top of page

Privacy Policy - Your Privacy at ARCA

At ARCA, we leverage AI to transform healthcare by automating clinical workflows, enhancing patient care and advancing medical research. Whether you interact with our AI-driven tools, explore medical education insights, or use our healthcare solutions, we may collect certain information to improve our technology, enhance your experience and ensure compliance with applicable regulations.

We believe in transparency and giving you control over your data. Our Privacy Policy explains:

  • What information we collect and why.

  • How long we retain your information.

  • How we use and protect your information.

  • The choices available to you regarding your data.

  • How we ensure the security of your data.

  • How we comply with legal and regulatory requirements.

We have kept this notice clear and straightforward. If you need more clarity, we encourage you to review key terms or contact us.

Your trust matters to us and we are committed to protecting your information. Please take the time to understand our practices. If you have any questions or concerns about your privacy, feel free to contact us.


Information We Collect and Why

At ARCA, we collect information to improve our AI-driven healthcare solutions, enhance user

experience and ensure compliance with applicable regulations. The types of information we

collect include:


1. Information You Provide Directly

  • Account and Contact Information: When you interact with ARCA, such as signing up for services, contacting us, or requesting support, we collect details like your name, email address and organization details.

  • Health and Research Data (if applicable): For healthcare providers and researchers using our platform, we may collect de-identified data to support medical education, AI- driven analysis and patient care improvements.


2. Information We Collect Automatically

  • Device and Usage Data: We may collect technical details like IP addresses, browser type, operating system and device identifiers to optimize platform security and performance.

  • Interaction and Usage Patterns: We analyse how users engage with our AI-driven tools to improve functionality, refine algorithms and enhance user experience.

3. Information from Third Parties

  • Healthcare Partners and Integrations: If you use ARCA in collaboration with healthcare organizations, certain data may be shared with us through authorized integrations to enhance service efficiency.

  • Regulatory and Compliance Data: Where required, we collect relevant data to comply with legal, security and regulatory obligations.

We collect this information to:

  • Improve and personalize user experience.

  • Strengthen AI-driven healthcare insights and research.

  • Enhance security, detect fraud and ensure compliance with industry standards.

  • Provide support and communicate updates on our services.

We are committed to handling your data responsibly, with privacy and security at the core of our AI-powered healthcare solutions.


Retention of Your Information

At ARCA, we retain your information only for as long as necessary to fulfil the purposes outlined in this Privacy Notice, comply with legal and regulatory obligations, resolve disputes and enforce our agreements.


How Long We Retain Your Data

  • User Accounts and Contact Information: Retained for as long as your account is active or as needed to provide our services. If you request account deletion, we will remove your information in accordance with our data retention policies. 

  • Healthcare and Research Data (if applicable): Retention periods vary based on regulatory requirements and contractual agreements with healthcare organizations. Data may be anonymized and retained for research and analytical purposes.

  • Device and Usage Data: Stored for a limited period to improve security, troubleshoot issues and optimize service performance.

  • Legal and Compliance Data: Retained as required by applicable laws, regulations, or legal proceedings.


How We Ensure Secure Retention and Deletion

  • When information is no longer required, we securely delete or anonymize it to prevent unauthorized access. 

  • In cases where data must be retained for compliance, we implement strict security controls to safeguard it.


How We Use and Protect Your Information

How We Use Your Information


At ARCA, we use the information we collect to enhance our AI-driven healthcare solutions, improve user experience and ensure compliance with legal and regulatory requirements.


Specifically, we use your information for:

  • Service Delivery and Improvement: Enhancing the functionality of our AI healthcare solutions, optimizing clinical workflows and improving research capabilities.

  • User Experience Enhancement: Personalizing interactions, refining AI models and ensuring seamless access to our platform.

  • Security and Fraud Prevention: Detecting and mitigating security threats, unauthorized access and fraudulent activities.

  • Regulatory and Compliance Requirements: Meeting legal obligations related to data privacy, security and industry-specific regulations.

  • Customer Support and Communication: Responding to queries, providing updates on our services and addressing concerns regarding data privacy.


Third-Party Data Sharing

  • We may share certain information with authorized third parties, including service providers, healthcare organizations, regulatory authorities, or research institutions, for purposes such as improving healthcare insights, ensuring compliance and providing better services.

  • We ensure that third-party partners adhere to strict confidentiality and data protection agreements.

  • We do not sell or share personal data for advertising purposes.


How We Protect Your Information


We implement stringent security measures to safeguard your data from unauthorized access, misuse, or disclosure. Our protection mechanisms include:

  • Data Encryption: Secure transmission and storage of data using industry-standard encryption protocols.

  • Access Controls: Strict access restrictions based on user roles and authentication mechanisms.

  • Regular Security Audits: Ongoing assessments to identify and mitigate vulnerabilities.

  • Anonymization and De-identification: Where applicable, we anonymize data to prevent the identification of individuals.

  • Compliance with Regulations: Adhering to industry standards and legal requirements to ensure data privacy and security.


We are committed to maintaining the confidentiality, integrity and security of your information.


