Privacy Policy

This Privacy Policy explains how OTEXE Global Solutions OÜ, registry code 16536027, VAT number EE102515833, with registered address at Vesivärava 50-201, 10152 Tallinn, Estonia (“OTEXE”, “DocToDoc”, “we”, “us”, or “our”), collects, uses, stores, shares, and protects personal data in connection with the DocToDoc platform available at aidadoc.com and related services.

DocToDoc is a professional peer-to-peer consultation platform for dental professionals. It is not intended for use by patients and is not intended to collect, receive, store, or process Patient-Identifiable Information, Protected Health Information, or identifiable patient health data.

1. Data Controller

The data controller responsible for processing described in this Privacy Policy is OTEXE Global Solutions OÜ, Registry Code 16536027, VAT Number EE102515833, Vesivärava 50-201, 10152 Tallinn, Estonia. Contact: privacy@aidadoc.com. Where we process personal data on behalf of another controller, we will do so under appropriate contractual terms where required by applicable law.

2. Professional-Only Platform Notice

DocToDoc is intended for dental professionals. It is not a patient-facing healthcare service and is not intended for patients seeking diagnosis, treatment, dental care, medical advice, or emergency care. Users must not submit patient-identifiable data to the Platform.

3. No Patient-Identifiable Information or PHI

We do not require, request, authorize, or intend to collect, receive, store, or process Patient-Identifiable Information, PHI, patient medical records, or identifiable patient health data. Users are strictly prohibited from uploading, submitting, transmitting, displaying, or otherwise disclosing through the Platform any information that directly or indirectly identifies, or may reasonably be used to identify, an individual patient, including patient names, dates of birth, addresses, telephone numbers, email addresses, identification numbers, medical record numbers, insurance numbers, billing identifiers, full-face photographs or recognizable facial images, file metadata containing identifiers, or any other direct or indirect patient identifiers.

4. Clinical Case Materials

Users may submit Clinical Materials only if they have been de-identified before submission. We do not verify that User-submitted Clinical Materials have been properly de-identified. Users are solely responsible for ensuring that Clinical Materials comply with all applicable privacy, data protection, professional secrecy, medical confidentiality, patient consent, consumer health data, and healthcare laws.

5. HIPAA / PHI and U.S. Consumer Health Data Notice

This section applies only to the extent U.S. health privacy laws, state consumer health data laws, HIPAA, or similar U.S. privacy laws may apply. DocToDoc is not intended to receive, create, maintain, transmit, or store PHI. Unless OTEXE has entered into a separate written Business Associate Agreement, OTEXE does not act as a Business Associate and does not agree to receive, create, maintain, transmit, or store PHI on behalf of any Covered Entity or Business Associate. DocToDoc is not intended to collect consumer health data relating to patients.

6. Personal Data We Collect

Depending on your use of the Platform, we may collect visitor data such as IP address, device identifiers, browser type, operating system, approximate IP-derived location, referring URL, pages viewed, date/time of access, cookies and analytics data; account data such as name, email, phone, country, language, account identifier, protected password credentials, account settings, and legal acceptance logs; professional data such as professional title, dental specialty, education, experience, clinic or organization name, country of practice, license or registration information where applicable, biography, profile photo, and languages; consultant data such as availability, pricing, payout information, tax or billing information, ratings, reviews, consultation history, and platform activity; booking data such as selected Consultant, requested time/date, consultation topic, booking status, cancellation/rescheduling information, payment status, platform messages, and de-identified Clinical Materials; payment data such as billing name, billing address, invoice details, transaction amount, currency, payment status, payment method type, last four card digits where provided by processors, and tax information; communications data such as email content, support tickets, chat messages, call notes, feedback, complaints, and attachments; and technical/security data such as login logs, security logs, error logs, cookie preferences, fraud prevention signals, and access timestamps.

7. Sources of Personal Data

We may collect personal data directly from you, from your use of the Platform, from Consultants or Requesting Dentists involved in a booking, from payment processors, authentication providers, analytics providers, customer support tools, publicly available professional sources where relevant and lawful, and legal, compliance, or security sources where necessary.

