login, and, where required by law, obtaining your renewed consent before implementing changes that affect how your personal data is processed.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, you should discontinue use of the Services and contact us to request deletion of your personal data, subject to applicable retention obligations.
This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000 and the rules framed thereunder, the Indian Contract Act, 1872, and all other applicable central and state legislation.
Any dispute, controversy, or claim arising out of or relating to this Privacy Policy, including its interpretation, validity, enforceability, or breach, shall be subject to the exclusive jurisdiction of the courts located in Hyderabad, Telangana, India. The parties agree to submit to the personal jurisdiction of such courts and waive any objection to venue or inconvenient forum.
Notwithstanding the foregoing, complaints regarding the processing of personal data may also be filed with the Data Protection Board of India established under the DPDP Act, 2023, or with any other competent regulatory authority having jurisdiction over data protection matters. For users subject to the GDPR, complaints may additionally be filed with the relevant supervisory authority in their country of residence.
If you have any questions, concerns, or requests regarding this Privacy Policy, the processing of your personal data, or the exercise of your rights, please contact us using the following details:
We aim to respond to all privacy-related enquiries within thirty (30) days of receipt. For urgent matters involving data breaches or security incidents, please include "URGENT - Data Breach" in your email subject line to ensure expedited handling.
If you are not satisfied with our response to your privacy concern, you have the right to lodge a complaint with the Data Protection Board of India or other competent supervisory authority. We encourage you to contact us first so that we have an opportunity to address your concern directly.