Privacy Policy

How Logora handles your data. Plain English, no legalese.

Last updated: 4 June 2026

The 30-second version

Logora is a clinical logbook for medical trainees. Your case data lives on your device first. We do not collect, sell, or share patient information. We collect the minimum needed to make the app work — your email, anonymised usage analytics, and the case data you choose to back up to the cloud. You can delete everything at any time.

1. Who we are

Logora ("we", "us") is a clinical case logbook application built and operated by Dr Divya Jyoti Banerjee, a sole proprietor and independent medical software developer, with registered correspondence address at Hugli, West Bengal, India.

You can reach us at support@logora.in for product and account matters, or hello@logora.in for legal, privacy and grievance matters.

2. What information we collect

Information you give us directly

Clinical data you enter

This is the most important section. Read carefully.

Logora is designed NOT to handle directly identifiable Protected Health Information. You are expected to enter anonymised case data. Use patient codes (e.g., "PT-247") rather than names. Do not enter MRN, Aadhaar numbers, full addresses, or any other patient-identifying information. The app does not request these fields.

Region Mode — your privacy is a setting, not a promise. Logora ships with two modes: You can change the mode any time in Profile → Region / Privacy.

The clinical data you enter — diagnosis, lab values, procedures, medications, microbiology results, histopathology reports, complications, mortality and morbidity (M&M) flags, etc. — is treated as your professional educational record, not as patient health records. You are the data controller for this data. We store it on your behalf.

Educational and research records

If you use the AETCOM, Thesis Pipeline, or Academic Portfolio features (India compliance pack), we also store data about your training, not about patients:

This data is treated with the same security standard as your clinical case data. The faculty names you record are personal data of those individuals; you are responsible for ensuring you have a reasonable basis (e.g., the educational context) to log them.

Sensitive Personal Data classification

Under India's DPDP Act 2023, clinical and educational data you enter into Logora qualifies as Sensitive Personal Data because it relates to professional health practice and clinical decisions. We treat all clinical data with the highest standard of protection:

Information we collect automatically

What we do NOT collect

3. How we use your information

PurposeWhat we use
Provide the Logora app and its featuresAccount info, clinical data you entered
Authenticate you securelyEmail and password
Send service emails (verification, password reset, welcome)Email address
Improve the app and fix bugsAnonymised usage data and crash reports
Send product updates (only if you opt in)Email address
Respond to your support requestsCommunications you send us
AI-assisted features (PDF extraction, viva generation, scoring suggestions)The specific document or case data you submit at that moment
Comply with applicable lawAny of the above, only when legally required

4. AI processing — important details

Some Logora features use AI, specifically Anthropic's Claude API accessed through our own server-side proxy hosted on a managed serverless platform:

According to Anthropic's privacy policy, data sent via the API is not used to train their models. Our proxy does not retain the request body after the response is returned; only minimal request metadata (timestamp, model used, success/error status) is logged for billing and abuse-detection purposes.

Recommendation: Always upload anonymised documents. Black out patient names, MRN and addresses before uploading. The AI does not need this information to extract clinical data.

5. Where your data is stored

DataWhere it livesRegion
Clinical cases (until you sign in)Your device only (local storage)Your device
Account informationGoogle Firebase Authenticationasia-south1 (Mumbai), India
Cloud-backed cases (if you opt in to sync)Firebase Firestoreasia-south1 (Mumbai), India
Email correspondence (mailbox)Zoho MailIndia
Transactional and waitlist emails (sending)Brevo SMTPEuropean Union
Waitlist signups and surveysTallyEuropean Union
Automation workflowMakeEuropean Union
Anonymised product analyticsPostHogUnited States
Anonymised crash reportsSentryUnited States
AI processing (when AI features used)Anthropic APIUnited States
Website hostingNetlifyGlobal edge

We deliberately chose Indian data residency for clinical and account data. Some third-party services (Brevo, Tally, Make, PostHog, Sentry, Anthropic) are based outside India and process only the limited categories of data shown above. For users in the European Union or United Kingdom, cross-border transfers are covered by the Standard Contractual Clauses (or equivalent transfer mechanism) offered by each of those providers.

6. Who we share your data with

We do not sell your data. We do not share it with advertisers. We do not share it with anyone outside the limited service providers listed below.

The only third parties we share data with are the platforms that help us operate Logora:

Each of these has its own privacy policy and is contractually obligated to protect your data. A current list of named sub-processors will be published at https://logora.in/subprocessors once paid plans launch.

