Docpulse

Legal

Privacy Policy

Effective date: May 15, 2026

Docpulse is built around a simple commitment: your health information is yours. This policy explains precisely what we collect, why we collect it, and how you can control it.

1. Information We Collect

We collect information you provide directly, information generated through your use of the platform, and limited technical data required to operate the service.

Account information

When you create an account, we collect your name, email address, and a hashed password. For patients, we also collect date of birth, gender, and the health profile information you choose to enter (blood type, allergies, medical conditions, current medications).

Health and medical information

Information you actively submit: medical reports you upload for AI analysis, health metrics you log (weight, blood pressure, glucose, etc.), appointment records, and any other health data you enter into the platform.

Usage data

We collect information about how you use Docpulse, including pages visited, features used, and the questions you ask the AI Doctor. This data is used to improve the platform and is treated as health-adjacent data subject to the protections described in this policy.

Technical data

IP address, browser type, operating system, and session identifiers are collected automatically. We use session tokens stored in secure, HttpOnly cookies, your authentication credentials are never exposed to browser scripts.

2. How We Use Your Information

We use your information only for purposes you would reasonably expect given the nature of the service:

  • Providing the service - operating your account, authenticating your identity, and delivering AI-powered analysis and recommendations.
  • AI Doctor context - when you use Personal mode, your health profile is included in the context sent to the AI model so that responses are tailored to your situation.
  • Service improvement - aggregated, de-identified usage patterns help us identify bugs, improve accuracy, and prioritise features. Individual health data is not used to train external AI models without your explicit consent.
  • Communication - transactional emails such as appointment reminders, password resets, and important account notices. We do not send marketing email without your opt-in.
  • Safety and legal compliance - detecting fraud, responding to lawful requests from authorities, and enforcing our Terms of Service.

3. Health Data and Medical Information

Health data is the most sensitive category of personal information we process. We apply heightened protections to all health-related data you submit.

Your health information is:

  • Stored encrypted at rest and in transit using industry-standard encryption.
  • Never sold to third parties, insurers, employers, or data brokers, under any circumstances.
  • Never used for targeted advertising or shared with ad networks.
  • Accessible only to you and, where technically necessary, Docpulse staff operating under strict confidentiality obligations.

Docpulse is not a covered entity under HIPAA as defined in 45 CFR §160.103, and the platform does not constitute a medical record system. However, we voluntarily apply privacy practices that align with HIPAA principles because we believe they represent the right standard for handling health information.

4. AI Processing and Analysis

Docpulse uses Google Gemini models to power its analysis features. When you interact with the AI Doctor in Personal mode, your health profile (gender, blood type, allergies, medical conditions, medications) and conversation history are included in the request sent to the AI model.

You should be aware that:

  • AI-generated responses are informational only and are not a substitute for professional medical advice, diagnosis, or treatment.
  • Data sent to AI models is governed by Google's data processing agreements in addition to this policy. We do not permit Google to use your health data to train its models.
  • General mode does not send your personal health data to any AI model. Choose General mode if you prefer to ask health questions without context from your profile.
  • You can delete your AI conversation history at any time from the AI Doctor page. Deleted history is removed from our servers within 30 days.

5. Data Sharing and Disclosure

We do not sell your personal data. We share your information only in the following limited circumstances:

Service providers

We use a small number of sub-processors to operate the platform (cloud hosting, email delivery, AI model APIs). Each sub-processor is contractually prohibited from using your data for any purpose beyond providing the service to us.

Legal requirements

We may disclose information when required by law, court order, or government authority. Where legally permitted, we will notify you before making such a disclosure.

Business transfers

If Docpulse is acquired, merged, or undergoes a change of control, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

With your consent

We will share your information with third parties when you have given us explicit consent to do so.

6. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide you with the service. Specific retention periods:

  • Account data - retained until you delete your account.
  • Health records and metrics - retained until you delete individual records or your account.
  • AI conversation history - retained until you clear history from the AI Doctor page, or until account deletion.
  • Deleted account data - purged from production systems within 30 days of account deletion. Backup copies are deleted within 90 days.
  • Server logs - retained for 90 days for security and debugging purposes, then deleted.

7. Security

We implement technical and organisational security measures commensurate with the sensitivity of the data we handle:

  • All data is encrypted in transit using TLS 1.2 or higher.
  • Passwords are hashed using a strong, salted algorithm and are never stored in plaintext.
  • Authentication tokens are stored in secure, HttpOnly, SameSite cookies, not in localStorage or sessionStorage.
  • Access to production systems and databases is restricted to authorised personnel.

No system is completely immune to security incidents. If a breach occurs that affects your personal data, we will notify you without undue delay and take prompt remedial action.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access - request a copy of the personal data we hold about you.
  • Correction - request that we correct inaccurate data. You can update most information directly from your profile page.
  • Deletion - request that we delete your personal data. You can delete individual health records from the platform directly, or contact us to delete your entire account and associated data.
  • Portability - request your data in a structured, machine-readable format.
  • Objection - object to specific processing activities, including any use of your data for product improvement.
  • Withdrawal of consent - where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@docpulse.ai. We will respond within 30 days.

9. Cookies and Tracking

Docpulse uses a minimal set of cookies:

  • docpulse_token - an HttpOnly session cookie used to authenticate your requests. Essential to the operation of the platform. Expires when you sign out or after a set inactivity period.
  • docpulse-theme - a localStorage item (not a cookie) that stores your light/dark theme preference. Contains no personal data.

We do not use third-party advertising cookies, cross-site tracking cookies, or analytics services that fingerprint individual users.

10. Children's Privacy

Docpulse is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has created an account, please contact us at privacy@docpulse.ai and we will promptly delete the account and associated data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the effective date at the top of this page. Your continued use of the platform after such notification constitutes acceptance of the updated policy.

For non-material changes (corrections, clarifications, formatting), we will update the policy without individual notification.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Docpulse - Privacy Team

Email: privacy@docpulse.ai

Also read our Terms of Service.