Skip to main content
Your data is protected

Privacy Policy

We take your privacy seriously. Here's exactly how we handle your data.

Last updated: April 1, 2026

Section 1

Introduction

OduDoc ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and services (collectively, the "Platform").

Section 2

Information We Collect

Personal Information

Account Data

Name, email, phone, date of birth, and gender when you create an account.

Medical Info

Health records, prescriptions, lab reports, symptoms, diagnoses, and treatment history.

Payment Data

Card numbers, UPI IDs, billing addresses, and transaction history. Processed by Stripe — we never store full card numbers on our servers.

Doctor Info

Medical license, qualifications, hospital details, and professional experience for doctor profiles.

Automatically Collected

IP addressBrowser typeDevice infoPages visitedTime spentReferring URLsCookies
Section 3

Mobile applications

We publish two iOS and Android apps: OduDoc (the patient app, bundle ID com.odudoc.patient) and OduDoc Pro (the professional app for doctors, nurses, pharmacists, lab techs and other clinical staff — bundle ID com.odudoc.doctor). Both are operated by Sarjudas Digital Trading and Escrow Services LLC and communicate exclusively with www.odudoc.com servers over HTTPS.

Device permissions we request

  • Camera — for video consultations and uploading photos of prescriptions, lab reports, or wounds. Off by default; you grant access the first time you start a video call or photo upload.
  • Photo library — to attach existing reports to a consultation. We never read photos in the background.
  • Microphone — for video and voice consultations.
  • Notifications — appointment reminders, doctor messages, lab-result alerts. You can disable any category in Settings → Notifications.
  • HealthKit (iOS) / Health Connect (Android) only if you opt in. Used to import heart rate, sleep, steps, and BP readings for your doctor. Revocable at any time from the OS settings.
  • Location (Doctor app only) — when responding to a home-visit request. Not used for tracking.

What we do NOT collect

  • Contacts list, SMS, call history, browser history.
  • Advertising identifiers — we do not run ads.
  • Background location — location is foreground-only, request-scoped.

Deleting your account from a mobile app

Open the app → Profile → Delete account. Or use the web page at odudoc.com/account/delete. Either route immediately tombstones your login. Clinical records may be retained for the period required by healthcare law (typically 7 years) in pseudonymised form — see the Data Retention section below.

Children and the apps

Neither app is targeted at children under 13. For pediatric care, a parent or guardian must create the account and add the child as a family member.

Section 4

How We Use Your Information

Facilitate appointment booking and teleconsultations
Provide and improve our healthcare services
Process payments and send transaction confirmations
Verify doctor credentials and maintain quality standards
Send appointment reminders and health tips (with consent)
Comply with legal and regulatory requirements
Analyze usage patterns to improve user experience
Section 5

Data Sharing & Disclosure

We do not sell your personal data. Ever.

We may share information with:

H
Healthcare Providers

Doctors you consult with receive your relevant medical information.

P
Payment Processors

Stripe process payments on our behalf under their own privacy policies.

L
Lab Partners

When you order lab tests, necessary details are shared with accredited labs.

L
Legal Requirements

When required by law, subpoena, or government request.

Section 6

Social sign-in — Google, Apple & Facebook/Meta

You can create or sign in to OduDoc with Google, Apple, or Facebook instead of a password. When you do, the provider gives us only the minimum profile needed to identify your account. We request the least-privilege scopes and we do not post to your social accounts, read your contacts, or access anything beyond the fields listed below.

Google

We access only your name, email address, and profile picture (the standard email + profile scopes). This data is used solely to create and secure your account and to sign you in. OduDoc's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We never sell this data, never use it for advertising, and never share it with AI models.

Apple

With Sign in with Apple we receive your name and an Apple-provided email. If you choose "Hide My Email", that email is a private relay address that forwards to your real inbox — we store only the relay address and use it purely to contact you about your account. You can stop the relay or revoke OduDoc's access at any time in your Apple ID settings, and deleting your OduDoc account removes the relay record.

Facebook / Meta

We request only the email and public_profile permissions — your name, profile picture, and email. We use them only to create and secure your account. You can remove OduDoc from Facebook → Settings → Apps and Websites at any time, and you can delete all data OduDoc holds using the steps in the "Deleting your data" section below.

Section 7

Payments & financial data

Card, UPI, and bank payments are processed by our PCI-DSS-certified gateway partners — Stripe. OduDoc receives only a tokenised payment reference and the transaction amount, status, and timestamp. We never see or store your full card number, CVV, or bank credentials; those are held by the gateway under its own privacy policy and PCI-DSS obligations.

Refunds & chargebacks. Refunds are returned to your original payment method (or, at your choice, credited to your OduDoc Wallet). If you raise a dispute or chargeback, we may share the relevant transaction record with the gateway and your bank to resolve it.

Cryptocurrency payments. Where an organisation enables crypto checkout (USDT, USDC, ETH, or BTC on TRON, Ethereum, BSC, or Bitcoin), we store the destination wallet address, the on-chain transaction hash (txid), amount, and confirmation count so we can verify the payment. Blockchain transactions are public by nature; we do not collect your private keys and cannot reverse an on-chain transfer.

Invoices and payment records are retained for the statutory tax / accounting period (typically 7 years).

Section 8

Sub-processors

OduDoc uses the third-party providers below to operate the service. Each is bound by a data-processing agreement (DPA) and, where required, a Business Associate Agreement (BAA). We share only the minimum data each provider needs, and none of them may use it for their own purposes. We give at least 30 days' notice before adding a new sub-processor that handles personal data.

