Ubiki
Sign inGet Started Free
Privacy Policy

Your health data is not ours to sell, share, or use without your knowledge.

This policy is written in plain English, not legal jargon. Last updated: May 2025.

On this page

What we collect

We collect only what is necessary to run your health record vault:

Account data: Email address (verified), bcrypt-hashed password, optionally a bcrypt-hashed phone number. Your raw phone number is never stored.

Profile data: Name, date of birth, gender, blood group, allergies and chronic conditions — only what you choose to provide.

Health records: Documents you upload (stored encrypted in AWS S3), and structured data extracted from them (stored encrypted in PostgreSQL with row-level security).

Session data: Hashed refresh tokens, device type, IP address, and user agent — to maintain your login and support session revocation.

Usage data: API request logs and audit events — for security and compliance. These are retained for 2 years minimum under regulatory requirements.

How we store and protect it

Encryption at rest: All documents are encrypted using AES-256 before storage in S3. PostgreSQL stores sensitive columns with pgcrypto row-level encryption. Encryption keys are managed by AWS KMS — not by our application or database.

Encryption in transit: All communication uses TLS 1.3. We enforce HSTS and reject older cipher suites.

Access control: Row-Level Security (RLS) in PostgreSQL ensures that database queries only return data for the authenticated user's profiles. No query can cross the boundary between users.

Zero-knowledge option: For users who prefer it, client-side encryption means even Ubiki cannot read your records. You hold the decryption key. If you lose it, we cannot recover your data.

Audit log: Every read, write, share and delete is recorded in an immutable append-only audit log. Updates and deletes to this log are blocked at the database trigger level.

AI and your documents

When you upload a document, it passes through two systems:

1. OCR (AWS Textract or Tesseract): Reads the text from your image or PDF.
2. AI extraction (Claude by Anthropic): Structures the text into fields like test names, values, units and reference ranges.

This requires sending document content to Anthropic's API. We do this only with your explicit, separately-revocable consent. The AI is configured to be conservative — it flags uncertain extractions rather than guessing. Nothing is saved until you review and confirm.

We do not train AI models on your health data. This is stated in plain language and is not conditional on any terms buried elsewhere. If you revoke AI consent, new uploads will require manual data entry.

Sharing your records

You control exactly what is shared, with whom, and for how long.

Share links are time-limited (you set the expiry), optionally password-protected, and can be revoked at any time. We never share your records with third parties — not with insurers, labs, hospitals, advertisers, or government agencies — without a legal requirement.

Every access to a share link is logged with the accessing IP address and timestamp. You can view this log from your account settings.

We do not sell your data. We do not use your data for advertising. We do not use your data to train AI without your separate, explicit, revocable consent.

Your right to deletion

You can delete your account at any time from Settings. When you do:

- Your profile and records are soft-deleted immediately (no longer visible to you or accessible via the API).
- Physical deletion from our servers occurs within 30 days, subject to legal hold requirements.
- Audit log entries referencing your account are retained for 2 years as required by applicable regulations, with your identifier pseudonymised.
- S3 documents are deleted within 7 days of account deletion.

Under India's DPDP Act, you have the right to access, correct and erase your personal data. Contact privacy@ubiki.health to exercise these rights.

DPDP Act compliance (India)

India's Digital Personal Data Protection Act (2023) applies to Ubiki's processing of personal data of individuals in India.

Important note: The DPDP Act's enforcement rules and sector-specific guidance for health data are still evolving as of the date of this policy. We have designed our systems to be compliant with the Act as currently understood, and we are monitoring regulatory developments actively. We recommend consulting a legal professional for specific compliance questions.

Our commitments under DPDP:
- Purpose limitation: We collect data only for the specific purposes described in this policy.
- Consent: We obtain separate, granular, revocable consent for each processing purpose.
- Data minimisation: We do not collect more data than necessary.
- Data principal rights: You can access, correct and erase your data on request.
- Security safeguards: We maintain appropriate technical and organisational measures.

Questions? Email us at privacy@ubiki.health or write to: Ubiki Privacy Team, [Address], India.