Privacy Policy

Doctorita ("we," "our," or "us") is committed to protecting the privacy and security of your personal information and patient data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered clinical documentation platform.

This policy applies to all users of Doctorita, including healthcare providers, medical staff, and patients whose information is processed through our platform. By using Doctorita, you agree to the collection and use of information in accordance with this policy.

We comply with the General Data Protection Regulation (GDPR), HIPAA (where applicable), and other relevant data protection laws. If you have questions about this policy, please contact us at privacy@doctorita.com.

Account Information: When you create an account, we collect your name, email address, and authentication credentials through Auth0, our trusted identity provider.

Patient Health Information (PHI): Healthcare providers using Doctorita input patient data including names, dates of birth, contact information, medical history, allergies, chronic conditions, medications, and emergency contact details.

Audio Recordings: We process audio recordings of patient-provider consultations that you upload to our platform. These recordings are stored securely in encrypted cloud storage (DigitalOcean Spaces).

Transcripts and Clinical Notes: Our AI system generates transcriptions and clinical summaries (SOAP notes) from uploaded audio files using OpenAI Whisper and GPT-4 technology.

Usage Data: We automatically collect technical information including IP addresses, browser type, device information, and usage patterns to improve our services and ensure security.

User Preferences: We store your language preferences, default templates, and other settings to personalize your experience.

Providing Services: We use your data to deliver our core functionality, including transcription, AI-generated clinical summaries, patient management, and appointment scheduling.

AI Processing: Audio recordings and patient information are processed by OpenAI's GPT-4 and Whisper models to generate accurate transcriptions, identify speakers, and create structured clinical documentation.

Communication: We use your contact information to send service-related notifications, respond to inquiries, and provide customer support.

Platform Improvement: We analyze usage patterns and feedback to enhance our platform's features, performance, and user experience.

Legal Compliance: We process data as necessary to comply with legal obligations, including healthcare regulations and tax requirements.

Security and Fraud Prevention: We monitor for suspicious activity and unauthorized access to protect your data and our platform.

Database Storage: All structured data (patient records, visit summaries, user settings) is stored in MongoDB databases with encryption in transit. We implement strict access controls and regular backups.

File Storage: Audio recordings are stored in DigitalOcean Spaces (Frankfurt region) with server-side encryption. Access to files is controlled through time-limited presigned URLs.

Third-Party AI Processing: Audio files and transcripts are temporarily sent to OpenAI for processing. OpenAI does not retain this data after processing is complete, per our data processing agreement.

Retention Period: We retain your data for as long as your account is active and as required by applicable healthcare regulations. Patient records are typically retained for 7-10 years in accordance with medical record-keeping requirements.

Data Deletion: You can request deletion of your account and associated data by contacting support@doctorita.com. Patient health information may be retained longer if required by law.

We do not sell your personal information or patient data to third parties. We only share data with trusted service providers who assist in delivering our services:

Auth0 (Authentication): Manages secure user authentication and identity verification.

OpenAI (AI Processing): Processes audio transcriptions and generates clinical summaries. Data is sent via encrypted API calls and is not retained by OpenAI.

DigitalOcean (Cloud Storage): Hosts audio recordings and other files in EU data centers with encryption and access controls.

MongoDB Atlas (Database): Stores structured data with encryption and geographic restrictions to EU regions.

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify. They are prohibited from using your data for their own purposes.

As a data subject under GDPR, you have the following rights:

Right to Access: You can request a copy of all personal data we hold about you.

Right to Rectification: You can request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten"): You can request deletion of your data, subject to legal retention requirements.

Right to Data Portability: You can request your data in a machine-readable format to transfer to another service.

Right to Object: You can object to certain types of data processing, such as for marketing purposes.

Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances.

To exercise these rights, contact us at privacy@doctorita.com. We will respond within 30 days of your request.

We implement industry-standard security measures to protect your data:

Encryption: All data in transit is encrypted using TLS 1.3. Audio files are encrypted at rest in cloud storage.

Authentication: We use Auth0 with JWT-based authentication and support for multi-factor authentication (MFA).

Access Controls: Role-based access control (RBAC) ensures users can only access data relevant to their role.

Regular Audits: We conduct security assessments and monitor for vulnerabilities.

Incident Response: We have procedures in place to detect, respond to, and notify affected parties of data breaches within 72 hours as required by GDPR.

Doctorita is based in Romania (EU). Your data is primarily stored and processed within the European Union. When we use third-party services based outside the EU (such as OpenAI), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by email or through a notice on our platform. Your continued use of Doctorita after changes are posted constitutes acceptance of the updated policy.

For privacy-related questions, concerns, or to exercise your rights, please contact us at:

Email: privacy@doctorita.com

Data Protection Officer: dpo@doctorita.com

Address: Doctorita SRL, Sos. Mihai Bravu 510B, Bucharest, Romania