Privacy Policy

Last updated: 1 January 2024

This Privacy Policy explains how Microdoc collects, uses, stores, and shares personal data across our website, application, and customer workflows.

1. Who We Are

Microdoc is operated by Healthcloud Limited, Dogpatch Labs, Unit 1, The CHQ Building, North Wall Quay, Dublin 1, Ireland.

If you have privacy questions or want to exercise your rights, contact us at brian@microdoc.io.

2. When We Act as Controller

Microdoc acts as a data controller for our own business operations, including:

  • Website visitors and people who contact us
  • Prospective customers requesting demos or information
  • Customer administrators, account users, and billing contacts
  • Support and commercial communications

In these cases, we decide why and how personal data is processed.

3. When We Act as Processor

Microdoc typically acts as a data processor when customers use the service to manage clinic and patient workflows. In those cases, we process data on behalf of the customer and under their instructions.

  • Patient and clinic data uploaded or entered by customers
  • Recordings, transcripts, notes, messages, and documents processed within the service
  • Operational data we handle on behalf of clinics under customer instructions

4. Categories of Data We Process

Depending on how you use Microdoc, we may process:

  • Identity and contact information such as name, email address, and phone number
  • Account, organization, and billing information
  • Authentication, security, and audit information
  • Support and commercial correspondence
  • Product content entered into the platform, including recordings, transcripts, notes, messages, forms, documents, and related metadata
  • Technical and usage information such as IP address, device or browser details, session information, and timezone preferences

5. How We Use Personal Data

  • Provide and secure the website and application
  • Set up and manage customer accounts and subscriptions
  • Deliver customer-requested product features and workflows
  • Respond to support, commercial, and legal requests
  • Maintain logs, audit trails, and operational records
  • Meet legal, regulatory, tax, accounting, and contractual obligations
  • Improve reliability, performance, and security of the service

Where required, we rely on contractual necessity, legitimate interests, legal obligations, or customer instructions as the basis for processing.

6. Categories of Recipients

We share personal data only where needed to run the service, support customers, or comply with the law. Recipient categories include:

  • Cloud hosting, storage, and infrastructure providers
  • Payment processing providers
  • AI and language-model providers used to deliver product features
  • Email, productivity, and communications providers
  • Professional advisers, auditors, regulators, and authorities where required by law

7. International Transfers

Microdoc uses an EU-first hosting approach. Some data may still be transferred outside the European Economic Area where this is necessary to operate the service with approved providers. Where that happens, we use appropriate safeguards such as contractual protections and provider security commitments.

8. Retention

Retention differs across product surfaces and legal obligations. We keep data only for as long as needed for the relevant purpose, customer relationship, operational recordkeeping, or legal requirement. Depending on the category, data may be kept for up to 5 years.

9. Security

We use technical and organizational safeguards designed to protect personal data, including encryption in transit, encryption at rest, access controls, and product auditability.

10. AI and Model Training

Customer data is not used to train machine learning models.

11. Your Rights

Depending on where you are located and the context of processing, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion where applicable
  • Object to or restrict certain processing
  • Request portability where applicable
  • Raise a complaint with your local data protection authority

If we process data on behalf of a clinic or healthcare customer, you may need to contact that organization first. You can still reach us at brian@microdoc.io and we will route the request appropriately.

12. Changes

We may update this Privacy Policy as the product, legal requirements, or processing activities evolve. The latest version will always be published on this page.