The Choices Available to You Regarding Your Data

At ARCA, we believe in transparency and giving you control over your personal data. You have several choices regarding how your information is collected, used and managed:


1. Access and Update Your Information

  • You can request access to the personal information we hold about you.

  • If any data is incorrect or outdated, you can request corrections or updates.

2. Data Deletion and Retention Control

  • You may request the deletion of your personal data if it is no longer required for the purposes outlined in this Privacy Notice.

  • Some data may be retained for legal, regulatory, or security reasons.

3. Opting Out of Communications

  • You can unsubscribe from marketing and non-essential communications at any time.

  • Important service-related notifications will still be sent when necessary.

4. Managing Cookies and Tracking Technologies

  • You can manage cookies and tracking settings through your browser preferences or via a Consent Management Platform (CMP) if tracking technologies are used. Certain functionalities may be affected if you disable cookies.

5. Restricting or Objecting to Data Processing

  • If you have concerns about how your data is processed, you can request restrictions on certain uses.

  • You may also object to specific data processing activities where applicable by law.

6. Withdrawing Consent

  • If data processing is based on consent, you can withdraw your consent at any time.

  • Withdrawal does not affect the lawfulness of processing before consent was revoked.


Opt-Out Rights

At ARCA, we respect your choices regarding your data. Depending on the nature of ourservices and applicable regulations, you may have the right to opt out of certain data processing activities, including:


  • Marketing Communications: You can unsubscribe from promotional emails or newsletters at any time.

  • Non-Essential Tracking Technologies: You may adjust your browser or device settings to limit the use of cookies and similar tracking technologies.

  • Automated Data Processing (if applicable): You may request to opt out of AI-driven profiling or automated decision-making where legally applicable.

  • Data Sharing with Third Parties: If we share data with external partners for non-essential purposes, you will be given the option to opt out. To exercise your opt-out rights, you can contact us or follow the instructions provided within our communications. Please note that opting out of certain services may impact functionality.


How We Ensure the Security of Your Data

At ARCA, safeguarding your data is a top priority. We implement robust security measures to protect your information from unauthorized access, misuse, loss, or alteration. Our approach to data security includes:


1. Encryption and Secure Storage

  • We use industry-standard encryption to secure data during transmission and storage.

  • Sensitive data is encrypted to prevent unauthorized access.

2. Access Control and Authentication

  • Access to personal data is restricted to authorized personnel based on role-specific permissions.

  • We implement multi-factor authentication (MFA) and strict identity verification for system access.

3. Regular Security Audits and Monitoring

  • We conduct periodic security assessments and penetration testing to identify and address vulnerabilities.

  • Real-time monitoring helps detect and prevent unauthorized access or potential threats.

4. Compliance with Industry Standards

  • ARCA follows globally recognized data security frameworks and complies with applicable healthcare and data protection regulations.

  • We adhere to security best practices for AI-driven healthcare solutions to protect patient and research data.

5. Data Minimization and Anonymization

  • Where applicable, we anonymize or de-identify data to ensure privacy while enabling research and analytics.

  • We limit data collection to only what is necessary for improving services.

6. Incident Response and Breach Notification

  • In case of a security incident, we have a structured response plan to contain, investigate and mitigate risks.

  • If required, we will notify affected users and relevant authorities in compliance with applicable laws.

We continuously enhance our security measures to stay ahead of evolving threats.


Response to Data Breaches

We have a structured incident response plan to address data breaches promptly and effectively. If a breach occurs, we take immediate action to contain the incident, investigate its cause, notify affected users and regulatory authorities (if required) and implement corrective measures to prevent future occurrences.


Tracking and Monitoring

At ARCA, we use tracking and monitoring technologies with your explicit consent to enhance

user experience, strengthen security, and improve our AI-driven healthcare solution.

These technologies help us:

  • Enhance System Performance: Monitor platform usage to optimize functionality and improve service reliability.

  • Detect Security Threats: Identify suspicious activities, unauthorized access, or potential cyber threats to protect user data.

  • Improve AI Insights: Analyse usage patterns to refine our AI models and improve accuracy.

  • Ensure Compliance: Maintain logs and records required by applicable regulatory frameworks.


We do not use tracking technologies for advertising or profiling purposes. You can manage certain tracking preferences through your browser settings or device controls.


How We Comply with Legal and Regulatory Requirements

At ARCA, we are committed to complying with applicable laws and regulations governing data protection, privacy and security. Our compliance approach includes:


1. Adherence to Data Protection Laws

  • We comply with Indian data protection laws, including the Digital Personal DataProtection (DPDP) Act and other relevant global privacy regulations where applicable.

  • Our data handling practices align with industry standards to ensure lawful, fair and transparent processing of personal information.

2. Compliance with Healthcare Regulations

  • As a healthcare-focused AI company, we align with applicable healthcare data protectionlaws, ensuring responsible processing of patient and medical data.

  • We follow best practices in data anonymization, minimization and secure handling of sensitive health information.

3. Cross-Border Data Transfers

  • If data is transferred outside India, we ensure it is protected by appropriate safeguards, such as contractual agreements and security measures in line with applicable laws.

  • We work with healthcare organizations and partners to ensure regulatory compliance in all jurisdictions where our solutions are used.

