WardLink iconWardLink
Open WardLink

WardLink Privacy Policy

Last updated: May 2026

Overview

WardLink ("we", "our", "us") is developed and operated by the WardLink developer identified in the Apple App Store, Google Play, and the web portal. WardLink is a clinical reference and ward-management tool intended exclusively for licensed healthcare professionals. It is not a medical device as defined by the EU Medical Device Regulation (MDR), the U.S. FDA, or equivalent regulatory bodies, and does not diagnose, treat, cure, or prevent any medical condition. It is not intended to be used as a standalone drug dosage calculator.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and the rights you have over your data. By using WardLink you agree to the practices described below.

This policy applies to the WardLink application distributed through Google Play, the Apple App Store, and the web portal at https://wardlink.link. The public Privacy Policy URL is https://wardlink.link/privacy.

Effective date: 25 April 2026.

Data Safety Summary (Google Play)

To help you understand our data practices at a glance, here is a summary aligned with Google Play's Data Safety disclosure:

Data we collect (required for app functionality):

  • Personal info — Name, email address, user ID, professional role, institutional affiliation.
  • Health info — Patient profiles, medication histories, lab results, vital signs, clinical notes, and other clinical data you enter.
  • Audio files — Voice recordings are converted to base64 on your device and sent to Google Vertex AI for transcription; raw audio is processed transiently and is not saved as a WardLink patient record unless you save the resulting text.
  • Photos and files — Document images when you scan or import from your photo gallery (sent to Google Vertex AI for OCR processing; raw images are processed transiently and are not saved as WardLink patient records unless you save extracted text or structured data).
  • File attachments — PDFs and documents selected via the file picker (sent to Google Vertex AI for text extraction; raw files are processed transiently and are not saved as WardLink patient records unless you save extracted text or structured data).
  • App activity — App interactions and in-app search history (aggregated, anonymized analytics only).
  • App info and performance — Crash logs, diagnostics, device model, OS version, app version.
  • Device or other IDs — Firebase Installation ID (used for analytics and crash reporting only).
  • Financial info (Web only) — Billing contact details and payment status needed to operate the web portal. Card details are handled by Paymob hosted checkout; WardLink never receives or stores full card numbers.

Data we do NOT collect:

  • Location data (precise or approximate).
  • Full payment card numbers or card security codes.
  • Messages (emails, SMS, MMS).
  • Contacts or calendar data.
  • Web browsing history.
  • Device advertising identifiers (GAID / IDFA).

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Users can request account and data deletion — see Section 8.
We do not share data with third parties for advertising purposes.

Apple App Privacy (App Store Connect) data types collected: Contact Info (email address, name), Health & Fitness (health info), Photos or Videos (document scans sent to Google Vertex AI for OCR), Diagnostics (crash data, performance data), Identifiers (user ID, device ID). Voice dictation audio is transmitted to Google Vertex AI for transcription. Data associated with you: contact info, health info, user content, identifiers. Data used to track you: none. Data linked to identity: contact info, health info, identifiers. Data not linked to identity: diagnostics (anonymized crash and performance data).

1. Information We Collect

We collect only the information necessary to operate the app and provide its features.

Personal and sensitive data we collect:

  • Account and professional information: name, email address, professional role, hospital or institutional affiliation, and authentication credentials.
  • Health information: patient profiles, demographic identifiers, medication histories, laboratory results, microbiology and pathology data, radiology reports, vital signs, clinical notes, and any other clinical data you record. This information may be identifiable Protected Health Information (PHI). You are responsible for ensuring that the data you enter complies with your institution's policies and with applicable health-data regulations (such as HIPAA in the United States, GDPR / UK GDPR in Europe, or local equivalents).
  • Audio recordings: when you use voice dictation, audio is recorded on your device and encoded to base64. This base64 data is transmitted to our server (via Firebase Cloud Functions), which forwards it to Google Vertex AI for speech-to-text transcription. The resulting text is returned to the app. WardLink does not save raw audio as a patient record unless you separately save the resulting text.
  • Document images: when you scan a clinical document or photograph, the image is captured on your device and encoded to base64. This data is transmitted to our server (via Firebase Cloud Functions), which forwards it to Google Vertex AI for text extraction (OCR). The extracted text or structured result is returned to the app. WardLink does not save the raw image as a patient record unless you separately save extracted text or structured data.
  • Team and collaboration metadata: ward assignments, team membership, invite codes, hand-over notes, and inter-practitioner messages.

Technical and diagnostic data we collect:

  • Device model, operating system version, app version, language, country/region, app-instance identifiers (such as Firebase Installation IDs), crash logs (stack traces), and aggregated usage metrics (screen views, session starts). We do not collect device advertising identifiers (IDFA / GAID), precise or approximate location, installed apps inventory, contacts, SMS, or call data.

