Privacy policy

Doxy.me Inc.

Last updated: January 31, 2024

This Policy describes how Doxy.me Inc. ("Company", "We", "Us", or "Our"), may collect, use, share, retain and protect Personal Data through this Website. This Privacy Policy applies to Your Personal Data, which can include any information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with You, Your house, or Your Device ("Personal Data"). “You”, “Your” and similar terms refer to any Guests, Providers, and Patients who access or use the Site and/or Services.

Please note, We collect different Personal Data and use it for different purposes depending on whether You are accessing the Service and Site as a Guest, a Provider, or a Patient. Please see Our definitions section below for a clear definition of those roles and click on the section of the Privacy Policy that applies to You in the role that You are using the Site or Service to get more information. In addition, the definition of Personal Data can vary by jurisdiction. If We collect information from You that is considered Personal Data in Your jurisdiction, We will treat it as such in accordance with this Privacy Policy. Our privacy practices are subject to privacy laws in multiple jurisdictions. You may see references to practices that only apply to individuals living in certain U.S. states.

Please read this Policy carefully. By using the Website and/or the Services, You agree to the collection and use of Personal Data in accordance with this Privacy Policy. This Policy may change from time to time (see Changes to this Privacy Policy). Your continued use of this Website after We make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.

SIMPLY PUT, your privacy is important to Us and We follow the following principles:

For Patients, We collect limited data to allow Providers to provide their services to You and We do not persistently retain any health-related information. Your video sessions and chats are not recorded or otherwise stored on Our servers (but files transferred and captured photos between Patient and Provider during a Session are passed through Our servers for a transitory time and then deleted). We do not sell or share your Personal Data.
For Providers, We collect Personal Data to allow You to provide services to your patients and do not persistently retain any health- related information. Your video sessions and chats are not recorded or otherwise stored on Our servers (but files transferred and captured photos between Patient and Provider during a Session are passed through Our servers for a transitory time and then deleted). You can delete or modify any Personal Data in your account at any time. We may use your Personal Data to market Our and Our affiliates’ services to You both directly and through targeted marketing.
For Guests, We collect limited data to provide customer service and obtain analytics information regarding Our website to better provide Our products and Services to You, and if You apply for a job with Us We collect information related to Your job application. We do not collect health information from You. We may use your Personal Data to market Our and Our affiliates’ services to You both directly and through targeted marketing.
Please see the section that applies to You as Patient, Provider, or Guest for full information about Our data practices.

Region-specific polices

Definitions

This section defines certain terms that are used throughout this Policy.

Account means a unique account created for Providers to access Our Services or parts of Our Services. This may also be referred to as Your Clinic.
Affiliates means Our parent company and any other subsidiaries, joint venture partners
or other companies that We control or that are under common control with Us.
Device means any device that can access the Services such as a computer, a cellphone or a digital tablet.
Doxy.me Services or Services means the Doxy.me software, applications, and services provided to Providers for use with their Patients
Guest refers to an individual who is visiting Our Website to gather information or to seek customer support. A Guest may also be a current or future Patient or a Provider. But when We refer to a Guest, We are referring to a visitor to the Website who is not in a current Session as a Patient and does not have a Provider account.
Patient refers to an individual who is using the “Patient” component of the Services by using a unique URL sent by the Provider to enter the Waiting Room (prior to the Session).
Provider means a doctor, medical group, or other healthcare professional who has signed up as a “Provider” on the Doxy.me Services.
Provider Link is the unique URL (web address) that the Patient uses to enter the Provider’s Waiting Room prior to a Session. An example is https://doxy.me/DrSmith2024.
Service Providers means third-party companies or individuals employed by the Company to facilitate the Services, to provide the Services on behalf of the Company, to perform services related to the Services or to assist the Company in analyzing how the Services are used and with whom the Company has entered into a contract.
Session is a secure audio and/or video communication between the Patient and the Provider—the key feature of the Doxy.me Services.
Telehealth Tools are optional add-ons to the Services provided by a third-party Service Provider that may be used during the Services by the Provider with the consent of the Patient.
Usage Data is collected automatically and generated by the use of the Services or from the Services infrastructure itself, including:
o When You access the Services by or through a Device, the following may be collected about Your Device: its type, unique ID, IP address, operating system, Internet browser, possibly other identifiers; and
o Information that Your browser sends whenever You visit this Website or when You access the Services by or through a mobile device, such as the pages of the Website that You visit, the time and date of Your visit, and the time spent on those pages.
Waiting Room is the web page that is seen by Patients prior to the beginning of a video session. The Provider may change the look and feel of the Waiting Room and upload Provider-specific content.
Website or Site refers to https://doxy.me.

