MDoc — Privacy Policy

This Privacy Policy explains how M-DOC ("we", "us", "our") collects, uses, shares, and protects information in connection with the MDoc Android mobile application ("App"). Please read carefully. By using the App you agree to the collection and use of information described in this policy.

Contact: If you have questions, email: info@creswave.co.ke.

1. What information we collect

We collect information to provide and improve the App. Types of information:

1.1 Information you provide

• Account details (name, email, phone) — when you register or provide them.
• Profile information — profile photo, display name, job title, etc.
• Health/medical data — only if you explicitly enter it into the App (e.g., vitals, notes). This is sensitive — see below.
• Support messages and feedback you submit.

1.2 Device & usage data (collected automatically)

• Device identifiers (Android Advertising ID, device model, OS version).
• Crash reports and diagnostics (stack traces, logs).
• Usage analytics (features used, session times, performance metrics).
• Network & IP address (for security & localization).

1.3 Location data

We only collect precise device location if you grant location permission. If your workflows do not need location, you can deny that permission and the App will still function.

1.4 Photos, camera, microphone, files

The App may request permission to access camera, microphone, or storage only for features that require them (profile photo, attachments, voice notes). We do not access these sensors without your explicit consent.

2. How we use information

• Provide and maintain the App and its features.
• Authenticate users and manage accounts.
• Process and store medical records and notes you enter in the App (only with your consent).
• Improve app performance via analytics and crash reporting.
• Communicate with you (support emails, notifications you opt into).
• Comply with legal obligations and enforce our Terms.

3. Data sharing & third parties

We may share information in the following limited ways:

• With your consent: when you ask us to share data (e.g., export patient records, share a report).
• Service providers: trusted third-party providers who perform services (hosting, analytics, crash reporting, payment processing) under contract and limited use.
• Legal reasons: to comply with law, protect rights, or respond to valid legal process.

Third-party SDKs used: The App may use third-party SDKs such as Google Analytics / Firebase Analytics, Firebase Crashlytics, and Google Play services. These SDKs collect limited device and usage data. See their privacy policies for details.

If you want a complete list of third-party SDKs used by this specific build, please contact info@creswave.co.ke and include your app version.

4. Data considered sensitive (health/medical)

The App may store health-related information you explicitly enter (vitals, notes, diagnoses). We treat this as sensitive data and protect it with strong safeguards. We only process this data when you explicitly provide it or when necessary for app functionality. If you do not want health data stored, do not enter it in the App.

Important: If your use requires compliance with local health-data regulations (e.g., HIPAA in the U.S.), contact us to discuss enterprise solutions with higher contractual protections.

5. Ads & advertising identifiers

We do not show targeted ads in the default App build. If we enable ads in any release, we will disclose this and the ad networks used. We may use the Android Advertising ID for analytics and advertising purposes only if you opt into ad personalization. You may reset or opt-out via your device settings.

6. Cookies & local storage

The App stores data on the device (local database, SharedPreferences) for caching and offline use. Web landing pages may use cookies; these are standard and used for analytics and functional features.

7. Your rights & choices

• Access: You can request a copy of your personal data.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: You can request deletion of your account and/or data — see instructions below.
• Portability: Request export of your data in a commonly used format (JSON/CSV).
• Opt-out: Opt-out of analytics collection where applicable (in-app setting or system-level options).

To exercise any of these rights, contact: info@creswave.co.ke. We may ask to verify your identity before fulfilling requests.

8. How to delete your account or data

To request deletion of your account and associated data:

1. Open MDoc → Settings → Account → Delete Account (if available in-app) OR
2. Email info@creswave.co.ke with subject "Delete account — MDoc" and include the email address associated with your account.

We will respond within 30 days and delete data as required by applicable law. Some anonymized or aggregated data may be retained for analytics and fraud prevention.

9. Data retention

We retain personal data only as long as necessary for the purposes described, to comply with legal obligations, or to resolve disputes. Retention periods depend on the type of data and legal/regulatory requirements.

10. Security

We use reasonable industry-standard technical and organizational measures (encryption in transit, restricted access, secure hosting) to protect information. No system is 100% secure — if you believe your data has been compromised, contact us immediately at info@creswave.co.ke.

11. Children

The App is not intended for children under 13 (or the minimum age in applicable jurisdictions). We do not knowingly collect personal information from children. If we learn that we have collected such information without parental consent, we will delete it. If you are a parent or guardian and believe we have collected personal information of your child, contact us.

12. International transfers

Data may be processed and stored in locations outside your country. We take steps to ensure appropriate safeguards for transfers (standard contractual clauses or equivalent measures) where required by law.

13. Changes to this policy

We may update this Privacy Policy. If changes are material, we will notify you via in-app notice or email and update the "Effective date" at the top. Continued use of the App after changes indicates acceptance.

14. Legal bases for EU users

If you are in the EU, our legal bases for processing personal data include:

• Performance of a contract (providing the App).
• Compliance with a legal obligation.
• Legitimate interests (app improvement, fraud prevention), balanced against your rights.
• Consent — where required (e.g., sensitive health data), we will obtain explicit consent.

15. CCPA & California residents

If you are a California resident, you may have additional rights under the CCPA, such as the right to opt-out of the sale of personal information and the right to request deletion. To submit a request, email info@creswave.co.ke.

16. Google Play disclosures

• We accurately disclose data collection and sharing in the Google Play Data safety form.
• If we collect location, contacts, or phone numbers, it is only with explicit user permission and for clearly stated features.
• If the app integrates advertising or advertising identifiers, that is stated above.

Make sure you keep the Google Play Data safety form synchronized with this policy and with actual app behavior.

17. Third-party links

The App may contain links to third-party websites. We are not responsible for their privacy practices. Review those sites’ privacy policies before providing information.