Privacy Policy

Last updated: 2026

HIPAA CompliantDPDPA Aligned

1. Company Information

Athreya Medtech India Private Limited
CIN: U32500KA2026PTC220285
Sector: Manufacture of Medical and Surgical Equipment
Registered Address: 1252/H, 22nd Main, 1st Sector, HSR Layout, Bengaluru, Karnataka 560102, India
Parent/International Arm: Athreya Inc. (Edison, New Jersey, USA)

For privacy matters, contact us at: decurecenter@gmail.com or dmf.careteam@gmail.com

2. Scope

This Privacy Policy applies to information collected through the Athreya MedTech website (https://athreyamedtech.com), contact forms, Academy applications, and research inquiry submissions. It does not govern the collection, handling, or use of patient health data under the MERIT AI research protocol, which is subject to separate IRB-approved consent procedures and HIPAA-compliant data handling protocols.

3. Data We Collect

Website Forms

When you submit a contact form, Academy application, or partnership inquiry, we collect: your name, email address, organisation, professional background (for Academy applications), and message content. This data is transmitted via Formspree (a third-party form processing service) and stored securely.

Website Analytics

We may collect anonymised usage data (page views, referrer, browser type, country-level geography). No personally identifiable information is captured through analytics without your explicit submission.

Research Participant Data

Patient data collected at De Cure Center, Bengaluru under the MERIT AI research protocol is governed by a separate IRB-approved consent framework and HIPAA Privacy Rule compliance policies. Such data is not processed through this website.

4. How We Use Your Information

  • Respond to contact, partnership, and research enquiries
  • Process and evaluate Academy applications
  • Send programme updates and correspondence you have requested
  • Improve website content and user experience
  • Comply with legal and regulatory obligations

We do not sell, rent, or trade your personal information to third parties.

5. Third-Party Processors

  • Formspree — Form submission processing. Data handled per Formspree's privacy policy.
  • Hosting Provider (Hostinger) — Static website hosting. Server-side logs may be retained per Hostinger's policy.

6. Patient Rights Under HIPAA

Research participants and patients whose data is processed under the MERIT AI protocol have the following rights under the HIPAA Privacy Rule:

  • Right of Access — To inspect and receive a copy of their protected health information (PHI)
  • Right to Correct — To request amendment of inaccurate or incomplete PHI
  • Accounting of Disclosures — To receive a list of disclosures of PHI made without authorisation
  • Right to Restrict — To request restrictions on certain uses or disclosures of PHI
  • Right to Complain — To file a complaint with the HHS Office for Civil Rights

To exercise these rights, contact: decurecenter@gmail.com

7. Research Participant Rights (DPDPA & IRB)

Under the Digital Personal Data Protection Act (DPDPA) 2023 (India) and the IRB-approved research protocol:

  • Data is collected only with informed, explicit consent
  • Participants have the right to withdraw consent and request erasure
  • Data is de-identified before entering the AI training pipeline
  • India patient data stays in India (on-premise hardware at De Cure Center)
  • No cross-border transfer of patient data without legal basis and consent

8. Data Retention and Deletion

  • Website form submissions — Retained for up to 12 months or until the enquiry is resolved, then deleted from Formspree
  • Research/clinical data — Retained per IRB-approved protocol timelines and HIPAA requirements
  • To request deletion of your website form data, email: dmf.careteam@gmail.com

9. Data Security

Website form data is transmitted over HTTPS/TLS. Clinical and research data is stored exclusively on on-premise infrastructure using SHA-256 encryption at rest, RBAC access controls, JWT authentication, and immutable audit trail logging. No patient data is stored in public cloud environments.

10. Cookies

This website may use essential cookies for basic functionality. No advertising or tracking cookies are deployed. You can manage cookie preferences in your browser settings.

11. Children's Privacy

This website is not directed to children under the age of 13. We do not knowingly collect personal information from children. Pediatric patient data collected under the MERIT AI research protocol is governed by the IRB consent framework with parental/guardian consent requirements.

12. Changes to This Policy

We may update this Privacy Policy as our practices evolve. Changes will be posted on this page with an updated "Last updated" date. Continued use of the website after changes constitutes acceptance.

13. Contact for Privacy Enquiries

Athreya Medtech India Private Limited
CIN: U32500KA2026PTC220285
1252/H, 22nd Main, 1st Sector, HSR Layout, Bengaluru, Karnataka 560102, India
Email: decurecenter@gmail.com
Email: dmf.careteam@gmail.com
Phone: +91 9742652245

This website and its associated research activities operate under HIPAA Privacy Rule and Security Rule compliance and are aligned with the India Digital Personal Data Protection Act (DPDPA) 2023.