Privacy Policy

1. Who We Are

SurgMD is a professional surgical case logbook and revenue tracking service developed and operated by Dr. Choundappan Madhavan, acting as a Individual under the trade name Chounda. SurgMD is available as a mobile application on iOS and Android.

2. Scope & Applicable Law

This Privacy Policy applies to all users of SurgMD globally, except where regional restrictions apply. SurgMD is governed by and complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.

SurgMD is not available in the United States or the European Economic Area. Users in those regions are not permitted to create accounts. This policy does not make any claims of compliance with HIPAA, GDPR, or other US/EU data protection frameworks.

By using SurgMD, you confirm that you are accessing the service from a jurisdiction where it is available, and that you are a registered medical professional.

3. Data We Collect

We collect only the data necessary to provide the SurgMD service. This includes:

• Account data: Full name, email address, phone number, and password (stored as a hashed credential).
• Professional data: Surgical specialty, hospital affiliations, and other practice details you choose to provide.
• Case log data: Surgical case entries including procedure name, date, hospital, diagnosis, operative notes, and financial details such as fees charged, collected, and pending amounts.
• Clinical media: Photographs and video clips uploaded to case records. You are solely responsible for obtaining patient consent before uploading identifiable media.
• Subscription & payment data: Subscription tier, transaction reference IDs, and payment status. We do not store full card or bank account numbers — these are handled directly by our payment processors.
• Voice & audio data: The voice entry feature is entirely optional and is disabled by default. It must be explicitly enabled in the app's Settings before use. If you choose to enable it, short audio clips from your device microphone are recorded and transmitted to Groq, Inc and Deepgram. for speech-to-text transcription. Audio clips are transmitted to Groq for real-time transcription. We do not retain audio after transcription, but please refer to Groq's Privacy Policy for details on their data handling. You may disable the feature at any time from Settings.
• Device & usage data: Device type, operating system version, app version, and anonymised usage events (e.g., features accessed) for product improvement purposes.

4. Purpose of Processing

We collect and process personal data solely for the following purposes:

• To create and maintain your SurgMD account and authenticate access.
• To provide the core surgical logbook, revenue tracking, and multi-hospital management features of the app.
• To process subscription payments and manage your plan entitlements.
• To store and retrieve clinical media (photos and videos) securely on your behalf.
• To respond to support queries and grievances.
• To improve the SurgMD product through aggregated, anonymised usage analysis.
• To comply with applicable Indian law.

We do not use your personal or clinical data for advertising, profiling, or any purpose beyond those listed above.

5. Third-Party Data Processors

To deliver the SurgMD service, we engage the following third-party processors. Each is contractually bound to handle your data only as directed by us and in accordance with applicable law:

• Supabase, Inc. — Cloud database, authentication, and backend infrastructure. Your account data and case log data are stored on Supabase-managed PostgreSQL databases. Supabase also manages automated backups of your case metadata.
• Cloudflare, Inc. — Content delivery, DNS, and R2 object storage for clinical media (photos and videos). Media files are stored in Cloudflare R2 buckets.
• Amazon Web Services (AWS) — Automated encrypted backup storage for clinical media. Backup data is encrypted with your client-side key and is inaccessible without your Recovery Code.
• RevenueCat, Inc. — In-app subscription management for iOS and Android. RevenueCat receives your subscription status and transaction identifiers from Apple and Google on our behalf.
• Resend, Inc. — Transactional email delivery for account-related notifications.
• Groq, Inc. — Speech-to-text transcription for the voice entry feature. Voice entry is entirely optional and must be explicitly enabled in Settings. When enabled and in use, short audio recordings are transmitted to Groq's API for real-time transcription. Please refer to Groq's Privacy Policy for details on how they handle audio data.
• Deepgram, Inc. — Speech-to-text transcription for the voice entry feature. Voice entry is entirely optional and must be explicitly enabled in Settings. When enabled and in use, short audio recordings may be transmitted to Deepgram's API for real-time transcription. The Developer may use either Groq, Deepgram, or both services based on operational, performance, or availability requirements. Please refer to Deepgram's Privacy Policy for details on how they handle audio data.

We do not sell or share your personal data with any third party for their independent use.

