Privacy Policy

Last updated: March 25, 2026

1. Introduction

Rubrisense ("we", "our", "the Service") is committed to protecting your privacy and the privacy of your patients. This policy explains how we collect, use, and protect data.

2. Data We Collect

2.1 Practitioner Data

  • Name, email, phone number
  • Professional credentials
  • Account preferences
  • Usage logs and analytics

2.2 Patient Data (Entered by Practitioners)

  • Patient demographics (name, age, gender, contact)
  • Medical history and symptoms
  • Consultation records
  • Prescription information

3. Data Security

We implement robust security measures to protect sensitive data:

Security Measures

  • Encryption at Rest: Patient PII (name, phone, email, address) and medical history are encrypted in our database
  • Encryption in Transit: All data is transmitted over HTTPS/TLS
  • Data Isolation: Each practitioner's data is logically isolated; doctors cannot access other doctors' patient data
  • Access Controls: Role-based access with secure authentication
  • Audit Logging: We maintain logs of data access for security and compliance

4. AI and Data Processing

Our AI features process consultation data to provide clinical suggestions:

  • Anonymization: Patient PII (name, phone, address) is NOT sent to AI services. Only symptoms, age, and gender are processed.
  • No Training: Your patient data is NOT used to train AI models
  • No Data Selling: We do NOT sell or share patient data with third parties
  • Secure Processing: AI processing uses AWS Bedrock with enterprise security

5. Data Ownership

You own your data. All patient records entered by a practitioner belong to that practitioner. We are a data processor acting on your behalf.

6. Data Retention

  • Patient data is retained as long as your account is active
  • Deleted data is permanently removed within 30 days
  • Backup copies are retained for up to 90 days for disaster recovery
  • Audit logs are retained for 2 years for compliance purposes

7. Your Rights

As a practitioner, you have the right to:

  • Access: View all data stored in your account
  • Export: Download your patient data in standard formats
  • Delete: Request deletion of your account and all associated data
  • Correct: Update or correct any inaccurate data

8. Patient Consent

Practitioners are responsible for obtaining appropriate consent from patients before entering their data into the Service. We provide tools to record this consent.

9. Third-Party Services

We use the following third-party services:

  • AWS (Amazon Web Services): Cloud hosting and AI services
  • Razorpay: Payment processing (we do not store payment card details)

10. Legal Compliance

We comply with applicable data protection laws including:

  • India's Digital Personal Data Protection Act (DPDP)
  • Information Technology Act, 2000
  • Applicable healthcare data regulations

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

  • Session Cookies: We use Session Cookies to operate our Service and keep you logged in.
  • Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies: We use Security Cookies for security purposes.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service (e.g., logging in).

12. Data Breach Notification

In the unlikely event of a data breach affecting your data, we will notify you within 72 hours and take immediate remediation steps.

13. Changes to This Policy

We may update this policy periodically. Significant changes will be communicated via email or in-app notification.

14. Contact

For privacy-related questions or to exercise your rights, contact us at:
privacy{{ str_replace(['http://', 'https://'], '', config('app.url')) }}

← Back