1. Introduction

Welcome to EyeRxCraft ("we", "our", "us"). We provide a digital tool for qualified eye health professionals to generate and manage eye prescriptions. This Privacy Policy explains what data we collect, how we use it, and how we protect it. EyeRxCraft is a digital assistance tool and is not a medical device. This policy is part of our commitment to transparency and protecting your privacy.

2. Information We Collect

We collect different types of information to provide and improve our Service.

A. User Information (Eye Health Professionals)

When you create an account, we collect professional user details necessary for account creation and verification, including:

• Full Name
• Email Address
• Mobile Number
• Clinic/Hospital Name
• Professional Type (Optometrist/Ophthalmologist)
• Medical/Optometry Council Registration Number
• Profile Photo (optional)

B. Application Usage Data

We may collect non-personally identifiable information about how you interact with our Service, such as features accessed, browser type, device information, and session duration. This data is used for analytics to improve service functionality and user experience.

C. Patient Information

CRITICAL: We DO NOT collect, store, process, or transmit any patient-identifiable information (PII) or clinical data you enter to generate a prescription. This information remains entirely on your local device and is never sent to our servers.

3. How We Use Information

The information we collect is used for the following purposes:

• To create, manage, and secure your professional account.
• To enable you to use the core functionality of the platform, such as generating digital prescriptions.
• To provide customer support and respond to your inquiries.
• To monitor and analyze usage to improve the Service's features and performance.
• To communicate with you about service updates, security alerts, and administrative messages.
• To comply with legal obligations and enforce our Terms & Conditions.

We will never use your professional information for marketing purposes without your explicit consent. As stated, no patient data is ever stored or used by EyeRxCraft for any purpose.

4. Local Storage of Patient Data

EyeRxCraft is built with a "privacy-by-design" architecture. You maintain full control over patient data.

• No Server Storage: Patient medical information is NOT stored on any EyeRxCraft server. It is processed and kept temporarily in your web browser’s local storage on your computer or device.
• Data Volatility: This locally stored data is ephemeral. Clearing your browser's cache, using a private browsing mode, or switching devices will permanently delete this information.
• User Responsibility: You, the eye care professional, are the data controller for any patient information you enter. You are solely responsible for complying with all applicable patient privacy laws and regulations (e.g., HIPAA, GDPR) in your jurisdiction.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We will only share your professional user data in the following limited circumstances:

• With Your Consent: We may share information if you give us explicit permission to do so.
• For Legal Reasons: We may disclose your information if required by law, subpoena, or other legal process, or if we have a good-faith belief that disclosure is reasonably necessary to comply with regulatory authorities, enforce our Terms & Conditions, or protect the security and integrity of our Service.

No patient data is ever shared or disclosed by us because we never have access to it.

6. Data Security

We implement robust security measures to protect your professional account information:

• Account Security: User accounts are protected by Firebase Authentication, an industry-standard secure authentication service.
• Data Storage: Your professional profile data is stored in Google's secure Firestore database. Profile photos are stored in Firebase Storage, which has its own security rules.
• Encryption: All data transmitted between your browser and our services is encrypted using HTTPS/TLS.
• User's Role: Your security is a shared responsibility. You must protect your login credentials and prevent unauthorized access to your account and the local device where patient data is stored.

7. Third-Party Services

We use trusted third-party services from Google Firebase to operate our platform:

• Firebase Authentication: To manage user sign-up and login.
• Firestore: To store professional user profile data.
• Firebase Storage: To store optional user profile photos.

We do not use any third-party advertising or tracking scripts that would compromise your privacy or that of your patients.

8. Your Rights

As a user, you have the right to:

• Access and review your professional information stored with us.
• Update or correct your profile information through your dashboard.
• Delete your account and associated professional data.
• Contact us to inquire about your data or this policy.

9. Data Retention

We retain your professional user profile data for as long as your account is active. If you choose to delete your account, we will permanently delete your profile data from our systems. Patient data is never stored by us and is only retained in your local browser for the duration of your session.

10. Children’s Privacy

EyeRxCraft is strictly intended for licensed adult professionals. We do not knowingly collect any information from individuals under the age of 18. If we become aware that a minor has created an account, we will take steps to delete that account and any associated information immediately.

11. International Users

Our services are operated from India. If you are using the Service from outside India, please be aware that your professional user data will be processed and stored in India. You are responsible for ensuring that your use of EyeRxCraft complies with all local medical and data privacy laws in your jurisdiction.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through an in-app announcement. Your continued use of the Service after such changes constitutes your acceptance of the new Privacy Policy.

13. Contact Information

For any questions, feedback, or concerns regarding this Privacy Policy, please contact us at:

• Email: support@eyerxcraft.app
• Website: https://eyerxcraft.app