Privacy Policy

ORS AI provides software and workflow services that help hospitals improve operating room performance through scheduling intelligence, analytics, operational workflow support, and related integration services. This Privacy Policy explains how we process information when organizations visit our website, request an OR audit, download resources, contact our team, or use ORS AI under a commercial engagement.

This policy applies to information processed through orsai.app, ORS AI-managed marketing workflows, product environments, implementation activities, support interactions, and related operational services unless a separate written customer agreement states otherwise.

We design ORS AI around data minimization, role-based access, practical retention limits, and a preference for operational event data over unnecessary personal detail. In customer deployments, we aim to ingest and retain only the information needed to deliver scheduling, workflow, analytics, support, security, and audit functions.

We intend to handle information in line with applicable legal obligations, including the Digital Personal Data Protection Act 2023 and any sector-specific or contractual requirements relevant to the customer environment in which ORS AI is deployed.

The information ORS AI processes depends on the context of the relationship. Some data comes directly from people who interact with us through the website or sales process, while other data is provided by hospital customers during implementation or product use.

The categories below describe the main classes of information we may process across those contexts.

When someone submits a demo request, ROI form, contact form, whitepaper gate, newsletter signup, or integration enquiry, we collect the details entered into that form and any follow-up information voluntarily shared with our team.

We use this information to respond to the request, qualify the enquiry, route it internally, schedule meetings, deliver requested resources, and maintain a record of commercial communications and conversion activity.

In customer environments, ORS AI may process schedule, staffing, procedure, readiness, OR status, and billing-support data needed to operate the platform and generate analytics or recommendations. The exact fields vary by hospital systems, configuration choices, and contracted services.

Where possible, ORS AI is configured to minimize directly identifying patient data and to focus on operational metadata, timestamps, procedural context, and workflow state transitions. Customers remain responsible for determining what source data is made available to ORS AI and ensuring they have a lawful basis to do so.

Our website may use essential technical mechanisms to operate core page behavior, and may use analytics cookies or similar tools when a visitor has consented to that use. We may also record campaign attribution details such as UTM parameters when someone arrives from a marketing or referral source.

Analytics and attribution data helps us understand which content, pages, and commercial pathways are effective, where visitors encounter friction, and how to improve the relevance of our website and outreach. Visitors may decline non-essential analytics through our consent controls where presented.

ORS AI uses information to operate the website, respond to requests, deliver OR audits and demos, configure and provide the platform, support integrations, maintain security, improve reliability, communicate with customers and prospects, and satisfy legal, regulatory, or contractual obligations.

We may also use aggregated or de-identified information to improve our services, understand product performance, and produce internal benchmarks, provided that such information is not used to re-identify a person or to disclose a customer’s confidential operating details improperly.

We do not sell personal information. We share information only when necessary to provide our services, operate our business, comply with law, protect rights or security, or as otherwise permitted by contract or consent.

Sharing may occur with infrastructure, communication, analytics, or support providers acting on our instructions; with professional advisers; with counterparties in corporate transactions; or with authorities where disclosure is legally required.

ORS AI may rely on carefully selected service providers to host the platform, deliver transactional communication, manage commercial workflows, and support security or observability. These providers are expected to operate under contractual duties relating to confidentiality and appropriate handling of data.

Our most visible service-provider categories currently include AWS for infrastructure hosting, HubSpot for commercial workflow handling where configured, and SendGrid for transactional email delivery where configured.

We retain information only for as long as reasonably necessary for the purpose for which it was collected, for the period required by contract, or for as long as applicable law, audit needs, dispute handling, or security obligations require.

Marketing and commercial enquiry records may be retained to manage sales follow-up, attribution, and future re-engagement unless a person asks us not to continue that communication. Customer deployment data is retained according to the governing customer agreement, technical necessity, and secure deletion procedures.

ORS AI uses technical and organizational measures intended to protect information against unauthorized access, misuse, accidental loss, and inappropriate disclosure. These measures may include access restrictions, encryption in transit, environment separation, logging, review procedures, and change management controls.

No system can promise absolute security, and customers remain responsible for the security of their own source systems, endpoint environments, credential management, and the data they choose to transmit into ORS AI.

ORS AI is designed with a primary data residency posture in India, including AWS infrastructure centered in Mumbai where practicable. However, some support, communications, or service-provider functions may involve limited cross-border data access or transfer depending on customer configuration and vendor architecture.

Where cross-border access is relevant, ORS AI seeks to use contractual, technical, and operational controls appropriate to the sensitivity of the information and the role of the service provider involved.

Individuals may contact us to request access, correction, deletion, or other information about how we handle their personal information, subject to legal, contractual, security, and verification requirements. In many customer-deployment contexts, the relevant hospital or contracting entity is the primary controller and may need to handle the request first.

Marketing recipients may also opt out of non-essential promotional communications using the unsubscribe mechanism in those messages or by contacting us directly.

Our website and services are intended for business and institutional use and are not directed to children. We do not knowingly collect personal information directly from children through our marketing site.

Because ORS AI may operate in healthcare contexts, customers should avoid supplying unnecessary personal or highly sensitive information through website forms, open email, or other channels not intended for that purpose.

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, security practices, or business operations. The current version will be posted on this page with an updated effective date.

Questions, privacy requests, or concerns about this policy may be directed to privacy@orsai.app or ORS AI, C1/3, Humayun Rd, Sujan Sing Park North, Sujan Singh Park, New Delhi, Delhi 110003.