Every account can be reported.
Every verified provider can block someone or flag a concern directly from the conversation. Reports go to a real person, not an automated queue. For escalation, write to doctalinksupport@gmail.com.
This is what HIPAA-compliant messaging looks like in plain English.
Messages are sealed on your device. They only open on the recipient's. We never hold the keys that would let us read them.
Every account is identity-checked against clinical credentials before it sends a single message. No public sign-up, ever.
Lose a device, sign in on a new one. Without a recovery code, past history won't decrypt. By design.
Your message is encrypted on your device, travels as noise across our servers, and only decrypts on the recipient's screen. Nobody in between can read what's in it.
Every verified provider can block someone or flag a concern directly from the conversation. Reports go to a real person, not an automated queue. For escalation, write to doctalinksupport@gmail.com.
Remove your account from Doctalink at any time. We pull you from the directory immediately. Your encrypted message records are deleted within 30 days. Your recovery code becomes inert.
No public surface. Two readers. Nothing in the middle.
Last updated: May 28, 2026.