Legal
Privacy Policy
Last updated: June 17, 2026
The short version: your medical documents are AES-256 encrypted on your phone before anything is uploaded. We — and every storage provider we use — only ever see locked, unreadable ciphertext. We could not read your medical records even if we wanted to. Only your subscription account information and activity metadata are readable by us, and we describe exactly what that is below.
1. Who We Are
DocPat ("we", "us", "our") is a private health record wallet that lets you store, verify, and share your medical documents using zero-knowledge encryption. This Privacy Policy explains what personal information the DocPat mobile application and its supporting services collect, why, how it is used, and the choices you have. This policy applies to all users of the DocPat app and website.
2. Information We Collect
2.1 Account information
- Phone number — required for sign-in via one-time SMS passcode (OTP). Processed by our authentication provider (Firebase Auth).
- Email address and Google profile (optional) — if you choose to sign in with Google.
- Account identifier (UID) — a randomly generated identifier assigned to your account by our authentication provider.
- Display name (optional) — if you choose to set one in the app.
2.2 Your medical documents — always encrypted
When you upload a document (photo, scan, or PDF), it is encrypted entirely on your device using AES-256-GCM before it is transmitted or stored anywhere. Document metadata you enter — file name, document type, doctor name, hospital, date, and notes — are also encrypted on your device before storage. We have no technical ability to decrypt or read any of this content. Your encryption keys are generated and stored in your device's hardware secure enclave and never leave your device in usable form.
2.3 Subscription and billing data
- Subscription status — your current plan (Free, Basic, Pro, Clinic), billing cycle, and renewal date, so we can grant the correct storage limits and features.
- Purchase tokens — an anonymous token issued by Google Play that confirms your subscription is active. We do not receive or store payment card numbers, bank details, or any financial account information — these are handled entirely by Google.
- Transaction identifiers — order IDs provided by Google Play for billing support and dispute resolution.
2.4 Activity and security records
- Usage events — uploads, shares, views, deletions, and key-recovery actions recorded in an append-only audit log. Metadata only — never document content.
- Device records — the list of devices you have authorized, so you can manage multi-device access and revoke any device.
- IP address and request data — processed by our backend for rate limiting, abuse prevention, and anomaly detection. Not stored permanently.
- Sign-in events — successful and failed authentication attempts, used for security monitoring and brute-force protection.
- Blockchain seal references — the cryptographic reference codes recorded when your documents receive their Polygon blockchain seal. These contain no personal or medical information.
2.5 Technical and diagnostic data
- App crash reports — anonymous crash logs to help us fix bugs. No document content is included.
- Device type and OS version — used to ensure compatibility and diagnose technical issues.
3. Where Your Data Lives
| Data | Stored In | What that service can see |
|---|---|---|
| Encrypted document files | Pinata (IPFS distributed storage) | Encrypted ciphertext only — unreadable without your keys |
| Encrypted document metadata (names, notes, dates) | Firebase Firestore (Google Cloud) | Encrypted fields only — unreadable without your keys |
| Blockchain seal | Polygon public blockchain | A cryptographic hash and timestamp — no personal or medical data |
| Account & sign-in data | Firebase Authentication (Google) | Phone number, optional email, account UID |
| Subscription status & purchase tokens | Firebase Firestore + Google Play | Plan type, renewal date, anonymous purchase token |
| Activity audit logs | Firebase Firestore (Google Cloud) | Event type (e.g., "upload"), timestamp — never document content |
| Optional encrypted key backup | Firebase Firestore (Google Cloud) | An encrypted blob only your recovery PIN can unlock |
| Payment card & bank details | Google Play (not stored by DocPat) | DocPat never receives or stores payment card information |
4. Third-Party Service Providers
DocPat relies on the following trusted service providers. Each receives only the minimum data described above:
- Google Firebase — authentication, database (Firestore), and crash reporting.
- Pinata / IPFS — decentralised encrypted file storage. Receives only ciphertext.
- Polygon (blockchain) — public ledger for document seals. Receives only cryptographic hashes.
- Twilio — SMS delivery for OTP login messages. Receives your phone number to deliver the OTP.
- Alchemy — read-only Polygon RPC provider. Does not receive personal data.
- Google Play — payment processing for subscriptions. Manages all financial transactions on our behalf.
- Railway — hosting for our Node.js backend signing server. Processes requests but does not store personal data.
