Privacy Policy

Updated: October 22, 2025

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please Review It Carefully.*

At Doctronic, accessible from https://www.doctronic.ai, we protect your privacy. This Privacy and Security Notice explains how we collect, use, share, and protect your information when you use our website, mobile app, and services.

For users with member accounts accessing health records through our Individual Access Services ("IAS"), this Notice also incorporates requirements under the Trusted Exchange Framework and Common Agreement (TEFCA) and the CMS Interoperability and Patient Access Rule.

We do not sell your health information. Your health information belongs to you - you control it. You can access it anytime, download it, share it with other providers, or delete it as you choose.

Service Types and Information We Share

Anonymous Usage (No Account)

  • No account or personal information (other than age and sex if prompted) is required
  • Minimal technical data for functionality: browser type, session cookies
  • Health conversations not linked to any identity
  • Session data disconnected immediately upon closing browser or logging out
  • Not covered by HIPAA (no stored protected health information)
  • Truly anonymous - we cannot identify you

Member Accounts

  • Requires registration with personal information
  • Stores your health information and medical history ("Individually Identifiable Information" or "III")
  • Full HIPAA and TEFCA protections apply
  • Persistent access to your records
  • Enhanced features including care coordination and prescription services

How We Use and Share Your Information

We may access, use, exchange, and disclose your III:

  • For providing IAS: To help you securely access your medical records, send and receive health information, and share with authorized parties.
  • With third parties: Only with your consent or as required by law.
  • For required reporting: As permitted or required under TEFCA and applicable law.
  • No sale without consent: We will not sell or use your III for marketing or targeted advertising without your separate, express "Consent to Sale" (see Section 11).
  • Retention: We retain your III only as long as necessary to fulfill the purposes described here or as required by law.
  • De-identified information: If we de-identify your III, we may use or disclose it for research, analytics, or service improvement.

We will never use your III to make claims against you, except for collection of fees you owe.

Age Requirement

You must be 18 or older to use Doctronic. We do not knowingly collect information from anyone under 18. If we discover underage usage, we immediately delete all associated data.

Our Legal Status

We are a "Covered Entity" by law under HIPAA for member accounts that store protected health information. Even when HIPAA doesn't apply (such as anonymous usage), we follow equivalent or stronger privacy protections including consumer-protection and breach notification laws (including the FTC's Health Breach Notification Rule).

How We Use Your Information

For Healthcare Services

  • Process your symptoms and medical questions
  • Generate clinical summaries and doctor's notes
  • Coordinate care with Doctronic physicians
  • Manage prescriptions and referrals
  • Access and share medical records (only with your consent)

Example: Doctronic processes information you provide to format it in a way that is helpful for discussing with your doctor.

For Operations

  • Improve our AI doctor technology
  • Provide customer support
  • Process payments
  • Ensure platform security and prevent fraud
  • Develop new features

Example: We use health information to develop better ways of helping users communicate with their doctors and to improve our AI systems and services.

We maintain all consents in a secured auditable log to validate and verify.

We Do Not:

  • Train our AI models on your chat data or conversations
  • Sell your information
  • Use your data for third-party marketing
  • Make insurance claims against you (except fee collection)

All disclosures through TEFCA are in accordance with the permitted and required Uses and Disclosures specified in the Common Agreement and applicable US Department of Health and Human Services guidance.

When We Share Information

Only With Your Express Consent

  • Your designated healthcare providers
  • Family members or representatives you authorize
  • Third parties you specifically approve
  • Any sharing beyond what's described in this Notice

Never Shared Without Written Permission

  • Sale of your information
  • Therapy notes and psychotherapy notes
  • Your health information with third parties for their marketing purposes

Please note that some states have therapy chatbot restrictions and additional regulations governing mental health services. Doctronic complies with all applicable state and federal laws regarding mental health and therapy services, and we do not provide services that are prohibited by law in your jurisdiction.

As Required by Law

  • Court orders, subpoenas, search warrants
  • Public health emergencies
  • Preventing imminent serious harm
  • Government compliance audits

Note: For anonymous users, we have no identifying information to share even if compelled by law.

When disclosing under subpoena/court order, individuals will be notified within 3 business days (unless prohibited) and given an opportunity to object or seek protective orders.

