Privacy Policy
Last updated: March 2026
1. What Data We Collect
Report Data
Violation category, severity, title, description, incident date and location, evidence files, declarant name, email, phone (for sworn filings), and digital signatures.
Response Data
Respondent name, position, email, phone, identity verification documents, malpractice insurance or medical license documentation, and response text.
Analytics Data
IP addresses (anonymized after 48 hours), page views, referrer URLs, browser user agent, and country of origin. Collected via our self-hosted Panoptikon analytics engine.
Payment Data
Payment processing is handled by Invoice Ninja (card/bank) and BTCPay Server (Bitcoin). We do not store credit card numbers, bank account details, or Bitcoin private keys.
2. How Data Is Stored
All sensitive data is stored on LUKS-encrypted RAID 1 storage at /mnt/secure-data/. This includes declarant identities, report descriptions, signatures, evidence files, identity verification documents, and hash-chain ledger files.
Database records are stored in PostgreSQL 17 with TLS-encrypted connections. Backup data is encrypted at rest using AES-256-GCM and stored on geographically separated backup infrastructure.
Hash-chain ledger files are append-only NDJSON stored on the encrypted RAID 1 array. Each entry contains a SHA-256 hash of the current record chained to the hash of the previous entry, creating a tamper-evident audit trail.
3. No Third-Party Sharing
We do not sell, rent, trade, or share personal data with any third party. We do not use third-party analytics services (Google Analytics, etc.). Our analytics are entirely self-hosted.
We do not embed third-party tracking scripts, social media widgets, or advertising networks. The only external services we use are Cloudflare (for DDoS protection and DNS), Invoice Ninja (payment processing), and BTCPay Server (Bitcoin payments) — all of which are self-hosted where possible.
4. Public vs. Private Data
Public: Practitioner names, titles, specialties, license numbers, facility affiliations, trust scores, violation titles, categories, severities, statuses, filing dates, incident dates, SHA-256 hashes, OTS status, and official responses.
Private: Report descriptions, declarant identities (name, email, phone), digital signatures, evidence files, identity verification documents, malpractice insurance documents, medical license copies, and payment details.
5. Right to Erasure — Public Record Exception
Malpracticed operates as a public record registry. Under the public record exception to data protection regulations (including GDPR Article 17(3)(d) and equivalent provisions), we may decline requests to delete report data that serves the public interest in accountability and transparency.
Additionally, report hashes that have been timestamped on the Bitcoin blockchain via OpenTimestamps are technically immutable and cannot be erased from the blockchain by anyone, including Malpracticed.
If you believe a report contains factually incorrect information, you may file an official response (which will be displayed alongside the report) or contact us at [email protected].
6. Cookies
Malpracticed uses a single functional cookie for locale/language preference. We do not use tracking cookies, advertising cookies, or any third-party cookies. If you enable the optional analytics consent, a consent preference cookie is set. No personal data is stored in cookies.
7. Data Retention
- Report data: Retained indefinitely as public record
- Declarant identity data: Retained for the lifetime of the report (encrypted at rest)
- Analytics data: IP addresses anonymized after 48 hours; aggregate data retained indefinitely
- Contact form messages: Retained for 1 year, then deleted
- Chat session data: Retained for 90 days, then deleted
- Payment records: Retained as required by applicable tax and financial regulations
8. Legal Disclosure
We may disclose personal data if required by valid legal process (court order, subpoena, or equivalent legal instrument). We will notify the affected user of such disclosure unless prohibited by law. We will challenge overbroad or baseless requests.
9. Contact
For privacy-related inquiries, data access requests, or concerns: [email protected]
Malpracticed is operated by Soteria Global Trust.