Privacy Policy

Last Updated: May 25, 2026

1. Introduction

Yira.ai ("we," "our," or "us") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website at yira.ai and use our enterprise healthcare platforms — Yira Pulse, Yira Clinx, and Yira MedSense (collectively, the "Services").

Please read this policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

We collect several types of information depending on how you interact with our Services:

• Account & Contact Information: Name, email address, phone number, company name, job title, and account login credentials provided during registration or contact form submissions.
• Health & Medical Data (B2B Processing): Through Yira Pulse, Yira Clinx, and Yira MedSense, we process health screening data, medical records, prescriptions, lab reports, patient demographics, insurance claim data, and related health information on behalf of our enterprise clients. In this capacity, Yira.ai acts as a Data Processor, and the enterprise client is the Data Controller.
• Usage & Technical Data: IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and other diagnostic data collected automatically through cookies and similar tracking technologies.
• Communication Data: Records of your communications with us, including emails, support tickets, and demo requests.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, maintain, and improve our Services.
• To process medical data and generate AI-driven health insights for our enterprise clients under the terms of our service agreements.
• To send transactional communications, including account notifications, demo confirmations, and service updates.
• To respond to your inquiries, support requests, and feedback.
• To analyze usage patterns and improve the performance and features of our Services.
• To comply with legal obligations, including HIPAA, DISHA Act, ABDM standards, and IRDAI regulations.
• To detect, prevent, and address fraud, security breaches, and other harmful activities.

4. Data Security

Yira.ai implements industry-leading security measures to protect your information from unauthorized access, alteration, disclosure, or destruction. Our security infrastructure includes:

• AES-256 encryption for all data at rest and in transit.
• Role-Based Access Control (RBAC) ensuring data is accessible only to authorized personnel.
• ISO 27001 certified infrastructure hosted on AWS India (Mumbai region).
• Regular security audits, penetration testing, and vulnerability assessments.
• Multi-tenant data isolation ensuring each organization's data is completely segregated.
• 99.9% uptime SLA with disaster recovery protocols.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Enterprise Clients: Health and operational data processed through our platforms is shared with the respective enterprise client (employer, healthcare provider, or insurer) that contracted our Services.
• Service Providers: We engage trusted third-party vendors (e.g., AWS for cloud hosting) who process data on our behalf under strict data processing agreements.
• Legal Compliance: We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our website and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Health data processed on behalf of enterprise clients is retained in accordance with the terms of our service agreements and applicable healthcare data retention regulations.

8. Your Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal obligations.
• Right to Data Portability: Request transfer of your data to another service provider.
• Right to Object: Object to processing of your personal data for certain purposes.

If your data is processed by us on behalf of a healthcare provider or employer (as a Data Processor), please direct your request to that organization (the Data Controller). To exercise your rights directly with Yira.ai, contact us at contact@yira.ai.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at contact@yira.ai and we will take steps to delete such information.

10. International Data Transfers

Yira.ai's primary data infrastructure is hosted on AWS India (Mumbai region) to ensure data sovereignty for Indian healthcare data. Any international data transfers are conducted in compliance with applicable data protection laws and with appropriate safeguards in place.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we may also send an email notification to registered users. We encourage you to review this Privacy Policy periodically.

12. Contact Our Data Protection Team

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team: