Privacy Policy
MediScript Privacy Policy
MediScript is a mobile application that lets licensed doctors create digital prescriptions, share them as PDF files, maintain a local record of the prescriptions they have issued, and keep free-form clinical notes. This policy explains how the App handles information, with a privacy-first design that keeps your data on your device.
1. Who We Are
MediScript ("the App", "we", "us", "our") is a mobile application for licensed doctors. You can reach us at khush.desai.kol@gmail.com.
If you are a patient: MediScript is used by your doctor. Your doctor (not the App developer) decides what information about you is entered into the App and is the party responsible (the "data controller") for that information. Please direct questions about your records to the treating doctor.
2. Our Privacy-First Design: Data Stays on Your Device
MediScript is designed to keep your data on your device. We do NOT operate a backend server, and we do NOT transmit your account information, patient records, or clinical notes to us or to any server operated by us.
- All data you enter is stored locally on your device using the device's on-device storage (AsyncStorage).
- We (the developer) cannot see, access, collect, or retrieve your data.
- There is no account on our servers, no cloud sync, no remote backup, and no login to any service operated by us.
- Data leaves your device in only two situations: (i) when you explicitly choose to share or print a file (see Section 5); and (ii) when a doctor runs the optional NMC registration check, which sends the entered medical registration number to India's public Indian Medical Register to confirm it (see Section 6).
No patient records, clinical notes, passwords, or images are ever transmitted off the device by the App.
3. Information Processed by the App
Except for the NMC check in Section 6, everything below is processed and stored locally. We do not receive it.
(a) Doctor account information:
- Full name, qualification, registration number, state medical council, year of registration.
- Email address and phone number.
- Password (stored only as a salted, one-way SHA-256 hash — the plaintext password is never stored).
- Optional profile photo and signature image.
- Optional clinic details: clinic name, address, phone, email and other free-text notes shown in the prescription footer.
- The result of the optional NMC registration check (verified / partial / unverified, the date checked, and the matching register details), stored on the device alongside the profile.
(b) Patient and clinical information (entered by the doctor for each prescription):
- Patient name, age, sex, phone number, email, blood group.
- Weight, height and the calculated BMI.
- Visit type, chief complaint, history, examination findings, diagnosis, tests, medications, advice and remarks.
(c) Clinical notes (entered by the doctor):
- Title, body text, a category tag, and pin state.
- Optionally, a linked patient name and phone number (only when the doctor chooses to link one; notes do not require a patient).
(d) Device permissions and access used (only when you trigger the relevant feature):
- Camera — to take a profile photo or capture a signature.
- Photo library — to choose a profile photo or signature image.
- Internet / network access — used ONLY for the optional NMC registration check (Section 6); the App also reads the device's network-availability status to decide whether that check can run.
- Haptics/vibration — for tactile feedback.
The App does NOT record audio, and it does NOT collect device identifiers, location data, advertising IDs, usage analytics, crash analytics, or contacts.
4. How the Information Is Used
The information is used solely to provide the App's core features on your device:
- Authenticating the doctor's local login.
- Optionally confirming the doctor's registration number against the public NMC register at sign-up (see Section 6).
- Generating prescription and note PDF documents.
- Maintaining and displaying the doctor's own prescription history, grouped by patient phone number, and the doctor's own notes.
- Pre-filling the form for returning patients.
- Exporting and printing records at the doctor's request.
We do not use the information for advertising, profiling, or any secondary purpose, and we never sell it.
5. Sharing and Printing of Information
The App shares or prints data only at your explicit instruction, using your device's native share sheet or print dialog:
- Prescription PDFs — when the doctor taps "Share PDF" or "Print".
- Note PDFs — when the doctor shares or prints a note.
- A CSV export of prescriptions — "Export data".
- An RTF export of notes (opens in Word/Docs) — "Export notes".
- A combined export of both — "Export all data".
When you share or print a file, it is handed to the app, contact, or printer you select (for example WhatsApp, email, a printer, or cloud storage). Once shared, the data is governed by the privacy practices of that destination app or service, which are outside our control. Doctors are responsible for sharing patient information only through channels and with recipients permitted by applicable medical-confidentiality and data-protection laws.
Apart from this and the NMC check in Section 6, we do not disclose your information to any third party. We have no servers from which information could be disclosed.
6. Online Registration Verification (NMC)
To help confirm that accounts belong to genuinely registered practitioners, the App offers a registration check against India's public Indian Medical Register, published by the National Medical Commission (NMC). This runs when a doctor registers, and can be run again from the profile screen.
- What is sent: only the medical registration number you entered is submitted to the NMC's public register search. The name, council, and year you entered are compared to the public results ON YOUR DEVICE — they are not sent as search terms.
- How it works: the App opens the NMC's public register page inside an in-app browser (WebView) and performs the same public search you could run yourself in any web browser. Your connection is made directly to the NMC's website, not through any server of ours.
- Who receives it: the National Medical Commission / Government of India. Their handling of that request is governed by their own privacy practices, which are outside our control.
- It is optional: if you have no internet connection, or the register can't be reached, or you prefer not to verify, you can choose "Register without verifying" and continue using the App normally.
- No other data — no patient records, notes, passwords, or images — is ever sent during this check or at any other time.
7. Data Retention and Deletion
- Data remains on your device until you delete it or uninstall the App.
- Doctors can permanently delete individual prescriptions or notes, or clear all data — prescriptions AND notes — from within the App (Profile > Data Management > Clear all data), confirmed with the doctor's registration number.
- Uninstalling the App removes all locally stored MediScript data from the device. This action is irreversible; there is no cloud backup to restore from.
- We do not retain any of your data, because we never receive it.
8. Security
- Passwords are never stored in plaintext; they are protected with a per-account random salt and a one-way SHA-256 hash.
- Patient records, clinical notes, and account data are stored in the App's private, sandboxed on-device storage, which is isolated from other apps by the operating system.
- No patient records, notes, or credentials are transmitted off the device, removing the risks associated with server-side breaches. The only outbound request the App makes is the optional NMC registration-number check in Section 6.
No method of electronic storage is 100% secure. You are responsible for securing the device itself (screen lock, device encryption, OS updates) and for who you grant physical access to it. Because data is device-local, loss, theft, or damage of the device may result in permanent loss of the data.
9. Children
MediScript is a professional tool intended for use by licensed doctors and is not directed to children. Patient information about minors may be entered by a doctor in the course of care; such information is handled the same way as all other on-device data and remains the responsibility of the treating doctor.
10. Your Rights
Because all data is stored locally and under the doctor's direct control, doctors can access, correct, export, and delete the data at any time from within the App. Patients wishing to exercise rights over their health information should contact their treating doctor, who controls those records. Depending on your jurisdiction (e.g. India's DPDP Act, the EU/UK GDPR), you may have additional statutory rights; please consult the treating doctor and applicable law.
11. Third-Party Services
The App is built with the Expo / React Native framework and uses open-source libraries that run on-device. It does not embed advertising SDKs or analytics SDKs.
The one third party the App may contact is the National Medical Commission's public Indian Medical Register (nmc.org.in), and only for the optional registration check described in Section 6. That check is performed through an in-app browser component (WebView). No data is sent to the developer or to Expo during normal use.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the latest revision. Material changes will be communicated through an App update. Continued use of the App after an update constitutes acceptance of the revised policy.
13. Contact Us
For any questions about this Privacy Policy or your data, contact us at khush.desai.kol@gmail.com.