Privacy Policy
Introduction
MedDoc Scanner ("we", "our", or "the App") is committed to protecting your privacy and securing your personal health information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application.
By using MedDoc Scanner, you agree to the practices described in this Privacy Policy.
Overview
MedDoc Scanner is designed with privacy as a core principle. All your data stays on your device.
Key Points:
- All documents are encrypted with AES-256 and stored locally on your device
- We never transmit your documents or health information to external servers
- You have complete control over your data
- The only network calls are to Google Play for purchases (no document data is sent)
Information We Collect
Information You Provide
Authentication Information
- 4-digit PIN: Hashed with PBKDF2 + salt (100,000 iterations) and stored in encrypted preferences
- Biometric data (fingerprint/face): Stored locally on your device by Android system, never by us
Document Information
- Scanned medical documents: Images captured using your device camera, encrypted and stored locally
- Document metadata: Titles, categories, notes, tags, creation dates - all encrypted
Extracted Text
- OCR data: Text extracted from scanned documents for search functionality
- Metadata extraction: Dates, names, and other details extracted from documents
Automatically Collected Information
- Scan count (for free tier limit tracking)
- Last active timestamp (for auto-lock feature)
- Failed authentication attempts (for security lockout)
- Encryption key metadata (creation date, version)
- Last backup timestamp
Permissions We Request
| Permission | Purpose | Required |
|---|---|---|
| Camera | To scan and capture medical documents | Yes |
| Storage | To save encrypted documents and create backups | Yes |
| Biometric | To enable fingerprint/face unlock | No |
How We Use Your Information
Core Functionality
- Document Storage: Securely store your scanned medical documents with AES-256-GCM encryption
- Organisation: Categorise and organise documents (Specialist Referrals, Test Referrals, Test Results, Receipts)
- Search: Enable full-text search across your document collection using extracted text
- Security: Authenticate your identity using PIN or biometric authentication
- Backup: Create encrypted backups of your documents (user-initiated only)
Data Storage and Security
Local-Only Storage
MedDoc Scanner does NOT transmit your documents, text, or metadata to external servers. All data stays on your device. The only network calls are to Google Play for purchase verification (no medical content is sent).
Encryption Standards
| Component | Method | Details |
|---|---|---|
| Database | SQLCipher (AES-256-CBC) | All metadata encrypted |
| Files | AES-256-GCM | Unique IV per file |
| Backups | Zip4j AES-256 | Password-protected |
| PIN | PBKDF2-HMAC-SHA256 | 100,000 iterations |
Key Management
- 32-byte master key generated from SecureRandom
- Master key stored in Android Keystore (hardware-backed, non-extractable)
- Separate keys derived for database and files using HKDF-SHA256
Data Protection Features
- Hardware-Backed Security: Encryption keys stored in Android Keystore
- Private Storage: Documents live in app-private storage
- Screenshot Protection: Enabled by default (can be disabled in Settings)
- Auto-Lock: App locks after configurable inactivity period
- Session Security: Authentication required after app backgrounding
Data Sharing and Disclosure
We Do NOT Share Your Data
MedDoc Scanner DOES NOT:
- Share your data with third parties
- Sell your personal information
- Transmit data to external servers
- Use analytics or tracking services
- Display advertisements
- Integrate with social media platforms
User-Initiated Sharing
The ONLY way data leaves your device is when you explicitly:
- Create a backup file and share it yourself
- Share a document via Android's share function
- Contact support and choose to include information in your email
Third-Party Services
Google Play Billing
- Purpose: Process premium purchases
- Data Shared: Purchase tokens only (no medical data)
- Privacy Policy: https://policies.google.com/privacy
ML Kit Document Scanner
- Purpose: On-device document scanning and OCR
- Processing: Entirely on-device (no data transmitted to Google)
No Other Third Parties
MedDoc Scanner does not integrate with any other third-party services, analytics, or advertising networks.
Data Retention
User Control
- You control all data: All information remains on your device until you delete it
- Document Deletion: Documents are permanently deleted when you remove them
- Secure Deletion: Files are overwritten before deletion to prevent recovery
Backup Data
- User Responsibility: Backup files you create are your responsibility to manage
- Encryption: Backups remain encrypted until you decrypt them with your password
App Uninstallation
When you uninstall MedDoc Scanner:
- All encrypted documents are deleted
- All metadata and preferences are deleted
- Backup files you've created will remain in your Downloads folder unless manually deleted
Your Privacy Rights
You have complete control over your data:
- Access: View all your documents and settings anytime
- Modification: Edit document titles, notes, categories, and settings
- Deletion: Delete individual documents or all data
- Export: Create encrypted backups of your data
- Portability: Restore backups on any device
Security Incident Response
Device Loss or Theft
If your device is lost or stolen:
- Your data is protected by AES-256 encryption
- Without your PIN or biometric authentication, data cannot be accessed
- We recommend enabling "Find My Device" features on your device
Security Vulnerabilities
If you discover a security vulnerability, please contact us immediately:
- Email: support@cosmosone.cloud
- Subject: [MedDoc Security]
Children's Privacy
MedDoc Scanner is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.
International Users
MedDoc Scanner is designed for use worldwide. All data processing occurs locally on your device, regardless of your location. No data crosses international borders unless you explicitly transfer it yourself.
Compliance Note
MedDoc Scanner is designed with privacy-by-design principles:
- Data Minimization: Only collect data necessary for functionality
- Purpose Limitation: Use data only for stated purposes
- Storage Limitation: Data stored only on user's device
- Integrity and Confidentiality: AES-256 encryption throughout
- User Control: Complete control over data lifecycle
- Security by Default: Encryption mandatory, not optional
Changes to This Privacy Policy
We may update this Privacy Policy to reflect:
- Changes in legal requirements
- New features or functionality
- Improvements to security practices
Notification: Major changes will be announced in-app.
Contact Information
If you have questions about this Privacy Policy:
Email: support@cosmosone.cloud
Subject Line: [MedDoc Privacy]
Website: https://cosmosone.cloud
Response Time:
- General inquiries: Within 5 business days
- Premium users: Within 24 hours (priority support)
- Security issues: Within 24 hours (all users)
Summary
| Aspect | Details |
|---|---|
| Document storage | Encrypted locally on device (AES-256) |
| Metadata storage | Encrypted database (SQLCipher) |
| Data transmission | None (except Google Play for purchases) |
| Backup security | Password-protected AES-256 encrypted |
| Analytics/Ads | None |
| User control | Complete |