Loading...

Privacy Policy


Netssand Doctor Privacy Policy

Effective date: July 5, 2026

Last updated: July 5, 2026

Netssand Doctor is operated by NETSSAND (PRIVATE) LIMITED. This Privacy Policy explains how we collect, use, store, disclose, and retain information when doctors, medical professionals, patients, and approved external service providers use Netssand Doctor and related Netssand services.

This policy is written for the current Sri Lanka medical-practitioner workflow and for App Store / Play Store privacy disclosure alignment. It does not claim HIPAA or GDPR compliance unless Netssand separately confirms that those laws apply to a specific deployment or customer arrangement.

1. Who this policy covers

  • Doctors and medical professionals: account users who register, verify their professional details, create sessions, manage patients, issue prescriptions, and create medical records.
  • Patients: people whose information is entered by a doctor or by an approved external service for queueing, consultation, prescription, medical-record, or care-continuity purposes. Patients may not have their own app account.
  • External service providers: approved systems or partners that use Netssand APIs to add, update, cancel, or retrieve patient queue information for a doctor's sessions.

2. Information we collect

  • Doctor account and profile information: name, display name, email address, phone number, date of birth, gender, role, qualifications, specialization, SLMC or other registration number, app account/user ID, account creation time, profile photo, public key, app version, and account status.
  • Doctor verification and professional materials: ID or registration document images, signature/stamp images, signature/name/registration-number upload images, verification status, and related support or re-registration information.
  • Patient and queue information entered by doctors or approved external services: patient name, phone number, email address, birthday or age-related information, gender, patient ID, PHN or similar identifier, height, weight, allergies, comorbidities, current medications, conditions, queue number, session ID, external reference ID, status, payment status, cost, creator/canceller metadata, and session attendance details.
  • Clinical record information: assessments, diagnoses, symptoms, signs, investigations, medications, prescriptions, referrals, billing details, medical-record templates, issued prescriptions, issued medical records, timestamps, signatures, and related metadata.
  • Digital signature information: public keys, signature metadata, and signatures needed to verify prescriptions and medical records. Private signing material and mnemonic recovery words are generated and kept on the doctor's device according to the app's current signature workflow. Doctors are responsible for keeping recovery words secure.
  • Device, app, and technical information: account authentication identifiers, doctor integration keys, push notification tokens, device type, app interaction events, screen and feature usage, crash reports, performance diagnostics, logs, IP-derived request metadata, and information needed to protect, debug, and operate the service.
  • Uploaded media and files: profile images, doctor credential images, stamp/signature images, and any clinical-report or patient-record images the app allows a doctor to capture, select, or upload.

3. How we use information

We use information to:

  • Create and maintain doctor accounts.
  • Verify doctors and professional account status.
  • Create and manage sessions, patient queues, and patient lifecycle states.
  • Generate, digitally sign, issue, search, retrieve, and display prescriptions and medical records.
  • Support drug, allergy, medication, and clinical-record workflows available in the app.
  • Send prescription and medical-record links by email or WhatsApp when requested through the workflow.
  • Send push notifications for care, status, verification, and operational alerts.
  • Provide support, investigate issues, prevent misuse, maintain security, and improve reliability.
  • Diagnose crashes and performance problems.
  • Comply with lawful requests and support patient-care, legal, audit, professional, and regulatory retention needs.

4. Doctor responsibilities for patient information

Doctors and medical professionals are responsible for ensuring they have the authority, consent, professional basis, or legal basis required to enter, use, disclose, and send patient information through Netssand Doctor. Doctors should enter only the information needed for the relevant care, prescription, queue, record, or communication purpose and should keep their account, device, mnemonic, and credentials secure.

5. Sharing and service providers

We do not sell or rent personal information. We do not use collected data for cross-app tracking or third-party advertising.

