Bright Doctor — Privacy Policy
This policy explains what the Bright Doctor mobile application
collects, how it is used, and the choices you have over your information.
It applies to the Android app (com.brighthealth.doctor)
and the iOS app of the same name published by Bright Health.
Effective date: April 2026
1. Who we are
Bright Health (“we”, “us”, “our”) operates the Bright Doctor app, which lets verified doctors manage appointments, chat with patients, accept voice/video consultations, and review clinical information shared by patients. If you have questions about this policy, see the Contact us section below.
2. Information we collect
2.1 Information you provide
- Professional profile: full name, phone number, email, specialty, medical council / license number, ID document, clinic or hospital affiliation, profile photo, bio.
- Verification documents: proof of medical licensure uploaded during onboarding so we can verify you are an authorised practitioner.
- Clinical content you author: chat messages to patients, notes on an appointment, prescriptions you issue, voice/video consultations you conduct.
- Payout information: bank / mobile-money account details used to pay you for consultations.
2.2 Information collected automatically
- Device identifiers: a stable random device UUID, OS version, device model, app version, preferred language.
- Push-notification token: Firebase Cloud Messaging (FCM) registration token, stored so we can deliver chat and call notifications.
- Camera & microphone: used only during a voice/video consultation. The audio/video stream is routed through our real-time calling provider (ZEGOCLOUD) and is not recorded by us.
- Diagnostic logs: crash reports and minimal performance data.
3. Permissions we request
| Permission | Why it is requested |
|---|---|
| Camera | Video consultations and profile photo capture. |
| Microphone | Voice and video consultations. |
| Notifications | Incoming chat messages, incoming call invitations, appointment reminders. |
| Full-screen intent / display over other apps | Showing an incoming call UI the same way your phone app does. |
| Foreground services (mic/camera/phone-call) | Keeping a voice/video call alive when the screen locks. |
| Photos / media access | Attaching an image to a chat with a patient or updating your profile picture. |
4. How we use your information
- Verify your identity and medical licensure during onboarding.
- Provide the core features: appointment management, chat with patients, video/audio consultations, prescriptions.
- Pay you out for completed consultations.
- Send transactional notifications (incoming messages, call invitations, appointment reminders).
- Detect fraud, debug crashes, and meet our legal obligations as a platform.
We do not sell your personal information, do not use it to build advertising profiles, and do not share it with data brokers.
5. Service providers we rely on
- Google Firebase (Authentication, Firestore, Cloud Messaging, Cloud Functions) — authentication, chat storage, push delivery.
- ZEGOCLOUD — real-time voice/video call routing and call-invitation push. Call media is transmitted, not recorded by us.
- Our backend API — hosted on secured cloud infrastructure to store your profile, appointments, and payout records.
- Payout processors — banks and mobile-money operators that move consultation fees from our platform to you.
6. Handling of patient data
Anything a patient shares with you in the app (messages, photos, clinical information) is considered protected health information. You may only use it for the purpose of providing care to that patient. You must not export, forward, or share it outside the app. The platform logs access to clinical records for audit purposes.
7. Where your data is stored
Data is stored on servers operated by the sub-processors above. Google Firebase data is stored in Google data centers (multi-region). Our backend API stores data in an encrypted database hosted on commercial cloud infrastructure.
8. How long we keep your data
- Professional profile & verification documents: for as long as your account is active, and up to 7 years after account closure to satisfy medical record-keeping obligations.
- Chat messages & consultation notes: retained in line with applicable medical record-keeping rules (typically 5–10 years).
- Crash logs & diagnostics: up to 90 days.
- Push-notification tokens: removed automatically when you log out or reinstall.
9. Your rights and choices
- Access & export: request a copy of the personal data we hold about you.
- Correction: update your profile in-app at any time.
- Deletion: request account deletion by emailing us; some fields (licensure record, historical consultations) may be retained where law requires.
- Revoke permissions: camera / mic permissions can be revoked in your device settings at any time; consultation features will stop working accordingly.
- Opt out of notifications: disable notifications in your OS settings.
10. Security
We use TLS for all data in transit and rely on Google Firebase and commercial cloud infrastructure for at-rest encryption. Access to clinical data is restricted to authenticated practitioners assigned to a given patient.
11. Changes to this policy
We may update this policy to reflect new features or legal requirements. The “Effective date” at the top of the page shows the latest revision. Material changes will be announced in-app before they take effect.
12. Contact us
Email: brighthealth247@gmail.com
Postal: Bright Health, Privacy Team (physical address on request).