Privacy Policy

1. Information We Collect

• Account information: name, email address, password (hashed), specialty, and institution.
• Professional credentials: medical license documents, ORCID identifiers, and publication records submitted for verification.
• Profile data: biography, photo, skills, languages, years of experience, and location.
• Usage data: pages visited, features used, posts created, and interactions with other users.
• Device data: IP address, browser type, operating system, and device identifiers.
• Communications: messages sent through the platform (stored encrypted at rest).

2. How We Use Your Information

• Provide, maintain, and improve the Medocrate platform and its features.
• Verify your professional credentials and maintain a trusted network of healthcare professionals.
• Personalize your feed and recommendations based on your specialty and activity.
• Send transactional emails (email verification, password reset, notifications you opt into).
• Generate AI-powered research digests relevant to your medical specialty.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations applicable to healthcare professional networks.

3. Data Sharing

We do not sell your personal data. We share information only with: (a) service providers who process data on our behalf under strict data processing agreements (AWS, Cloudflare, email providers); (b) other users only to the extent your profile is visible based on your privacy settings; (c) law enforcement when required by valid legal process. We never share medical credentials or verification documents with third parties beyond what is necessary for verification.

4. Data Retention

We retain your account data for as long as your account is active. Upon account deletion, personal data is purged within 30 days, except where retention is required by law or for fraud prevention. Aggregated, anonymised analytics data may be retained indefinitely.

5. Security

We use industry-standard security measures: TLS encryption in transit, AES-256 encryption at rest for sensitive documents, bcrypt password hashing, httpOnly cookies for session tokens, rate limiting, and regular security audits. However, no system is completely secure — we encourage you to use a strong, unique password.

6. Your Rights

• Access: request a copy of all personal data we hold about you.
• Correction: update inaccurate or incomplete data via your profile settings.
• Deletion: request deletion of your account and associated personal data.
• Portability: export your data in a machine-readable format.
• Objection: opt out of non-essential processing such as marketing communications.
• To exercise any right, contact privacy@medocrate.com. We respond within 30 days.

7. Cookies

We use essential cookies for authentication (httpOnly session cookies) and a locale preference cookie. See our Cookie Policy for full details.

8. Children

Medocrate is intended for licensed healthcare professionals aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has provided data to us, contact privacy@medocrate.com immediately.

9. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. Material changes will be notified via email and an in-app notice at least 14 days before taking effect. Continued use after the effective date constitutes acceptance.

10. Contact

Medocrate, Inc. · Data Controller · privacy@medocrate.com · For EU residents: our GDPR representative can be reached at gdpr@medocrate.com.