Privacy policy

Health data is the most sensitive data there is. This policy explains what we collect, why, who can see it, and the controls you keep.

Last updated: 2026-07-17

What we collect

  • Account data — name, email, phone number, and (for practitioners) professional registration details such as PMDC number and identity documents used for verification.
  • Health records — visit notes, diagnoses, prescriptions, vitals, lab files and invoices created during care. These belong to the patient's timeline and the treating practice's records.
  • Booking & payment data — appointments, visit fees, instalment schedules and payment references. We never store card numbers, wallet PINs or bank credentials — payments are processed by licensed providers (JazzCash, Easypaisa, PayFast) and we keep only the transaction reference and status they return.
  • Usage data — pages visited on public practice profiles and basic product analytics, used to show practitioners how their page performs and to improve the product.

Who can see your health records

Access to a patient's records is consent-based. A practitioner sees a patient's timeline only while the patient has granted them access, scoped by record category. Patients can review and revoke any grant at any time from their privacy settings.

Every access to a record is written to a tamper-evident audit log that the patient can inspect. Hospital and clinic staff see only what their role requires — front-desk queue displays, for example, never show medical details.

What we never do

  • We never sell personal or health data to anyone.
  • We never share records with employers, insurers or advertisers.
  • We never let a practice keep a patient's records hostage — patients can transfer their timeline to a new practitioner without the old practice's permission.

Where data lives and how it's protected

Data is stored in managed, access-controlled databases and encrypted object storage. Uploaded files (reports, verification documents, photos) are served only through short-lived signed URLs — there are no permanently public file links. All traffic is encrypted in transit (HTTPS).

Cookies & analytics

We use cookies for sign-in sessions and a privacy-conscious analytics setup (Google Analytics 4 and our own first-party page-view counts) to understand aggregate usage. We do not build advertising profiles.

Your rights

  • Access and export your data, including your full health timeline.
  • Correct inaccurate account information.
  • Revoke any practitioner's access to your records at any time.
  • Request deletion of your account — clinical records may be retained where medical record-keeping law requires it, but they stay consent-locked.

Contact

Privacy questions or requests: email no-reply@doctoros.org or call +92 321 8416082 (Mon–Sat, 9:00–18:00 PKT). Postal address: 256, St. 14, Iqbal Block, Sector E, Bahria Town, Lahore, Pakistan.