Device permissions requested by the app:

  • Camera — only when you scan a document or photograph; the image is processed for OCR and is not retained beyond what you save.
  • Microphone — only when you use voice dictation; the audio is processed for transcription and is not retained beyond what you save.
  • Local network — to connect to the app's cloud back-end services.

On Android, each permission is requested at the time of use via the Android runtime permission prompt. On iOS, each permission is requested at the time of use via the iOS system permission dialog with a clear explanation of why the permission is needed. You may grant or deny each permission independently; denying a permission disables the corresponding feature but does not prevent you from using the rest of the app.

How we collect data: through the app's account-creation, data-entry, voice-dictation, document-scanning, and in-app navigation flows; through the device permissions listed above; and from automatic technical signals reported by the Firebase SDKs listed in Section 4. We do not embed advertising SDKs, advertising trackers, or third-party SDKs that perform cross-app behavioural tracking.

2. How We Use Your Data

We use the data described in Section 1 only for the following purposes:

  • App functionality and account management — operating the application, organizing patient records, surfacing reference information from published sources, synchronizing data across authorized team members' devices, and managing your account.
  • Reference lookups — drug-interaction, renal-dosing, hepatic, pregnancy, lactation, and allergy reference checks are performed by static, rule-based comparisons against bundled reference databases. They are not machine-learning predictions and they are not patient-specific dosing calculators. Output is informational and must be independently verified by the prescribing clinician.
  • Voice transcription — audio is encoded on your device and sent via our server to Google Vertex AI for transcription; see Section 4.
  • Document OCR — images/PDFs are encoded on your device and sent via our server to Google Vertex AI for text extraction; see Section 4.
  • Team collaboration — sending notifications, enabling shared patient lists, and maintaining audit trails for team accountability.
  • Analytics and service reliability — diagnosing crashes, monitoring performance, and improving the app using aggregated, anonymized data.
  • Fraud prevention, security, and compliance — detecting unauthorized access, fraud, and policy violations.
  • Legal compliance — responding to lawful requests, enforcing our terms, and meeting statutory retention obligations.

We do not sell, rent, or trade your personal data or PHI to anyone. We do not use your data for advertising, behavioural tracking, or any purpose unrelated to operating the app.

3. Legal Bases for Processing (GDPR / UK GDPR)

If you are located in the European Economic Area or the United Kingdom, the legal bases on which we process your personal data are:

  • Performance of a contract — to provide the service you have signed up for under the Terms of Use.
  • Legitimate interests — to operate, secure, and improve the service, prevent fraud, and maintain audit trails. These interests are balanced against your rights and freedoms.
  • Consent — for optional features such as voice dictation and document scanning. You may withdraw consent at any time by disabling the relevant permission in your device settings.
  • Legal obligation — where retention or disclosure is required by applicable law.

Processing of patient data you enter is performed by us on your (or your institution's) instructions, in our role as a data processor / service provider where applicable.

4. Third-Party Service Providers

We use the following service providers to operate the app. Each is governed by the relevant Google Cloud / Firebase data-processing terms, which require the provider to apply protections of your data equivalent to those described in this Privacy Policy.

  • Firebase Authentication (Google LLC) — for sign-in, identity, and session management.
  • Firebase Data Connect and Cloud SQL for PostgreSQL (Google LLC) — for the encrypted storage and synchronization of your account, team, and clinical records.
  • Cloud Functions for Firebase (Google LLC) — for server-side processing of in-app actions such as document and audio uploads.
  • Firebase Cloud Messaging (Google LLC) — for delivering push notifications.
  • Firebase Crashlytics (Google LLC) — for crash diagnostics. Crashlytics receives stack traces, device model, operating-system version, app version, and an anonymous Crashlytics installation identifier; it does not receive PHI or patient records.
  • Firebase Analytics (Google LLC) — for aggregated, app-usage metrics. Analytics receives automatically generated events (such as app open, screen view, session start), the app-instance identifier, app version, device model, language, and country / region. We do not log custom events that contain PHI, and we do not use Analytics for advertising or for cross-app behavioural tracking. IP-address truncation is enabled for users in the European Union and the United Kingdom.
  • Firebase App Check (Google LLC) — for verifying that requests to the back-end originate from a legitimate instance of the app. App Check collects an attestation token from the device platform; it does not access user data.
  • Google Vertex AI (Google Cloud Platform / Google LLC) — for speech-to-text transcription and document OCR. When you use voice dictation, your audio is base64-encoded on your device, sent to our Firebase Cloud Functions server, which forwards it to Vertex AI for transcription. When you scan a document, the image is similarly base64-encoded and sent via our server to Vertex AI for text extraction. Processing is governed by applicable Google Cloud data-processing terms and the configuration of WardLink's Google Cloud project.
  • Google Play Services (Google LLC) — for core Android functionality including security verification, app updates, and push notification delivery on Android devices.
  • Paymob — for processing web-portal payments through hosted checkout. Paymob handles card data directly; WardLink never receives or stores full credit/debit card numbers.

