— legal

Privacy Policy.

Effective 20 May 2026 · Last updated 20 May 2026

1. Who we are

eSurgibook (“the app”, “we”, “us”) is a private surgical logbook operated by Centralogic Technologies Pvt. Ltd., a company registered in India. We can be reached at vijeningle@gmail.com.

2. The data we collect

We collect only what is necessary for the app to function and for you to manage your own logbook. The categories are:

  • Account details — name, email, mobile number, password (hashed), professional role, speciality, grade, medical registration number, and state.
  • Logbook content you create — operations, conferences, audits, publications, trainings, and verifications. This includes:
    • Patient identifiers limited to initials and an optional hospital patient number (the hospital ID is stored on your device only and is never transmitted to our servers).
    • Procedure details: diagnosis, operation name, anaesthesia, surgeon, dates, locations.
    • Photos you choose to attach (pre-operative, intra-operative, post-operative).
    • Free-text notes, complications, learning points, and reflections.
  • Mentor-verification metadata — the mentor's identity, the verification outcome (verified / rejected / requested changes), the timestamp, and any comments left by the mentor on your entries.
  • Authentication tokens — an access token (short-lived, ~15 minutes) and a refresh token (~7 days) generated on sign-in. On supported devices the refresh token may be stored under the operating system's biometric-protected secure store (Face ID / Touch ID on iOS, biometric / KeyStore on Android) for “Sign in with Face ID”.
  • Passkey credentials (web) — if you enrol a passkey on the web, we store the credential's public key, a signature counter, and the transport hint. The private key never leaves your device.

3. What we do NOT collect

  • We never collect full patient names, addresses, or contact details.
  • We do not use any analytics SDK or attribution tracking on the mobile app.
  • We do not access your photo library beyond the individual images you explicitly attach to a logbook entry.
  • We do not collect precise device location.
  • We do not sell, rent, or share your data with advertisers or data brokers.

4. How we use the data

All collected data is used solely to provide the app's functionality — storing and displaying your logbook, allowing your mentor to review entries, generating PDF reports, and keeping you signed in across devices. We do not profile you for marketing or behavioural targeting.

5. Where the data is stored

Your data is encrypted in transit via TLS 1.2+ and stored in a managed Postgres database hosted on Microsoft Azure (Central India region). Uploaded images live in encrypted Azure Blob Storage in the same region. Backups are retained for 30 days. Access is restricted to authorised engineering personnel for the purpose of running the service.

6. Who else sees the data

The only third parties that touch your data are:

  • Microsoft Azure — our cloud hosting provider, under the Azure DPA.
  • Apple — if you download via the App Store, Apple's standard analytics (install counts, version distribution) apply per Apple's privacy practices. We don't receive individual-level data from Apple.
  • Google Play — same as above for Android.
  • Mentors you explicitly invite — if you send a mentorship request, the mentor can view the logbook entries you've created from the date they accept onwards (and previous entries you choose to share).

We do not work with advertising networks, data brokers, or any non-essential third party.

7. Your rights

You can, at any time:

  • Edit or delete any individual logbook entry from within the app.
  • Update your profile from the Profile screen.
  • Disable Face ID / passkey from the Profile screen, which wipes the stored refresh token.
  • Delete your account at any time from the Profile screen (“Delete account”), confirming with your password. Deletion is immediate and permanent: you are signed out, sign-in is disabled, and your data is removed. There is no retention period and the action cannot be undone. You can also delete your account from our web deletion page, or request deletion by emailing vijeningle@gmail.com.
  • Request a copy of all data we hold on you (data portability), in machine-readable JSON, by emailing the same address. We will respond within 30 days.

8. Data retention

Active accounts retain their logbook indefinitely — the entire purpose of a logbook is the long arc of a surgical career. If you delete your account, sign-in is disabled and your data is permanently removed. There is no retention period and deletion cannot be undone. Idle accounts (no sign-in for 24 months) are flagged for review and may be archived; we'll email you before any data is removed.

9. Children

eSurgibook is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it.

10. Changes to this policy

We may update this policy when the app or its data practices change. Material changes will be announced in-app and via email to your registered address. Continued use after a policy update constitutes acceptance.

11. Contact

For any privacy question, data-deletion request, or correction of inaccurate data, please email vijeningle@gmail.com. We aim to respond within 5 working days.