Privacy Policy
We take your privacy seriously. Here's exactly how we handle your data.
Last updated: April 1, 2026
Quick Navigation
Introduction
OduDoc ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and services (collectively, the "Platform").
Information We Collect
Personal Information
Account Data
Name, email, phone, date of birth, and gender when you create an account.
Medical Info
Health records, prescriptions, lab reports, symptoms, diagnoses, and treatment history.
Payment Data
Card numbers, UPI IDs, billing addresses, and transaction history. Processed by Stripe — we never store full card numbers on our servers.
Doctor Info
Medical license, qualifications, hospital details, and professional experience for doctor profiles.
Automatically Collected
Mobile applications
We publish two iOS and Android apps: OduDoc (the patient app, bundle ID com.odudoc.patient) and OduDoc Pro (the professional app for doctors, nurses, pharmacists, lab techs and other clinical staff — bundle ID com.odudoc.doctor). Both are operated by Sarjudas Digital Trading and Escrow Services LLC and communicate exclusively with www.odudoc.com servers over HTTPS.
Device permissions we request
- Camera — for video consultations and uploading photos of prescriptions, lab reports, or wounds. Off by default; you grant access the first time you start a video call or photo upload.
- Photo library — to attach existing reports to a consultation. We never read photos in the background.
- Microphone — for video and voice consultations.
- Notifications — appointment reminders, doctor messages, lab-result alerts. You can disable any category in Settings → Notifications.
- HealthKit (iOS) / Health Connect (Android) — only if you opt in. Used to import heart rate, sleep, steps, and BP readings for your doctor. Revocable at any time from the OS settings.
- Location (Doctor app only) — when responding to a home-visit request. Not used for tracking.
What we do NOT collect
- Contacts list, SMS, call history, browser history.
- Advertising identifiers — we do not run ads.
- Background location — location is foreground-only, request-scoped.
Deleting your account from a mobile app
Open the app → Profile → Delete account. Or use the web page at odudoc.com/account/delete. Either route immediately tombstones your login. Clinical records may be retained for the period required by healthcare law (typically 7 years) in pseudonymised form — see the Data Retention section below.
Children and the apps
Neither app is targeted at children under 13. For pediatric care, a parent or guardian must create the account and add the child as a family member.
How We Use Your Information
Payments & financial data
Card, UPI, and bank payments are processed by our PCI-DSS-certified gateway partners — Stripe. OduDoc receives only a tokenised payment reference and the transaction amount, status, and timestamp. We never see or store your full card number, CVV, or bank credentials; those are held by the gateway under its own privacy policy and PCI-DSS obligations.
Refunds & chargebacks. Refunds are returned to your original payment method (or, at your choice, credited to your OduDoc Wallet). If you raise a dispute or chargeback, we may share the relevant transaction record with the gateway and your bank to resolve it.
Cryptocurrency payments. Where an organisation enables crypto checkout (USDT, USDC, ETH, or BTC on TRON, Ethereum, BSC, or Bitcoin), we store the destination wallet address, the on-chain transaction hash (txid), amount, and confirmation count so we can verify the payment. Blockchain transactions are public by nature; we do not collect your private keys and cannot reverse an on-chain transfer.
Invoices and payment records are retained for the statutory tax / accounting period (typically 7 years).
Sub-processors
OduDoc uses the third-party providers below to operate the service. Each is bound by a data-processing agreement (DPA) and, where required, a Business Associate Agreement (BAA). We share only the minimum data each provider needs, and none of them may use it for their own purposes. We give at least 30 days' notice before adding a new sub-processor that handles personal data.
| Provider | Purpose | Data shared | Region |
|---|---|---|---|
| Dedicated VPS + Cloudflare (R2, CDN, WAF, DNS) | Application hosting, encrypted file storage, edge delivery | All platform data (encrypted at rest & in transit) | Regional pod (IN / EU / US) |
| PostgreSQL host | Primary database | All platform data | Regional pod |
| Stripe | Card & subscription payments (international) | Tokenised payment reference, amount, email | US / EU |
| Razorpay | Card / UPI / net-banking payments (India) | Tokenised payment reference, amount | India |
| Google (Sign-in, Gemini AI, Maps) | Social login, AI assistance, maps | Name/email (login); de-identified prompt text (AI). No PHI in AI prompts. | US / global |
| Apple | Sign in with Apple | Name, Apple relay email | US / global |
| Meta / Facebook (Login, WhatsApp Cloud API) | Social login, patient messaging | Name/email (login); phone + message content (WhatsApp) | US / global |
| OpenAI · Anthropic | AI failover (differential, scribe, translation) | De-identified prompt text only — no PHI, not used for training | US |
| Daily.co | Video consultation rooms | Ephemeral room tokens; call not stored by provider | US / global |
| Resend | Transactional email (OTP, reminders, receipts) | Email address, message content | US / EU |
| Telegram | Optional OTP / notification delivery | Chat ID, message content | Global |
The exact provider active for a given feature depends on your organisation's configuration and region. AI, video, and email use a failover chain, so the specific provider may vary per request; every provider in the chain is bound by the same terms above.
