GDPR Compliance
Our commitment to protecting the privacy and personal data of individuals in the European Union, in accordance with the General Data Protection Regulation.
V 1.0 - January 2026
Doutore LLC ("we", "us", "our Company") is committed to GDPR compliance. The General Data Protection Regulation (GDPR) is the European Union's comprehensive data protection law that came into effect on May 25, 2018. It governs how organizations collect, process, and protect personal data of EU residents.
This page explains how Dr. Assistente complies with GDPR requirements and outlines your rights as an EU data subject. This information supplements our Privacy Policy.
Does GDPR Apply to You?
GDPR applies if you are located in the European Economic Area (EEA) or if your organization processes personal data of individuals in the EEA. If you use Dr. Assistente to process data that includes any EU personal information — such as patient names, email addresses, or health information — GDPR compliance is required.
As a healthcare professional using our service, you act as the Data Controller for your patients' data. Dr. Assistente acts as a Data Processor on your behalf, processing data only according to your instructions and in compliance with applicable regulations.
Legal Basis for Processing
Contract Performance
We process your account data and usage information to provide you with our transcription and medical documentation services as outlined in our Terms of Use.
Legitimate Interest
We process certain data for security purposes, fraud prevention, and to improve our services. We always balance our interests against your rights and freedoms.
Consent
For marketing communications and certain cookies, we rely on your explicit consent, which you can withdraw at any time.
Legal Obligation
We may process data when required to comply with applicable laws and regulations.
Your Rights Under GDPR
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
Request limitation of how we process your personal data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or for marketing.
Rights Related to Automated Decision-Making
Not be subject to decisions based solely on automated processing, including profiling, that significantly affect you. While our AI assists with transcription and documentation, all clinical decisions remain with healthcare professionals.
International Data Transfers
Data Transfer Safeguards
Our servers are located in the United States. When personal data is transferred from the EEA to the US, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): We use EU-approved contractual clauses with our subprocessors.
- Encryption: All data is encrypted in transit and at rest using industry-standard protocols.
- Access Controls: Strict access controls limit who can access personal data.
Subprocessors
We use the following third-party services to process data on your behalf. All subprocessors have been vetted for GDPR compliance and appropriate security measures.
Amazon Web Services (AWS)
United States
Cloud infrastructure, data storage, and computing services.
Microsoft Azure
United States
Cloud infrastructure, storage, and AI services.
OpenAI
United States
AI language models for transcription processing and medical documentation generation.
Stripe
United States
Payment processing and billing services.
Google Analytics
United States
Website analytics and usage tracking (marketing site only).
dLocal
United States
Payment processing services for emerging markets.
Google Gemini
United States
AI language models for transcription processing and medical documentation generation.
xAI (Grok)
United States
AI language models for transcription processing and medical documentation generation.
Groq
United States
AI inference and speech-to-text transcription services.
DeepInfra
United States
AI inference and speech-to-text transcription services.
Postmark
United States
Transactional email delivery services.
Intercom
United States
Customer support and messaging platform.
Data Retention
Voice Recordings
By default, voice recordings are retained for 30 days and then automatically deleted. Custom retention policies are available for clinic plans.
Account Data
Account information is retained while your account is active and deleted upon account cancellation.
Account Deletion
When you delete your account, all associated data is permanently deleted immediately, in compliance with your right to erasure.
Security Measures
Encryption at Rest
All stored data is encrypted using AES-256.
Encryption in Transit
All data transfers use TLS 1.2 or higher.
Access Controls
Role-based access with principle of least privilege.
Regular Audits
Continuous security monitoring and vulnerability assessments.
Incident Response
Documented breach notification procedures within 72 hours.
Employee Training
Regular privacy and security training for all staff.
How to Exercise Your Rights
To exercise any of your GDPR rights, you can:
- Use the self-service options in your account settings (for data export or deletion)
- Contact us via email with your request
We will respond to all legitimate requests within 30 days. We may need to verify your identity before processing your request to protect your privacy.
Right to Lodge a Complaint
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local Data Protection Authority (DPA). We encourage you to contact us first so we can address your concerns directly.
Contact Us About Privacy
For GDPR-related inquiries, data subject requests, or privacy concerns, please contact our team.
privacy@doutorassistente.comSee also: Privacy Policy · Terms of Use