Privacy Policy

What We Collect
How We Use Your Data
Data Storage & Security
Third-Party Services
AI Features & Your Data
Your Rights
Children
Changes to This Policy
Contact Us

Doclink ("we", "us", "our") is a doctor-first telemedicine and digital practice management platform built for India, developed by Dr. Sunil Mulgund. We are committed to protecting your privacy and handling your healthcare data with the care it deserves. This Privacy Policy explains what we collect, why we collect it, how we protect it, and your rights over it.

By using Doclink, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the app.

📋 1. What We Collect

We collect only what is necessary to provide Doclink's services. This includes:

Account information: Name, email address, phone number, and (for doctors) medical registration number (MCI/NMC ID), specialty, and clinic details.
Health & clinical data: Diagnoses, prescriptions, SOAP notes, drug history, allergies, lab results, and family member health records that you or your doctor enter into the app.
Device information: Device model, operating system version, app version, and anonymous crash reports. We do not collect your device's IMEI or MAC address.
Usage data: Which features you use (not the content of consultations), session duration, and anonymous analytics events. This helps us improve the app.
Payment information: For consultation fees processed via Razorpay. We never store your card number or CVV — this data goes directly to Razorpay's PCI-DSS-compliant servers.
Profile photos: If you upload a profile picture, it is stored securely in our encrypted cloud storage.

🎯 2. How We Use Your Data

Your data is used exclusively to provide and improve Doclink's services:

To authenticate your account and maintain your session securely.
To generate AI-assisted prescriptions, SOAP notes, and drug interaction checks on your behalf.
To enable telemedicine consultations between doctors and patients.
To store and retrieve your medical records and history.
To process consultation payments via Razorpay.
To send you appointment reminders and important notifications via Firebase Cloud Messaging.
To detect and prevent fraud, abuse, and unauthorised access.

We do not sell your data. We do not use your health data to serve advertisements. We do not share your information with insurers, employers, or any marketing company.

🔐 3. Data Storage & Security

All Doclink data is stored on Supabase, a GDPR-compliant, SOC 2 Type II certified platform hosted on AWS. Key security measures include:

Encryption at rest: All database rows are encrypted using AES-256.
Encryption in transit: All data between your device and our servers travels over TLS 1.3.
Row-Level Security (RLS): Every database query is constrained so that doctors can only access their own patients' data and patients can only access their own records.
No client-side AI keys: Our AI Clinical Assistant sends queries through a server-side proxy (Supabase Edge Function). Your API keys never touch the client app or our git repository.
Authentication: Supabase Auth with email/password and optional OTP. Sessions expire automatically after inactivity.

Data is stored in Supabase's India-region infrastructure where available. We retain your data for as long as your account is active. Deleting your account permanently removes your data within 30 days.

🔗 4. Third-Party Services

Doclink uses a small set of trusted third-party services. Each receives only the minimum data required:

Supabase Database, authentication, file storage, and Edge Functions. Your primary data home.

Firebase (Google) Push notifications via Firebase Cloud Messaging. We send device tokens only — no health data.

Razorpay Payment processing for consultation fees. Card data goes directly to Razorpay — never to our servers.

Groq (AI Proxy) AI-generated clinical text (prescriptions, SOAP notes). Queries are sent server-side. Groq does not store your data.

Google Fonts Web fonts for the Doclink web app. Google may log your IP address per their standard font API policy.

Firebase Analytics Anonymous usage events (e.g., "feature opened"). No health data is included in analytics events.

We do not use any advertising networks, social media trackers, or data brokers.

🤖 5. AI Features & Your Data

The AI Clinical Assistant (powered by Groq's Llama 3.3-70B model) processes clinical queries on your behalf. Here's how it works:

Your query (symptoms, drug names, clinical context) is sent from the Doclink app to our server-side Supabase Edge Function.
The Edge Function forwards the query to Groq's API using a secret API key stored only on the server — never in the app.
Groq's policy is to not retain prompts or completions for training. Queries are processed and discarded.
The AI response is returned to the app and displayed. We do not store AI query/response pairs in our database by default.

Important: AI-generated content is for clinical decision support only. All prescriptions and clinical decisions must be reviewed and validated by the treating physician. Doclink and Dr. Sunil Mulgund are not liable for clinical decisions made solely on the basis of AI output.

⚖️ 6. Your Rights

You have the following rights over your data, regardless of your location:

Access: Request a copy of all personal data we hold about you.
Correction: Update or correct inaccurate data via the Profile section of the app.
Deletion: Delete your account and all associated data. Go to Profile → Settings → Delete Account, or email us at mulgundsunil@gmail.com. Deletion is permanent and completes within 30 days.
Data portability: Request an export of your health records in a machine-readable format (JSON/PDF). Email us to request this.
Withdraw consent: You may stop using Doclink at any time. Uninstalling the app does not delete your data — you must explicitly delete your account.
Complaints: If you believe we have mishandled your data, you may contact us directly or file a complaint with India's Data Protection Board once operational under the DPDP Act 2023.

👶 7. Children

Doclink is intended for use by licensed medical professionals (doctors) and adult patients (18+). We do not knowingly collect personal data from anyone under 18 years of age as a primary account holder.

The Family Health feature allows doctors and guardians to manage health records for minor family members. In this case, the account holder (adult) is responsible for providing appropriate consent on behalf of minors.

If you believe we have inadvertently collected data from a minor, please contact us immediately at mulgundsunil@gmail.com and we will delete it promptly.

🔄 8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

We will update the "Last updated" date at the top of this page.
For material changes (changes that meaningfully affect your rights), we will notify you via email or an in-app notification at least 14 days before the changes take effect.
Your continued use of Doclink after a policy update constitutes acceptance of the revised terms.

We encourage you to review this page periodically.

✉️ 9. Contact Us

For any privacy-related questions, data requests, or concerns, contact:

Dr. Sunil Mulgund — Developer & Data Controller
Email: mulgundsunil@gmail.com
Website: bridgr.co.in

We aim to respond to all privacy requests within 7 business days.

Contents