EyeRxCraft Logo

EYE RX CRAFT

Privacy Policy

Last Updated: November 13, 2025

1. Introduction

Welcome to EyeRxCraft (“we”, “our”, “us”). We are committed to protecting the privacy and security of our users (“you”), who are exclusively licensed Eye Health Care Professionals. This Privacy Policy details how we collect, use, store, and protect your professional information and the patient data you manage through our platform.

By using EyeRxCraft, you agree to the data practices described in this policy. It is essential to read this policy in conjunction with our Terms of Use.

2. Information We Collect

We collect two distinct categories of information:

A. Professional User Data

This is information we collect directly from you during account registration and profile management:

  • Identity Information: Full Name, Email Address, Mobile Number.
  • Professional Details: Professional Title (e.g., Dr., Optom.), Qualification, Profession (e.g., Optometrist), and Registration/License Number.
  • Clinic Information: Clinic/Hospital Name(s), Address(es), and Contact Number(s).
  • Authentication Data: Hashed passwords or authentication tokens from third-party providers (like Google).

B. Patient & Clinical Data (Managed by You)

This is the health information you enter into the platform for your patients. You are the Data Controller for this information. We act as the "Data Processor" on your behalf. This data includes:

  • Patient Demographics: Name, Age, Gender, Contact Information.
  • Clinical Records: Chief Complaints, Medical and Ocular History, Refraction Data, Diagnosis, Prescribed Medications, and General Advice.

This data is stored securely in a Firestore database, architected to isolate each doctor's patient records under their unique user ID.

3. How We Use Information

A. Use of Professional User Data

  • Service Provision: To create, secure, and maintain your account.
  • Personalization: To automatically populate your professional details onto prescriptions you generate.
  • Communication: To send you important service updates, security alerts, and support messages.
  • Improvement: To analyze usage patterns (in an aggregated, non-identifiable form) to enhance platform functionality and user experience.
  • Compliance: To meet legal and regulatory requirements.

B. Use of Patient & Clinical Data

We process the patient data you provide for the following purposes, solely on your behalf:

  • Record Keeping: To store and display patient records and visit histories for your access.
  • Prescription Generation: To generate medicine and power prescriptions based on your clinical input.
  • AI Features: To power AI-driven features, such as providing diagnosis suggestions or learning your prescribing patterns to offer personalized recommendations. All AI processing is automated and does not involve manual review of patient data by EyeRxCraft personnel.

We will never use your patient data for our own purposes, such as marketing, advertising, or selling it to third parties.

4. Data Storage and Security

We implement robust technical and organizational measures to protect all data:

  • Data Isolation: Patient data is stored in Google's secure Firestore database, with security rules designed to ensure that you can only access the patient records associated with your account.
  • Authentication: User accounts are secured using Firebase Authentication, an industry-standard service from Google.
  • Encryption: All data transmitted between your device and our servers is encrypted in transit using HTTPS (TLS). Data is also encrypted at rest by our cloud provider.
  • Access Control: We have strict internal access controls to prevent unauthorized access to the underlying database by EyeRxCraft personnel.

5. Data Sharing and Disclosure

We do not sell or rent your professional or patient data. We will only disclose information under these limited circumstances:

  • With Service Providers: We use trusted third-party services like Google (for Firebase) to operate our platform. These providers are contractually bound to maintain the confidentiality and security of the data they process.
  • For Legal Reasons: If required by law, subpoena, or a valid legal process, we may disclose information to public authorities. We will attempt to notify you of such requests unless legally prohibited from doing so.
  • To Protect Rights: To enforce our Terms of Use and protect the security, integrity, and rights of EyeRxCraft and its users.

6. Your Rights and Responsibilities as a Data Controller

As the controller of your patients' data, you are responsible for:

  • Lawful Basis for Processing: Ensuring you have a legal basis (e.g., patient consent) to collect and manage patient data within EyeRxCraft.
  • Compliance: Adhering to all applicable data protection laws in your jurisdiction (e.g., HIPAA, GDPR, DPDP Act).
  • Patient Rights: Managing and responding to your patients' requests regarding their data (e.g., access, correction, deletion).

EyeRxCraft provides you with the tools to manage this data, including viewing, updating, and deleting patient records.

7. Your Data Rights as a User

You have the following rights over your own professional user data:

  • Access & Update: You can review and modify your professional profile information at any time through your account settings.
  • Deletion: You can request to delete your account. Upon deletion, all your professional data and all patient records you have created will be permanently removed from our systems.

8. Data Retention

We retain your Professional User Data as long as your account is active. If you delete your account, this data is deleted permanently. Patient Data is retained until you delete the specific record or your entire account. Anonymized, aggregated usage data may be retained indefinitely for analytics.

9. Cookies and Tracking Technologies

We use essential cookies for purposes like keeping you logged in and maintaining your session. We do not use third-party tracking or advertising cookies. For more details, please see our Cookie Policy.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons. We will notify you of any material changes via email or an in-app notification.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at support@eyerxcraft.in.