ProviderPurposeData sharedRegion
Dedicated VPS + Cloudflare (R2, CDN, WAF, DNS)Application hosting, encrypted file storage, edge deliveryAll platform data (encrypted at rest & in transit)Regional pod (IN / EU / US)
PostgreSQL hostPrimary databaseAll platform dataRegional pod
StripeCard & subscription payments (international)Tokenised payment reference, amount, emailUS / EU
RazorpayCard / UPI / net-banking payments (India)Tokenised payment reference, amountIndia
Google (Sign-in, Gemini AI, Maps)Social login, AI assistance, mapsName/email (login); de-identified prompt text (AI). No PHI in AI prompts.US / global
AppleSign in with AppleName, Apple relay emailUS / global
Meta / Facebook (Login, WhatsApp Cloud API)Social login, patient messagingName/email (login); phone + message content (WhatsApp)US / global
OpenAI · AnthropicAI failover (differential, scribe, translation)De-identified prompt text only — no PHI, not used for trainingUS
Daily.coVideo consultation roomsEphemeral room tokens; call not stored by providerUS / global
ResendTransactional email (OTP, reminders, receipts)Email address, message contentUS / EU
TelegramOptional OTP / notification deliveryChat ID, message contentGlobal

The exact provider active for a given feature depends on your organisation's configuration and region. AI, video, and email use a failover chain, so the specific provider may vary per request; every provider in the chain is bound by the same terms above.

Section 9

Deleting your data

You can delete your OduDoc account and the personal data tied to it at any time — including data obtained through Google, Apple, or Facebook sign-in. There are two equivalent routes:

Deletion immediately tombstones your login and removes your linked Google/Apple/Facebook association. Clinical records that healthcare law requires us to keep (typically 7 years) are retained in pseudonymised form for that period only, then destroyed; an immutable audit entry recording that the deletion happened is preserved for accountability. If your identity is KYC-verified, deletion is scheduled 2 years out and signing back in before then cancels it automatically.

Facebook / Meta users: this page is OduDoc's data-deletion instructions URL. Deleting your account here, or removing OduDoc from Facebook → Settings → Apps and Websites, erases the data we obtained via Facebook Login. For help, email [email protected].

Section 10

Data Security

256-bit Encryption

SSL/TLS encryption for all data in transit

HIPAA / GDPR-aligned

Medical records held under HIPAA/GDPR-aligned safeguards (encryption, access control, audit trail). This describes our practices — not a certification claim.

Access Controls

Role-based access with strict permission management

Regular Audits

Ongoing security assessments and penetration testing

Section 11

Data Retention

We retain personal data only as long as needed for the purposes it was collected for. Specific retention windows:

  • Account data — for the lifetime of your account, plus 30 days after deletion (recovery window).
  • Medical records & prescriptions — 7 years from the consultation date, or longer where local healthcare law requires (e.g. 10 years in parts of the EU, indefinitely in some US states).
  • Payment records — 7 years for tax / accounting compliance.
  • Server logs & analytics — 90 days, then aggregated.
  • Marketing emails — until you unsubscribe, plus 30 days for the suppression-list record.

You may request earlier deletion at any time via the Rights section below; statutory medical-record retention may delay full erasure of clinical data.

Section 12

Your Rights

Access

Request a copy of your personal data

Correction

Update inaccurate information

Deletion

Request deletion of your account and data

Portability

Download your health records in standard formats

Opt-out

Unsubscribe from marketing communications

Section 13

International users — GDPR, UK GDPR & CCPA

OduDoc serves patients and hospitals globally. Our servers are located in the United States and the European Union, and your data may be transferred to, stored in, or processed in any country where we, our service providers, or our affiliates operate. We rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework for these transfers.

If you are in the EU, UK, or EEA

Under the GDPR / UK GDPR you have the right to: access, rectify, erase, restrict, port, or object to processing of your personal data; withdraw consent at any time; and lodge a complaint with your supervisory authority (e.g. the ICO in the UK, the CNIL in France). The legal bases we rely on are contractual necessity (delivering the consultation you booked), legitimate interest (fraud prevention, service improvement), consent (marketing emails), and legal obligation (medical- record retention).

If you are a California resident

Under the CCPA / CPRA you have the right to know what personal information we collect, to delete it (subject to exceptions like medical-record retention), to correct it, to opt out of any "sale" or "sharing" of personal information, and to non- discrimination for exercising your rights. We do not sell your personal information. To exercise CCPA rights, email [email protected] with the subject line "CCPA request".

Other regions

We honour comparable rights for residents of jurisdictions including Canada (PIPEDA), Brazil (LGPD), the UAE (PDPL), Australia (Privacy Act), and India (DPDP Act 2023). Where local law grants you a stronger right than the rights listed above, that stronger right applies.

Data Protection Officer

For privacy-specific questions or to exercise any of the rights above, contact our DPO at [email protected]. We respond within 30 days as required under most data- protection regimes.

Section 14

Cookies

We use essential cookies for authentication and session management. Analytics cookies (Google Analytics) help us understand usage patterns. You can disable non-essential cookies in your browser settings.

Section 15

Children's Privacy

Our Platform is not intended for children under 13. We do not knowingly collect data from children. For pediatric consultations, a parent/guardian must create and manage the account.

Section 16

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or Platform notification. Continued use after changes constitutes acceptance.

Section 17

Contact Us

Email

[email protected]

Registered entity

Sarjudas Digital Trading and Escrow Services LLC

Have questions about your data?

We're happy to help. Reach out any time.