We may disclose information if compelled by law (e.g., a court order from an Indian court, or a similar lawful request from another jurisdiction in which our service providers operate). We will notify you unless legally prohibited from doing so.

7. Your rights

Under India's Digital Personal Data Protection Act 2023, and aligned with the GDPR, UK GDPR and CCPA where applicable, you have the right to:

To exercise any of these rights, email hello@logora.in. We respond within 30 days.

8. Grievance Officer

Designated under DPDP Act § 8(9) and IT Rules 2021

Grievance Officer: Dr Divya Jyoti Banerjee
Email: hello@logora.in
Subject line: begin with "Grievance:" for fast routing
Response time: within 7 working days for acknowledgement, within 30 days for resolution
Escalation: if unresolved, you may approach the Data Protection Board of India under the DPDP Act 2023.

9. Data retention

Data typeRetentionWhy
Active account data (cases, profile, AETCOM, thesis records)While account is activeTo provide the service
Account data after deletion request30 days, then permanently deletedAllows you to recover if you change your mind
Backup / disaster recovery copiesUp to 90 days post-deletionIndustry standard for system redundancy
Anonymised analytics and crash logs30 days raw, then aggregatedBug fixing and product improvement
Email correspondence (support / grievance)2 yearsSupport history and audit trail
Waitlist signups (if you don't proceed)2 years from signupTo send launch updates
Survey responsesIndefinitely (anonymised after 2 years)Product research
AI proxy request metadata30 daysAbuse detection and billing
Financial records (once paid plans launch)7 yearsIndian tax and statutory requirement
Legal hold data (rare)Until resolvedRequired by law in event of dispute

You can request earlier deletion at any time by emailing hello@logora.in. We will comply within 30 days unless legally required to retain certain data (e.g., financial records under tax law).

10. Data security

We take security seriously, but no system is 100% secure. We implement:

In case of a data breach

If we discover a data breach affecting your personal information, we will, within 72 hours of becoming aware:

You will not have to chase us for information. Transparency in case of failure is part of our commitment to you.

11. Children's privacy

Logora is intended for medical professionals and trainees aged 18 or older. We do not knowingly collect data from anyone under 18. If you believe a minor has signed up, contact us at hello@logora.in and we will delete the account.

12. Cookies and tracking

The Logora website (logora.in) uses minimal cookies, only what is necessary for the site to function. We do not use third-party advertising cookies or behavioural retargeting. Anonymised analytics on the mobile app are handled via PostHog (no cross-site identifiers). The mobile app itself does not use browser cookies; it uses standard local storage to keep you logged in and to cache your cases offline.

13. International users

Logora is operated from India. By using Logora, you understand that your data may be processed in India and other countries where our service providers operate (primarily Mumbai for clinical and account data; European Union for forms, automation and outbound email; United States for AI, analytics and crash reporting).

If you are based in the European Union, the United Kingdom, or California, you have additional rights under GDPR, UK GDPR and CCPA respectively. We will honour these rights to the extent applicable. Cross-border transfers from those regions to India and our other processors are covered by Standard Contractual Clauses (or equivalent transfer mechanisms) provided by each processor.

14. Patient data and your responsibilities as a user

Logora is a personal academic logging tool. You, the user, are responsible for:

Under the DPDP Act and GDPR, you act as the Data Fiduciary / Data Controller for any patient data you enter, and Logora acts as the Data Processor on your instructions.

15. Changes to this policy

We may update this Privacy Policy as Logora evolves. When we do, we will:

When the Government of India notifies operational rules under the DPDP Act 2023 (the DPDP Rules), we will update this policy to align with the prescribed notice and consent-manager formats.

Continued use of Logora after changes constitutes acceptance of the updated policy.

16. Contact us

For any privacy-related question, request, or concern:

Product and account matters: support@logora.in
Legal, privacy and grievance matters: hello@logora.in
Subject line: begin with "Privacy:" or "Grievance:" to route correctly
Response time: within 5 working days for general questions, within 30 days for formal data requests

For grievances under the DPDP Act that we cannot resolve, you may approach the Data Protection Board of India.


One last thing

Logora exists because medical trainees deserve better tools. We are not in the business of selling data. We are in the business of helping you log cases, build research, and grow as a clinician. If anything in this policy feels unclear or inconsistent with that mission — please tell us. We will fix it.