Privacy Policy

Privacy Policy for Doctoralia

Your privacy matters to us. This Privacy Policy explains what personal data Doctoralia collects, how we use it, how we protect it, and what rights you have over your information when you use our platform and services.

Last Updated: June 2026 GDPR and LGPD Aligned Google Policy Compliant

Who Is the Data Controller

Doctoralia ("we", "us", "our") is the data controller responsible for your personal data collected through the website located at doctoraliaa.com and all associated pages and services (the "Platform").

As a data controller, Doctoralia determines the purposes and means by which your personal data is processed. We are committed to processing your data lawfully, fairly, and transparently in full compliance with applicable data protection laws including the General Data Protection Regulation (GDPR), Brazil's Lei Geral de Protecao de Dados (LGPD), and other relevant regional privacy legislation.

Data Controller Contact Information

For all privacy-related enquiries, data requests, or complaints, please contact us at:

Email: doctoraliaa@gmail.com

Mexico Office: Avenida Boulevard Manuel Avila Camacho 118, Piso 19, Lomas de Chapultepec V Seccion, Miguel Hidalgo, 11000, CDMX, Mexico

Brazil Office: Rua Visconde do Rio Branco, 1488, 2 andar, Batel, 80420-210, Curitiba, Parana, Brasil

We aim to respond to all privacy enquiries within 30 days of receipt.


Personal Data We Collect

Doctoralia collects personal data directly from you, automatically through your use of the Platform, and in some cases from third parties. We only collect data that is necessary, relevant, and proportionate to the purposes described in this Privacy Policy.

Data You Provide Directly

Data CategorySpecific Data CollectedWhen Collected
Identity Data Full name, date of birth, gender Account registration, appointment booking
Contact Data Email address, phone number, country, city Account registration, contact forms, bookings
Account Credentials Username, encrypted password Account registration
Appointment Data Preferred specialist, appointment date and time, consultation type (video or in-person), appointment history Booking process
Health Information Symptoms described, specialty selected, health concerns shared voluntarily during booking Appointment booking and search activity
Review Content Patient reviews, ratings, and written feedback submitted for healthcare professionals Post-appointment review submission
Communication Data Messages submitted through contact forms, support requests, email correspondence Contact form, support interactions
Payment Data Transaction reference numbers (we do not store full card details; payments are processed by PCI-DSS compliant third-party providers) Where payment is collected at booking

Data Collected Automatically

When you visit and use the Platform, we automatically collect certain technical and usage data through cookies and similar technologies:

  • Device and Technical Data: IP address, browser type and version, operating system, device type, screen resolution
  • Usage Data: Pages visited, time spent on pages, links clicked, search queries entered, specialist categories browsed
  • Location Data: Approximate geographic location derived from your IP address (country and city level only, unless you explicitly grant precise location access)
  • Referral Data: The website or search engine that referred you to the Platform
  • Session Data: Session identifiers, login timestamps, and interaction logs used to maintain your session and detect suspicious activity

Data We Do Not Collect

  • Full payment card numbers, CVV codes, or bank account details (handled exclusively by our PCI-DSS certified payment processors)
  • Government-issued identification numbers unless specifically required and lawfully justified
  • Detailed medical records, clinical notes, or diagnostic results unless explicitly provided by the user for a specific purpose
  • Biometric data of any kind

How We Use Your Data

Doctoralia uses the personal data we collect only for the specific, legitimate purposes listed below. We do not use your data for purposes incompatible with those stated at the time of collection.

PurposeData UsedLegal Basis
Providing the Platform and core services Identity, contact, appointment, account data Contract performance
Processing and managing appointments Identity, contact, appointment, health specialty data Contract performance
User account management Identity, contact, account credentials Contract performance
Sending appointment reminders and confirmations Contact data, appointment data Contract performance / Legitimate interest
Improving Platform performance and user experience Usage data, technical data, session data Legitimate interest
Personalizing content and search results Usage data, location data, search history Legitimate interest / Consent
Fraud detection and platform security Technical data, session data, usage patterns Legitimate interest / Legal obligation
Sending service and marketing communications Contact data, preferences Consent (marketing) / Legitimate interest (service updates)
Complying with legal obligations Any data required by applicable law Legal obligation
Analytics and aggregated reporting Anonymized usage data (no personal identifiers) Legitimate interest
No Sale of Personal Data: Doctoralia does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. This commitment applies regardless of the jurisdiction in which you are located.


How We Share Your Data

Doctoralia shares your personal data only in the limited circumstances described below. We never share your data with third parties for their own commercial or marketing purposes without your explicit consent.

Healthcare Professionals

When you book an appointment, your name, contact details, and appointment information are shared with the relevant healthcare professional to enable the consultation to take place. This sharing is a core and necessary part of the service you are requesting.

