SurgiSafe

Privacy Policy

Effective: 8 May 2026

In plain English

SurgiSafe is built so that your patient information never reaches us. Here’s what that means in practice:

  • The app runs entirely on your phone. Patient names, case notes, audio recordings, and metadata stay on your device, in the app’s local storage.
  • Photos sync to your own Google Drive — under your account, in a folder the app creates. There is no Madhisoka server in between.
  • We don’t track you. No analytics, no telemetry, no “anonymous” usage data being phoned home. We genuinely don’t know who is using the app.
  • We don’t sell or share data with anyone — because we don’t collect anything that could be sold or shared.
  • Google Sign-In is the only third party involved. We see your email, name, and profile picture only so the app can show whose Drive it’s writing to. We never see your password. We never see anything in your Drive other than the files SurgiSafe itself created.

That’s the entire policy in five points. The sections below say the same thing in the language that lawyers prefer.

The full policy

1. Who we are

SurgiSafe is published by Madhisoka, an independent software studio operated by Dr. Vijay Muthukumaran in Tamil Nadu, India. References to “we”, “us”, “our” or “Madhisoka” in this policy mean the same thing.

2. Google user data — accessed, used, and how

SurgiSafe uses Google Sign-In and the Google Drive API. This section describes exactly what Google user data the app accesses, why it accesses it, how it uses it, where it goes, and what it never does with it.

2.1 Scopes the app requests

SurgiSafe requests the following OAuth scopes and no others:

  • openid (OpenID Connect): a stable identifier (thesub claim) used to recognise the same Google account across sessions.
  • email (OpenID Connect): the email address associated with your Google account.
  • profile (OpenID Connect): your display name and your profile picture URL.
  • https://www.googleapis.com/auth/drive.file (Google Drive — non-sensitive scope): permission to access files and folders that SurgiSafe itself creates within a top-level folder named “SurgiSafe” in your Drive. Nothing else in your Drive is visible to the app.

The app does not request and does not use any other Google scope, API, or service — including (but not limited to) Calendar, Gmail, Contacts, the Photos Library API, or the wider drive,drive.readonly, drive.metadata, or drive.appdatascopes.

2.2 How that data is used

Profile (email, display name, picture URL) is used solely to identify which Google account is signed in and to display the user’s name and avatar within the app’s interface. It is not stored on any server we operate, not transmitted to any third party, and not used for advertising, analytics, or model training.

Drive access (drive.file scope) is used solely to:

  • Create a top-level folder named “SurgiSafe” in your own Drive.
  • Within that folder, create patient / procedure / category subfolders that mirror the app’s organisational hierarchy.
  • Upload your own surgical photographs, videos, audio recordings, and PDF documents to those subfolders.
  • Read those files back when you open them in the app.
  • Maintain a single index file (metadata.json) inside the SurgiSafe folder that records patient names, procedure dates, and Drive file IDs of the photos already uploaded — so the app can render the case organisation without ever needing a database of our own.

2.3 Where Google user data goes

Nowhere except (a) your own Google Drive and (b) the device you are using SurgiSafe on. Madhisoka operates no backend, no proxy, no database, and no analytics service. The app is a client-side program that talks to Google’s APIs directly on your behalf. We do not see, log, retain, aggregate, transmit, or share any of your photographs, profile information, or metadata at any point.

2.4 No third-party sharing

Zero Google user data is shared with, sold to, or processed by any third party. SurgiSafe has no advertising integration, no telemetry, no crash-reporting service, and no analytics SDK.

2.5 No AI/ML training

No Google user data — including profile information, photographs, audio recordings, OT notes, or metadata — is used to train, fine-tune, or evaluate any machine-learning model.

2.6 Limited Use compliance

SurgiSafe’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2.7 Retention and deletion of Google user data

The user’s Drive is the canonical store; deletion is fully under the user’s control. Deleting a case in the app moves the corresponding files to the user’s Drive Trash. Signing out clears the local cache and revokes the in-app session token. Access can be revoked entirely at any time via myaccount.google.com/permissions; once revoked, the app loses all ability to read or write to the user’s Drive. Madhisoka retains no copy of any Google user data outside the user’s own Drive and the user’s own device.