6. Cross-Border Data Transfers

Some of our third-party processors (including Supabase, Cloudflare, AWS, RevenueCat, Resend, Groq, and Deepgram) are headquartered or operate infrastructure outside India. As a result, your data may be stored and processed in data centres located in other countries, including the United States and the European Union. In particular, audio data submitted via the voice entry feature is transmitted to Groq's and/or Deepgram's servers for real-time transcription.

We take reasonable steps to ensure that transfers are covered by appropriate safeguards, including processor agreements that obligate data to be handled securely and only for the purposes described in this policy. As the DPDP Act's cross-border transfer rules are progressively notified by the Indian government, we will update our practices accordingly.

7. Security Safeguards

We implement reasonable technical and organisational measures to protect your data, including:

• Client-side AES-256 encryption: Your case data and clinical media are encrypted on your device before being transmitted to or stored on our servers. Decryption requires your Recovery Code, which is never stored by us.
• Automated encrypted backups: Case metadata is automatically backed up via Supabase and clinical media via AWS. All backup data is encrypted with your client-side key and requires your Recovery Code to decrypt.
• Row Level Security (RLS): Database-level policies ensuring each user can access only their own records — no data cross-contamination between accounts.
• Encryption in transit: All data between your device and our servers is transmitted over HTTPS/TLS.
• Signed URL access for media: Clinical photos and videos are stored in private object storage buckets; access requires time-limited, cryptographically signed URLs generated per request.
• Authentication controls: Passwords are hashed using industry-standard algorithms. Account access uses secure token-based authentication (PKCE flow).

No system is completely secure. While we work to protect your data, you are responsible for keeping your account credentials and Recovery Code confidential and safely stored. Loss of your Recovery Code will result in permanent loss of access to your encrypted data.

8. User Responsibility & Patient Consent

SurgMD is a professional tool for use by registered medical practitioners. As the user, you are solely responsible for ensuring that any patient data or clinical media entered into SurgMD has been collected with appropriate patient consent in accordance with the laws and professional standards of your jurisdiction.

We strongly recommend using anonymised or de-identified patient identifiers wherever possible. SurgMD does not verify whether patient consent has been obtained — this responsibility rests entirely with the treating physician.

9. Data Retention & Deletion

We retain your personal data for as long as your account remains active and for as long as necessary to fulfil the purposes described in this policy. When your account is deleted:

• All account data, case log records, and subscription records are permanently purged from our active database within 30 days of the deletion request, in accordance with the DPDP Act 2023.
• Clinical media (photos and videos) stored in Cloudflare R2 are also deleted within the same 30-day window.
• Encrypted backup copies of your data held in Supabase and AWS are purged within the same 30-day window.
• Anonymised, aggregated usage data that cannot identify you may be retained for product analytics.

We strongly recommend that you use the in-app "Export Data" function regularly before any account deletion. Exported data is provided in decrypted, portable form and will be the only copy of your records available to you after account deletion is confirmed.

You may delete your account at any time from the Settings → Delete Account section within the SurgMD app, or by submitting a request to surgmd.chounda.com/delete-account.

10. Your Rights

Under the DPDP Act 2023, you have the following rights as a Data Principal:

• Right to Access: Request a summary of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data (see Section 9 above).
• Right to Grievance Redressal: Raise concerns about how your data is being processed (see Section 12).
• Right to Nominate: Nominate another individual to exercise your rights in the event of death or incapacity, as provided under the Act.

To exercise any of these rights, contact us at [email protected].

11. Children's Data

SurgMD is intended exclusively for use by registered medical professionals aged 18 and above. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that data has been submitted by a minor, we will take steps to delete it promptly. If you believe a minor has created an account, please contact us at [email protected].

12. Grievance Redressal

In accordance with the Digital Personal Data Protection Act, 2023, any grievances or concerns regarding the processing of your personal data may be directed to our Grievance Officer:

Dr. Choundappan Madhavan
Vanitha Hospital, 3/231, Sankagiri Main Road, Kondalampatty, Salem – 636010, Tamil Nadu, India.
Email: [email protected]

We aim to acknowledge all grievances within 48 hours and resolve them within 30 days of receipt.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will update the Effective Date at the top of this page and, where appropriate, notify you by email or via an in-app notice.

Your continued use of SurgMD after any such changes constitutes your acceptance of the updated policy.