Privacy Policy
Effective date: 30 May 2026 · Last updated: 30 May 2026
1. Who is the data controller
PraxisMD FZ-LLC, a company registered in the Ras Al Khaimah Economic Zone (RAKEZ), United Arab Emirates under registration number Licence No. 45036282 (Commercial Registration No. 0000004089117), with its registered address at VUNE1987, Compass Building, Al Hulaila Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates, is the controller of personal data processed through PraxisMD Journal Scan (“the App”). Contact: support@praxismdpub.com.
2. What we collect
| Category | What it is | Why we collect it |
|---|---|---|
| Account identifier | Your email address; a Firebase Authentication user ID (UID); a hashed password (held by Firebase, never visible to us). | To create your account, sign you in, send verification and password-reset emails, and to attach your in-app activity to your account. |
| App preferences | The specialties you have chosen for your feed; the articles you have liked or saved as favourites. | So the App can show you a personalised feed and remember your favourites across devices. |
| Diagnostic data | Crash reports and basic stability telemetry generated by the operating system (Apple, Google) and forwarded to us if you opt in at the device level. | To diagnose bugs and improve stability. We do not link this data to your account. |
We do not collect or process any of the following: patient data, clinical data, health-status data about you, location data, contacts, photos, microphone or camera input, browsing history outside the App, or device identifiers used for cross-app tracking. We do not use third-party advertising or analytics SDKs that share data with advertisers.
3. Legal basis for processing
Under the UAE Federal Personal Data Protection Law (Federal Decree-Law No. 45 of 2021 — “PDPL”), and equivalent provisions in DIFC and ADGM, we process your personal data on the following bases:
- Performance of a contract — to provide the App to you under our Terms of Service (account creation, authentication, feed personalisation, favourites sync).
- Legitimate interests — to keep the App secure, prevent abuse, and improve stability and quality.
- Consent — where you have explicitly opted in to a specific feature, for example device-level diagnostic sharing.
- Legal obligation — where we are required to retain or disclose data by applicable law.
4. How long we keep your data
- Account data — for as long as your account exists. If you delete your account we delete or irreversibly anonymise your account data within 30 days.
- App preferences — together with your account, on the same schedule.
- Diagnostic data — retained by the operating-system vendor under their own policies; any portion forwarded to us is retained for up to 90 days.
- Legal-hold data — where applicable law requires longer retention (for example, evidence of a security incident) we retain only what is strictly required, for only as long as required.
4.1 How to delete your account
You can delete your account from inside the App at any time: Account → Delete account → confirm. The deletion is immediate and permanent. The following data is removed from our backend the moment you confirm:
- Your user record (Firebase UID + email association)
- Your selected specialties
- Your liked articles
- Any specialty-vote / specialty-request rows attributed to you
- Your push-notification registration, so the weekly digest cron will not contact you again from the moment of deletion
Diagnostic / crash data already collected by our error monitoring provider is anonymous and not linked to your account; it ages out under the schedule above. If you would also like us to expunge historical access logs sooner than the routine 90-day retention, email support@praxismdpub.com from the address associated with your former account and we will action it.
If you no longer have access to the App (for example because you have already uninstalled it), email support@praxismdpub.com and we will verify your identity and delete the account on your behalf.
5. Who we share your data with
We never sell your personal data. We share it only with the following categories of recipient, and only as needed to run the App:
- Google Firebase (Google LLC and affiliates) — Firebase Authentication holds your email + hashed password + UID, and Firebase Hosting serves this website. Subject to the Firebase Data-Processing Terms.
- Render, Inc. — hosts the App’s backend API and Postgres database, which stores your specialties and likes keyed by your Firebase UID.
- Resend, Inc. — sends transactional emails (verification, password reset) on our behalf.
- Apple Inc. / Google LLC — distribute the App via the App Store and Google Play and provide crash-reporting frameworks.
- Law-enforcement and regulators — only when required by a valid legal request, and only the data strictly required.
6. International transfers
Some of our service providers (Firebase, Render, Resend, Apple, Google) process data on servers outside the United Arab Emirates, including in the United States and the European Union. Where data is transferred outside a jurisdiction with an adequacy decision we rely on standard contractual clauses, the provider’s data-processing terms, or an equivalent safeguard recognised under the UAE PDPL.
7. Security
All traffic between the App, this website and our backend is encrypted in transit using TLS 1.2 or higher. Passwords are never stored by us; they are held in hashed form by Firebase Authentication. Database credentials, signing keys and SMTP credentials are stored as managed secrets in our hosting provider and rotated when there is any reason to suspect compromise. Despite these safeguards, no internet-based service can be guaranteed 100% secure; please use a strong, unique password and report any suspected breach to support@praxismdpub.com.
8. Your rights
Under the UAE PDPL you have the right to:
- be informed about how your data is processed (this policy);
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased (right to be forgotten), subject to legal-hold obligations;
- restrict or object to certain processing;
- port your data to another service in a structured, machine-readable form;
- withdraw any consent you have given, at any time, without affecting the lawfulness of past processing.
To exercise any of these rights, write to support@praxismdpub.com. We will respond within 30 days. If you are unsatisfied with our response you may lodge a complaint with the UAE Data Office.
9. Children
The App is intended for healthcare professionals and is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. Cookies and similar technologies
The App itself does not use cookies. This marketing website uses only strictly necessary first-party storage required to remember your theme preference and to serve the page reliably; it does not use third-party tracking or advertising cookies.
11. Advertising
The App may, in future versions, display first-party curated advertisements relating to medical products, services or continuing-education content, contextually matched to the specialty you are reading. Such ads are selected by us based on the content category — not on a personal profile of you — and we do not share your personal data with advertisers for targeting. Ads are clearly labelled as advertisements.
12. Changes to this Policy
We may update this Privacy Policy from time to time. If the change is material we will notify you in-app or by email before it takes effect. The “Last updated” date at the top of this page always reflects the current version.
13. Contact
Questions, requests or complaints about how we handle your personal data? Write to support@praxismdpub.com.