For Healthcare Operations

  • Contracted medical professionals reviewing for quality (bound by confidentiality)
  • HIPAA-compliant service providers (hosting, payment processing)
  • Healthcare networks for care coordination (TEFCA exchanges) - only with your consent

Sensitive Health Information

Certain sensitive information (reproductive health, mental health, substance use, gender affirming care) receives extra protection. We only disclose when required by law and notify you within 3 business days unless prohibited.

For anonymous users, this protection is absolute - we have no way to identify or disclose your information.

Emergency Situations

In emergency situations or if we believe there is a serious and imminent threat to health or safety, we may share your information when necessary to prevent harm to you or others. We may take appropriate action to protect you, other individuals, or the public, which may include sharing information with emergency services, law enforcement, or healthcare providers without your prior consent. This exception applies only in circumstances where we reasonably believe immediate action is required to prevent serious harm.

Your Rights

Access and Control Your Information

You have the right to:

  • View your medical records anytime (member accounts)
  • Update or correct your information
  • Download data in machine-readable format
  • Delete all information to the extent technically feasible (except audit logs or as prohibited by law)
  • Explicit right to opt out of TEFCA sharing

Privacy Choices

  • Request restrictions on how we use your information
  • Choose communication preferences
  • Designate someone to act on your behalf
  • Object to specific uses of your data

Transparency

  • Receive breach notifications (members only - anonymous users cannot be notified)
  • Get copy of this Notice
  • File complaints without retaliation

Response time: 30 days for most requests

Security Practices

  • Protection: Doctronic uses commercially reasonable efforts to protect III from unauthorized or illegal access, modification, Use, or destruction.
  • Encryption: All data encrypted in transit and at rest
  • Access Controls: Role-based permissions, multi-factor authentication
  • Monitoring: 24/7 security monitoring and threat detection
  • Infrastructure: HIPAA-compliant AWS hosting
  • Vendor Management: Partners sign Business Associate Agreements

Obligations under this Notice continue for as long as information is maintained

Breach & Security Incident Notification

Doctronic will notify individuals whose III has been or is reasonably believed to have been affected by an IAS TEFCA Security Incident or Breach of Unencrypted III. We will notify you promptly and include:

  • A description of what happened and when.
  • What types of information was involved.
  • Steps you can take to protect yourself.
  • Actions we are taking to address it.
  • How you can contact us for more information.

Compliance with Privacy and Security Requirements

Pursuant to Section 4.1.a.5 of the IAS Provider Requirements SOP, Doctronic affirms that it is required to act in conformance with the Privacy and Security Notice and to protect the security and confidentiality of all information it holds in accordance with the applicable Framework Agreement.

Doctronic shall implement and maintain administrative, technical, and physical safeguards consistent with industry standards and the Framework Agreement to ensure the integrity, availability, and confidentiality of all data received, maintained, or transmitted under its services.

For questions regarding our privacy or security practices, you may contact us at privacy@doctronic.ai

Consent and Your Choices

For Member Accounts

We obtain documented consent before:

  • Creating your account and storing health information
  • Sharing data beyond what's described here
  • Making material changes to privacy practices

Consent to Sale

If we wish to sell your III, use it for targeted advertising, or receive payment in exchange for it, we will ask for a separate Consent to Sale, clearly labeled and distinct from this Notice. You are not required to provide such consent to use our IAS.

Revoking Your Consent

You have the right to revoke your consent for data sharing or use at any time. Please follow the steps below to withdraw your consent:

Step 1: Log in to your Doctronic account.

Step 2: Navigate to Settings › Privacy › Consent Management.

Step 3: Select "Revoke Consent."

Step 4: Confirm your choice when prompted.

Step 5: You will receive an on-screen confirmation and an email confirming that your consent has been revoked.

Revocation of consent will take effect immediately. Once revoked, we will no longer collect or share your data under the previously granted consent.

If you need assistance, contact us at privacy@doctronic.ai or call (212) 287-5081.

Revocation doesn't affect prior uses. Account access ends after revocation.