We may disclose or process information with:

  • Trusted infrastructure providers for authentication, database storage, server-side functions, file storage, analytics, crash reporting, messaging, hosting, and infrastructure operations.
  • Trusted communication providers for email delivery of verification messages, prescription links, and medical-record links.
  • Trusted communication providers for WhatsApp message delivery when the workflow sends records or prescription links through WhatsApp.
  • Mobile platform and app-store providers for app distribution, OS permissions, push delivery, device services, diagnostics, and platform review requirements.
  • Approved external service providers that are allowed to add, update, cancel, or retrieve queue information for a doctor's sessions.
  • Doctors, patients, healthcare providers, or facilities involved in care, where the app workflow or the responsible doctor directs the disclosure.
  • Regulators, law enforcement, courts, professional bodies, or other parties when required by law, professional obligations, patient-care needs, or to protect rights, safety, and security.

6. Email, WhatsApp, links, and patient access

When a doctor issues a prescription or medical record, Netssand Doctor may create secure record links and send them to the patient by email or WhatsApp using the contact details entered in the record. Patients who need access, correction, or deletion of information should usually contact the doctor who created the record, because the doctor controls the clinical content and patient-care context. Patients may also contact Netssand support, and we may coordinate with the responsible doctor where appropriate.

Some issued prescriptions and medical records may be retained even after an account deletion or correction request because they may be required for patient care, verification, legal, audit, professional, or regulatory purposes.

7. Device permissions

Camera and photo library access are used to capture or select doctor credentials, verification documents, profile images, stamp/signature images, and clinical-report or patient-record images where the app workflow supports uploads.

Biometric authentication, such as Face ID, Touch ID, or fingerprint authentication, is used locally by the device to confirm sensitive actions such as signing prescriptions, viewing/copying signature information, or requesting account deletion. Netssand does not receive or store biometric templates.

Notifications are used for care, prescription, patient-status, verification, and operational alerts. The app may store push notification tokens and device type so notifications can be delivered.

8. Security

We use technical and organizational safeguards designed to protect information, including account authentication, managed cloud infrastructure, access-controlled database and file-storage paths, server-side functions for sensitive workflows, secret-managed integration keys, transport encryption, and restricted write paths for patient and medical-record data.

No method of transmission or storage is completely secure. Netssand cannot guarantee absolute security, and doctors should protect their devices, account passwords, biometric settings, and signature recovery words.

9. Retention and deletion

We retain information for as long as needed for the purposes described in this policy, including care, account operation, audit, support, legal, professional, and regulatory purposes.

Account deletion is scheduled after a doctor requests deletion in the app. The doctor can cancel the request within 7 days by logging back in. After that period, the account is intended to be permanently deleted from active account systems.

Account deletion removes login access, profile details, contact details, metadata, and verification documents from active systems where feasible. Already issued prescriptions and medical records may not be deleted because they may be required for patient care, legal, audit, professional, or regulatory purposes. Those issued records may continue to show the doctor's name, registration number, signature, and other information as it appeared when issued.

Cancelled or completed patient queue records may be retained in redacted lifecycle form so queue numbers, session counts, and audit history remain consistent. Diagnostic logs, delivery logs, backups, and security records may be retained for a limited period consistent with operational, legal, and security needs.

10. Analytics and diagnostics

We may use analytics, crash reporting, and related diagnostics to understand app usage, identify errors, improve performance, and maintain reliability. Analytics and diagnostics are not used for cross-app tracking or advertising.

11. International transfers and hosting

Netssand Doctor uses cloud infrastructure and service providers that may process or store information in countries other than the country where a doctor, patient, or external service is located. Where required, we take steps intended to protect information during such transfers and processing.

12. Children's information

Netssand Doctor is intended for use by registered medical professionals, not by children as app account users. Doctors may enter information about child patients only where they have the professional authority, consent, or legal basis required for the care or record purpose.

13. Your rights and requests

Depending on applicable law and the context of the information, you may request access, correction, deletion, or a copy of personal information. Some requests may be limited where information must be retained for patient care, legal, audit, professional, regulatory, security, or record-integrity reasons.

To make a privacy request, contact [email protected]. Please include enough information for us to identify the relevant account, doctor, patient record, or issued document. We will review requests and respond within a reasonable period, subject to identity verification and applicable obligations.

14. Changes to this policy

We may update this Privacy Policy as the app, law, service providers, or data practices change. Material changes will be made available on this page, in the app, or through another reasonable notice method.

15. Contact

For privacy questions, requests, or concerns, contact:

NETSSAND (PRIVATE) LIMITED
Email: [email protected]