Front Desk AIClinical Scribe & PMSSecurity & CompliancePricingFor PatientsSign inBook a demo

Data Processing Addendum

How Prescr processes personal and health data on behalf of clinics. This is a template to be reviewed by counsel before launch.

Last updated: 2026

1. Roles

For patient and health data entered into Prescr by a clinic, the clinic is the data controller and RG INSYS (operating Prescr) is the data processor. This Addendum forms part of the agreement between the clinic and RG INSYS.

2. Scope & instructions

We process personal data only on the clinic's documented instructions and as needed to provide the Service, unless required otherwise by law.

3. Categories of data & subjects

  • Subjects: patients, clinic staff and clinicians.
  • Data: contact details, appointments, call recordings and transcripts, clinical notes, billing and insurance information.

4. Sub-processors

We engage vetted sub-processors (e.g. cloud hosting, telephony, payment and AI model providers) under contractual obligations no less protective than this Addendum. A current list is available on request, and we give notice of material changes.

5. Security measures

Encryption in transit and at rest, role-based access control, audit logging, network controls and regular review. See Security & Compliance.

6. Data residency & transfers

Clinics may select a data-residency region (India or abroad). International transfers use appropriate safeguards such as standard contractual clauses.

7. Data subject requests & breach

We assist the clinic in responding to data-subject requests and notify the clinic without undue delay on becoming aware of a personal-data breach.

8. Return & deletion

On termination, we return or delete personal data per the clinic's instruction and applicable record-keeping law.

9. Contact

To request a signed DPA or the sub-processor list, contact privacy@prescr.com.