Service Providers and Data Processors

We engage trusted third-party service providers who process data on our behalf to help us operate the Platform. These providers are bound by data processing agreements and may only use your data for the specific purposes we instruct them. Our service providers include:

  • Cloud Hosting Providers: For secure storage and delivery of the Platform and its data
  • Payment Processors: PCI-DSS certified third parties who handle payment transactions securely on our behalf
  • Email and SMS Providers: For sending appointment reminders, confirmations, and service notifications
  • Analytics Providers: For processing anonymized usage data to help us understand Platform performance and improve user experience
  • Customer Support Tools: Software used to manage and respond to user support requests

Legal Disclosures

We may disclose your personal data to law enforcement agencies, regulatory authorities, courts, or other government bodies where we are legally required to do so, where we have a good-faith belief that such disclosure is necessary to comply with a legal obligation, or where necessary to protect the rights and safety of Doctoralia, our users, or the public.

Business Transfers

In the event of a merger, acquisition, asset sale, or restructuring of Doctoralia's business, your personal data may be transferred as part of that transaction. We will provide advance notice of any such transfer via the email address associated with your account or through a prominent notice on the Platform, and we will ensure the acquiring entity is bound by privacy obligations no less protective than those in this Policy.

What We Never Do: Doctoralia will never sell your personal data. We will never share your health information with insurers, employers, or advertising networks. We will never share your data with any third party for purposes other than those described in this Privacy Policy without obtaining your prior explicit consent.

International Data Transfers

Doctoralia operates internationally and may transfer your personal data to countries outside your country of residence, including countries that may have different data protection standards. Where such transfers occur, we take appropriate safeguards to ensure your data receives an adequate level of protection, including the use of Standard Contractual Clauses approved by relevant data protection authorities.


Health Data and Special Category Information

Health data is classified as a special category of personal data under GDPR and equivalent data protection laws, and it receives the highest level of legal protection. Doctoralia processes health-related information with the utmost care and only where strictly necessary to provide the healthcare connection services you request.

Special Category Data: Health data is treated as sensitive personal data under applicable law. Doctoralia processes health-related information only on the basis of your explicit consent or where it is necessary for the provision of healthcare services you have specifically requested, in accordance with Article 9 of the GDPR and equivalent provisions of Brazil's LGPD.

How We Handle Your Health Information

  • Purpose Limitation: Health-related information you share (such as the specialist type you are searching for or symptoms noted during booking) is used only to connect you with the appropriate healthcare professional and is not used for any other purpose without your consent.
  • Access Controls: Access to health-related data is strictly limited to authorized personnel at Doctoralia who require it to perform their job functions, and to the relevant healthcare professional involved in your appointment.
  • No Advertising Use: Your health information is never used for advertising profiling, sold to health insurance companies, or shared with employers or any commercial third party for their own purposes.
  • Encryption: All health-related data stored by Doctoralia is encrypted at rest and in transit using industry-standard encryption protocols.
  • Anonymization: Where health data is used for Platform analytics or service improvement, it is fully anonymized and aggregated before any analysis is performed, so that no individual user can be identified.

Need Medical Consultation?

Connect with 330,000+ verified doctors across 50+ countries. Book in seconds, no registration required.

Find a Verified Doctor

Data Retention and Storage

Doctoralia retains your personal data only for as long as is necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. When your data is no longer needed, it is securely deleted or anonymized.

Data TypeRetention PeriodReason
Account and Identity Data Duration of account + 2 years after account closure Legal obligation, dispute resolution
Appointment Records 5 years from appointment date Legal obligation, dispute resolution, service history
Payment Transaction Records 7 years Tax and financial regulatory compliance
Review Content Duration of Platform listing or until removed Service provision, public trust
Marketing Consent Records Until consent is withdrawn + 3 years Evidence of consent for legal purposes
Technical and Usage Data 13 months (analytics), 90 days (logs) Platform improvement, security monitoring
Support and Communication Records 3 years from last interaction Dispute resolution, service quality

Data Security Measures

Doctoralia implements appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our security measures include:

  • SSL/TLS encryption for all data transmitted between your device and our servers
  • Encryption of sensitive data at rest using AES-256 standard encryption
  • Strict role-based access controls limiting data access to authorized personnel only
  • Regular security audits, vulnerability assessments, and penetration testing
  • Multi-factor authentication for internal systems and administrative access
  • Data breach detection and incident response procedures aligned with GDPR notification requirements
Data Breach Notification: In the event of a data breach that is likely to result in a high risk to your rights and freedoms, Doctoralia will notify you without undue delay and in compliance with our obligations under applicable data protection law, including the 72-hour notification requirement under GDPR where applicable.

Cookies and Tracking Technologies

Doctoralia uses cookies and similar tracking technologies to make the Platform work correctly, to remember your preferences, to analyze how the Platform is used, and where you have given consent, to deliver a more personalized experience.

