Logo

Privacy Policy

Last Update: October 14, 2024

Introduction

AI Doctor values your data privacy and security and is committed to fair information practices and the protection of privacy.

This Privacy Policy (“Policy”) explains how Hubx Yazılım Hizmetleri Anonim Sirketi (“Hubx”) collects and processes your information and personal data, the protection and privacy measures implemented and your rights. This Policy is applicable on AI Doctor's mobile application, website www.aidoctor.com, and other social media platforms owned by AI Doctor (collectively “AI Doctor / Services / the App”).

Your access and use of AI Doctor is governed by this Privacy Policy and AI Doctor Terms of Use (“Terms”). The Terms apply to the definitions within this Policy and the provisions not included in this Policy. We recommend you to review the Terms of Use to be informed about the definitions, functions and features of AI Doctor.

By accessing or using AI Doctor, you agree to the collection and use of information and personal data in accordance with this Policy, and that you have reviewed and understood the processing of your information and personal data, including your rights.

By agreeing to this Policy, you understand your rights and how AI Doctor may use and disclose personally identifiable health information that identifies you. Your health data is collected and processed, subject to your consent, in line with your patient profile and the documents containing medical information, voluntarily provided by you. Before you create a patient profile, you will be presented with a consent text. We would like to inform you that you may still use the chat function without creating a patient profile or uploading a document containing health data since your consent is not a prerequisite for using the chat function. Please note that you have a free choice whether or not to start using AI Doctor, and withdraw your consent at any time.

AI Doctor adopts the rules and principles of the European Union General Data Protection Regulation (“GDPR”) and the Health Insurance Portability and Accountability Act (“HIPAA”) in the processing and protection of personal data. If you do not agree with the Terms or Privacy Policy, please do not use the App, the Website, and/or the Services by AI Doctor.

Collection of Information and Processing Purposes

We may collect the following information and personal data when you access AI Doctor, use Conversation, form Patient profiles, upload documents or otherwise utilize (“use”) the App, the Website, and/or the Services:

1. Personal Information

Nickname or name, e-mail address, age:

Cookies:This information is used to create a user account, patient profiles and to communicate with you through or about the application, updates and documents.

2. Medical Information

Weight, height, gender, physical activity, chronic or past health conditions, smoking or alcohol habits, dietary habits, allergies, surgeries, past and current health records, medical reports, images, diagnostic test results, laboratory test results, description of symptoms, prescribed medication:

This information is processed for the purpose of AI Doctor obtaining information about your health history, analyzing the information you provide within the scope of Conversation, providing assistance compatible with your health history, and creating a patient profile. All of this data is voluntarily submitted and used in your health analysis.

Your medical information (PHI / health data) is collected and processed, subject to your consent, in line with your patient profile and the documents containing medical information, voluntarily provided by you. Before you create a patient profile, you will be presented with a consent screen. We would like to inform you that you may use the chat function without creating a patient profile or uploading a document containing health data since your consent is not a prerequisite for using the chat function. Please note that you have a free choice whether or not to start using AI Doctor, and withdraw your consent at any time.

3. Technical Data and Cookies

IP address, logs, device, operating system, IP address, cookies (technical and functional cookies)

These data are processed for the purpose of ensuring the functionality of the application, crash and error detection, conducting technical analysis, carrying out the activity in accordance with the legislation and technical data security.

A cookie is a small text file stored on the user's device by a website to collect information about their browsing activity. We use two types of cookies: technical cookies, which are essential for a website's basic functions, and functional cookies, which enhance the user experience by remembering preferences and settings. Together, these cookies help improve app and website performance and personalization.

Please note that this category is automatically processed as you download the application, access the application and use the application or any of its modules.

4. Payment Methods

AI Doctor does not collect or process any financial data such as payment channel and credit card card information. This data is processed by the platform from which you downloaded the application. AI Doctor only collects payment methods and subscription methods. Thanks to this data, it is possible to offer plans within payment to the user and to develop and update subscription plans.

5. The Information Disclosed by Users

Within the scope of the data minimization principle adopted in accordance with the GDPR, AI Doctor takes care not to process any data other than the above and unnecessary for the application. However, users can upload documents or share information visually or in writing within the Conversation tool. The user is deemed to have disclosed this information. This information is also protected within the scope of relevant legislation and adequate data protection measures.

Patient Profiles:Users can create an unlimited number of patient profiles. If the patient profiles created relate to a real person, you acknowledge that the information and documents provided are provided to AI Doctor with the consent of the data subjects. AI Doctor cannot be held responsible for providing anyone else's information within the patient profiles created or the Conversation tool.

Age Restriction:AI Doctor has an age restriction as it is not intended for Users under the age of 21. If you are under 21 years of age, please do not use or access the App and Website at any time or in any manner. By using the App and Website, you affirm that you are over the age of 21.

Parent/Guardian Use:Parents and guardians are strongly encouraged to notify AI Doctor if their children under the age of 21 are using the app. If parents or guardians create a patient profile for their child, the parent or guardian is responsible for the information and documents provided. Please note that AI Doctor does not collect information from children under the age of 13 in accordance with the Children's Online Privacy Protection Act (“COPPA”) as indicated in this Privacy Policy and the Terms.

