1. Who We Are

DossiAid ("we," "us," or "our") is a health record management application. Our registered contact email is support@dossiaid.com. This Privacy Policy describes how we collect, use, and protect your personal information when you use the DossiAid mobile application and website (collectively, the "Service").

2. Information We Collect

Information You Provide

• Account information: Your name and authentication credentials provided via Auth0 (email/password or Google Sign-In).
• Health profile data: Medical history, diagnoses, allergies, medications, immunizations, surgical history, emergency contacts, and insurance information that you choose to enter.
• Family member profiles: Health information for family members you add to your account.
• Documents: Medical records, lab results, imaging reports, and other health documents you upload.
• Insurance information: Insurance plan names, member IDs, group numbers, and card images.

Information We Collect Automatically

• Device information: Device type, operating system version, and a push notification token if you enable notifications.
• Usage logs: An audit log of actions taken within the app (e.g., viewing or editing records) is stored for your own security review.
• QR scan logs: When your emergency QR code is scanned, the time and a anonymised identifier is logged.

3. How We Use Your Information

• To provide and operate the DossiAid Service.
• To generate AI-powered summaries of uploaded medical documents using Anthropic's Claude API.
• To send medication reminders and refill alerts via push notification, if enabled.
• To authenticate your identity securely via Auth0.
• To store uploaded documents in encrypted cloud storage (Amazon S3).
• To respond to your support requests.

We do not use your health data for advertising, sell it to third parties, or share it with insurers, employers, or healthcare providers without your explicit action.

4. How We Protect Your Data

All sensitive health data is encrypted at the field level before being stored in our database. Documents are stored in encrypted Amazon S3 buckets. All data is transmitted over HTTPS/TLS. Access to your data is restricted to your authenticated account only.

5. Third-Party Services

DossiAid uses the following third-party services to operate:

• Auth0 — Authentication and identity management. Auth0 Privacy Policy
• Amazon Web Services (S3) — Encrypted document storage. AWS Privacy Policy
• Anthropic (Claude) — AI document summarisation. Document content is sent to Anthropic's API for processing. Anthropic does not use API inputs to train its models. Anthropic Privacy Policy
• Expo / EAS — App delivery and push notification infrastructure. Expo Privacy Policy

6. Data Retention and Deletion

You may request deletion of your account at any time from the Settings screen within the app. Upon deletion request, your account is deactivated immediately. All personal data, health records, and uploaded documents are permanently deleted within 30 days. You may cancel a deletion request by contacting us within that window.

7. Children's Privacy

DossiAid is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us at support@dossiaid.com.

Parents may create and manage health profiles for their minor children within a parent's account.

8. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you (via the Data Export feature in Settings).
• Correct inaccurate data.
• Delete your account and all associated data.
• Object to or restrict certain processing.
• Data portability (your data export is provided in standard JSON format).

To exercise any of these rights, contact us at support@dossiaid.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via a notice in the app or by email. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at support@dossiaid.com.