Privacy Policy

Last updated: 18 March 2026

1. Introduction

DoctoPal ("Platform") respects your privacy. This Privacy Policy explains how your personal data is collected, processed, stored, and protected. By using the Platform, you acknowledge and accept this policy.

2. Data We Collect

Data you directly provide:

Account information (name, email, age, gender)
Health profile (medications, allergies, chronic conditions, pregnancy status)
Health queries and system responses
Blood test values

Automatically collected data:

Technical usage data (page visits, anonymized)
Device type and browser info (troubleshooting purposes only)

3. Purpose of Data Processing

Provide personalized health information
Perform drug-herb interaction safety checks
Deliver blood test analysis and lifestyle coaching
Profile-based safety checks (allergies, pregnancy, kidney/liver conditions)
Improve service quality (anonymized data only)

4. Data Storage & Security

Data is protected with industry-standard encryption
TLS/SSL encryption applied during transmission
Row-Level Security (RLS) access control policies are in place
Server-side API key management — never in client code
Data is automatically deleted after 2 years of inactivity

5. Your Rights (KVKK / GDPR)

Under the Turkish Personal Data Protection Law (KVKK) and the General Data Protection Regulation (GDPR):

Access: Download all your data from your profile page
Rectification: Update your information at any time
Erasure: Permanently delete your account and all associated data
Portability: Download your data in machine-readable format (JSON)
Objection: You reserve the right to object to data processing

6. Third-Party Data Processors

To deliver our services, we use third-party infrastructure providers in the following categories:

Database and authentication infrastructure (Supabase — PostgreSQL)
Anthropic Claude API — AI analysis engine. Your health queries, medication list, and allergy information may be sent to generate personalized recommendations. No data is stored by Anthropic beyond the request.
PubMed E-utilities API and Europe PMC — Scientific research databases (publicly available medical literature)
OpenFDA API — Drug safety and interaction database (publicly available, no personal data transmitted)
Vercel — Web hosting and serverless infrastructure

Your personal data is never sold, rented, or shared with third parties for commercial purposes under any circumstances.

7. Cookies

Only essential cookies are used for session management and user preferences (theme, language). No advertising, marketing, or tracking cookies are used.

8. Data Breach Notification

In the event of a data breach, affected users and relevant authorities will be notified within 72 hours in accordance with KVKK and GDPR requirements.

9. Changes to This Policy

This policy may be updated. Significant changes will be communicated to your registered email address. Continued use of the Platform constitutes acceptance of the updated policy.

10. Contact

For privacy-related inquiries:

privacy@doctopal.com

2. Data We Collect

Data you directly provide:

Account information (name, email, age, gender)
Health profile (medications, allergies, chronic conditions, pregnancy status)
Health queries and system responses
Blood test values

Automatically collected data:

Technical usage data (page visits, anonymized)
Device type and browser info (troubleshooting purposes only)

5. Your Rights (KVKK / GDPR)

Under the Turkish Personal Data Protection Law (KVKK) and the General Data Protection Regulation (GDPR):

Access: Download all your data from your profile page

Rectification: Update your information at any time

Erasure: Permanently delete your account and all associated data

Portability: Download your data in machine-readable format (JSON)

Objection: You reserve the right to object to data processing

6. Third-Party Data Processors

To deliver our services, we use third-party infrastructure providers in the following categories:

Database and authentication infrastructure (Supabase — PostgreSQL)

Anthropic Claude API — AI analysis engine. Your health queries, medication list, and allergy information may be sent to generate personalized recommendations. No data is stored by Anthropic beyond the request.

PubMed E-utilities API and Europe PMC — Scientific research databases (publicly available medical literature)

OpenFDA API — Drug safety and interaction database (publicly available, no personal data transmitted)

Vercel — Web hosting and serverless infrastructure

Your personal data is never sold, rented, or shared with third parties for commercial purposes under any circumstances.