4. Regulatory Cooperation and Audit Readiness

  • We engage with regulatory bodies and data protection authorities to ensure compliance and address any concerns.

  • ARCA maintains detailed records of its data processing activities and undergoes periodic audits to assess compliance with legal and industry standards.

5. User Rights and Transparency

  • We provide users with clear information about their data rights and how to exercise them.

  • Our policies and practices ensure that users can access, correct, or delete their personal data in accordance with legal requirements.

When This Privacy Policy Applies

This Privacy Policy applies to all services provided by ARCA, including our AI-driven healthcare solutions, medical education tools and research platforms. It covers how we collect, use and protect personal information when you engage with our website, applications and other services.


This does not apply to:

Third-party services, applications, or websites that may be linked from our platform. Healthcare providers, organizations, or researchers using ARCA’s solutions, as they may have their own privacy policies.


External companies or individuals who may interact with our services, including those who integrate ARCA AI into their platforms.

We are not responsible for the privacy practices of third parties, including their use of cookies, tracking technologies, or data collection methods. We encourage you to review the privacy policies of any external services you engage with.


Compliance and Cooperation with Regulatory Authorities

At ARCA, we regularly review our compliance with this Privacy Policy and applicable data protection regulations. We adhere to industry standards and best practices to safeguard personal data. If we receive a formal written complaint regarding data privacy, we will respond promptly and work to resolve the issue. Where necessary, we engage with relevant regulatory authorities, to address concerns related to personal data handling that cannot be resolved directly with our users.

Our commitment is to maintain transparency and compliance while ensuring the highest standards of data protection in our solutions.


Changes to This Privacy Notice

Our Privacy Policy may be updated periodically to reflect changes in our services, regulatory requirements, or data protection practices. We will not reduce your rights under this Privacy Policy without your explicit consent.

Any updates will be posted on this page and if the changes are significant, we will provide a more prominent notice, such as an email notification or an announcement within our services.


We will also maintain an archive of previous versions for reference. We encourage you to review this notice regularly to stay informed about how we protect your privacy.


Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please feel free to contact us with the relevant details. We are committed to addressing your privacy-related queries and ensuring transparency in our practices.

Email: corporate@arcaai.com


Address: 

Kivotos AI Technology Pvt Ltd

9th floor, RMZ Latitude

Commercial, Bellary Rd Hebbal,
Bengaluru, India


For privacy-related inquiries, please mention “Privacy Inquiry” in your subject line to help us respond efficiently.

We appreciate your trust in ARCA and are always here to assist you.


Key Terms


“personal information”

For example, when you interact with ARCA’s services, we may collect details such as your name, email address, and organization details to provide personalized support and improve service efficiency.


“health and research data”

For example, healthcare providers and researchers using ARCA’s platform may provide de-identified health data, which is used to support medical education, AI-driven analysis, and patient care improvements.


“ device & usage data”

Technical details such as IP addresses, browser type, operating system, and device identifiers collected to enhance security and optimize system performance.


“ cookies and tracking technologies“

Small data files stored on a user’s device that help track preferences, improve user experience, and enhance system functionality.


“ consent management platform “

A system that allows users to manage their preferences regarding cookies, tracking technologies, and data collection.


“third-party data sharing”

The practice of sharing data with authorized third parties such as healthcare providers, regulatory bodies, or service partners to improve services, comply with laws, or enhance AI models.


“data anonymization & de-identification”

Processes that remove or alter personally identifiable information to ensure that individuals cannot be traced from the data collected.


“data retention”

The period during which ARCA stores personal, research, or usage data before securely deleting or anonymizing it based on regulatory and operational requirements.


“data minimization”

A principle that ensures ARCA collects only the necessary amount of data required to provide its

services, minimizing unnecessary information processing.


“encryption”

A security method that protects data by converting it into a coded format to prevent unauthorized access.


“multi-factor authentication”

An added security layer requiring multiple verification steps (e.g., password + OTP) to access data or services securely.


“automated decision-making & ai processing”

The use of AI-driven algorithms to analyse data, generate insights, or assist in decision-making processes without direct human intervention.


“ opt-out rights”

The ability of users to refuse or withdraw consent from non-essential data processing activities, such as marketing communications or certain tracking technologies.


“regulatory & compliance data”

Information collected or processed to meet legal, security, and industry-specific regulatory requirements.


“data breach notification”

A process through which users and regulatory authorities are informed in case of a security incident that compromises personal data.


“cross-border data transfers”

The movement of user data to servers or partners outside the country, following applicable data protection safeguards.


“account & contact information”

Basic user details such as name, email, and organization information, collected for service access, support, and account management.


“incident response plan”

A structured protocol to detect, investigate, contain, and mitigate security incidents, ensuring prompt response in case of a data breach.


“role-specific permissions”

A system where only authorized personnel can access certain types of user or healthcare data based on their role.


“real-time monitoring”

Continuous tracking of system activity to detect security threats, unauthorized access, or unusual activity in ARCA’s platform.


“ai-driven profiling”

The use of automated AI systems to analyse user behaviour, predict preferences, and assist in AI-based decision-making.

bottom of page