Last updated: May 2026 | Effective: May 2026 | Version: 1.2
This Privacy Policy explains how the zonov.ai Chrome Extension ("Extension", "we", "our") collects, processes, stores, and shares information when authorised hospital staff ("User", "you") use the Extension to streamline patient registration in hospital HIMS systems.
zonov.ai is a hospital productivity tool designed exclusively for authorised medical registration staff. It reduces manual data entry during patient registration by using three AI-powered features:
Face recognition is powered by face-api.js, an open-source JavaScript library built on TensorFlow.js. All model inference runs entirely within the browser on the hospital staff member's device (CPU-based, no GPU required). The model files (approximately 6 MB) are bundled directly inside the Extension and are never downloaded from external servers.
When face recognition is triggered, the Extension activates the device camera for a live preview. A video frame is captured at the moment of registration or matching. This raw image:
The face-api library extracts a 128-dimensional numerical vector (an array of 128 floating-point numbers) from the face image. This is called a "face descriptor" or "face embedding". It represents the geometry and features of the face as numbers – it cannot be reverse-engineered back into a photograph.
Matching is performed using Euclidean distance – two descriptors are compared mathematically. A threshold of 0.38 is used; descriptors with a distance below this threshold are considered a match. This computation runs client-side in the Extension, not on any server.
chrome.storage.local)When Voice Fill is activated, the Extension uses the Web Audio API (running in a Chrome Offscreen Document) to capture microphone audio. The audio is recorded using the MediaRecorder API in audio/webm format (typically Opus codec) at mono quality.
The Extension continuously monitors audio energy levels to detect when the user has finished speaking. Recording automatically stops after approximately 2.5 seconds of silence (configurable) or a maximum of 15 seconds. No continuous or background recording occurs – the microphone is active only while the Voice Fill button is held or clicked.
The recorded audio blob is sent as a single HTTP request to the Extension's backend proxy server (extension-backend.zonov.ai), which forwards it to Groq's Whisper API for speech-to-text transcription. The audio file is:
The text transcript is parsed by the Extension to identify relevant data fields (mobile number, email address, patient complaints, etc.). These values are auto-filled into the corresponding HIMS form fields. The transcript itself is not stored in any database.
The Whisper model supports Indian languages including Hindi, Hinglish, Tamil, Telugu, Bengali, and others. The Extension instructs the model to transcribe in English (Latin script) to ensure compatibility with HIMS form fields.
The following table clarifies exactly where each type of data processing happens:
| Operation | Where Processed | Network Call? |
|---|---|---|
| Face descriptor computation (TensorFlow.js) | On-Device Browser CPU | No – fully local |
| Face descriptor matching (Euclidean distance) | On-Device Browser JS | No – fully local |
| Face descriptor storage (enrolled patients) | Supabase DB | Yes – HTTPS to supabase.co |
| Face descriptor cache (for matching) | On-Device chrome.storage.local | No – cached locally |
| Aadhaar card OCR (text extraction) | Groq API via backend proxy | Yes – image sent over HTTPS |
| Voice transcription (Whisper) | Groq API via backend proxy | Yes – audio blob sent over HTTPS |
| Patient record storage | Supabase DB | Yes – HTTPS to supabase.co |
| Staff authentication | Supabase Auth | Yes – credentials sent over HTTPS |
| Form field label memory | On-Device chrome.storage.local | No – fully local |
| HIMS form auto-fill (DOM manipulation) | On-Device Content Script | No – fully local |
| Silence detection / audio level metering | On-Device Web Audio API | No – fully local |
When a staff member scans an ID card, the following patient data may be extracted and stored:
Purpose: To populate the HIMS registration form instantly and to enable returning patient lookup so the same patient does not need to be re-registered on future hospital visits.
Storage: Stored in a private Supabase PostgreSQL database (nnzozslhgdmgnfhtadoq.supabase.co) scoped to your hospital's identifier. Each hospital's data is logically isolated by a hospital_id column with Row-Level Security (RLS) policies enforced at the database level.
If a patient's face is enrolled for return visit recognition, a 128-dimensional numerical face descriptor is generated and stored in the Supabase database, linked to the patient record. The source photograph is never stored. Full technical details are in Section 2.
Card images are transmitted to the Groq API for text extraction. They are not stored by zonov.ai or its backend. See Section 6 for Groq's data handling terms.
Audio is captured only while Voice Fill is active, sent to Groq Whisper for transcription, and immediately discarded. Not stored by zonov.ai. See Section 3 for full details.
Staff log in with email and password via Supabase Authentication. Passwords are hashed and managed entirely by Supabase – the Extension never stores passwords. Only the encrypted JWT session token is stored in chrome.storage.local on the staff device.
The Extension learns which HIMS page input labels correspond to patient data fields to improve autofill accuracy. These label mappings are stored locally in chrome.storage.local and contain only HTML label strings – no patient data. They are cleared when the Extension is uninstalled.