3. The data SurgiSafe handles

SurgiSafe is an offline-first application. The app handles three categories of data, described below.

2.1 Data stored on your device

The following information is stored locally in the app’s on-device database (IndexedDB) and on your phone’s file system. None of it is transmitted to Madhisoka:

  • Patient identifiers you enter (e.g. names, ages, medical record numbers).
  • Procedure details, diagnoses, dates, and OT notes you enter.
  • Audio recordings (operative voice notes) you create within the app.
  • Photo thumbnails and, depending on storage mode, photo originals.
  • Application preferences (theme, accent colour, viewer mode, etc.).

2.2 Data stored in your Google Drive

When you connect Google Drive, SurgiSafe uploads photos and audio files to a folder the app creates inside your Drive. These files are stored under your Google account, not ours. We do not have a copy. Google’s own privacy policy governs how Google stores and processes that data on Drive.

2.3 Permissions the app requests

  • Photos and media: required so you can pick photos from your gallery to attach to a case.
  • Microphone: required only when you choose to record an operative voice note. Recordings are saved locally; nothing is streamed elsewhere.
  • Internet / network state: required so the app can sync your photos to your Drive and pause when offline.
  • Foreground service / notifications: required to keep background maintenance running reliably and to show sync progress in the notification drawer.
  • Google Drive (drive.file scope): the app receives access only to the files it creates inside your Drive. It cannot read or modify any other file in your Drive.

4. Data we don’t collect

  • No analytics SDKs (no Firebase Analytics, Crashlytics, Sentry, Mixpanel, etc.).
  • No advertising IDs.
  • No location data.
  • No device identifiers beyond what Google Play Services routinely shares with Google.
  • No background telemetry of any kind.

If a future version of the app adds any data collection, this policy will be updated before the change ships, and the change will be opt-in where reasonably possible.

5. Third-party services

SurgiSafe uses two Google services and no others.

  • Google Sign-In: used to authenticate your access to your own Google Drive. Governed by Google’s privacy policy.
  • Google Drive API: used to upload, list, and download files in the app’s own folder inside your Drive.

6. Children’s privacy

SurgiSafe is intended for use by qualified medical professionals. It is not directed at children, and we do not knowingly process information about children below the age of consent under applicable law.

7. How long data is retained

Data on your device persists for as long as you keep the app installed. Data in your Google Drive persists for as long as you keep it there. Madhisoka does not retain any of your data on its own systems, because Madhisoka does not operate any server that handles user data.

8. How to delete your data

  • Local data: uninstall SurgiSafe, or use the “Clear app data” option in your phone’s system Settings → Apps → SurgiSafe.
  • Drive data: open Google Drive, locate the SurgiSafe folder, and delete its contents. Madhisoka cannot delete those files for you because we don’t have access to them.
  • Drive access: revoke SurgiSafe’s access to your Drive at any time via myaccount.google.com/permissions.

9. Security

Because data resides on your phone and in your Drive, security depends primarily on: (a) your phone’s lock screen, (b) the security of your Google account, and (c) Google Drive’s encryption at rest and in transit. We strongly recommend enabling two-factor authentication on your Google account.

10. Cross-border transfers

SurgiSafe itself does not transfer your data anywhere. Google Drive may store and replicate your files in data centres outside your country of residence; this is governed by Google’s own policies.

11. Your rights

Under applicable laws including India’s Digital Personal Data Protection Act, 2023, and the EU GDPR, you have the right to access, correct, and delete personal data we hold about you. Because Madhisoka does not hold personal data on its own systems, you already have these abilities directly through your device and your Google account. For any related queries, write to madhisoka17@gmail.com.

12. Changes to this policy

If we change anything material, we will update this page, change the effective date, and — when reasonably possible — notify you in-app the next time you open SurgiSafe.

13. Contact

For privacy questions, requests, or complaints, write to madhisoka17@gmail.com. We respond from the same inbox a human reads, usually within a few days.