Third-party data protection: We require every third party listed above with whom we share user data — including analytics providers, cloud service providers, AI processors, and payment processors — to provide the same or equal protection of user data as stated in this Privacy Policy, as required by applicable data-processing agreements and industry standards.

Explicit consent for third-party AI: When you use voice dictation or scan a document, your audio (as base64) or image data is shared with Google Vertex AI for processing. You are informed of this before the feature is activated, and your consent is obtained through the device permission prompt (camera or microphone). You may decline or revoke this consent at any time by denying or disabling the relevant device permission.

We do not embed advertising SDKs or third-party SDKs that perform cross-app behavioural tracking. The app does not collect device advertising identifiers (IDFA / GAID).

5. Data Sharing and Disclosure

We share your information only in these limited circumstances:

  • With service providers listed in Section 4, strictly to deliver the app's features.
  • With other members of the team you have joined, to the extent you choose to share patient data within that team.
  • To comply with valid legal process, court orders, or government requests, where we are legally required to do so.
  • To protect the rights, safety, or property of WardLink, its users, or the public — for example, to prevent fraud or security incidents.
  • In connection with a corporate transaction such as a merger, acquisition, or sale of assets, with notice to affected users.

We do not sell your data. We do not share your data for advertising. We do not share PHI with any party outside the providers and team members described above.

6. Artificial Intelligence (Scope and Limits)

WardLink uses AI strictly for:

  • Speech-to-text transcription of voice dictation (audio is encoded on your device, sent via our server to Google Vertex AI, and transcribed in the cloud).
  • Optical character recognition (OCR) of clinical documents you scan (images/PDFs are encoded on your device, sent via our server to Google Vertex AI, and processed in the cloud).

AI is NOT used for:

  • Generating clinical diagnoses or treatment recommendations.
  • Making autonomous medical decisions.
  • Calculating patient-specific drug doses.

Important: WardLink is not a drug dosage calculator. It does not compute individualized dosing regimens for patients. Drug reference information (renal dosing adjustments, hepatic adjustments, pregnancy/lactation categories, interaction checks) is presented as static, published reference data from peer-reviewed sources — not as individualized dosing recommendations. The prescribing clinician must independently verify all reference information before clinical use.

All pharmacological reference information shown in the app is sourced from:

  • RxNorm (U.S. National Library of Medicine) for drug nomenclature and coding.
  • WHO ICD-11 for diagnostic classification.
  • Published pharmacological literature for renal, hepatic, pregnancy, and lactation safety information.

Reference outputs are static rule-based lookups from bundled databases — not predictions, recommendations, or medical advice. The clinician is solely responsible for interpreting and acting on this information.

7. Health Data Handling

WardLink handles health information as sensitive personal data. Health data (including PHI) entered into the app is:

  • Encrypted in transit using TLS 1.2 or higher and at rest using AES-256.
  • Accessible only to you and authorized team members you have explicitly added.
  • Not used for advertising, profiling, or any purpose beyond clinical workflow support.
  • Not sold to any third party under any circumstances.

You are responsible for ensuring that entering patient data into the app complies with your institution's policies, patient consent requirements, and applicable health-data privacy laws (including HIPAA, GDPR/UK GDPR, and local equivalents). WardLink acts as a data processor with respect to patient data you enter, processing it on your instructions.

8. Data Retention and Account Deletion

We retain your data only as long as needed to operate the app or as required by law.

  • While your account is active, your account, profile, team data, and patient records you have entered are retained to support continuity of care. Per-data-type retention while active:
    • Account and profile data: retained for the lifetime of the account.
    • Patient clinical records (medications, labs, vitals, notes): retained for the lifetime of the account or until you manually delete them.
    • Team metadata (members, invites, hand-over notes): retained for the lifetime of the team or until the team is dissolved.
    • Raw audio, image, and file data sent for AI transcription/OCR: processed transiently; WardLink retains only the text or structured data that you choose to save.
    • Crash logs and diagnostics: retained for 90 days, then automatically purged.
    • Analytics events: retained in aggregated form for 14 months; raw event data is automatically deleted after 60 days.
    WardLink does not delete your account solely because you have not logged in recently. Patient clinical records (medication histories, lab results, vital signs, clinical notes) entered by you are retained for as long as your account exists or until you manually delete them.
  • When we complete an account deletion request, associated personal and clinical records are deleted from primary production systems within thirty (30) days, except where longer retention is required by law (for example, statutory medical-record retention, fraud-investigation obligations, or regulatory mandates).
  • Encrypted backup copies are rotated and expire on a continuous schedule — typically within ninety (90) days of deletion from production.

