Legal

Privacy Policy

Last updated: 17 May 2026

On this page

  1. Who we are
  2. What information we collect
  3. How we use information
  4. How we share information
  5. Where data is stored & for how long
  6. Security
  7. Your rights & choices
  8. Children’s privacy
  9. International transfers
  10. Changes to this policy
  11. Contact us

This Privacy Policy explains how docpk (“docpk”, “we”, “us”, “our”), a product of Diginuance (SMC-PRIVATE) LIMITED, handles information when you use our website at docpk.com, our web application at app.docpk.com, and our mobile applications (collectively, the “Service”).

We take privacy seriously — especially when it comes to health information. Read this policy carefully. By using docpk, you agree to the practices described below.

1. Who we are

The data controller for information processed through docpk is Diginuance (SMC-PRIVATE) LIMITED, based in Rawalpindi, Pakistan. You can reach our privacy team at [email protected].

2. What information we collect

2.1 Information doctors give us

  • Account information — name, email address, mobile number, professional qualifications, clinic name, password (stored hashed).
  • Profile information — practice address, profile photo or signature image, branding for prescription letterhead.
  • Billing information — payment instrument details handled by our payment processor; we do not store full card numbers on our servers.

2.2 Information doctors enter about patients

  • Patient identifiers — name, age, gender, mobile number, optional address.
  • Clinical information — prescriptions issued, drugs, dosages, frequency, duration, optional notes, optional diagnosis tags.

Doctors are responsible for ensuring they have appropriate consent from patients before entering personal health information into docpk.

2.3 Information patients receive

When a doctor shares a prescription with a patient via WhatsApp or a live link, the patient does not need to create a docpk account. We may record basic access logs (timestamp, anonymised IP, user agent) for the purpose of detecting abuse of shared prescription links.

2.4 Information we collect automatically

  • Device & usage data — IP address, device type, operating system, browser, pages and features used, timestamps, crash logs.
  • Cookies & similar technologies — see our Cookie Policy.

3. How we use information

We use the information described above to:

  • Provide the Service — create your account, store your patients and prescriptions, generate PDFs, and deliver prescription links.
  • Authenticate you and secure your account.
  • Process billing and manage your subscription.
  • Provide customer support and respond to your requests.
  • Improve, debug, and develop the Service.
  • Detect and prevent fraud, abuse, and security incidents.
  • Send transactional emails (account, billing, security) and — only if you opt in — occasional product updates.
  • Comply with applicable law.

We do not sell your data. We do not use patient health information to train machine-learning models or advertising systems.

4. How we share information

We only share information with:

  • Service providers we engage to operate docpk — for example cloud hosting, email delivery, payment processing, and customer support tooling. These providers are bound by contract to use information only to provide their service to us.
  • Patients the doctor explicitly shares a prescription with (via WhatsApp link or PDF).
  • Law enforcement or regulators, where we are legally required to disclose information in response to a valid lawful request.
  • Successors, if docpk or substantially all of its assets are acquired, in which case your information may be transferred subject to this policy.

5. Where data is stored & for how long

docpk data is stored on cloud infrastructure operated by reputable providers with industry-standard security controls.

We retain doctor accounts and patient records for as long as your account is active. If you delete your account, we will permanently delete or irreversibly anonymise your personal data and your patients’ personal data within 30 days, except where retention is required by law (e.g., for tax or accounting records of past transactions). See Data Deletion for the request process.

6. Security

We use technical and organisational safeguards designed to protect information, including:

  • HTTPS / TLS encryption for all data in transit.
  • Encryption at rest for stored data.
  • Hashed and salted password storage.
  • Role-based access controls for our own staff, on a need-to-know basis.
  • Regular backups and monitoring.

No system is perfectly secure. If we become aware of a breach that affects your information, we will notify you and take appropriate remedial steps.

7. Your rights & choices

Subject to applicable law, you may have the right to:

  • Access the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Delete your account and associated data (see Data Deletion).
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Receive a copy of your data in a portable format.

To exercise any of these rights, write to [email protected]. We will respond within 30 days.

8. Children’s privacy

docpk is intended for use by licensed medical practitioners. We do not knowingly collect personal information directly from children under 13. Doctors may enter clinical information about paediatric patients in the course of treating them, with the consent of a parent or legal guardian; in such cases the parent / guardian’s rights apply on the patient’s behalf.

9. International transfers

docpk operates from Pakistan. Some of our service providers may process data in other jurisdictions. Where this occurs, we put appropriate contractual and technical safeguards in place to protect your information.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date above. For material changes we will notify account holders by email or in-app notice.

11. Contact us

For any privacy questions or to exercise your rights, contact:

Diginuance (SMC-PRIVATE) LIMITED
Privacy Office
Rawalpindi, Pakistan
Email: [email protected]