Contact Us

Privacy Policy

Effective Date: April 2026 | Last Updated: April 2026
AstonomiQ Private Limited | WeWork, Embassy Tech Village Block L, Bellandur, Bangalore, Karnataka – 560103

At AstonomiQ, we take data privacy seriously not because a regulation says we have to, but because we work with hospitals and healthcare providers who trust us with some of the most sensitive operational data that exists. Patient records, billing information, insurance claims, vendor payments – this is not generic enterprise data. It deserves to be handled with care, and we are committed to doing exactly that.

This Privacy Policy explains what data we collect, why we collect it, how we protect it, and what rights you have as our customer, visitor, or partner. We have tried to keep this as plain and readable as possible- no dense legalese, just a straightforward explanation of how we operate.

1. Who This Policy Covers

This policy applies to:

  • Hospitals, clinics, and healthcare facilities that use the AstonomiQ platform (our B2B customers)
  • Individuals who visit our website at astonomiq.ai
  • Prospective customers who interact with our sales team or fill out contact forms
  • Business partners, vendors, and integration partners

If you are a patient whose data is processed by a hospital that uses AstonomiQ, your primary relationship is with that hospital. AstonomiQ processes that data on the hospital’s behalf, as a data processor. For patient-specific privacy concerns, please reach out to your healthcare provider directly.

2. What Data We Collect and Why

2.1 Data from Our Customers (B2B Platform Users)

When a hospital or healthcare facility onboards onto AstonomiQ, we receive and process data
that is necessary to run the platform effectively. This includes:

  • Account Information: Hospital and organisation details
  • User Information: Names, email addresses, and contact numbers of designated users, admins, and IT points of contact
  • Operational Data: HIS/HMS data feeds, billing records, insurance claim files, bank reconciliation data, vendor invoices, and inventory records – all ingested via secure API integrations
  • Usage Data: Activity logs, system interactions, and feature usage data used for platform improvement and support

We do not ask for more than we need The data ingested is used solely to deliver the services our customers have contracted us for.

2.2 Data from Website Visitors

When you visit astonomiq.ai, we may collect:

  • Browser type, device information, IP address, and pages visited-collected automatically through standard web analytics tools
  • Contact form submissions, including your name, email, phone number, and any message you send us
  • Demo request details

We use this information to respond to your enquiries, improve the website experience, and understand how people discover our platform. We do not sell this data to anyone.

2.3 Patient Communication Data

Our Patient Conversation module facilitates interactions between hospitals and their patients over WhatsApp and SMS. In this context, AstonomiQ processes:

  • Appointment details and scheduling information
  • Lab report retrieval requests
  • Pre-consultation intake data such as symptoms and vitals collected before a doctor's visit
  • Patient queries handled by our AI agent

AstonomiQ acts as a technology layer here. The hospital remains the primary data controller for all patient information. Our AI processes this data in real time to deliver automated responses and does not store personally identifiable patient information beyond what is operationally necessary and agreed upon with the hospital in our data processing agreements.

3. How We Use Your Data

The data we collect is used strictly for the following purposes:

  • Service Delivery: Providing, operating, and improving the AstonomiQ platform and its modules (Reconciliation, Patient Conversations, AP Automations, Claims Management, Inventory Management)
  • Onboarding and Support: Onboarding new customers and configuring the platform to their specific workflows
  • Technical Support: Diagnosing issues, resolving bugs, and ensuring uptime
  • Product Development: Analysing aggregated, anonymised usage patterns to improve our product roadmap
  • Communications: Sending product updates, maintenance notices, or relevant communications to authorised contacts at customer organisations
  • Legal Compliance: Meeting our obligations under applicable Indian laws, including IT Act 2000, DPDP Act 2023 (when notified), GST, and IRDAI regulations where relevant

We do not use customer data for advertising, and we do not share it with third parties for marketing purposes. Period.

4. Data Sharing and Third Parties

We share data only when necessary, and only with parties who are bound by appropriate confidentiality and data protection obligations. This includes:

  • Cloud infrastructure providers who host the AstonomiQ platform – these are enterprise- grade providers with SOC 2 compliant environments
  • Integration partners such as TPA portals, bank systems, and insurer APIs – data shared here is limited to what is technically required for the integration to function
  • Payment gateways and reconciliation data sources, accessed in read-only mode for matching and verification
  • Legal and regulatory authorities, only when we are required to do so by law or court order

We will never sell, rent, or trade your data. Any third-party sub-processors we engage are contractually required to meet data security standards consistent with ours.