How to request account deletion:

  • In the app: go to Settings > Account > Delete Account.
  • On the web: visit wardlink.link, sign in, go to Settings > Account > Delete Account.
  • Public web request page: https://wardlink.link/data-deletion.
  • By email: send a deletion request to [email protected].

We will confirm completion in writing. Data retained beyond deletion for legal or security reasons will be documented in our response.

9. Security

We apply administrative, physical, and technical safeguards designed to protect your data:

  • Encryption in transit using Transport Layer Security (TLS) 1.2 or higher.
  • Encryption at rest using AES-256.
  • Role-based access controls and least-privilege principles for personnel access to production systems.
  • Server-side request verification using Firebase App Check.
  • Reasonable monitoring and incident-response procedures.
  • Hosting on enterprise-grade cloud infrastructure (Google Cloud Platform / Firebase). The cloud-platform vendor maintains industry-standard certifications such as ISO 27001 and SOC 2 Type II at the infrastructure layer; these certifications apply to the underlying infrastructure and are not a representation that WardLink itself is independently certified to those standards.

No system is perfectly secure. If you become aware of any security incident affecting your data, please contact us immediately at [email protected].

10. Your Privacy Rights

Depending on your jurisdiction, you may have some or all of the following rights with respect to your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — ask us to delete your personal data.
  • Restriction — ask us to limit how we use your data while a complaint is resolved.
  • Portability — receive a copy of your data in a structured, commonly used, machine-readable format (provided as JSON or CSV within 30 days of request).
  • Objection — object to our use of your data based on legitimate interests.
  • Withdrawal of consent — where processing is based on consent, you may withdraw it at any time by adjusting the relevant device permission (Settings > Privacy on iOS, Settings > Apps > WardLink > Permissions on Android) or by contacting us. Withdrawing consent will not affect the lawfulness of processing prior to withdrawal.
  • Lodging a complaint — with your local data-protection supervisory authority.

To exercise any of these rights, contact [email protected]. We will respond within the timeframe required by applicable law (typically 30 days under GDPR / UK GDPR). We may need to verify your identity before fulfilling certain requests.

11. California Consumer Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to know — you have the right to know what personal information we collect, use, and disclose about you. This Privacy Policy serves as that disclosure.
  • Right to delete — you have the right to request deletion of your personal information, subject to certain exceptions. See Section 8 for how to submit a deletion request.
  • Right to opt out of sale — we do not sell your personal information, so no opt-out is necessary.
  • Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

Categories of personal information collected: identifiers (name, email, user ID), professional information, health information (PHI you enter), audio and image data (processed ephemerally), device and technical data.

To exercise your CCPA rights, contact [email protected].

12. Children's Privacy

WardLink is intended exclusively for use by licensed healthcare professionals. The app is not directed to children under 13 (COPPA) or under 18, and we do not knowingly collect personal data from minors. If you believe a minor has provided us personal data, contact [email protected] and we will delete it.

Patient records entered by clinicians may relate to paediatric patients. Such information is handled as PHI under the same protections described in this policy and is not used for any purpose other than the clinical workflows the entering clinician initiates.

13. International Data Transfers

WardLink is operated from Egypt. Our cloud and AI service providers operate globally, which means your data may be transferred to, processed in, and stored in countries outside your own — including the United States and the European Union.

Where required by law, such transfers are governed by recognized safeguards, such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, the EU-U.S. Data Privacy Framework, or equivalent mechanisms. By using the app you acknowledge that your data may be transferred and processed internationally for the purposes described in this policy.

14. Medical Disclaimer

WardLink is not a medical device and does not diagnose, treat, cure, or prevent any medical condition. All reference information shown in the app is compiled from published sources for the convenience of qualified healthcare professionals and must be independently verified before clinical use. The clinician is solely responsible for all clinical decisions. Always consult a qualified healthcare professional for medical advice, diagnosis, or treatment.

15. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you through the app and update the effective date shown in the Overview section above. Continued use of WardLink after a notified update constitutes acceptance of the revised policy.

16. Contact Us

For privacy questions, data-rights requests, or concerns about this policy:

  • Data controller: WardLink
  • Email: [email protected]
  • Address: Cairo, Egypt
  • Web: wardlink.link
  • Apple App Store: WardLink on the App Store
  • Google Play listing: WardLink on Google Play

For users in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data-protection supervisory authority.

For California residents, you may also contact us at the email above to exercise your CCPA rights.