If You are a Resident of California, you may have additional rights

https://doxy.me/en/calif-policy/

If you are Browsing this Website as a Guest

What Personal Data Do We Collect?

The Personal Data that We collect from You depends on how You interact with Us, the Websites and the Services. The following includes the categories and types of Personal Data We have collected from Guests within the last twelve (12) months:

Identifiers:
o Name
o Email address
o Telephone number
Commercial Information/other:
o Customer support requests
Internet Activity:
o Usage data
For Job applicants: identifiers/professional/on-public educational information:
o If You apply for a job with Us through the website We may collect the following information: name, email address, mailing address, phone number, resume, LinkedIn profile, state of residence, desired salary, experience level, and sample work product.

How Do We Collect Personal Data?

When perusing this Website as a Guest, We collect Personal Data:

Directly from You:
o When You contact Us for information about the Services or the Website.
o When You contact Us for customer support.
o When You complete Our online form to apply for a job.
o When You conduct search queries on the Website.
Automatically, when You navigate through the Website, such as Usage Data.

Usage Data

Usage Data may be collected by server logs, tags, web beacons, or cookies.

Web Beacons: Pages of Our Website and Our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Cookies: Cookies are small files that are placed on Your Device by a website, containing (among other things) the details of Your browsing history and/or connection information when using the Website. We use cookies and similar tracking technologies to track the activity on the Website and store certain information. Unless You have adjusted Your browser setting so that it will refuse cookies, Our system will issue cookies when You direct Your browser to Our Website. The length of time that a cookie remains on Your Device depends on whether it is a “persistent” or “session” cookie. Session cookies last until You stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies We use are persistent and will expire between thirty (30) minutes and two (2) years from the date they are downloaded to Your Device.

Any use of cookies by Us or by the owners of third-party services used by Us serves the purpose of providing the Services as requested by You and maintaining the functionality of the Website. If You opt to disable all or certain cookies, Your experience may be diminished and You may not be able to use the Service.

Some content or applications on the Website are served by third parties. These third parties may use cookies to collect information about You when You use Our Website. The information they collect may be associated with Your Personal Data or they may collect information, including Personal Data, about Your online activities over time and across different websites and other online services. For example, We use Google Analytics (see Google privacy policy and Google opt-out) to evaluate use of Our Website. We use these tools to help Us understand use of, and to improve, Our Website, performance, and user experiences.

How and Why Do We Use Your Personal Data?

The Company may use Personal Data for the following purposes:

To provide and maintain Our Service: To monitor the usage of Our Services and the Website. Usage data may, in particular, be used to estimate audience size and usage patterns, store information about Your preferences, speed up searches and recognize You when You return to Our Website.
To provide Customer Support: To answer Your questions and assist You with the use of Our Services
To manage Your requests: To attend and manage Your requests to Us.
If You have applied for a job: To assess your application credentials and potentially
provide You with a job.
For our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, as long as that is not overridden by your own rights or interests.
For any reason for which you have given consent.
To provide marketing and promotional material. To provide marketing and promotional services, such as to send certain marketing, advertising, and promotional communications to show You advertisements for Our Services tailored to your interests on social media and other websites; to deliver content and service offerings relevant to Your interests, including targeted offers and ads through Our Website, third-party sites, and via email. We do not control third parties' collection or use of your Personal Data to serve interest-based advertising. However, these third parties may provide You with ways to choose not to have your Personal Data collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

If You are a resident of California, You may have additional rights and choices when it comes to your Personal Data. For Your California Residents' Privacy Rights, please see section below.