5. Data Storage and Security

We take security seriously – it is core to what we promise our customers.

All data processed through the AstonomiQ platform is protected using:

  • AES-256 encryption for data at rest
  • TLS 1.2 and above for data in transit
  • Role-based access controls (RBAC) ensuring only authorised personnel can access specific modules or datasets
  • Audit trails for all data access and workflow actions – every action is logged and traceable
  • Regular security assessments and vulnerability monitoring

Our platform is built with enterprise-grade security standards, designed specifically for the Indian healthcare ecosystem and aligned with NABH standards and IRDAI data handling guidelines.

Data is stored in India-based cloud infrastructure to the extent possible. Where cross-border processing occurs (for example, with certain cloud services), we ensure adequate safeguards are in place consistent with applicable law.

6. Data Retention

We retain data for as long as is necessary to deliver our services and fulfil our legal obligations.
Specifically:

  • Customer account and operational data is retained for the duration of the active contract, plus a reasonable period thereafter as required by applicable Indian law
  • Audit logs and financial records are retained as mandated by GST, TDS, and other applicable regulatory frameworks
  • Website enquiry and contact data is retained for up to 12 months, or until you ask us to delete it

When data is no longer needed, it is securely deleted or anonymised in accordance with our internal data lifecycle policy.

7. Your Rights

As a customer or a visitor, you have the following rights with respect to your data:

  • Access: You can request a copy of the data we hold about you or your organisation
  • Correction: If any information we hold is inaccurate, you have the right to have itcorrected
  • Deletion: Subject to contractual and legal constraints, you can request deletion of data we hold about you
  • Opt-Out: You can opt out of non-essential communications such as marketing emails at any time
  • Grievance Redressal: If you are concerned about how we are handling your data, you have the right to raise a complaint with us directly or with the relevant regulatory authority

To exercise any of these rights, please write to us at sales@astura.ai. We will respond within a reasonable time and, where legally required, within the timelines prescribed under applicable Indian law.

8. Cookies and Website Tracking

Our website (astonomiq.ai) uses cookies and similar technologies to:

  • Remember your preferences when you revisit the site
  • Understand how visitors navigate the site so we can improve it
  • Track conversions from demo requests and contact form submissions

You can manage or disable cookies from your browser settings at any time. Please note that some parts of the website may not function correctly without cookies enabled.

We do not use any third-party advertising cookies or cross-site tracking tools.

9. AI and Automated Processing

AstonomiQ is built on Agentic AI-which means our platform makes real-time inferences, detects anomalies, and triggers automated actions based on data it processes. We want to be transparent about this:

  • Our AI engines process hospital data to surface insights, flag exceptions, and automate routine workflows
  • Decisions made by the AI (such as reconciliation matches, inventory reorder triggers, or claim status updates) are presented to human operators for review and action
  • No fully automated decision with significant legal or financial consequences is made without human oversight
  • We use Retrieval-Augmented Generation (RAG) to power context-specific AI responses, this means our AI references hospital-specific documents and protocols, not generic internet data

We continuously evaluate our AI systems for accuracy, fairness, and reliability as part of our product development process.

10. Data Breach Notification

In the unlikely event of a data breach that affects your data, we will:

  • Contain and assess the breach as soon as it is identified
  • Notify affected customers without undue delay, and within the timelines prescribed under applicable Indian law
  • Provide clear information about the nature of the breach, the data involved, and the steps we are taking to address it
  • Cooperate fully with any regulatory investigations

We maintain an incident response process that is reviewed and updated regularly.

11. Children’s Privacy

AstonomiQ is a B2B platform designed for use by healthcare professionals and hospital operations teams. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor's data has been inadvertently shared with us, please contact us immediately and we will take appropriate action.

12. Changes to This Policy

We may update this Privacy Policy from time to time as our platform evolves or as legal requirements change. When we make material changes, we will:

  • Update the 'Last Updated' date at the top of this document
  • Notify active customers via email or an in-platform notification

Continued use of the AstonomiQ platform after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

13. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes arising in connection with this policy shall be subject to the exclusive jurisdiction of the courts in Bangalore, Karnataka.

14. Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or have a concern about how we handle your data, please reach out to us:

AstonomiQ Private Limited
WeWork, Embassy Tech Village Block L, Bellandur, Bangalore, Karnataka – 560103
Email: sales@astura.ai
Website: https://astonomiq.ai