Data Retention

  • Anonymous Sessions: Disconnected immediately when browser closed or logged out
  • Member Health Records: 7 years (per medical record requirements and TEFCA IAS obligations)
  • Account Deletion: Processed within 30 days
  • Legal Holds: Some data retained if required by law (members only)

Digital Contact Information

To support nationwide interoperability, we have listed our secure digital contact information in the National Plan & Provider Enumeration System (NPPES):

  • Digital Contact Method: [Direct Secure Messaging Address]
  • Purpose: For use by other providers, hospitals, and health information networks to securely send referrals, event notifications, and protected health information (PHI).
  • Security: Our digital contact method is HIPAA-compliant and encrypted to protect PHI in transit.

Technical Details

Cookies and Web Beacons

Like any other website, Doctronic uses cookies. These cookies are used to store information including visitors' preferences and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and other information.

Log Files

Doctronic follows a standard procedure of using log files. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. We may use IP addresses for legal compliance with state and federal laws, but we do not log or use IP addresses for tracking, marketing, or other purposes. These log files are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, and gathering demographic information.

Cookies and Tracking

  • Essential cookies for security and preferences
  • Analytics to improve services (anonymized)
  • Advertising cookies for marketing attribution (anonymous users only - no health data)
  • No IP address collection for tracking purposes (IP addresses may be temporarily checked to comply with state-specific regulations, but are not stored)

Communications

  • Secure in-app messaging
  • Optional SMS (text STOP to opt out)
  • No unencrypted email for health information

SMS and Text Messaging

We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your personal data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.

Marketing and Advertising

We use ads for marketing purposes. Advertising platforms may receive anonymous tracking data and marketing attribution information to measure campaign effectiveness. No protected health information or member account data is ever shared with advertising platforms.

Special Provisions

For California Residents (CCPA)

  • Right to know what personal information we collect
  • Right to delete (with exceptions)
  • Right to opt-out of sale (we don't sell, but certain advertising tracking may qualify as "sale" under some laws, contact us to opt out)
  • No discrimination for exercising rights

For European Union Residents (GDPR)

Every user is entitled to the following data protection rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal data under certain conditions
  • Right to Restrict Processing: Request restricted processing under certain conditions
  • Right to Object to Processing: Object to our processing under certain conditions
  • Right to Data Portability: Request transfer of data to another organization or directly to you

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us using the information provided at the end of this notice.

For Healthcare Providers (Interoperability)

  • NPPES-listed digital contact for secure messaging
  • TEFCA-compliant health information exchange
  • FHIR API access for authorized applications

Changes to This Notice

We'll notify you of material changes via:

  • Email (members only - anonymous users have no contact info)
  • Website banner (30 days)
  • New consent for significant changes

Changes are posted no later than the effective date of the change

Fees

We will clearly disclose any fees associated with our IAS or with exercising your rights. Current fees: "None".

Contact Us

Privacy Officer
Doctronic Inc.
1460 Broadway
New York, NY 10036

Privacy Questions: privacy@doctronic.ai
Phone: (212) 287-5081

General Support: support@doctronic.ai

File a Complaint

  • With us: privacy@doctronic.ai
  • With government: HHS Office for Civil Rights (1-877-696-6775)

We document all privacy complaints and their final disposition. We will also never retaliate.

AI Doctor Visit Required
Close icon

Please Chat With Our AI Doctor First

Our AI doctor assessment helps our human doctors prepare for your video visit and provide better care

Start My AI Doctor Visit
Lifebuoy

For safety reasons we have been forced to end this consultation.

If you believe this is a medical emergency please call 911 or your local emergency services immediately.

If you are experiencing emotional distress, please call the the Suicide & Crisis Lifeline at 988 or your local crisis services immediately.

Contact us

You can also email us at help@doctronic.ai

We aim to reply within 5-7 days

How likely are you to recommend Doctronic to friends or family?
Not likely at all Extremely likely
Smiling doctor on a call with a patient

Talk to a
Doctor Today

U.S. licensed doctor video visits available
immediately or by appointment

  • Check mark $39 self pay or use insurance
  • Check mark Get prescriptions, diagnosis, referrals, & more
  • Check mark Available 24/7 in all 50 states 🇺🇸
Star Star Star Star Star
100% Satisfaction Guarantee