How Do We Share Your Personal Data?

With Service Providers: We may share Your Personal Data with Service Providers to provide, monitor, and analyze the use of Our Services or the Website and to contact You. For a list of Service Providers, please visit https://doxy.me/en/sub-processor-list/
For business transfers: We may share or transfer Your Personal Data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
With Affiliates: We may share Your Personal Data with Our Affiliates, in which case We will require those Affiliates to honor this Privacy Policy. Please review the privacy policy of each Affiliate for more information.
With third-party advertisers: We use Personal Data that We collect and that You provide to Us to deliver advertisements according to Our advertiser's targeted audience preferences. Please see "How We Use Your Personal Data" for information on how to opt-out if You do not wish Us to use the Personal Data. If You are a California resident, You may have additional rights to Your Personal Data. For more information, please see the California Residents' Privacy Rights located below.
With law enforcement: under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
With Company discretion: The Company may also disclose Your Personal Data in the good faith belief that such action is necessary to:
o Comply with a legal obligation
o Protect and defend the rights or property of the Company
o Prevent or investigate possible wrongdoing in connection with the Service
o Protect the personal safety of Users of the Services or the public
o Protect against legal liability

If You are a Provider

This section applies only if You sign up and have been given access to a Provider Account. Some features are not activated automatically and require explicit authorization by You.

What Personal Data Do We Collect?

The Personal Data that We collect from You depends on how You interact with Us, the Websites, and the Services. The following includes the categories and types of Personal Data We have collected from Providers within the last twelve (12) months:

Identifiers:
o Email address;
o Name;
o Phone number;*
Professional/non-public education information:
o Specialty;*
o Position or title;*
o National Provider Identifier (NPI);*
o States licensed to practice;*
Commercial Information:
o Country and payment details; **
o Records of the Services Purchased or Used; and
Internet Activity:
o Usage Data such as browsing history and search history on the Website.
Content Not Directed At the Business, which may include Sensitive Personal Data that
your Patients or you provide:
o Photocapture and file exchange features are collected and transmitted through Our servers and promptly deleted after 15 minutes (see disclosure below).
* This information is optional.
** Only required if using Stripe payment services; this information is not stored in the Service.
In addition, to the extent that You have visited Our Site as a Guest, We have also collected the Personal Data as stated under the subheading “If You Are Browsing This Website As a Guest”.

What Personal Data do We intentionally NOT Collect?

Although the Doxy.me Services are targeted to the healthcare community, Doxy.me does not collect or store any health or sensitive information You discuss during the video conference between Patient and Provider. Any health or other sensitive information You discuss or share with Your Patient is encrypted over a secure channel using the HTTPS Internet protocol with TLS encryption. Doxy.me cannot view or store the audio-video component of the Session. Even though We cannot view or store the audio-video component of the Session, there are some important privacy considerations You should be aware of that We list below, including that file transfers and photo captured during a Session are captured and stored for a transitory period on Our servers as further described below.

Session Information

Screenshare

The Services provide a feature whereby You may share all or part of Your computer screen with the Patient or You may request to view the Patient’s screen.

There are obvious privacy issues associated with sharing one’s screen. It is up to You to ensure that no sensitive or confidential information (other than that which the Patient is allowed to see) is viewable during the screensharing session.

Conversely, it is up to the Patient to ensure that there is no sensitive or confidential information on their screen prior to agreeing to the screenshare.

Doxy.me cannot control and is not in possession of any Personal Data You or the Patient might share when using screenshare.

Chats

Any chats between You and the Patient are temporarily stored in Your computer memory, not on Doxy.me servers. Your chat history stays after the Session ends so You may copy to an internal system. Once the browser is closed, the chat history is permanently deleted.

Session Privacy

At any time during the Session, You may disable the audio, video, or both. Doing so may prevent effective communication with the Patient. However, there may be times when You wish to disable the audio or video for personal reasons.

