GDPR Compliance

General Data Protection Regulation (GDPR) Compliance

DoctChat is committed to protecting the privacy of its users and ensuring compliance with the European Union General Data Protection Regulation (GDPR). This document details how DoctChat collects, processes, stores, and protects personal data of both free-tier and premium MD Chat subscribers. Users of the platform, including those interacting with Video Tutorials, accessing Reviews, or following User Guidelines, have the right to privacy and data protection consistent with GDPR standards.

All personal data collected by DoctChat is processed lawfully, transparently, and for specified purposes. The platform emphasizes accountability, ensuring that data handling aligns with best practices in digital health services.

Data Collection and Purpose

DoctChat collects personal data for the purpose of providing a secure, educational, and AI-assisted healthcare experience. The types of data collected include:

  • Account Information: Name, email address, subscription status, and user credentials.
  • Interaction Data: Questions asked to MD Chat, AI-generated responses, health inquiries, and feedback submitted via Reviews.
  • Usage Analytics: Session duration, pages visited, feature usage, and engagement with Video Tutorials.
  • Technical Data: IP address, device type, browser type, operating system, and cookies managed under Cookie Policy.

This data is collected to:

  1. Deliver both free and premium AI guidance through MD Chat.
  2. Ensure proper subscription management and billing for premium users.
  3. Improve platform functionality, including personalized nutrition, fitness, and mental wellness support.
  4. Monitor compliance with User Guidelines.
  5. Enhance user experience through content recommendations and tutorials.

Lawful Basis for Data Processing

Data processing on DoctChat adheres to GDPR principles. The lawful bases include:

  • Consent: Users voluntarily subscribe to MD Chat or opt-in to premium features, agreeing to the processing of their personal data for educational and AI-guided purposes.
  • Contractual Necessity: Processing is required to provide subscription services, maintain user accounts, and deliver AI-assisted guidance.
  • Legitimate Interests: DoctChat processes anonymized usage data to improve AI performance, develop educational content, and optimize user experience without compromising privacy.
  • Legal Obligations: Compliance with applicable regulations, including international data protection standards, GDPR mandates, and health privacy laws.

User Rights Under GDPR

DoctChat provides users with full rights under the GDPR, ensuring transparency and accountability:

Right to Access

Users can request access to their personal data collected via MD Chat, including AI interactions, subscription details, and Reviews. Requests are fulfilled promptly, in accordance with GDPR timelines.

Right to Rectification

Users may request corrections to inaccurate or incomplete personal information. This includes updating contact information, subscription status, or user preferences.

Right to Erasure

Users may request deletion of their personal data. DoctChat will remove identifiable information, ensuring that historical AI guidance remains anonymized for analytics purposes.

Right to Restrict Processing

Users can request temporary restrictions on the processing of their personal data, which may affect certain MD Chat functionalities, including premium access to personalized nutrition or mental health guidance.

Right to Data Portability

Users can request a copy of their personal data in a structured, commonly used format for transfer to other services.

Right to Object

Users have the right to object to data processing based on legitimate interests, such as usage analytics or anonymized AI training. Premium MD Chat subscribers may still access core educational guidance, but certain AI personalization features may be limited.

Right to Withdraw Consent

Where processing relies on consent, users may withdraw it at any time without affecting the legality of prior processing.

Data Retention Policy

  • Personal data associated with active MD Chat subscriptions is retained for the duration of the subscription.
  • Data for free-tier users is retained for a limited period, sufficient to provide AI guidance, analytics, and service improvement.
  • Anonymized data may be retained indefinitely for AI training, research, and educational content creation.
  • Users may request deletion or anonymization through Support.

Data Protection and Security

DoctChat implements technical and organizational measures to safeguard personal data:

  • Encryption: All sensitive user data, including AI chat interactions, is encrypted during storage and transmission.
  • Access Controls: Only authorized personnel have access to personal data.
  • Regular Security Audits: The platform conducts audits and vulnerability assessments to ensure compliance with GDPR and international data protection standards.
  • Third-Party Security: Integrations with AI partners such as Celiai adhere to strict data privacy agreements and anonymization protocols.

Special Considerations for Premium MD Chat

Premium subscriptions introduce additional data considerations due to enhanced AI personalization:

  • AI may use user-submitted health information to generate tailored guidance for chronic conditions, nutrition, mental wellness, and fitness.
  • Data collected for premium users is never shared with third parties for marketing purposes without explicit consent.
  • Users may manage subscription data, pause access, or cancel services through Support.

Third-Party Data Sharing and AI Analytics

DoctChat uses AI systems, including MD Chat, to provide personalized guidance. To enhance functionality while maintaining GDPR compliance:

Third-Party Integrations

  • Partners such as Celiai assist in AI processing and analytics.
  • Third-party vendors receive anonymized data only, ensuring personal identifiers are removed before processing.
  • Users are informed of all third-party processing in Privacy Policy.
  • No data is sold or shared for advertising purposes without explicit user consent.