After a patient is successfully registered in HIMS, staff may save the hospital-assigned Unique Health ID (UHID / Reg No) to link it to the patient's Supabase record.
Purpose: AI language model inference for ID Card OCR and Voice Transcription.
Data transmitted: Card image (JPEG/PNG) and/or audio file (WebM/Opus). No patient name, ID numbers, or database records are sent to Groq.
Routing: Requests pass through extension-backend.zonov.ai (a secure backend proxy). The proxy adds the Groq API key server-side – the key is never exposed in the Extension code.
Refer to Groq's Privacy Policy for their data handling commitments.
Purpose: Cloud PostgreSQL database and authentication service. Stores patient identity records, face biometric descriptors, and manages staff authentication.
Data isolation: Row-Level Security (RLS) policies ensure each hospital can only access its own patients.
Refer to Supabase's Privacy Policy for their infrastructure commitments.
A secure intermediary server that forwards ID card images and voice audio to Groq API server-side. Does not log request content, does not store images or audio files, and does not share data with any other service.
The Extension does not use or transmit data to any advertising network, analytics service, social media platform, data broker, or government service.
| Data Type | Retention Period | Who Controls Deletion |
|---|---|---|
| Patient identity records (name, Aadhaar, address, etc.) | Until deleted by hospital administrator via dashboard or API | Hospital administrator |
| Face biometric descriptors | Until deleted by hospital administrator; or upon patient's deletion request | Hospital administrator / Patient (via hospital) |
| Hospital UHID mappings | Until patient record is deleted | Hospital administrator |
| Staff session tokens | Until session expires or staff logs out; cleared on Extension uninstall | Staff member / Auto-expiry |
| Form label memory (local) | Until Extension is uninstalled | Staff member (device-level) |
| Face descriptor cache (local) | Refreshed on each use; cleared on Extension uninstall | Auto-managed by Extension |
| ID card images | Never stored. Discarded immediately after OCR API response | N/A – not retained |
| Voice audio recordings | Never stored. Discarded immediately after Whisper transcript is returned | N/A – not retained |
| Voice transcripts | Never stored. Used only to fill form fields, then discarded | N/A – not retained |
Hospitals can delete individual patient records and their associated face descriptors at any time via the zonov.ai dashboard or by contacting support. Upon deletion, the record is permanently removed from the Supabase database and cannot be recovered.
When the Extension is removed from Chrome, all data stored in chrome.storage.local is automatically deleted by Chrome. Patient records stored in Supabase are not affected – they remain until deleted by the hospital administrator.
| Permission | Why It Is Required |
|---|---|
storage | Stores staff session token, per-site form field label memory, patient record cache for offline fallback, and face descriptor cache for faster matching. All stored locally on the device. |
scripting | Required as a reliable fallback to re-inject the form-fill content script if it becomes unavailable on a HIMS page. Hospital HIMS systems vary in URL structure and cannot all be pre-declared at install time. |
offscreen | Chrome MV3 prohibits service workers from accessing the Web Audio API or running TensorFlow.js inference. An Offscreen Document is required to capture microphone audio and run face-api.js model inference. |
activeTab | Allows the Extension to capture a screenshot of the currently active tab for Aadhaar card scanning. Access is granted only when the staff member explicitly clicks the scan button. |
Content Script: <all_urls> | Hospital HIMS systems run on private/internal servers at unpredictable URLs. The content script must be available on any URL to respond to user-initiated form-fill actions. The script is completely dormant by default – it only activates when the staff member explicitly triggers a feature from the Extension popup. |
Host: *.supabase.co | Required to read and write patient records, face descriptors, and staff authentication tokens. |
Host: api.groq.com | Required to send ID card images for OCR and voice audio for speech-to-text transcription. |
Host: extension-backend.zonov.ai | Required to communicate with the secure backend proxy server that handles Groq API requests server-side. |
Host: zonov.ai, *.zonov.ai, zonovai.vercel.app | Required to serve extension resource files and allow content script communication on the zonov.ai web portal pages. |
Under India's Digital Personal Data Protection Act 2023 (DPDP Act) and GDPR (where applicable), patients whose data is processed have the following rights:
These rights should be exercised by contacting the hospital where the data was registered. Hospital administrators can fulfil deletion requests via the zonov.ai dashboard. For technical assistance, contact arvind@zonov.ai.
The legal basis for processing patient data through this Extension is:
zonov.ai acts as a data processor on behalf of the hospital (the data controller). The hospital is responsible for ensuring patient consent and compliance with DPDP Act 2023 obligations.
We may update this Privacy Policy as the Extension evolves. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated to hospital administrators via email. Continued use of the Extension after changes constitutes acceptance of the revised policy.
For privacy-related questions, data deletion requests, or compliance queries:
© 2026 zonov.ai | Privacy Policy v1.2 | Chrome Extension v1.2.0