You may terminate the Session at any time.

Teleconsent Appointment Consent Form

You may ask or require a Patient to sign a Teleconsent Appointment Consent Form through our Service. The purpose of the form is to convey what telehealth communication is, Patient rights, and obligations for each party. Doxy.me provides a template form or, depending on Your Account type, You may upload Your own form. It is Your obligation to ensure that Your Patient has provided all necessary consents to use the Service, including any consents required by The Health Insurance Portability and Accountability Act of 1996 (HIPAA) with respect to any protected health information (PHI) as defined therein, as applicable to you, including, but not limited to, the Services and any file transfer or photo capture services you elect to use.

After the Patient signs the form, it should be downloaded by both You and Your Patient as it is not stored by the Services and will be permanently deleted once signed.

Telehealth Tools

Telehealth Tools are additional features, apps, or tools from Affiliates and/or third party Service Providers that may be used by a Provider during the Services. Such use is completely optional and may involve an additional fee. These Telehealth Tools may collect additional Personal Data (including PHI) during a Session, which Doxy.me does not access, view, collect, transmit, or store. The Affiliates and Service Providers that provide Telehealth Tools have their own terms of use and privacy policies that should be reviewed by You and the Patient prior to use. If You would like to use additional Telehealth Tools during a Session with a Patient, You must obtain consent from the Patient prior to use of each additional Telehealth Tool, and if you are required to have a business associate agreement (“BAA”) with the Affiliate to use the Telehealth Tool, procurement of such BAA is your responsibility.

Your Waiting Room

You can change the look and feel of Your Waiting Room and add Your content. We do not monitor the content in Your Waiting Room. You are expressly liable for the content of Your waiting room.

What Personal Data Do We or our Service Providers collect, securely transmit, and delete?

Invitations

You may invite Patients to Sessions by the following methods:

Email sent by the Service via a third-party Service Provider
Email sent by Your computer or smartphone email system
Mobile text message via a third-party Service Provider
Calendar

Any information You enter into the invitation sent by the Services will be used to create and send the message. Once that task is completed, the information is no longer used and will be permanently deleted by the service provider in the ordinary course.

File Transfer

If You choose to send a file to the Patient, that file is transmitted through Our server and is stored by Us until it is automatically deleted from Our server fifteen (15) minutes after the transfer completes. Conversely, if a Patient sends You a file, that file is transmitted through and stored on Our server until it is automatically deleted fifteen (15) minutes after the transfer completes. You are responsible for downloading and retaining any files transferred through the Service. After automatic deletion, We will have no ability to access the files that were transferred. You are responsible for determining the requirement for any BAA and ensuring it is in place if required before initiating or allowing any file transfer with your patient.

Photo Capture

If You capture a photo of the Patient, that image will be sent securely through Our server and is stored until it is destroyed fifteen (15) minutes after the transfer completes. You are responsible for downloading and retaining any photos transferred through the Service. After automatic deletion, We will have no ability to access the photos that were transferred. You are responsible for determining the requirement for any BAA and ensuring it is in place if required before initiating or allowing any photo capture with your patient.

How Do We Collect Personal Data?

When using this Website as a Provider, We collect Personal Data:

directly from You:
o When You sign up for the Services;
o When You log into or make changes to Your Account;
o Details of transactions You carry out through the Website; and o When You contact Us for information or customer support.
o When You contact Us for information or customer support.
Automatically, when You navigate through the Website, such as Usage Data (as described under “If You are Browsing the Website as a Guest; How do We Collect Personal Data; Usage Data”).
From third party public sources, such as LinkedIn and NPI databases.

How and Why Do We Use Your Personal Data?

The Personal Data shall be collected for the business purpose of identifying You to the Patients using the Services and to assure full operation of the Services during all Sessions.

