SureMedico Privacy Policy

SureMedico is a verified-only network for licensed medical professionals (18+) practising in India. This policy explains what information we collect, how we store it, who can see it, and your rights under the Digital Personal Data Protection Act 2023 (India).

1. Who we are

SureMedico is operated from Mumbai, India. Reach us at suremedicomail@gmail.com for any privacy question, grievance, or data-rights request.

2. What information we handle

Identity & verification (server-side)

• Full name, phone number, specialty, qualifications
• Medical registration number, council, year of registration
• Verification documents (medical degree, registration certificate, clinic permit) — uploaded by you, reviewed by the SureMedico admin team, and retained as proof of verification
• Profile photo (optional)

Clinic & location

• Clinic name and address as you enter them
• Clinic latitude/longitude — captured once when you tap "Set clinic location" using your device's GPS. Used for SOS radius calculation, consultant find-nearby, and circle auto-suggest. Not tracked in the background.
• Live location at the moment you tap SOS or open the find-nearby map. Sampled on demand only.

Communication & activity

• Posts, comments, and reviews you write inside circles, consultant bookings, vendor entries, and marketplace listings
• SOS alerts you send (category, time, location, recipients) and your responses to others' alerts
• Brownie Points awarded automatically when you respond to an SOS or accept a coverage request

Device data

• FCM push token — used to deliver SOS, verification status, and circle notifications to your device
• Crash reports (release builds only) via Firebase Crashlytics — stack trace + device model + OS version + app version. No name, phone, or registration number is logged.

Stored on this device only (encrypted at rest)

Local Hive storage (AES-256, key in Android Keystore) holds:

• JWT access & refresh tokens
• Cached profile fields, current FCM token, draft posts, consent flag

Never collected

• SMS, contacts, call logs, calendar, or microphone
• Advertising identifiers
• Biometric data
• Background location
• Patient information (SureMedico is for doctor-to-doctor use; patient PHI is intentionally out of scope)

3. Why we handle this information

1. Verification — confirming you are a licensed medical professional before granting access
2. Authentication — verifying it's really you signing in (WhatsApp OTP for +91 phones, Firebase Phone Auth otherwise)
3. Core features — SOS routing within 1 km radius, consultant find-nearby, circle auto-suggest, marketplace and pool memberships
4. Safety & trust — moderating violating content, removing fraudulent vendors, blocking misuse of SOS
5. Stability — anonymous crash reports and aggregate usage trends

4. Who can see your data

• You — full access through the app
• Other verified doctors — your name, specialty, clinic name and approximate location, profile photo, and any content you post inside circles or consultant listings. Your phone number is not shown to other doctors unless you explicitly include it in a post or accept a consultant booking that exchanges contact details.
• The SureMedico admin team — full record (including verification documents) for the verification gate, abuse moderation, and grievance response
• Service providers (Google Firebase for auth/FCM/Crashlytics, Meta WhatsApp for OTP delivery, Google Maps for map rendering) — only the minimum required to provide that service. Bound by their respective platform-data terms.
• Nobody else. We do not sell, rent, share, or trade your data with advertisers, brokers, recruiters, or any third party.

5. How long we keep it

• Account & profile — kept while your account is active. Deleted within 30 days of your written request to suremedicomail@gmail.com.
• Verification documents — retained as proof of verification for the lifetime of the account; deleted on account deletion.
• Posts, comments, SOS history — retained for the lifetime of the account; you can delete individual items where the app supports it.
• Crash reports — 90 days at Firebase Crashlytics' default retention.
• OTP codes — 5 minutes in Redis, then expired or deleted on first successful use.

6. Your rights

Under the Digital Personal Data Protection Act 2023 (India), you have the right to:

• Access — request a copy of all data we hold about you
• Correct — edit your profile, clinic details, qualifications inside the app
• Erase — request full account deletion via email
• Withdraw consent — log out from Profile (clears local data) and email us to delete server-side data
• Raise a grievance — write to suremedicomail@gmail.com with the word Privacy in the subject line. Acknowledged within 7 days; full response within 30 days.

7. Verified-only access

SureMedico is gated by manual admin verification. Your account exists in a "pending verification" state until our admin team reviews your registration certificate. During that period no features are reachable; if verification is rejected, your data is deleted within 30 days unless you appeal in writing.

8. Third-party services

SureMedico uses these services as data processors:

• Google Firebase Authentication — phone-number verification (non-+91)
• Google Firebase Cloud Messaging — push notifications
• Google Firebase Crashlytics — crash diagnostics (release builds only)
• Meta WhatsApp Business Cloud API — OTP delivery to +91 phones via the approved medunity_login_otp Authentication template
• Google Maps Platform — map tiles for SOS, consultant, and circles screens

No advertising SDKs, analytics SDKs, or data brokers are used.

9. Security

• API traffic uses HTTPS / TLS 1.2 or higher
• JWT tokens on device are stored in Android Keystore-backed secure storage
• Hive cache is encrypted at rest with AES-256 (key in Keystore)
• Server access is restricted to a small number of admin accounts
• The app is signed with a developer-controlled key; tampered APKs are rejected by Android

10. Children

SureMedico is for adults aged 18 or over who are licensed medical professionals. We do not knowingly collect data from anyone under 18. If you believe a minor has registered, write to suremedicomail@gmail.com and we will delete the account within 7 days.

11. Changes to this policy

The Last updated date at the top changes whenever we revise this policy. Material changes are announced in-app before they take effect.

12. Contact & grievance officer

• Email: suremedicomail@gmail.com
• Call: +91 77109 12241
• WhatsApp: +91 99674 06651

For email, please include in the subject line:

• Privacy — for data-rights requests (access / correct / delete)
• Grievance — for complaints under the DPDP Act
• Verification — for verification-status questions

Acknowledgement within 7 days; full response within 30 days.