Legal
Privacy policy
Plain language, no surprises. This policy covers the hosted Docuity instance; if you use a self-hosted deployment, its operator is responsible for its privacy practices.
Last updated: 17 July 2026
1. Who we are
“Docuity” is a suite of healthcare apps provided free of charge by the operator of this instance (“the Docuity operator”, “we”). The operator's identity and contact details are published with this deployment (see About). For your Docuity ID account we act as the data controller. For clinical data entered by a clinic, practice, care team, or pharmacy, that organization is the controller and we process the data on its behalf.
2. What we collect
Account data (Docuity ID)
- Email address, display name, and your chosen sign-in credentials (passkey public keys, a salted password hash, or one-time codes — never plaintext passwords).
- Session records: browser/user-agent, IP address, sign-in times — kept to let you review and revoke sessions.
- A consent ledger recording what you agreed to and when.
App data
- Galen: care recipients, notes, shift logs, and files that chart owners and caregivers record.
- MedRota: department rosters, availability requests, and published rotas.
- EHR: patient demographics, encounters, notes, problems, allergies, medications, vitals, and documents entered by the clinic.
- Rx: prescriber registration numbers, patient prescription details, and transmission history.
- Messages: workspace membership and message content (encrypted at rest; not end-to-end encrypted).
- Interaction checker: nothing — queries are processed in memory and not stored.
Technical data
Standard server logs (IP address, request path, status, timestamp) kept briefly for security and reliability. Rate-limit counters. No advertising trackers, no analytics beacons, no cookies other than those needed to keep you signed in.
3. What we use it for
- Providing the apps you and your organization use (contract / legitimate interest).
- Security: sign-in, session revocation, rate limiting, audit trails (legitimate interest / legal obligation).
- Transactional email — verification, magic links, invitations (contract).
- AI-assisted note drafting in Galen, only when a user explicitly requests it (consent, captured in-product).
We do not sell data, run ads, profile users, or use your data to train AI models.
4. Who we share it with
Only the subprocessors listed on the compliance page (email delivery, AI drafting on request, hosting), plus authorities where the law genuinely requires it. Within the apps, your data is visible to the people your organization's roles and memberships grant access to — that is the product working as designed.
5. How long we keep it
Retention periods are listed, per data type, on the compliance page. Deleted accounts are purged after a 30-day window; message retention defaults to 365 days per workspace.
6. Your rights
Export and deletion are self-service in your Docuity ID account. Access, rectification, restriction, objection, and complaint routes are described on the compliance page. We answer requests within 30 days.
7. Security
Our controls — and their honest limits — are described on the security page. No system is perfectly secure; if a breach affects your data we will notify affected controllers and users without undue delay.
8. Children
Docuity accounts are for adults (16+). Care records about minors may be maintained by their caregivers or clinicians as controllers, under their local rules.
9. Changes
We will post changes here with a new “last updated” date, and for material changes we will notify signed-in users. Continued use after the effective date means acceptance.
10. Contact
Privacy requests: the Docuity operator contact published with this deployment (see About). You can always also use the self-service tools in your account.