The Company may use Personal Data for the following purposes:

To provide and maintain Our Service, including to monitor the usage of Our Services.
To manage Your Account: to manage Your registration as a user of the Services. The Personal Data You provide can give You access to different functionalities of the Services that are available to You as a registered user.
For the performance of a contract: to provide Our Services to You including the development, compliance and undertaking of the purchase contract for the products, items, or services You have purchased, or of any other contract with Us through the Services.
To notify You: If You enable email notifications within the Services, We will send You an email notifying You that a Patient is waiting in the Waiting Room. If You wish to be notified by text message that a Patient is waiting in the Waiting Room, You may optionally provide Your mobile number. To opt-out of these notifications, please log onto Your Account and update the notification settings as needed.
To contact You: to contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
To inform You: about news, special offers and general information about other goods, services and events which We or Our Affiliates offer that are similar to those You have already purchased or enquired about. By using the Service, You allow Us to contact You by email or within the Services regarding the Services' features, changes, maintenance, and other products that may be introduced by Us or Our Affiliates from time to time. You have the right to opt-out of receiving such information by clicking on an unsubscribe link embedded within the email message.
To manage Your requests: To attend and manage Your requests to Us.
For our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, as long as that is not overridden by your own rights or interests.
To provide directory information, if you have given your consent to be included in the public directory.
For any reason for which you have given consent.
To provide marketing and promotional material: To provide marketing and promotional services, such as to send certain marketing, advertising and promotional communications to show You advertisements for Our Services tailored to your interests on social media and other websites; to deliver content and service offerings relevant to Your interests, including targeted offers and ads through Our Website, third-party sites, and via email. We do not control third parties' collection or use of your Personal Data to serve interest-based advertising. However, these third parties may provide You with ways to choose not to have your Personal Data collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

If You are a resident of California, You may have additional rights and choices when it comes to your Personal Data. For Your California Residents' Privacy Rights, please see below.

How Do We Share Your Personal Data?

With Service Providers: We may share Your Personal Data with Service Providers to provide single sign- on services as further detailed below, and to provide, monitor and analyze the use of Our Services and to contact You or to facilitate contact between You and Your Patients if You use Our email, calendar or text features to send Your Patients the Provider Link. If You use Our billing services, We may share Personal Data with Service Providers. For a list of Service Providers, please visit https://doxy.me/en/sub-processor-list/
For business transfers: We may share or transfer Your Personal Data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
With Affiliates: We may share Your Personal Data with Our Affiliates, in which case We will require those Affiliates to honor this Privacy Policy. Those Affiliates may collect additional Personal Data or PHI during Your use of their products and services, if You elect to use those products and services, whether in a Session or otherwise. Doxy.me cannot view, obtain, or store any of the additional Personal Data or PHI collected by an Affiliate. All Affiliates collect and store additional Personal Data and PHI on their own servers, separate from Doxy.me's. Please review the privacy policy of each Affiliate for more information. You are responsible for obtaining your patient’s consent with respect to any product and services You use with them.
With business partners: We may share Your Personal Data with Our business partners to offer You certain products, services, or promotions.
With third-party advertisers: We use Personal Data that We collect and that You provide to Us to deliver advertisements according to Our advertiser's targeted audience preferences. Please see "How We Use Your Personal Data" for information on how to opt-out if You do not wish Us to use this Personal Data. If You are a California resident, You may have additional rights to Your Personal Data. For more information, please see the California Residents' Privacy Rights policy.
With law enforcement: under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Company discretion: The Company may also disclose Your Personal Data in the good faith belief that such action is necessary to:
o Comply with a legal obligation
o Protect and defend the rights or property of the Company
o Prevent or investigate possible wrongdoing in connection with the Service
o Protect the personal safety of Users of the Services or the public
o Protect against legal liability

THIRD PARTY SERVICE PROVIDERS

Single Sign-On
You may elect to login to the Doxy.me Services via a third-party authentication service. This is called Single Sign-On (SSO) and means that You must first authenticate to that third-party identity provider prior to accessing the Service. Facebook and Google identity connectors are built into the Services for the You to optionally use. Also, Doxy.me offers a custom feature whereby You may specify Your own SSO service.