Sharing of Information

Your personal data will not be sold, traded, or otherwise transferred to third parties for commercial purposes. Your data may be transferred for the reasons explained below:

  • Service Providers: We may share your data with cloud service providers and mailing services since we utilize third-party cloud service providers for data storage and processing, and we may share your data with mailing service providers to send you communications related to our services and updates. We use Google Play Store and Apple App Store services for app distribution and update purposes. Transfers to these service providers are made in accordance with the data transfer rules and measures of the GDPR.
  • Legal, Tax and Financial Consultants: We may share your data with legal, tax and/or financial consultants for professional advice related to our operations, conducted in compliance with GDPR and limited to what is necessary.
  • Legal Authorities: We may disclose your personal data to legally authorized public institutions and government authorities in compliance with applicable laws, regulations, or decisions, including explicit regulations and administrative or judicial decisions mandating disclosure.
  • Anonymized Data: We may use anonymized data for analytical purposes. Anonymized data is processed in such a way that it can no longer be attributed to a specific individual, ensuring your privacy is maintained. Please review the Data Destruction and Anonymization heading for the process.
  • Protected Health Information (PHI): If your personal data includes Protected Health Information (PHI) as defined by HIPAA, we will share PHI only in accordance with HIPAA Notice or as permitted by HIPAA for preliminary assistance purposes through AI Doctor, ensuring appropriate privacy measures.

Storage of Information

We are committed to ensuring that your personal data is stored securely and in compliance with applicable laws and regulations.

Retention Period: We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, and in accordance with the legal storage periods established by relevant regulations. Once the retention period has expired, we will take appropriate measures to securely dispose of or anonymize your data.

Access Control: Access to your personal data is restricted to authorized personnel who require this information to perform their job responsibilities. We implement strict access controls and security measures to safeguard your data from unauthorized access, use, or disclosure.

Data Destruction and Anonymization: When personal data is no longer necessary or the retention period has expired, we will either securely delete or destroy the data to prevent unauthorized access or retrieval, or we will anonymize the data. Anonymization involves processing the data in such a way that it can no longer be attributed to you, ensuring that it can be used for analytical or research purposes without compromising your privacy. Once data is anonymized, it is irreversibly altered and cannot be traced back to any individual.

Protected Health Information

Protected Health Information (“PHI”) refers to any individually identifiable health information collected by healthcare providers, health plans, or other entities under HIPAA. This includes medical records and personal identifiers.

Users have specific rights regarding their PHI:

  • To Request Access: Users can request and obtain copies of their PHI
  • To Request Amendments: Users may request amendments to their PHI in case they are incorrect or incomplete.
  • To Request Restrictions: Users can request restrictions on how their PHI is shared, although the organization is not obligated to agree to all requests.
  • To Request Confidential Communications: Users may request that communications regarding their PHI occur in a specific manner or location.
  • To Request an Accounting of Disclosures: Users can request a list of instances where their PHI has been disclosed to third parties.
  • To File a Complaint: Users have the right to file a complaint if they believe their rights regarding PHI have been violated.

By using AI Doctor, the User authorizes AI Doctor to store all personal data, medical records and any data that may constitute their PHI, with the right to view and process this information online as outlined in this Privacy Policy. The User also permits AI Doctor to release certain information to third parties when required by relevant legislation, court order, administrative or judicial decision. AI Doctor may use this data to generate AI-generated reports and analyze anonymous data for research and publication purposes, ensuring no identifying details are disclosed in any public context.

Security Measures

We take the security of your personal data very seriously and implement measures to ensure protection as of the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA). Our key principles include:

  • Data Encryption: We employ strong encryption protocols to ensure that your personal data is securely transmitted and stored.
  • Access Controls: Access to personal data is restricted to authorized personnel only, ensuring that only those who need to access your information can do so.
  • Regular Security Audits: We conduct regular audits and assessments of our security practices to identify and address potential vulnerabilities.
  • Data Minimization: We only collect and retain personal data that is necessary for the purposes specified.
  • Incident Response Plan: We have established an incident response plan to quickly address any potential data breaches or security incidents.

While we strive to maintain a secure digital environment, yet no digital environment can be fully secure, we encourage users to take their own precautions when accessing and using the app, including utilizing relevant antivirus software, implementing a secure firewall, accessing the app over a safe Wi-Fi connection, and ensuring that the device used to access the app is secure and up to date.

In the event of any potential data breach or security incident, users are encouraged to inform Hubx immediately. We will analyze the situation to determine if there is a security problem and take necessary measures to mitigate any risks. Your security and privacy are our top priorities, and we are committed to maintaining adequate standards of data protection as required by relevant legislation.

Rights Under GDPR

The General Data Protection Regulation No. 2016/679 (GDPR) establishes a comprehensive framework for the protection of personal data within the European Union and the European Economic Area. Under GDPR, users have the following rights regarding their personal data as data subjects:

  • Right to Access: Obtain confirmation and access to personal data being processed.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data under certain conditions.
  • Right to Restrict Processing: Request limitation of data processing in specific situations.
  • Right to Data Portability: Receive personal data in a machine-readable format and transfer it to another controller.
  • Right to Object: Object to the processing of personal data, especially for direct marketing.
  • Rights Related to Automated Decision-Making: Not to be subject to decisions based solely on automated processing, unless certain conditions apply.

Updates to Privacy Policy

We reserve the right to update this privacy policy at any time to reflect changes in our practices, legal obligations, or operational needs. Users are encouraged to review this policy regularly to stay informed about how we protect their personal data and to understand their rights and responsibilities. The revision date is stated in the introduction of the policy. Any updates will take effect immediately upon posting. If users do not agree with the amendments, they should discontinue using the app. Continued use of the app after such updates constitutes acceptance of the revised policy.

Contact

This privacy policy constitutes the entire understanding between you and us regarding the collection, use, and protection of your personal data. If you have any questions or concerns regarding this policy or our data practices, please contact us via legal@hubx.co