Privacy Policy
How we handle personal and health information. This is a template to be reviewed by counsel before launch.
Last updated: 2026
1. Who we are
Prescr is a product operated by RG INSYS ("we", "us"). This policy explains how we process information across the Prescr website, the clinic platform (Front Desk AI and Clinical Scribe & PMS) and the patient app.
2. Information we collect
- Account & clinic data: names, roles, clinic details, billing information.
- Patient & health data: records, appointments, call recordings, transcripts and clinical notes processed on behalf of clinics.
- Usage data: device, log and analytics data, collected with consent where required.
3. How we use information
To provide and improve the service, schedule and document care, process payments, communicate with you, ensure security, and meet legal obligations. We do not sell personal data.
4. Roles: controller and processor
For patient and health data entered by clinics, the clinic is the data controller and Prescr acts as a processor under our Data Processing Addendum. For our own website and account data, we are the controller.
5. Legal bases & your rights
Depending on your region, we rely on consent, contract, legitimate interests or legal obligation. You may have rights to access, correct, delete, port or restrict your data, and to withdraw consent. Requests under HIPAA, India's DPDP Act and the GDPR are honoured per applicable law.
6. Security & residency
We encrypt data in transit and at rest, enforce role-based access, keep audit logs and offer data-residency choices. See our Security & Compliance page.
7. Retention
We retain data for as long as needed to provide the service and meet legal and clinical record-keeping requirements, then delete or anonymise it.
8. International transfers
Where data crosses borders, we use appropriate safeguards (e.g. standard contractual clauses) and honour residency commitments.
9. Contact
For privacy questions or to exercise your rights, contact privacy@prescr.com.