By using SSO, You will be transferred to an authentication agent for that particular identity provider where Your login credentials (usually a name and password) are used to verify Your identity. Doxy.me does not have access to credentials used by a third-party identity provider. Once You have authenticated via SSO, a token is returned to Us indicating that Your identity has been verified and You will be granted access to the Service.

Patient Payment Information

If You choose to ask the Patient to pay You during the Session, You may use the third-party Stripe credit card payment system. Prior to requesting payment, You must setup a Stripe account in the settings section of Your Account. The Patient will receive a payment pop-up screen asking to provide their name and credit card details. All credit card transactions are handled by Stripe. Doxy.me does not capture or utilize any information entered in the payment pop-up screen. For more information, please visit https://stripe.com/.

Services Payment Information

If You choose to have a paid subscription, payment is made using the Stripe third-party credit card payment system. All credit card transactions are handled by Stripe. Doxy.me receives a notification from Stripe when the transaction is completed, but no PHI is exchanged. For more information, please visit https://stripe.com/.

If You are a Patient

This section only applies if You have received a Provider Link (such as https://doxy.me/DrSmith2024) by a Provider and wish to communicate with the Provider by video conference using the Service. Some features are not activated automatically and require explicit authorization by You.

What Personal Data Do We Collect?

Identifiers:
o Name*;
o Email Address**; and
o Telephone Number**
Content not Directed at the Business, which may include Sensitive Personal Data that you provide:
o Photo capture and file exchange features are collected and transmitted through Our servers (see disclosure below) ***
Internet Activity:
o Usage Data such as history of access to the Website.
* User name entered by You to enter the Services.
** Collected if your Provider has opted to use these to notify you.
*** Collected and transmitted through Our servers and promptly deleted as described herein. We have no control over the Personal Data exchanged through this method.

A Patient does not create an Account or register with Doxy.me in order to use the Services. A Provider will email or text You a Provider Link in order to enter the Waiting room. When You click on that link, it will take You to the welcome screen and You will be asked to enter Your name and click a “Check In” button. Your name is only seen by the Provider and used for an initial identification. There is no verification of Your name nor is there a requirement that You use Your full name. Your name is used only for the current Session and is not stored or otherwise used by the Service. If Your Provider has used Our Services to text or email Your invitation, then We will have sent certain information to a third-party for transmission for which Your data will be permanently deleted by the vendor in the ordinary course. If You have called us, chatted with us, or emailed Us for customer support, We will have a record of this Communication.

In addition, to the extent that You have visited Our Site as a Guest or reached us through customer support, We have also collected the Personal Data as stated under the subheading “If You Are Browsing This Website As a Guest.”

What Personal Data Do We intentionally NOT Collect or Retain?

Although the Doxy.me Services are targeted to the healthcare community, Doxy.me does not collect or store any health or other sensitive information You discuss during the Session between Patient and Provider. Any health or other sensitive information You discuss or send the Provider is sent over a secure channel using the SSL Internet protocol. Even though We cannot view or store the audio-video component of the Session, there are some important privacy considerations You should be aware of that We list below, including that file transfers and photo captured during a Session are captured and stored for a transitory period on Our servers as further described below.

Session Information

Screenshare

The Services provide a feature whereby the Provider may request to view Your screen or the Provider may share his/her/their screen with You.

There are obvious privacy issues associated with sharing one’s screen. It is up to You to ensure that no sensitive or confidential information is viewable during the screensharing session outside of the Personal Data that You choose to share with the Provider.

Doxy.me cannot control and is not in possession of any Personal Data You or the Provider might share when using screenshare.

Chats

Any chats between You and the Provider are temporarily stored in computer memory, not on Doxy.me servers. Once the browser is closed, the chat history is permanently deleted.

Session Privacy

At any time during the Session, You may disable the audio, video, or both. Doing so may prevent effective communication with the Provider. However, there may be times when You wish to disable the audio or video for personal reasons.

You may also terminate the Session at any time.

