DocTalk Privacy Policy

Effective date: August 14, 2025

Operator / Data Controller: ZY MGMT Co ("DocTalk," "we," "us," "our")
Contact: doctalk@zymgmtco.com

This Privacy Policy explains how we collect, use, disclose, and protect information when you use the DocTalk iOS mobile application and related services (the "Service"). By using the Service, you agree to this Policy.

DocTalk is an AI-powered tool that helps you understand your health through questions and documents. It is not a substitute for professional medical advice or care.

1) Information we collect

We collect the minimum information necessary to operate the Service.

Account Information

  • Required: email address and password hash.
  • Optional: display name (if you add it).
  • Subscriptions: status and purchase/receipt metadata from the Apple App Store and our subscription partner (we do not receive your full card details).

Content You Provide

  • Chats, messages, uploaded files (images, PDFs), and support requests.
  • You choose what to upload. Health-related content is optional and processed only to deliver the Service you request.

Device & Usage Data

  • App version, device model/OS, language, time zone, diagnostics, crash logs, and interaction events to keep the app reliable.

Permissions-Based Data

  • Camera, photo library, and file access only when you use features that require them.

On-Device Storage

  • Mobile secure storage (e.g., Keychain) for sessions and preferences.
  • We do not use third-party tracking cookies or cross-app tracking.

Data we don’t require

  • We do not require your legal name or precise location.

2) How we use information

We use your information solely to provide and improve DocTalk.

  • Operate the Service: chat, document analysis, authentication, subscription management.
  • Process your content at your request: display it back to you and generate AI outputs.
  • Security & integrity: prevent fraud/abuse, protect accounts, debug, and ensure reliability.
  • Communications: service notices and support replies.
  • Product improvement: de-identified or aggregated analytics to improve quality and performance.

We do not use your documents or chats to train publicly available third-party foundation models.
AI processing is configured for transient use only (see Section 3(A)).

3) Sharing & disclosure

We do not sell your personal information and we do not share your personal or health data with advertisers.

(A) AI processing (the only third party we disclose PII to): Secure AI Infrastructure

  • We send your submitted content (and, only as needed for routing/accounting, your email) to our secure AI infrastructure to generate the responses you request.
  • Zero Data Sharing: We do not share your data with any third parties for training, advertising, or commercial purposes. Your information is processed solely to provide you with the service you requested.
  • Zero Data Retention (ZDR): We configure our AI processing for zero data retention— we do not opt in to any data use for model training or product improvement, and we disable data caching and prompt logging where applicable. Your data is not retained after processing.
  • Encryption at Rest: All your data is encrypted when stored, ensuring maximum security and privacy protection.
  • Result: Your prompts/outputs are used only for transient processing to fulfill your request; they are not retained or used for any other purpose under our strict configuration.

(B) App Store & subscription partner (no PII disclosed by us beyond what’s required):

  • The Apple App Store and our subscription partner receive device identifiers and purchase receipts directly from your device to validate your subscription. We do not disclose your chat content to them, and we do not receive your full payment details.

(C) Service providers under our instructions:

  • Hosting/storage, telemetry/analytics, error reporting, and customer support tools may process pseudonymous or aggregated diagnostics to keep the Service reliable. They are contractually prohibited from using your data for their own purposes.

(D) Legal/compliance:

  • When required by law or necessary to protect rights, safety, and the integrity of the Service.

(E) Business transfers:

  • If we are involved in a merger, acquisition, or asset sale, we will ensure equivalent protections or notify you and honor your choices.

4) Subscriptions & payments (iOS)

Purchases are handled via the Apple App Store and a subscription partner. They receive only the identifiers and receipts needed to provide your subscription. We do not receive full payment card details.

5) Security

  • Encryption in transit and at rest for messages and documents.
  • Access controls, least-privilege permissions, and audit logging.

No system is 100% secure, but we continuously work to protect your information and limit access to what is strictly necessary.

6) Data retention & deletion

  • We retain information only as long as necessary to operate the Service, comply with law, resolve disputes, and enforce agreements.
  • Self-serve account deletion: You can delete your account in the app at any time (e.g., Settings → Account → Delete Account). Deletion removes associated data from our active systems (including chats, uploads, and account identifiers), subject to limited retention needed for fraud prevention, security, or legal/billing recordkeeping.
  • Item-level deletion: You can delete individual conversations and uploads anytime.
  • Backups & logs: Purged on a rolling schedule; deleted data disappears once the relevant backups expire.

7) Your choices & rights

  • Access/Update/Delete: manage content in-app; delete your account in-app; or contactdoctalk@zymgmtco.com for assistance.
  • Permissions: revoke camera/photo/file access in device settings.
  • Communications: opt out of non-essential emails via unsubscribe.

Regional rights (where applicable, e.g., GDPR/UK GDPR, CCPA/CPRA): You may have rights to access, correct, delete, port, or restrict processing, and to object to certain processing. We will honor valid requests under applicable law. We do not sell or “share” personal information as defined by the CPRA and do not engage in cross-context behavioral advertising.

8) International data transfers

We operate in the United States and may transfer information to the U.S. and other countries where our secure processing infrastructure operates. Where required, we rely on appropriate safeguards for cross-border transfers, including encryption at rest and in transit.

9) Children’s privacy

The Service is not directed to children under 13 (or the age required by local law). We do not knowingly collect personal information from children. If we learn that a child has used the Service, we will delete the information promptly.

10) Medical & legal disclaimers

DocTalk provides informational outputs only and is not a medical device. It does not diagnose, treat, or prescribe. Always seek the advice of a qualified health professional.

If any content references health law, insurance coverage, appeals, complaints, or patient rights, it is general information, not legal advice, and does not create an attorney–client relationship.

11) Automated decision-making

DocTalk does not make automated decisions that have legal or similarly significant effects on you without meaningful human involvement.

12) Additional notices

  • HIPAA: DocTalk is not a healthcare provider or a HIPAA “covered entity.” HIPAA may not apply to your use of the Service, but we still protect your information as described in this Policy.
  • Do Not Track: The Service does not respond to “Do Not Track” signals (primarily a web browser feature), and we do not conduct cross-app tracking.

13) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will notify you in-app (or by email, where appropriate). Your continued use after changes take effect constitutes acceptance.

14) Contact us

ZY MGMT Co

Email: doctalk@zymgmtco.com