A cookie is a small text file placed on your device when you visit a website. Cookies are not viruses or malware. They help the website remember information about your visit and improve your experience on return visits.

Types of Cookies We Use

Managing Your Cookie Preferences

You can manage your cookie preferences at any time through our cookie consent tool available on the Platform, or through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. Most browsers allow you to refuse cookies or delete existing cookies through the browser settings menu.

For more information on how to manage cookies in the most popular browsers, please visit the browser's official help documentation.


Your Data Rights

Depending on your country of residence, you have a number of rights under applicable data protection law regarding the personal data Doctoralia holds about you. We take these rights seriously and will respond to all valid requests within 30 days of receipt.

Right to Access

Request a copy of the personal data Doctoralia holds about you and information about how it is being used.

Right to Rectification

Request correction of any inaccurate or incomplete personal data Doctoralia holds about you.

Right to Erasure

Request deletion of your personal data where there is no compelling reason for Doctoralia to continue processing it.

Right to Restriction

Request that Doctoralia restricts the processing of your personal data in certain circumstances, such as while accuracy is contested.

Right to Portability

Receive a copy of your personal data in a structured, machine-readable format and have it transferred to another controller.

Right to Object

Object to processing of your personal data based on legitimate interests, including profiling and direct marketing at any time.

Withdraw Consent

Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

Lodge a Complaint

Lodge a complaint with a supervisory authority if you believe your data rights have been violated or your data mishandled.

How to Exercise Your Rights

To exercise any of your data rights, please contact us at doctoraliaa@gmail.com with the subject line "Data Rights Request" and clearly state which right you wish to exercise and the personal data to which your request relates. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence.


Children's Privacy

The Doctoralia Platform is not directed at children under the age of 13, and we do not knowingly collect personal data from children under 13 years of age. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at doctoraliaa@gmail.com and we will take prompt steps to delete that information.

Users between the ages of 13 and 18 may only use the Platform under the supervision and with the documented consent of a parent or legal guardian. The parent or guardian accepts full responsibility for ensuring the minor's use of the Platform complies with these Terms and this Privacy Policy.

Parent or Guardian Concern? If you believe a child under 13 has shared personal data with Doctoralia without your consent, contact us at doctoraliaa@gmail.com. We will delete all such data promptly upon verification.

Marketing Communications and Opt-Out

With your consent, Doctoralia may send you health tips, service updates, newsletters, and information about new features or specialist categories that may be relevant to you. We will only send marketing communications where you have explicitly opted in to receive them.

You can opt out of marketing communications at any time by clicking the "Unsubscribe" link in any marketing email you receive from us, by updating your communication preferences in your account settings, or by contacting us directly at doctoraliaa@gmail.com. Opting out of marketing will not affect service-related communications such as appointment confirmations and reminders.


Third-Party Links and External Services

The Doctoralia Platform may contain links to third-party websites, services, or resources. These are provided for your convenience and informational purposes only. Doctoralia has no control over the content, privacy practices, or policies of any linked third-party website and accepts no responsibility for them.

We strongly encourage you to read the privacy policy of every website you visit. This Privacy Policy applies solely to data collected and processed by Doctoralia through the Platform at doctoraliaa.com and does not apply to information you share with or that is collected by any third-party website, application, or service.


Updates to This Privacy Policy

Doctoralia may update this Privacy Policy from time to time to reflect changes in our data practices, applicable laws, or the services we provide. When we make changes, we will update the "Last Updated" date at the top of this page. Where changes are material, we will notify registered users by email or through a prominent notice on the Platform.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. Your continued use of the Platform after any update constitutes your acknowledgment of the updated Privacy Policy.


Contact Us About Privacy

If you have any questions, concerns, or requests relating to this Privacy Policy or the way Doctoralia handles your personal data, please do not hesitate to contact us:

Doctoralia Privacy Team

Email: doctoraliaa@gmail.com

Subject Line: "Privacy Enquiry" or "Data Rights Request"

Book a Doctor: doctoraliaa.com/appointment

Find a Specialist: doctoraliaa.com/doctor

Website: doctoraliaa.com

Response time: We will respond to all privacy-related enquiries within 30 days of receipt.

OfficeAddress
🇲🇽 Mexico Office Avenida Boulevard Manuel Avila Camacho 118, Piso 19, Lomas de Chapultepec V Seccion, Miguel Hidalgo, 11000 CDMX, Mexico
🇧🇷 Brazil Office Rua Visconde do Rio Branco, 1488, 2 andar, Batel, 80420-210, Curitiba, Parana, Brasil
Effective Date: This Privacy Policy is effective as of June 2026. It supersedes all previous versions. By using the Doctoralia Platform after this date, you acknowledge that you have read and understood this Privacy Policy.

Find Your Doctor on Doctoralia

330,000+ verified specialists ready to help. Book a video or in-person consultation today across 50+ countries worldwide.