Draft for legal review. Have qualified counsel adapt this for Swiss FADP, GDPR (if you serve EU users), and your actual data flows before relying on it in production.

Privacy Policy

Legal Last updated 2026-04-24

DoctorOnTap (“we”, “us”) explains how we collect, use, store, and share personal data when you use our websites and services.

1. Who we are

Controller details and contact (e.g. privacy contact email) should be inserted here after your entity name and address are confirmed.

2. Data we collect

  • Account and profile data (e.g. name, email, phone, role, professional identifiers where applicable).
  • Health-related and operational data you submit through the platform (e.g. consultations, prescriptions, lab or pharmacy workflows) as needed to provide the service.
  • Technical data such as IP address, device/browser type, approximate location from IP, cookies, and similar technologies.
  • Communications with support and audit/security logs where permitted by law.

3. Purposes and legal bases

We process data to provide and improve the service, verify accounts, comply with law (including healthcare and telecom rules where applicable), secure the platform, and communicate with you. Legal bases under GDPR may include contract, legitimate interests, legal obligation, and consent where required (e.g. non-essential cookies).

4. Storage and retention

Data is stored on secured infrastructure. Retention follows clinical, legal, and contractual requirements (which may require longer retention for health records). Specify your actual retention schedules here after policy sign-off.

5. Sharing

We may share data with processors (hosting, email, payments, analytics) under contracts, with professional counterparts where the product requires it (e.g. care providers you interact with), or when required by law. List major subprocessors and categories here.

6. International transfers

If data leaves Switzerland or the EEA, describe safeguards (e.g. Standard Contractual Clauses, adequacy decisions).

7. Your rights

Depending on your jurisdiction you may have rights to access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent. EU/EEA users may lodge a complaint with a supervisory authority. To exercise rights, describe your process (e.g. contact email or in-app request).

8. Security

We implement administrative, technical, and organizational measures appropriate to the risk. No method of transmission over the Internet is completely secure.

9. Children

Describe whether minors may use the service and any parental/guardian requirements.

10. Changes

We may update this policy and will post the revised version with a new “Last updated” date.