AI Analytics

  • AI systems analyze anonymized interactions to improve recommendations for nutrition, mental health, fitness, and lifestyle guidance.
  • Data from Video Tutorials usage and Reviews is incorporated to enhance content relevancy.
  • AI analytics comply with GDPR principles, ensuring user data is processed lawfully, fairly, and transparently.

Cross-Border Data Transfers

DoctChat may store or process user data across multiple jurisdictions to provide global access:

  • Transfers comply with GDPR mechanisms such as Standard Contractual Clauses and adequacy decisions.
  • Users accessing MD Chat outside the EU are informed of potential cross-border data processing.
  • Premium subscribers retain full rights over their data, including withdrawal of consent and access requests, even if data is processed internationally.
  • The platform ensures third-party processors adhere to equivalent data protection standards.

Cookies, Tracking, and Marketing Data Policies

Cookies and Tracking

  • Cookies are used to enhance user experience, track subscription status, and analyze engagement with Video Tutorials.
  • Users can manage cookie preferences via Cookie Policy.
  • Tracking is limited to anonymized metrics for improving AI recommendations, content relevancy, and platform performance.

Marketing and Promotional Data

  • Marketing communications are sent only to users who have explicitly opted in.
  • Users may unsubscribe or update preferences at any time.
  • Data used for promotional purposes is limited to the information required to provide personalized subscription offers and content updates.

GDPR Enforcement, Complaints, and Audit Procedures

DoctChat maintains robust procedures for GDPR enforcement:

User Complaints

  • Users may lodge complaints regarding data privacy practices through Support or by contacting GDPR authorities in their jurisdiction.
  • Complaints are processed promptly, with acknowledgment within 24 hours and resolution according to GDPR timelines.

Audits and Compliance Checks

  • DoctChat conducts regular internal and external audits to ensure compliance with GDPR and other applicable data protection laws.
  • AI systems are tested to verify anonymization and secure data processing.
  • Third-party vendors undergo periodic compliance evaluations to ensure adherence to GDPR principles.

Breach Notification

  • In case of a personal data breach, DoctChat will notify affected users and supervisory authorities as required under GDPR.
  • Notification will include the nature of the breach, affected data, potential consequences, and remedial actions taken.

Liability and Disclaimers

  • DoctChat provides AI-guided health and wellness advice for educational purposes only.
  • MD Chat, including premium AI guidance, does not replace consultation with licensed healthcare professionals.
  • Users retain responsibility for decisions based on AI recommendations.
  • DoctChat is not liable for outcomes resulting from reliance on AI advice, nutrition plans, mental health prompts, or exercise guidance.
  • References to external resources such as HealthIllusion are educational and not endorsements or guarantees.

Subscription and Premium Services

Premium MD Chat subscribers benefit from enhanced AI guidance, including:

  • Personalized nutrition and diet recommendations.
  • Tailored fitness and mental wellness programs.
  • Advanced tutorials through Video Tutorials.
  • Access to community insights and professional feedback via Reviews.

Subscription data is handled in full compliance with GDPR:

  • Users may access, correct, or delete subscription information at any time.
  • Premium service enhancements involve minimal additional data processing, always anonymized where possible.
  • Cancellation of premium services halts further data collection for personalization purposes, while maintaining core account data for legal and operational obligations.

User Responsibilities

  • Users must provide accurate information for effective AI guidance.
  • Users should respect privacy and refrain from submitting sensitive personal health data unnecessarily.
  • Compliance with User Guidelines ensures safe and ethical use of MD Chat.
  • Sharing account credentials or accessing another user’s account violates GDPR and DoctChat policies.

International Considerations

  • Users outside the EU are entitled to GDPR protections if their data is processed by DoctChat.
  • Cross-border processing agreements ensure data security standards equivalent to GDPR.
  • Users should verify AI health advice with local medical professionals before implementation.
  • Contact and Data Requests

For inquiries regarding GDPR compliance or data privacy rights:

Users may request:

  • Access to their data
  • Rectification or updates
  • Data portability
  • Withdrawal of consent for processing
  • Deletion or anonymization of personal information

Detailed AI Data Processing in Health and Wellness

DoctChat’s AI systems, including MD Chat, process user data to deliver accurate, timely, and personalized guidance. These processes are fully GDPR-compliant and prioritize user privacy.

AI-Driven Health Advice

  • Nutrition Guidance: When users engage with the AI nutrition coach or Nutrition Coach, their input regarding dietary preferences, allergies, and goals is processed to generate customized meal and wellness plans. All data is anonymized for training AI models unless the user opts for personalized premium guidance.
  • Mental Health Assistance: Users interacting with Mental Health features provide information about stress, anxiety, or mood patterns. The AI uses this data to provide educational guidance, mindfulness exercises, or coping strategies. Personal identifiers are removed from the dataset used for improving AI algorithms.
  • Fitness and Lifestyle Programs: AI systems use activity logs and user goals to recommend lifestyle adjustments. Free-tier users receive general guidance, while premium subscribers gain tailored recommendations that are processed under strict security and GDPR guidelines.

