Privacy Policy
Effective date: 10 April 2026
Privacy Policy
HeyDoctor Effective date: 10 April 2026
1. Who We Are
HeyDoctor is operated by Marco Santonocito, with registered office at Piazzetta Ado Furlan 4, 33170 Pordenone (PN), Italy — VAT number IT 01992590933 (the "Data Controller").
For any privacy-related enquiry you can write to privacy@heydoctor.com.
2. Scope
This Privacy Policy explains how we collect, use, store, and share personal data when you use the HeyDoctor mobile application, website, and any related services (collectively, the "Service"). By using the Service you acknowledge that you have read and understood this policy.
HeyDoctor is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly.
3. Data We Collect
3.1 Data You Provide
| Data | Purpose |
|---|---|
| Email address | Account creation, authentication, transactional emails (e.g. payment receipts), and, with your consent, product updates |
| Display name (username) | Shown on leaderboards and in-game profile |
| Payment information | Processed exclusively by Stripe; we never receive or store your full card number |
3.2 Data Generated Through Gameplay
| Data | Purpose |
|---|---|
| In-game conversations | Messages exchanged with the AI patient during a case session, retained so you can review your activity history |
| Investigation requests and diagnosis attempts | Game session records used for scoring, leaderboards, and your personal history |
| Scores and streaks | Displayed on leaderboards and your profile |
3.3 Data Collected Automatically
| Data | Purpose |
|---|---|
| Device identifiers (e.g. device UUID, advertising ID if permitted by your OS settings) | Session continuity, fraud prevention |
| IP address | Security, approximate geolocation for analytics |
| App usage data (screens viewed, feature interactions, session duration) | Product analytics and improvement |
| Crash reports and performance data | Debugging and stability monitoring |
4. How We Use Your Data
We process personal data on the following legal bases under the EU General Data Protection Regulation ("GDPR"):
| Purpose | Legal basis (Art. 6 GDPR) |
|---|---|
| Provide and operate the Service (authentication, gameplay, leaderboards, activity history) | Performance of a contract (Art. 6(1)(b)) |
| Process payments via Stripe | Performance of a contract (Art. 6(1)(b)) |
| Send transactional emails (receipts, password resets, critical service notices) | Performance of a contract (Art. 6(1)(b)) |
| Product analytics and improvement | Legitimate interest (Art. 6(1)(f)) — we balance this against your rights by minimising data, anonymising where possible, and offering opt-out |
| Crash monitoring and security | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications (product updates, new features) | Consent (Art. 6(1)(a)) — you can withdraw at any time |
5. AI-Powered Features and Conversation Data
The core gameplay involves free-text conversations with an AI-powered patient. These conversations are processed by third-party AI model providers, which may include Anthropic, OpenAI, and Google (Gemini), depending on the specific feature and model best suited for the task.
What this means in practice:
- Your messages are sent to the relevant AI provider's API to generate a response.
- We store the full conversation on our servers so you can review your activity history.
- We do not use your conversations to train or fine-tune any AI model.
- Each AI provider processes your messages in accordance with their own API data processing terms. Under their standard API terms, input and output data are not used to train their models.
We do not include your email address or display name in the data sent to AI providers. Conversations are associated with an internal session identifier only.
6. Third-Party Services
We use the following third-party processors, all of which process data within the European Economic Area (EEA) or under appropriate safeguards:
| Service | Role | Data processed | Location |
|---|---|---|---|
| Supabase | Database, authentication, hosting | Email, username, game sessions, conversations | EU |
| Vercel | Application hosting | IP address, request metadata | EU |
| Stripe | Payment processing | Payment details (card number, billing address) — Stripe is the sole processor of this data | EU/US (Stripe is certified under the EU-US Data Privacy Framework) |
| PostHog | Product analytics | Anonymised/pseudonymised usage events, device info, IP | EU (self-hosted or EU cloud instance) |
| Google Analytics | Product analytics | Anonymised usage events, device info, IP (anonymisation enabled) | EU/US (Google is certified under the EU-US Data Privacy Framework) |
| Anthropic | AI model provider | Conversation messages (no PII) | US (Standard API DPA; data not used for training) |
| OpenAI | AI model provider | Conversation messages (no PII) | US (Standard API DPA; data not used for training) |
| Google (Gemini) | AI model provider | Conversation messages (no PII) | US/EU (Standard API DPA; data not used for training) |
Where data is transferred outside the EEA, we rely on the EU-US Data Privacy Framework, Standard Contractual Clauses (SCCs), or an adequacy decision by the European Commission, as applicable.
7. Data Retention
| Data | Retention period |
|---|---|
| Account data (email, username) | Until you delete your account |
| Game sessions and conversation history | Until you delete your account |
| Payment records | As required by Italian tax law (10 years for fiscal records) |
| Analytics data | Aggregated/anonymised within 26 months |
| Crash and error logs | 90 days |
When you delete your account, we erase or anonymise all personal data within 30 days, except where retention is required by law.
8. Your Rights
Under the GDPR you have the right to:
- Access your personal data and obtain a copy
- Rectify inaccurate or incomplete data
- Erase your data ("right to be forgotten")
- Restrict processing in certain circumstances
- Data portability — receive your data in a structured, machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent at any time (without affecting the lawfulness of prior processing)
To exercise any of these rights, email privacy@heydoctor.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) — www.garanteprivacy.it.
9. Cookies and Tracking
The HeyDoctor mobile app does not use browser cookies. Our website and web-based admin tools may use:
- Strictly necessary cookies — required for authentication and security (no consent needed)
- Analytics cookies — PostHog and Google Analytics, placed only with your consent
You can manage cookie preferences at any time through the cookie banner on our website.
10. Security
We implement appropriate technical and organisational measures to protect your data, including:
- Encryption in transit (TLS) and at rest
- Role-based access controls for internal systems
- Regular review of third-party processor security practices
- Rate limiting and abuse prevention on all API endpoints
No system is completely secure. If we become aware of a data breach that poses a high risk to your rights, we will notify you and the competent supervisory authority as required by Art. 33–34 GDPR.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or an in-app notice at least 14 days before the changes take effect. The "effective date" at the top of this page will always reflect the latest version.
12. Contact
For any questions, requests, or complaints regarding this Privacy Policy or our data practices:
Marco Santonocito Piazzetta Ado Furlan 4, 33170 Pordenone (PN), Italy privacy@heydoctor.com
Last updated: 10 April 2026