Privacy Policy

1. Information We Collect

2. How We Use Your Information

We use your information to:

• • Provide and improve the DocFindMe services
• • Facilitate secure communication between patients and healthcare providers
• • Send medication reminders and health alerts
• • Verify your identity through OTP or Google OAuth
• • Respond to support requests
• • Comply with legal and regulatory obligations (including HIPAA)
• • Detect and prevent fraud and security incidents
• • Conduct aggregate, de-identified analytics to improve our services

3. Legal Basis for Processing

• •Contract: To perform the services you requested
• •Legal Obligation: To comply with HIPAA and applicable US federal and state laws
• •Legitimate Interest: To maintain platform security and prevent fraud
• •Consent: For optional features such as location sharing

4. HIPAA Compliance and PHI

DocFindMe is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) and the HITECH Act. We operate as a Business Associate for covered entities using our platform.

Your Rights Under HIPAA:

• •Right to Access: Request a copy of your PHI we maintain
• •Right to Amend: Request corrections to inaccurate PHI
• •Right to Accounting: Obtain a list of disclosures of your PHI
• •Right to Restriction: Request we limit how we use or disclose your PHI
• •Right to Confidential Communications: Request we communicate via specific channels
• •Right to Complain: File a complaint with the HHS Office for Civil Rights

To exercise HIPAA rights, contact: privacy@docfindme.com

5. How We Share Your Information

We share your information only as follows:

• •Care Team: PHI is shared with your authorized healthcare providers on the platform
• •Service Providers: With HIPAA BAA-covered vendors (cloud hosting, monitoring) solely to operate the platform
• •Legal Requirements: If required by law, court order, or government authority
• •Safety: To prevent serious, imminent threats to health or safety
• •Business Transfers: In connection with a merger or acquisition (with prior notice to you)

6. Data Security

We implement industry-standard security measures including:

• • TLS 1.2+ encryption for all data in transit
• • AES-256 encryption for data at rest
• • Multi-factor authentication via OTP
• • Role-based access control (RBAC)
• • Continuous security monitoring and intrusion detection
• • Regular penetration testing and vulnerability assessments
• • Annual HIPAA Security Rule risk assessments

In the event of a data breach affecting your PHI, we will notify you in accordance with the HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D) within 60 days of discovery (or sooner as required by law).

7. Data Retention

We retain your personal information and PHI for as long as your account is active or as needed to provide services. We retain PHI for a minimum of 6 years from creation or last use, in accordance with HIPAA requirements. Upon account deletion, we will de-identify or securely destroy your data within 90 days, except where retention is required by law.

8. California Residents — CCPA/CPRA Rights

If you are a California resident, you have additional rights under the CCPA and CPRA:

• •Right to Know: Disclosure of personal information collected, used, disclosed, or sold
• •Right to Delete: Deletion of your personal information
• •Right to Correct: Correction of inaccurate personal information
• •Right to Opt-Out: We do not sell personal information
• •Right to Non-Discrimination: We will not discriminate for exercising your privacy rights

Submit a CCPA/CPRA request: privacy@docfindme.com — we respond within 45 days.

9. Other US State Privacy Rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws have similar rights to access, correct, delete, and opt-out of processing. Contact privacy@docfindme.com to exercise these rights.

10. Children's Privacy

DocFindMe is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover we have collected such information, we will promptly delete it. Contact privacy@docfindme.com if you believe we have inadvertently collected information from a minor.

11. SMS / Text Message Communications

When you choose to sign in with your phone number, DocFindMe will send you a one-time passcode (OTP) via SMS for identity verification.

How We Obtain Your Consent

Consent is obtained at the point of phone number entry on the login screen. By entering your phone number and tapping "Send Verification Code", you expressly consent to receive a one-time SMS text message from DocFindMe. Consent is not a condition of using the Service — you may alternatively log in with Google or email.

Message Details

• •Program: DocFindMe account verification
• •Message types: One-time passcode (OTP) for login authentication only — no marketing messages
• •Message frequency: One message per login attempt; additional messages if you request a code resend
• •Rates: Message and data rates may apply depending on your mobile carrier plan

How to Opt Out

Reply STOP to any SMS from DocFindMe to opt out of SMS authentication. After opting out, you can still log in using Google OAuth or email OTP. To re-enable SMS, contact support@docfindme.com.

How to Get Help

Reply HELP to any SMS or email support@docfindme.com.

12. Cookies and Tracking

Our web applications use essential cookies for authentication session management only. We do not use third-party advertising cookies. You may disable non-essential cookies through your browser settings, though this may affect Service functionality.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by updating the version number and effective date and providing in-app notice. Your continued use of DocFindMe after the effective date constitutes acceptance of the updated policy.