Anonymization and Data Minimization

  • AI models are trained on anonymized datasets. Personal identifiers such as name, email, and account details are separated from health inputs.
  • Only the minimum necessary data is processed for providing actionable guidance.
  • Data retention aligns with GDPR principles, ensuring that unnecessary data is regularly deleted or anonymized.

Data Security Measures

  • End-to-end encryption protects chat messages, subscription information, and interaction history.
  • Access control measures ensure only authorized staff can view sensitive data.
  • Regular penetration testing and audits are conducted to maintain compliance with GDPR security requirements.

Health Category-Specific GDPR Scenarios

To ensure practical compliance, DoctChat considers the nuances of different health and wellness categories:

Nutrition and Diet

  • Users submitting information about meal habits, allergies, or weight loss goals are informed about how this data is stored and processed.
  • Premium AI guidance uses this data to tailor diet plans without exposing personal identifiers.
  • Integration with external wellness resources such as HealthIllusion follows GDPR standards to ensure safe data transfer.

Mental Health

  • Mental health inquiries may involve sensitive personal data.
  • AI provides guidance on stress management, anxiety relief, or mindfulness techniques, but does not replace licensed therapy.
  • Data is stored securely, with anonymization applied when used for AI training. Users may request deletion or modification via Support.

Chronic Conditions

  • Users with chronic conditions, such as high blood pressure or diabetes, may receive AI guidance tailored to their condition.
  • Premium users receive advanced insights based on their input, ensuring GDPR compliance through encryption, secure storage, and anonymization of AI training data.
  • External references, such as HealthIllusion, provide educational context without sharing personal identifiers.

Realistic GDPR-Compliant User Cases

Case 1: Access Request

  • User A subscribes to MD Chat and requests access to all personal data.
  • DoctChat provides a structured, downloadable report of all stored data, including subscription status, AI interactions, and video tutorial usage, while ensuring anonymization of non-relevant identifiers.

Case 2: Data Correction

  • User B notices incorrect dietary preferences saved in their account.
  • A request to correct the data is submitted via User Guidelines.
  • DoctChat updates the AI system’s relevant training dataset and confirms correction with the user.

Case 3: Data Deletion and Premium Cancellation

  • User C cancels premium MD Chat subscription and requests deletion of all personalized guidance data.
  • DoctChat anonymizes interaction history used for AI analytics, deletes personal identifiers, and confirms completion.
  • Core account information required for contractual obligations is retained under Privacy Policy and GDPR legal exceptions.

Record-Keeping and Compliance Monitoring

DoctChat maintains a robust record-keeping system for GDPR compliance:

  • Logs of user data requests, corrections, and deletion requests are maintained for auditing purposes.
  • AI system updates and anonymization procedures are documented.
  • Access logs and internal audits ensure that only authorized personnel handle sensitive information.
  • Cross-border processing agreements are tracked and reviewed annually.

Marketing, Promotions, and Consent

  • Promotional communications are only sent to users who provide explicit consent.
  • Anonymized usage analytics inform content optimization without violating privacy.
  • Premium MD Chat subscription offers are presented in a GDPR-compliant manner, and consent can be withdrawn at any time.

International Considerations and Cross-Border Data Transfers

  • GDPR principles are extended to all users, including those outside the EU.
  • Data transfer to AI vendors or cloud systems is protected via Standard Contractual Clauses.
  • Premium features may involve secure, encrypted processing across jurisdictions, with GDPR compliance as a baseline.

Enforcement Procedures and Dispute Resolution

  • Users may report data handling concerns through Support.
  • Complaints are acknowledged within 24 hours and resolved promptly in alignment with GDPR.
  • Supervisory authorities can be contacted if resolution is unsatisfactory.
  • Breach notifications include detailed information on the affected data and steps to mitigate potential harm.

Liability, Limitations, and Disclaimers

  • DoctChat provides AI-guided insights for educational purposes only.
  • MD Chat, whether free or premium, is not a replacement for professional medical advice.
  • Liability is limited for outcomes resulting from reliance on AI guidance.
  • References to external resources, including HealthIllusion and Celiai, are for educational purposes only.

Subscription Management and Premium MD Chat

  • Premium MD Chat enhances AI guidance with personalized nutrition, mental health, and lifestyle insights.
  • Subscription data is processed according to GDPR, ensuring secure storage and access controls.
  • Users may manage subscriptions, pause access, or request deletion of data at any time through Support.
  • Cancellation halts further processing for premium personalization while retaining necessary account data for legal obligations.

User Responsibilities and Best Practices

  • Users are expected to provide accurate information for effective guidance.
  • Sharing account credentials or accessing another user’s account is prohibited and violates GDPR.
  • Compliance with User Guidelines ensures ethical and safe use of the platform.

Contact Information for GDPR Inquiries

For all GDPR compliance questions, data access requests, or privacy concerns, users can contact DoctChat:

Last updated: October 14, 2025