Privacy Policy

1. Introduction

This Privacy Policy explains how DocNote Pro ("we", "us", or "our") handles information when you use our website, our cloud software, and our mobile applications (together, the "Services"). By using the Services, you agree to this policy together with our Terms of Service (when published at the same site).

If you use DocNote Pro on behalf of a clinic, practice, or other organization, that organization may have additional obligations toward patients and staff. Where we process personal data strictly on an organization's instructions to deliver the Services, that organization is typically responsible for decisions about patient records and for providing privacy notices to its patients.

2. Who we are

DocNote Pro provides clinic management software for healthcare professionals. For privacy questions or requests, contact us using the details in the "Contact us" section below.

3. Information we collect

3.1 You provide to us

• Account and profile: name, email, phone number, organization or clinic name, job role, and credentials you choose.
• Billing and subscription: we do not collect or store any billing-related details processed through our payment or invoicing flow.
• Support communications: information you send when you email, call, or message us.
• Clinical and operational content: data you or your organization enters into DocNote Pro—such as patient demographics, visit notes, prescriptions (including images if that feature is used), lab or inventory data, and files you attach. This category can include special-category / health-related information, depending on your use.

3.2 Collected automatically

• Device and app: device model, operating system, app version, language, and time zone.
• Connection and security: IP address, approximate location derived from IP (if used for fraud prevention), authentication events, and audit logs related to sign-in, role changes, or access attempts when those features are enabled.
• Diagnostics: crash reports or performance logs that help us fix defects. Where we use third-party crash reporting, it is configured to minimize personally identifying content in logs.

4. How we use information

We use the information above to:

• Provide, maintain, and improve the Services, including synchronization between desktop and mobile clients.
• Authenticate users, apply role-based access control and access controls configured for your organization, and support security options such as two-factor authentication.
• Perform automatic backups and restore capabilities where offered in your plan, to help protect against data loss.
• Monitor for abuse, protect account security, and comply with applicable law.
• Communicate with you about the Services, security alerts, and policy updates.
• Analyze aggregate or de-identified usage to improve performance and features (we do not use this section to sell personal data).

7. Retention

We retain account and service data for as long as your organization maintains an active subscription or as needed to provide the Services. Backup copies may persist for a limited period in line with our backup rotation. After termination, we delete or anonymize data within a reasonable period unless a longer period is required for legal, tax, or dispute resolution purposes.

8. Security

We implement technical and organizational measures appropriate to the sensitivity of the data—such as encryption in transit, encryption for stored data where supported by the product, access logging, least-privilege staff access on our side, and secure development practices. No method of transmission or storage is completely risk-free; if we become aware of an incident that materially affects your data, we will notify you when the law requires it.

10. International transfers

Our primary operations are based in Sri Lanka. If we use service providers in other countries, we take steps designed to ensure appropriate safeguards when required by applicable law (such as contractual clauses).

11. Children

DocNote Pro is intended for healthcare professionals and authorized clinic staff. It is not directed at children under 13 (or the age of digital consent in your region), and we do not knowingly collect personal information from children for consumer purposes. If you believe a child has provided us personal information inappropriately, contact us and we will take appropriate steps.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will change the "Last updated" date at the top and, when changes are material, provide additional notice as required.