We do not sell, rent, trade, or share your personal information with any third party for marketing or advertising purposes. We do not use your data for advertising.
5. How We Use Your Information
- To authenticate your identity and allow sign-in via OTP or Google.
- To sync your encrypted documents across the devices you authorize.
- To issue and verify blockchain seals proving your documents are unmodified.
- To operate PIN-protected document sharing, including approval requests and access revocation.
- To manage your subscription — granting storage limits, processing renewals, and handling plan changes.
- To process billing events received from Google Play (plan activation, renewal, cancellation, refund).
- To protect the Service through rate limiting, anomaly detection, brute-force lockouts, and security monitoring.
- To show you your own activity history and audit log.
- To send service-related notifications (OTP, security alerts, subscription renewal reminders). We do not send promotional marketing without your explicit consent.
- To investigate and resolve support requests and billing disputes.
- To improve the Service using anonymised crash and diagnostic data.
6. Sharing Controlled by You
Documents are shared only when you explicitly generate a PIN-protected QR code, and only with the person who scans it, enters the correct PIN, and receives your explicit in-app approval. Shares are time-limited (one-use, 24-hour, weekly, or monthly, as you choose) and can be revoked by you at any moment. Recipients view documents in screenshot-protected sessions without receiving permanent copies. Every access event is recorded in your audit log.
7. Subscription Data Handling
When you subscribe to a paid plan through Google Play:
- Google processes your payment and notifies DocPat of your subscription status via a secure server-to-server notification.
- DocPat stores your plan type, billing cycle, and an anonymous purchase token to verify your entitlement.
- DocPat does not receive, process, or store payment card numbers, bank account details, or any other financial account information.
- When you cancel or your subscription expires, DocPat updates your account to the Free plan. Your subscription history (plan type and dates) is retained for billing dispute resolution for up to 24 months.
8. Data Retention & Deletion
- Encrypted documents — deleting a document marks it inactive and removes it from your wallet. Because the IPFS storage network and Polygon blockchain are permanent by design, encrypted ciphertext and seal hashes may persist in those networks; they remain permanently unreadable without your keys.
- Audit logs — kept in append-only form for security and integrity purposes. Cannot be edited by us or anyone else.
- Subscription history — retained for up to 24 months for billing dispute purposes, then deleted.
- Device records — deauthorized devices are retained in deactivated form for your audit trail.
- Account deletion — you may request deletion of your account and all associated personal data (phone number, email, profile, activity logs) at any time. See Section 9 for how to request this.
9. Your Rights & Data Deletion Requests
Depending on your jurisdiction, you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. Because your document content is encrypted with keys only you hold, the most complete export of your records is available directly in the app on your device.
To exercise any right — including account and data deletion — contact us at:
- Email: docpat.contact@gmail.com
- Subject line: Privacy Request — [your request type]
We will respond within 30 days. Identity verification may be required before processing sensitive requests. Account deletion requests are free of charge and will be completed within 30 days of verification.
10. Security Measures
In addition to encrypting all documents on your device before upload, DocPat protects your account with:
- Hardware-backed key storage (device secure enclave)
- PIN-protected key backup and recovery
- Biometric authentication (fingerprint / face unlock)
- Screenshot blocking on shared document views
- Brute-force lockouts on OTP and PIN entry
- Round-the-clock server-side anomaly detection
- Append-only audit logs that cannot be tampered with
- Instant activity freeze capability in the event of a security incident
Despite these measures, no system is perfectly secure. We encourage you to keep your recovery PIN private and stored safely.
11. Children's Privacy
DocPat is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children under this age. If you believe a child has provided us with personal information, please contact us at docpat.contact@gmail.com and we will delete it promptly.
12. International Data Transfers
Our service providers (Google, Pinata, Twilio) may process data in countries outside India. These transfers are governed by appropriate safeguards including standard contractual clauses and data processing agreements. By using the Service, you consent to such transfers to the extent permitted by applicable law.
13. Changes to This Policy
We may update this Privacy Policy as the Service evolves. Material changes (such as new types of data collection or new uses) will be announced in the app or by email at least 14 days before they take effect, with the "Last updated" date revised above. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
14. Contact & Data Controller
DocPat is the data controller for personal data processed under this policy. For privacy questions, data requests, or concerns:
- Email: docpat.contact@gmail.com
- Full contact options: Contact page
We aim to respond to all privacy-related enquiries within 5 business days.