1. Introduction
ZonovAI Investigation Agent ("the Extension") is a Chrome browser extension developed by Zonov AI to help healthcare professionals automate lab and radiology report generation. This Privacy Policy explains what data the Extension accesses, why each Chrome permission is required, where data is sent, and how it is protected.
We are committed to handling all patient-related data responsibly and in compliance with applicable privacy regulations.
2. Data We Access and Process
2.1 Patient Information (from the active EMR page)
When you open the Investigation Agent panel on a hospital EMR webpage, the Extension reads patient details visible on that page – such as patient name, age, gender, and hospital ID (UHID). This data is:
- Read directly from the current browser tab's DOM (webpage content).
- Stored temporarily in browser memory only for the duration of the active session.
- Never stored permanently in any remote database or third-party service.
- Sent to the ZonovAI backend (
ext-inves.zonov.ai) solely to generate the investigation report you request.
2.2 Lab / Radiology Report Data
Test values (e.g., hemoglobin levels, blood counts) entered or extracted via OCR from machine screens are processed by the ZonovAI backend to generate formatted PDF reports. This data is transmitted over HTTPS (encrypted) and is not retained by ZonovAI after the report is generated.
OCR processing may use Groq as a third-party AI service. Images or text needed for OCR can be transmitted to Groq over HTTPS and are used only to complete the requested extraction.
2.3 Voice Transcripts
If you use the voice command feature, audio is recorded from your microphone and sent
to Deepgram (api.deepgram.com) for speech-to-text
transcription. The transcribed text is used to fill report fields. Audio is not stored
locally or by ZonovAI after transcription.
2.4 Camera / Screen Capture Images
Images captured via your webcam or screen (to OCR lab machine displays) are sent to the ZonovAI OCR backend for parameter extraction. Images are processed in real-time and are not retained.
2.5 License Key
Your license key is stored in Chrome's local storage on your device. It is sent to the ZonovAI backend to verify your subscription. It is never shared with third parties.
2.6 Usage Analytics
The Extension sends anonymised usage events (e.g., "OCR started", "report generated") to the ZonovAI backend to help improve the product. No personally identifiable patient data is included in these events.
3. Chrome Permissions Explained
The Extension requests the following Chrome permissions. Each permission is used only for the specific purpose described below.
activeTab Active Tab Access
Why it's needed: Allows the Extension to read the content of the browser tab you are currently viewing. This is used to scrape patient information (name, age, UHID) visible on the hospital EMR page, so you don't have to re-enter it manually. Access is granted only when you click the Extension button – it does not run in the background on tabs you haven't interacted with.
storage Local Storage
Why it's needed: Stores your license key, hospital configuration (letterhead, doctor details), and backend URL preferences. All data is stored locally on your device using Chrome's secure storage APIs and is never synced to external servers without your action.
scripting Script Injection
Why it's needed: Injects the Investigation Agent user interface (the floating panel and launcher button) into the hospital EMR webpage so you can use it directly within your workflow. Scripts are injected only on pages you visit and only when the Extension is active.
downloads File Downloads
Why it's needed: Saves the generated PDF investigation report directly to your computer's Downloads folder after it has been created. No file is uploaded or shared – it is saved locally only.
4. Host Permissions Explained
Host permissions control which web addresses the Extension can communicate with. The following are required:
https://ext-inves.zonov.ai/*
This is the primary backend server for the ZonovAI Investigation Agent. All core operations route through this endpoint, including: OCR image processing, AI-powered lab parameter extraction, PDF report generation, license key verification, hospital configuration sync, and anonymised usage logging. Data is transmitted over HTTPS (encrypted) and is not retained after the response is delivered.
https://zonov.ai/*
Required to access the main ZonovAI website for homepage, documentation, and web application features used alongside the Extension.
https://*.zonov.ai/*
Required to communicate with all ZonovAI backend services across subdomains,
including the primary backend (ext-inves.zonov.ai) for OCR processing,
report generation, license validation, hospital configuration sync, and usage logging,
as well as the patient lookup API (apiprod.zonov.ai) and any future
service endpoints. All communication is over HTTPS (encrypted).
https://zonovai.vercel.app/*
Required to access ZonovAI web application services hosted on the Vercel platform. Used for license management and account-related features.
http://*/* and https://*/*
Why broad permissions are required: This Extension is designed to work on any hospital or clinic Electronic Medical Record (EMR) system. Different hospitals use different software at different web addresses – there is no fixed list of hospital domains. The Extension needs permission to inject its UI and read patient information from whichever EMR website your hospital uses. These permissions do not mean the Extension reads or monitors all websites – it only activates when you explicitly click the Extension button on a page, and it only reads patient fields visible on that EMR page.
5. Data Transmission and Security
- All data transmitted to ZonovAI servers is encrypted using HTTPS/TLS.
- Your license key is used to authenticate requests; it is stored only on your device.
- Patient data is transmitted only to generate the report you explicitly request and is not retained by ZonovAI servers after processing.
- No patient data is sold, rented, or shared with any third party except Deepgram (voice transcription, when you use that feature).
6. Data Retention
- Local storage: License key, hospital configuration, and settings remain on your device until you uninstall the Extension or clear storage manually.
- Session data: Patient information held in memory is cleared when you close the panel or navigate away.
- Server-side: ZonovAI does not retain patient data or report content after the response is delivered to your browser.
7. Third-Party Services
- Groq – OCR and AI extraction (only when OCR is used). See: groq.com/privacy
- Deepgram – voice-to-text transcription (only when voice feature is used). See: deepgram.com/privacy
8. User Rights and Controls
- You can disable the Extension at any time via Chrome's Extensions menu.
- You can clear all locally stored data by going to Chrome Settings → More tools → Extensions → ZonovAI Investigation Agent → Details → Clear site data.
- Voice recording only activates when you explicitly click the microphone button.
- Camera access only activates when you explicitly click the camera button.
9. Children's Privacy
This Extension is designed for use by licensed healthcare professionals. It is not directed at children under the age of 13, and we do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be reflected in the Extension update notes and on this page. Continued use of the Extension after an update constitutes acceptance of the revised policy.
11. Contact
For privacy questions, data requests, or concerns, please contact us at:
Zonov AI
Email: arvind@zonov.ai
Website: www.zonov.ai