Deleting your data
You can delete your OduDoc account and the personal data tied to it at any time — including data obtained through Google, Apple, or Facebook sign-in. There are two equivalent routes:
- In the app: Profile → Delete account.
- On the web: visit odudoc.com/account/delete and confirm with your password.
Deletion immediately tombstones your login and removes your linked Google/Apple/Facebook association. Clinical records that healthcare law requires us to keep (typically 7 years) are retained in pseudonymised form for that period only, then destroyed; an immutable audit entry recording that the deletion happened is preserved for accountability. If your identity is KYC-verified, deletion is scheduled 2 years out and signing back in before then cancels it automatically.
Facebook / Meta users: this page is OduDoc's data-deletion instructions URL. Deleting your account here, or removing OduDoc from Facebook → Settings → Apps and Websites, erases the data we obtained via Facebook Login. For help, email [email protected].
Data Security
256-bit Encryption
SSL/TLS encryption for all data in transit
HIPAA / GDPR-aligned
Medical records held under HIPAA/GDPR-aligned safeguards (encryption, access control, audit trail). This describes our practices — not a certification claim.
Access Controls
Role-based access with strict permission management
Regular Audits
Ongoing security assessments and penetration testing
Data Retention
We retain personal data only as long as needed for the purposes it was collected for. Specific retention windows:
- Account data — for the lifetime of your account, plus 30 days after deletion (recovery window).
- Medical records & prescriptions — 7 years from the consultation date, or longer where local healthcare law requires (e.g. 10 years in parts of the EU, indefinitely in some US states).
- Payment records — 7 years for tax / accounting compliance.
- Server logs & analytics — 90 days, then aggregated.
- Marketing emails — until you unsubscribe, plus 30 days for the suppression-list record.
You may request earlier deletion at any time via the Rights section below; statutory medical-record retention may delay full erasure of clinical data.
Your Rights
Access
Request a copy of your personal data
Correction
Update inaccurate information
Deletion
Request deletion of your account and data
Portability
Download your health records in standard formats
Opt-out
Unsubscribe from marketing communications
International users — GDPR, UK GDPR & CCPA
OduDoc serves patients and hospitals globally. Our servers are located in the United States and the European Union, and your data may be transferred to, stored in, or processed in any country where we, our service providers, or our affiliates operate. We rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework for these transfers.
If you are in the EU, UK, or EEA
Under the GDPR / UK GDPR you have the right to: access, rectify, erase, restrict, port, or object to processing of your personal data; withdraw consent at any time; and lodge a complaint with your supervisory authority (e.g. the ICO in the UK, the CNIL in France). The legal bases we rely on are contractual necessity (delivering the consultation you booked), legitimate interest (fraud prevention, service improvement), consent (marketing emails), and legal obligation (medical- record retention).
If you are a California resident
Under the CCPA / CPRA you have the right to know what personal information we collect, to delete it (subject to exceptions like medical-record retention), to correct it, to opt out of any "sale" or "sharing" of personal information, and to non- discrimination for exercising your rights. We do not sell your personal information. To exercise CCPA rights, email [email protected] with the subject line "CCPA request".
Other regions
We honour comparable rights for residents of jurisdictions including Canada (PIPEDA), Brazil (LGPD), the UAE (PDPL), Australia (Privacy Act), and India (DPDP Act 2023). Where local law grants you a stronger right than the rights listed above, that stronger right applies.
Data Protection Officer
For privacy-specific questions or to exercise any of the rights above, contact our DPO at [email protected]. We respond within 30 days as required under most data- protection regimes.
Children's Privacy
Our Platform is not intended for children under 13. We do not knowingly collect data from children. For pediatric consultations, a parent/guardian must create and manage the account.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or Platform notification. Continued use after changes constitutes acceptance.
Contact Us
[email protected]
Registered entity
Sarjudas Digital Trading and Escrow Services LLC
Have questions about your data?
We're happy to help. Reach out any time.
Social sign-in — Google, Apple & Facebook/Meta
You can create or sign in to OduDoc with Google, Apple, or Facebook instead of a password. When you do, the provider gives us only the minimum profile needed to identify your account. We request the least-privilege scopes and we do not post to your social accounts, read your contacts, or access anything beyond the fields listed below.
Google
We access only your name, email address, and profile picture (the standard
email+profilescopes). This data is used solely to create and secure your account and to sign you in. OduDoc's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We never sell this data, never use it for advertising, and never share it with AI models.Apple
With Sign in with Apple we receive your name and an Apple-provided email. If you choose "Hide My Email", that email is a private relay address that forwards to your real inbox — we store only the relay address and use it purely to contact you about your account. You can stop the relay or revoke OduDoc's access at any time in your Apple ID settings, and deleting your OduDoc account removes the relay record.
Facebook / Meta
We request only the
emailandpublic_profilepermissions — your name, profile picture, and email. We use them only to create and secure your account. You can remove OduDoc from Facebook → Settings → Apps and Websites at any time, and you can delete all data OduDoc holds using the steps in the "Deleting your data" section below.