ddigest
Privacy Policy
Last updated: 16 May 2026
ddigest is a medical-research digest app for practicing doctors in India, built and operated by doctor context (sole proprietor, India). This policy describes exactly what we collect, why, where it lives, and what we do not do.
What we collect
- Phone number. Used to send you a one-time password (OTP) to sign in. Stored permanently against your account so future sign-ins on the same number reach the same account.
- Authentication tokens. When you verify an OTP, we issue a 30-day JSON Web Token. It is stored locally on your device (iOS Keychain) and presented to our API on each request.
- Preferences. Your specialty, sub-specialties, India-relevance setting, frequency, and content-type toggles, so the feed can be tailored.
- Actions on cards. Which cards you save, skip (and the reason you chose), or open. Stored against your account to power the Saved tab and avoid resurfacing items you have already triaged.
- OTP request logs. Phone number, a hashed OTP, attempt count, and timestamps — kept transiently for rate-limiting and abuse prevention. Hashed OTPs are unrecoverable.
What we do not collect
- No name, email, address, or other contact details beyond the phone number you sign in with.
- No location data. The app does not request location permission.
- No analytics SDKs and no third-party trackers in the iOS app. No Google Analytics, Mixpanel, Firebase Analytics, Segment, or Facebook SDK is present in the app binary. (This marketing website uses Vercel Web Analytics — see “About this website” below.)
- No advertising identifiers (IDFA). No App Tracking Transparency prompt is shown because we do not track.
- No medical or clinical data about your patients. ddigest is a reading app for research summaries — it never asks you to enter case information.
How we use your data
- To authenticate you on each app launch.
- To select and order the cards shown to you.
- To remember which cards you have saved or chosen to skip.
- To enforce rate limits on OTP requests so the SMS path is not abused.
We do not sell, rent, or share any of the above with third parties for advertising, marketing, or profiling.
Where your data lives
All server-side data is stored in a Postgres database hosted on Fly.io in their bom(Mumbai) region. The database is reachable only over Fly’s private network — it has no public IP address.
OTPs are delivered via MSG91, an Indian SMS gateway that processes only your phone number and the short-lived OTP. MSG91 receives no other personal data from us.
Article metadata and abstracts displayed in the feed are sourced from PubMed and medRxiv — both public scientific databases. We do not send any user data to either.
Each card is classified for relevance and sub-specialty by Anthropic’s Claude model. We send only the public paper title, abstract, journal, and author-affiliation string to the classifier — never any user-identifying information.
Data retention and deletion
Your account and its data persist until you ask us to delete them. To delete your account, email adhyan2095@gmail.com from the phone-associated mailbox or include the phone number used to register. We will permanently remove your account row, preferences, and action history within 30 days. Hashed OTP request rows expire automatically (10-minute TTL).
Children
ddigest is intended for licensed medical practitioners. It is not designed for and is not knowingly used by anyone under 18.
Security
All traffic between the app and our API is encrypted in transit via HTTPS (TLS 1.2+). JWTs are signed with HS256 using a server-side secret that is rotatable. OTPs are stored as one-way hashes.
About this website
This site (the page you are reading) uses Vercel Web Analytics to measure aggregate traffic — how many people visit which page, from which country, on roughly what kind of device. It is cookieless, does not use any cross-site or cross-session identifier, and does not build a profile of you. It cannot identify you personally and cannot be linked back to your ddigest account. No data from the iOS app feeds into it.
Changes to this policy
If we materially change what we collect or how we use it, we will update the "Last updated" date above and notify you in-app before the change takes effect.
Contact
Questions about this policy or your data: adhyan2095@gmail.com.