Privacy Policy

1. Data Controller

Doctor RPM is the data controller for your personal data. If you have any questions about this Privacy Policy or how we handle your data, please contact us at legal@doctor-rpm.com.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Authentication credentials (hashed passwords)
• Account preferences
• Subscription status and billing information

2.2 Usage Data

We collect information about your use of the Service:

• API usage statistics
• Daily quota consumption
• Browser extension usage data
• Service access logs

2.3 Payment Information

Payment information is processed by Stripe, our payment processor. We do not store or have access to your full credit card details. We only receive confirmation of successful payments and transaction IDs.

3. How We Use Your Information

We use your personal information to:

• Provide and maintain the Service
• Process your subscription payments
• Manage your account and preferences
• Enforce quota limits and rate limiting
• Send service-related communications
• Comply with legal obligations
• Improve and optimize the Service

4. Legal Basis for Processing

We process your personal data based on:

• Contract Performance: To fulfill our contractual obligations to provide the Service
• Legal Obligation: To comply with applicable laws and regulations
• Legitimate Interests: To improve our Service and prevent fraud
• Consent: Where you have given explicit consent (such as marketing communications)

5. Where We Store Your Data

Your data is stored using the following third-party services:

5.1 Supabase

User accounts, authentication, and application data are stored in Supabase, which complies with GDPR and SOC 2 Type II standards.

5.2 Stripe

Payment processing and subscription management are handled by Stripe, which is GDPR compliant and PCI DSS Level 1 certified.

5.3 Railway

Our backend API is hosted on Railway, which processes API requests and temporarily logs usage data.

6. Data Retention

We retain your personal data for as long as:

• Your account is active
• Necessary to provide the Service
• Required to comply with legal obligations
• Necessary to resolve disputes

Account data is deleted within 30 days of account deletion, except where we are required to retain it for legal reasons.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

7.1 Right of Access

You have the right to request access to your personal data and receive a copy of the data we hold about you.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You have the right to request deletion of your personal data, subject to legal retention requirements.

7.4 Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format.

7.5 Right to Restrict Processing

You have the right to request restriction of processing of your personal data.

7.6 Right to Object

You have the right to object to processing of your personal data for legitimate interests.

7.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

8. How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact us at legal@doctor-rpm.com. We will respond to your request within 30 days.

You can also manage your account data directly through your dashboard:

• View your account information
• Update your email address and preferences
• Delete your account and personal data

9. Cookies and Tracking Technologies

We use the following types of cookies:

9.1 Essential Cookies

Required for the Service to function properly. These cannot be disabled.

9.2 Authentication Cookies

Used to maintain your login session and security.

9.3 Analytics Cookies

Used to understand how users interact with the Service to improve functionality.

10. Third-Party Services

We use the following third-party services that may collect data:

10.1 Google OAuth

For social authentication. See Google's privacy policy: https://policies.google.com/privacy

10.2 Supabase

For database and authentication services. See Supabase's privacy policy: https://supabase.com/privacy

10.3 Stripe

For payment processing. See Stripe's privacy policy: https://stripe.com/privacy

10.4 Railway

For hosting and backend services. See Railway's privacy policy: https://railway.app/privacy

11. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place through Standard Contractual Clauses and adequacy decisions to protect your data.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Access controls and authentication requirements
• Regular security audits and updates
• Secure coding practices
• Rate limiting and abuse prevention

13. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service. The "Last updated" date at the top of this page indicates when changes were last made.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: contact.mirlay@gmail.com
Website: https://doctor-rpm.com
Address: Doctor RPM