Privacy Policy

Last updated: November 21, 2025 • Version 4.0

Deepocrates, s.r.o. ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our medical AI platform and related services (collectively, the "Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

1. Information We Collect

1.1. Personal Information

We may collect the following personal information:

• Name, email address, and contact information
• Professional credentials and medical license information
• Institution or organization affiliation
• Account preferences and settings
• Payment and billing information (processed by third-party providers)

1.2. Usage Information

We automatically collect certain information about your use of the Service:

• Query patterns and search history (anonymized)
• Platform usage statistics and analytics
• Device information and browser type
• IP address and location data (general geographic area only)
• Session duration and feature usage

1.3. Medical Query Data

We collect the medical queries and inputs you provide to our AI system. However, we strongly advise against including any patient-identifiable information in your queries. All query data is processed in accordance with our strict data protection protocols.

2. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service
• Process your medical queries and provide AI-generated responses
• Verify your professional credentials and eligibility
• Improve our AI models and platform functionality
• Provide customer support and technical assistance
• Send important updates about the Service
• Comply with legal obligations and regulatory requirements
• Detect and prevent fraud or misuse of the Service

3. Data Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties, except in the following circumstances:

• With your explicit consent
• To trusted service providers who assist in operating our platform (under strict confidentiality agreements)
• When required by law or to comply with legal processes
• To protect our rights, property, or safety, or that of our users
• In connection with a business transfer or acquisition (with appropriate safeguards)

4. Data Security

We implement comprehensive security measures to protect your information:

• End-to-end encryption for data transmission
• Secure data storage with regular backups
• Multi-factor authentication for user accounts
• Regular security audits and penetration testing
• Access controls and employee training on data protection
• Compliance with industry-standard security frameworks

5. Your Rights Under GDPR

If you are located in the European Union, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

6. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Account information is typically retained for the duration of your account plus a reasonable period thereafter for legal and business purposes.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, including standard contractual clauses approved by the European Commission.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. These technologies help us understand how you use the Service, remember your preferences, and improve our platform's functionality. You can control cookie settings through your browser preferences.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

11. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Data Protection Contact

Email: info@deepocrates.com

Data Protection Officer: info@deepocrates.com

Company: Deepocrates s.r.o.

Address: Brno, Czech Republic

Back to Legal

Deepocrates – Privacy Notice

Effective Date: September 29, 2025

1. Introduction

Deepocrates (“we,” “our,” “us”) is committed to protecting the privacy of our users. This Privacy Notice explains how we collect, use, and safeguard personal information when you use our services (“Services”).

2. Scope

This policy applies to all users of Deepocrates, including healthcare professionals, researchers, and institutions.

3. Controller and Contact

Deepocrates s.r.o. is the controller of your personal data. Contact: info@deepocrates.com

4. Information We Collect

Account Information: Name, email address, professional affiliation, payment details (via third-party providers).
Usage Data: Queries submitted, responses generated, interaction history (“chat history”).
Technical Data: IP address, device identifiers, browser type, operating system, cookies.
Communication Data: Emails, support tickets, or feedback messages.

5. How We Use Information

Provide and improve the Services
Maintain secure access and prevent misuse
Personalize responses and maintain conversation history
Manage billing, subscriptions, and payments
Conduct research and product development
Comply with legal obligations

6. Legal Basis for Processing

Contract (providing Services you signed up for)
Legitimate interest (improving Services, preventing misuse)
Consent (marketing communications, where applicable)
Legal obligations (tax, compliance)

7. Data Sharing

We do not sell your data.
Limited sharing with service providers (cloud hosting, payment processors, analytics).
Aggregated/anonymized sharing with research partners.
Disclosures to authorities when required by law.

8. Data Storage and Security

Secure cloud storage (e.g., Google Cloud Firestore).
Encryption in transit and at rest.
Access restricted to authorized personnel only.

9. Retention

Account data: While your account is active
Chat history: Until manually deleted or after 12 months of inactivity
Payment records: As required by financial regulations

10. User Rights

Depending on your jurisdiction, you may have rights to:

Access your data
Correct inaccurate information
Request deletion (“right to be forgotten”)
Restrict or object to processing
Port your data to another provider

You also have the right to lodge a complaint with your local data protection authority. Requests can be made at legal@deepocrates.ai.

11. International Transfers

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards (e.g., Standard Contractual Clauses).

12. Children’s Privacy

Deepocrates is intended for professional use only. We do not knowingly collect data from individuals under 18.

13. Do Not Track

Our Services are not designed to respond to “Do Not Track” signals. We do not use or disclose your personal information in a way that would require honoring Global Privacy Control where not mandated by law.

14. Patient Data and PHI

Do not submit patient-identifiable information or protected health information (PHI) to the Services. The platform is not intended to process PHI unless a separate written agreement is in place.

15. Model Training and Automated Decisions

We do not use your Inputs or Outputs to train models unless you provide explicit opt-in consent. The Service does not make solely automated decisions that produce legal or similarly significant effects for you.

16. Subprocessors

We use trusted service providers for hosting, analytics, and payments. We ensure appropriate contractual safeguards (including data processing agreements and, where applicable, Standard Contractual Clauses).

17. Updates to this Notice

We may update this Privacy Notice from time to time. If we make material changes, we will notify you via the Services or email where required by law. The “Effective Date” above reflects the latest version.

18. Contact

Deepocrates s.r.o., Brno, Czech Republic • info@deepocrates.com