Summary: PraxisMD is built on a privacy-first principle. We do not see, store, or process your patient clinical data — it stays on your device and in your own chosen cloud storage. The data we do hold is limited to what is necessary to operate your account and verify your professional credentials.
PraxisMD ("we", "us", "our") is a clinical documentation platform built for practising clinicians and medical students. Our website is located at www.praxismd.net and our web application is available at app.praxismd.net.
For the purposes of the General Data Protection Regulation (GDPR) and applicable international data protection laws, PraxisMD acts as the data controller for the personal data described in this policy.
If you have any questions about this policy or how we handle your data, please contact us at: support@praxismd.app
We collect only the minimum personal data necessary to provide, operate, and improve the PraxisMD service. This includes the following categories:
Patient clinical data is never sent to PraxisMD servers. Your clinical notes, patient records, consultation summaries, prescriptions, referral letters and all other clinical documents are stored exclusively on your device and in your own chosen cloud storage (such as OneDrive, iCloud, or Google Drive). We have no access to this data.
Specifically, PraxisMD does not collect, store, or process:
Because patient clinical data never leaves your device or your own cloud provider, PraxisMD does not act as a data processor for your patients' personal data. You remain solely responsible for ensuring your own data handling complies with your local healthcare data protection obligations (e.g. GDPR, HIPAA, or equivalent legislation).
Account information, subscription status, clinician verification status, and professional registration data are stored in Google Firebase Firestore, a cloud-hosted NoSQL database operated by Google LLC. Data stored in Firestore is encrypted at rest and in transit. Firebase infrastructure is hosted on Google Cloud Platform in accordance with Google's data processing terms.
All payment card data and billing information is stored and managed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. PraxisMD stores only the Stripe Customer ID and subscription metadata returned by Stripe's API. Full payment credentials are never transmitted to or stored by PraxisMD.
Certain application preferences and non-sensitive settings (such as your chosen theme, PIN authentication state, and notification preferences) are stored in your browser's localStorage. This data remains on your device and is not transmitted to our servers. It can be cleared at any time by clearing your browser storage or using the Reset option in the app Settings.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include transport layer security (TLS/HTTPS) for all data in transit, Firestore security rules restricting data access to the authenticated account owner, and access controls limiting internal access to personal data on a need-to-know basis.
PraxisMD uses a small number of carefully selected third-party services to operate the platform. Each service receives only the data necessary for its function.
Stripe processes all subscription payments. When you subscribe, your payment details are submitted directly to Stripe's secure servers. Stripe's privacy policy is available at stripe.com/privacy. Stripe is certified to the EU-US Data Privacy Framework.
Firebase provides our authentication system, hosting infrastructure, serverless functions, and Firestore database. Google acts as a data processor on our behalf under a Data Processing Agreement. Google's privacy policy is available at policies.google.com/privacy.
PostHog is an open-source product analytics platform that we use to understand how users interact with the app. PostHog collects pseudonymised event data (e.g. button clicks, page views, feature usage). No patient clinical data is included in any analytics events. You may opt out of PostHog analytics at any time via the Settings panel in the PraxisMD app, which will disable event capture for your session and set a persistent opt-out preference. PostHog's privacy policy is available at posthog.com/privacy.
Our website uses Google Fonts to render the Inter typeface. When your browser loads the website, it may send a request to Google's servers to retrieve the font files. This request may include your IP address. You can review Google's privacy practices at policies.google.com/privacy.
We do not sell your personal data to any third party, and we do not use your data for advertising purposes.
We retain personal data only for as long as necessary to fulfil the purposes set out in this policy, or as required by law.
Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law or legitimate business interest (e.g. outstanding billing obligations or ongoing disputes).
Depending on your jurisdiction, you may have the following rights with respect to your personal data:
You have the right to request a copy of the personal data we hold about you. We will provide this within 30 days of a verified request.
You have the right to request correction of inaccurate or incomplete personal data. You may update most account details directly from the app Settings. For verification document corrections, please contact us directly.
You have the right to request deletion of your personal data. You may delete your account at any time from the app Settings. Upon verified request, we will delete your personal data within 30 days, subject to our legal retention obligations.
You have the right to request that we restrict processing of your personal data in certain circumstances (e.g. while a dispute is resolved).
You have the right to receive your personal data in a structured, commonly used, machine-readable format (e.g. JSON or CSV) and to request that we transmit it to another controller where technically feasible. This applies to data you have provided to us and that we process on the basis of your consent or a contract.
You have the right to object to processing of your personal data for direct marketing purposes. You may also object to other processing activities where we rely on legitimate interests as our lawful basis.
PraxisMD does not make any decisions about you solely by automated means that produce significant legal or similarly significant effects.
To exercise any of these rights, please email us at support@praxismd.app with the subject line "Data Rights Request". We may need to verify your identity before processing your request. We will respond within 30 days. If you are unhappy with our response, you have the right to lodge a complaint with your local data protection authority (for example, the Information Commissioner's Office (ICO) in the UK, or the relevant supervisory authority in your EU member state).
Our website and app use cookies and browser localStorage to function correctly and to collect anonymised analytics. For full details of what we use, why, and how to manage or opt out, please read our Cookie Policy.
In summary: we do not use advertising or tracking cookies. We use functional localStorage for core app features (PIN, preferences, subscription state), and PostHog for anonymised analytics which you can opt out of in app Settings.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the "Last reviewed" date at the top of this page and, where appropriate, notify you by email or in-app notification.
Your continued use of PraxisMD after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please get in touch:
We aim to respond to all privacy-related enquiries within 5 business days.