Teleconsent Appointment Consent Form

Your Provider may ask You to sign a Teleconsent Appointment Consent Form. The purpose of the form is to inform You of what telehealth communication is as well as Your rights and obligations. You should read the form completely and not hesitate to ask Your Provider for any clarifications.

If You are required to sign the form, Your signature will be electronically captured by using Your mouse and be embedded in the form. The form may be downloaded by both You and Your Provider and is not stored by the Service.

Telehealth Tools

Telehealth Tools are additional features, apps, or tools from Affiliates and/or Service Providers that may be used by a Provider during or separate from a Session. Such use is completely optional and determined by the Provider. These Telehealth Tools may collect additional Personal Data (including PHI) which Doxy.me does not access, view, collect, transmit, or store.

The Affiliates and Service Providers that provide Telehealth Tools have their own terms of use and privacy policies that should be reviewed by You prior to use.

What Personal Data Do We collect, securely transmit, and delete?

File Transfer

If You choose to send a file to the Provider, that file is transmitted through and stored on Our server until it is automatically deleted from Our server fifteen (15) minutes after the transfer is complete. You are in control of the Personal Data that you submit to the Provider.

Photo Capture

If Your Provider chooses to capture a photo of You, that image will be sent securely and that image will be transmitted through and stored on Our server until it is destroyed fifteen (15) minutes after the transfer completes. You are in control of the Personal Data that you submit to the Provider.

Invitations

If Your Provider has elected to use the Services to send Provider Links to You, We may collect Your name, email address, or telephone number to do so. Any such information uploaded by the Provider will be used to create and send the Provider Link. Once that task is completed, the Personal Data will be permanently deleted a short period after the transfer is complete.

How Do We Collect Personal Data?

We collect Personal Data:

Directly from You when You contact Us for information about the Services or the Website, including from customer service.
From Your Provider including your name, email address and telephone number if the Provider uses Our Services to send the Provider Link to You.
From Service Providers if Your Provider uses Our billing services or records of transaction history (not including credit card numbers or PHI).
Automatically, through Usage Data we collect from usage of the waiting room

How and why Do We Use Your Personal Data?

The Personal Data shall be collected for the business purpose of identifying You to the Provider using the Services and to assure full operation of the Services during all Sessions.

The Company may use Personal Data for the following purposes:

To provide and maintain Our Service, including to monitor the usage of Our Services.
To notify You: If Your Provider enables email notifications within the Services, We will send You an email notifying You when it is time for Your appointment. Your Provider may also enable You to be notified by text message should You provide Your mobile number. To opt-out of such notifications, please contact Your Provider.
To manage Your support requests: To respond to Your customer support requests to Us.
To provide billing services: To provide billing services, if subscribed to by Your Provider.
To send Provider Links: To send Provider Links to You by email, text or calendar invitation if this Service is subscribed to by Your Provider.
For our legitimate interests or those of a third party. A legitimate interest is when we have a business or commercial reason to use your information, as long as that is not overridden by your own rights or interests.
For any reason for which you have given consent.

How Do We Share Your Personal Data?

With Service Providers: We may share Your Personal Data with Service Providers to provide, monitor, and analyze the use of Our Services and to contact You with Provider Links, or to provide billing services. For a list of Service Providers, please visit https://doxy.me/en/sub-processor-list/.
For business transfers: We may share or transfer Your Personal Data in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
With Affiliates: We may share Your Personal Data with Our Affiliates, in which case We will require those Affiliates to honor this Privacy Policy. Our Affiliates may separately collect additional Personal Data or PHI during Your use of their products and services, whether through a Session or otherwise. Doxy.me cannot view, obtain, or store any of the additional Personal Data or PHI collected by an Affiliate. All Affiliates collect and store additional Personal Data and PHI on their own servers, separate from Doxy.me servers. Please review the privacy policy of each Affiliate for more information.
With law enforcement: under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Company discretion: The Company may also disclose Your Personal Data in the good faith belief that such action is necessary to:
o Comply with a legal obligation
o Protect and defend the rights or property of the Company
o Prevent or investigate possible wrongdoing in connection with the Service
o Protect the personal safety of Users of the Services or the public
o Protect against legal liability

Payment Information

If You choose to pay the Provider during the Session, a credit card authorization screen will pop-up asking You to provide Your name and credit card details. All credit card transactions are handled by Stripe, a third-party Service Provider. Doxy.me does not capture or utilize any information You enter in the payment pop-up screen; provided, however, that if Your Provider has opted to use Our billing services, We will receive a record of the payment transaction history from Stripe. For more information, please visit https://stripe.com/.

