Privacy Policy
Last updated: July 2, 2026
1. Who we are
Daisy MD Assistant (“we”, “us”, the “Service”) is a clinical workflow application operated by Keystone Intl Ventures Ltd. The Service is offered through a mobile app (iOS) and a companion web dashboard, and is designed exclusively for licensed healthcare professionals and their staff to manage surgeries, patients, and patient communication on behalf of their organization. The iOS app is published on the Apple App Store by Keystone Intl Ventures Ltd.
This policy explains what data we collect, why we collect it, how we use and share it, and the rights you have over it.
2. Data we collect
We only collect data that is necessary to operate the Service. The categories below mirror the disclosures we file with the Apple App Store.
From healthcare professionals (our users)
- Contact details: name, email address, phone number.
- Account identifiers: a user ID, an organization ID, and an API key issued by us.
- Device identifier: an Expo push notification token, used solely to deliver in-app notifications to your device.
- Voice recordings: short audio clips you dictate inside the app are uploaded to our servers for transcription and intent parsing.
- Diagnostics: crash logs and performance data, used to keep the Service stable.
About patients (entered by professionals)
- Contact details: name and phone number.
- Health information: diagnoses (including ICD-10 codes), surgical indications, surgery dates, clinical notes, and the content of callback consultations and recorded calls.
Patient data is entered by the healthcare professional who has a treatment relationship with the patient. We process it only as a processor on behalf of the professional’s organization (the “Controller”).
3. How we use data
- To authenticate users and enforce organization-level access controls.
- To provide the core features of the Service (managing patients, surgeries, callback queues, and patient calls).
- To transcribe voice dictations and extract structured information from them.
- To deliver push notifications about callback requests and other workflow events.
- To diagnose errors, improve reliability, and prevent abuse.
We do notuse your data, your patients’ data, or your device identifier for advertising, marketing, profiling, or cross-app or cross-website tracking. We do not sell data to third parties.
4. Service providers we share data with
We rely on the following processors to operate the Service. They are contractually bound to use data only on our instructions and to maintain appropriate safeguards.
- Vercel — hosting of our web app and API.
- Neon — managed PostgreSQL database storage.
- Expo — push notification delivery and over-the-air updates.
- Retell AI — voice AI calls placed to and received from patients.
- OpenAI — speech-to-text transcription and intent parsing for in-app voice dictation.
- Apple — app distribution and crash reporting on iOS.
5. Where data is stored
Data is stored in the United States on infrastructure provided by the processors listed above. Some processors (e.g. OpenAI, Retell AI) may process data in additional regions; their respective privacy policies apply.
6. How long we keep data
We retain account and clinical data for as long as the user’s organization maintains an active account. Voice recordings are retained as part of the patient record so that professionals can later review what was dictated or said during a call. When an organization deletes its account, we delete or irreversibly anonymize associated data within 30 days, except where retention is required by law.
7. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete the personal data we hold about you, and to object to or restrict certain processing. To exercise these rights, email support@dai.sy. For patient data, please contact the healthcare organization that entered the data; we will support them in fulfilling your request.
8. Security
All data is transmitted over HTTPS and stored in access-controlled infrastructure. API access is gated by per-user API keys and organization-scoped authorization. No method of transmission or storage is perfectly secure, so we encourage users to use strong passwords and to report any suspected security issue to support@dai.sy.
9. Children
The Service is not directed to children, and we do not knowingly collect personal information from individuals under 13 years of age. Healthcare professionals may, in the course of their work, enter patient data about minors; that data is treated as health information under Section 2 and is governed by the healthcare organization that entered it.
10. Changes to this policy
We will update this page when our practices change. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated in-app or by email.
11. Patient SMS messaging
If you are a patient of a clinic that uses the Service, the clinic may send you transactional, healthcare-related text messages — for example pre-surgery and post-surgery reminders, appointment confirmations and scheduling updates, and replies to questions you raised with the clinic’s virtual assistant, Daisy. The SMS messaging program is operated by Fusion AI Inc (trading as Nanogram) on behalf of the clinic. You consent to these messages through the clinic, and the phone number you provide at scheduling is the one enrolled. You can review the full program terms, message frequency, and opt-out instructions on our SMS Terms & Conditions page, and a patient or clinic can also enroll a number on our SMS opt-in page.
Message frequency varies with the patient’s care schedule. Message and data rates may apply. Reply STOP to any message to opt out, or HELP for help.
We do not share a patient’s mobile phone number or their SMS opt-in consent with any third parties or affiliates for those parties’ own marketing or promotional purposes. A patient’s phone number is disclosed only to our messaging provider (Twilio) and the patient’s mobile carrier, solely to deliver the messages the patient asked to receive.
12. Contact
Keystone Intl Ventures Ltd
Email: support@dai.sy