8. Purposes and Legal Bases for Processing

Where GDPR applies, we process personal data under performance of a contract to create accounts, provide the Platform, facilitate bookings and Consultations, process payments, provide support, and manage paid services; legitimate interests to secure the Platform, prevent fraud and abuse, improve services, manage disputes, enforce Terms, maintain business records, protect legal rights, conduct internal analytics, and communicate service updates; consent for non-essential cookies, marketing emails where required, optional profile information, and certain integrations; legal obligations for accounting, tax, regulatory, court, government, and data protection obligations; and legal claims where necessary to establish, exercise, or defend legal claims.

9. How We Share Personal Data

We may share personal data with service providers such as hosting, cloud infrastructure, storage, analytics, payment processing, authentication, email delivery, customer support, security, fraud prevention, accounting, and legal providers; payment processors; other Users where necessary to provide a booking or Consultation; third-party communication services such as Google Meet; professional verification providers if used; legal and professional advisors; courts, regulators, tax authorities, law enforcement, or supervisory authorities where required or permitted by law; and parties involved in a merger, acquisition, restructuring, financing, sale of assets, bankruptcy, or similar transaction.

10. International Data Transfers

We may use service providers located outside the European Economic Area. Where personal data is transferred internationally, we use appropriate safeguards where required, such as adequacy decisions, Standard Contractual Clauses, contractual protections, or other lawful transfer mechanisms.

11. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention may depend on account activity, legal obligations, tax and accounting requirements, disputes, security needs, fraud prevention, enforcement of Terms, and consent records. Account data may be retained while the account is active and for a reasonable period after closure; payment and invoice data as required by law; legal acceptance logs to prove consent and contract formation; security logs for security and fraud prevention; and de-identified or anonymized data where lawful.

12. De-Identified, Anonymized, and Aggregated Data

We may create and use de-identified, anonymized, or aggregated data for analytics, research, service improvement, security, and business purposes. We will not attempt to re-identify anonymized data. Users remain responsible for ensuring that Clinical Materials submitted to the Platform are properly de-identified before submission.

13. Cookies and Similar Technologies

We use cookies and similar technologies as described in our Cookie Policy. Non-essential cookies are used only where permitted by law and, where required, with consent.

14. Marketing Communications

We may send administrative, transactional, and service-related communications necessary for the Platform. We may send marketing communications where permitted by law. You may unsubscribe from marketing emails at any time using the unsubscribe link or by contacting us. Even if you opt out of marketing, we may continue to send service-related communications.

15. Public Areas, Reviews, and Feedback

If the Platform allows reviews, ratings, public profiles, comments, or other public or semi-public features, information submitted there may be visible to other Users or the public. Do not include Patient-Identifiable Information, confidential patient information, PHI, or sensitive clinical details that could identify a patient in any review, comment, profile, message, or public posting.

16. Data Security

We use reasonable technical, organizational, and administrative measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and disclosure. Such measures may include access controls, secure transmission where available, limited personnel access, vendor-based safeguards, logging, and internal incident response procedures. No method of transmission or storage is completely secure. We cannot guarantee absolute security. This policy does not claim any security certification, audit framework, cloud provider, annual penetration testing, SIEM, MFA, or similar control unless separately confirmed in writing by OTEXE.

17. Your GDPR Rights

Where GDPR applies, you may have the right to access, rectify, erase, restrict processing, object to processing, data portability, withdraw consent, and lodge a complaint with a supervisory authority. To exercise rights, contact privacy@aidadoc.com. We may need to verify your identity before responding. Some rights are subject to legal limitations and exceptions.

18. U.S. Privacy Rights, Where Applicable

If you are located in a U.S. state with applicable privacy laws, you may have additional rights such as access, deletion, correction, or opt-out rights. DocToDoc is not intended to collect consumer health data relating to patients. If you believe we have processed personal data subject to U.S. privacy rights, contact privacy@aidadoc.com.

19. Children’s Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps.

20. Third-Party Websites and Services

The Platform may contain links to third-party websites or services. We are not responsible for the privacy, security, or data practices of third parties. You should review their policies before using them.

21. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be posted on the Platform with a new effective date. If changes are material, we may provide additional notice where required by law.

22. Contact Information

OTEXE Global Solutions OÜ, Registry Code: 16536027, VAT Number: EE102515833, Address: Vesivärava 50-201, 10152 Tallinn, Estonia, Website: aidadoc.com, Email: privacy@aidadoc.com.