Additional Important Information applicable to Guests, Providers and Patients

Children's Privacy

Our services are not designed for, or intentionally targeted at, children under the age of 13. It is not our policy to intentionally collect or maintain information about anyone under the age of 13. No one under the age of 13 should submit any personal data to the platform, and if we learn that we have collected or received personal data from a child under 13, we will delete that information. If you are the parent or guardian of a child under 13 years of age whom you believe might have provided us with their personal data, you may contact us to request the personal data be deleted.

Third Party Links

Our Services may contain links to other websites or social media platforms that are not operated by Us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or Services.

Choices About How We Use and Disclose Your Information

We strive to provide You with choices regarding the Personal Data You provide to us. We have created mechanisms to provide You with the following control over Your Personal Data:

Tracking Technologies and Advertising

You can set Your browser to refuse all or some browser cookies, or to alert You when cookies are being sent. If You disable or refuse cookies, please note that some parts of this Site may then be inaccessible or not function properly. To learn more about controlling and deleting cookies, please visit this external website: https://www.aboutcookies.org/

Accessing and Correcting Your Personal Data

If You are a Provider, You can review and change Your Personal Data by logging into the Website and visiting Your account profile page.

You may also send Us an email at support@doxy.me to request access to, correct or delete any Personal Data that You have provided to us. We cannot delete Your Personal Data except by also deleting Your user account. We may not accommodate a request to change Personal Data if We believe the change would violate any law or legal requirement or cause the Personal Data to be incorrect.

If You have provided transferred any materials, photos or shared any Personal Data between Patient and Provider, You should be aware that We do not have access to this Personal Data and cannot control its retention or destruction except as expressly stated below.

Retention of Your Personal Data

We do not retain Personal Data from Sessions. Any chat data during the Session will be deleted after the browser is closed.

We retain file transfer data between Patient and Provider for fifteen (15) minutes after the transfer completes.

We retain any photos captured during Sessions for fifteen (15) minutes after the transfer completes.

We will retain and use Your Personal Data that may include name, email, telephone numbers, payment transaction information (but not credit card information) to the extent necessary to comply with Our legal obligations (for example, if We are required to retain Your Personal Data to comply with applicable laws), resolve disputes, and enforce Our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is used to strengthen the security or to improve the functionality of Our Services and the Website. We will also keep all Usage Data We are legally obligated to retain for longer time periods.

Transfer of Your Personal Data

By using this Site, You consent to the collection, storage, processing, and transfer of Personal Data in and to the United States, or other countries and territories, pursuant to the laws of the United States. Data processed by Us is in the United States. Our Service Providers generally process Personal Data in the United States, although certain Personal Data is processed in other countries. For a full list of Our sub-processors and their jurisdictions of processing, please visit https://doxy.me/en/sub-processor-list/.

Your consent to this Privacy Policy followed by Your submission of such Personal Data represents Your agreement to that transfer.

Security of Your Personal Data

All Session data is encrypted over a secure channel using SSL Internet Protocol. All Photos and file transfers are encrypted both in transfer and temporary storage. All Personal Data are processed in secure cloud-based systems. We are audited for HIPAA compliance annually using an independent auditor. Our Services are monitored for security and HIPAA compliance.

The security of Your Personal Data is important to Us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While We strive to use commercially standard means to protect Your Personal Data, We cannot guarantee its absolute security.

California Residents' Privacy Rights

A policy specific to California residents is located at https://doxy.me/en/calif-policy/