Privacy policy – Oladoctor

Last updated: 19 January 2026

Controller and contact details
Oladoctor is operated by Anvy Limited (Reg. No. HE 397585), registered office: 4 Diagorou Street, Kermia Building, Office 104, 1097 Nicosia, Cyprus.
For privacy matters, contact our Data Protection Officer (DPO) at [email protected].
For general support, contact [email protected].

Scope of this policy
This policy explains how we process personal data when you use oladoctor.com and its country-specific domains (including, without limitation, oladoctor.it, oladoctor.pl, oladoctor.pt), as well as patient.oladoctor.com and doctor.oladoctor.com, our web or mobile applications, and related online services (the “Services”).

Our role (summary)
Unless stated otherwise, Anvy Limited is the controller for the processing described in this policy. Doctors/medical centres act as independent controllers for clinical activities and patient records. Where we only host or transmit clinical information for a doctor, we act as that doctor’s processor. Details are set out in Section 1.

Our roles under GDPR (controller vs. processor)

1.1. Doctors / medical centres – independent controllers

For clinical activities and patient records (consultation content, medical notes, diagnoses, prescriptions, certificates, clinical attachments) the doctor/clinic determines the purposes and means of processing and acts as an independent controller. The doctor/clinic sets the relevant legal bases (typically Art. 6(1)(b)/(c) and Art. 9(2)(h)) and retention periods under healthcare law. Requests about clinical records (access, copies, correction, deletion, objection) should be addressed to the doctor/clinic. We will assist the doctor where feasible.

1.2. Oladoctor (Anvy Limited) – controller

We are the controller for processing we determine, including:

Accounts & platform operations (registration/SSO, preferences, booking flows, service communications, security/incident handling).
Professional accounts & public profiles of healthcare professionals hosted on the platform.
Customer support (tickets, troubleshooting).
Product analytics & service quality (with safeguards).

1.3. Payments

Payments are handled by our payment service provider (e.g., Stripe). We do not store full card details and receive only limited transaction metadata needed for booking confirmation, support and dispute handling. See Section 5 (Recipients & processors) for current providers.

1.4. Oladoctor (Anvy Limited) – processor for doctors

We act as a processor only where we host or relay clinical information on behalf of a doctor, for example:

From patient to doctor: intake or questionnaire responses and any clinical files uploaded by the patient for the purpose of a consultation.
From doctor to patient: clinical documents uploaded by the doctor for the patient (for example, prescriptions, medical certificates, treatment notes, or recommendations).

In these cases we process solely on the doctor’s documented instructions under Article 28 GDPR, apply confidentiality and security, use authorised sub-processors with appropriate safeguards, and apply limited retention consistent with the doctor’s instructions (including deletion/return at the end of the service). We do not use clinical content for our own purposes.

1.5. Video/voice consultations

Where the Services enable video/voice consultations (e.g., via Google Meet), Oladoctor does not record or store audio/video content. Any recording outside our platform (if used) is at the doctor’s discretion and governed by the doctor’s own privacy notice. See Section 5 for providers.

1.6. Messaging features

Where messaging with a doctor is available, message content and attachments exchanged through the Services are hosted or transmitted on the doctor’s behalf and under the doctor’s instructions. The doctor/clinic is the controller for message content and related clinical information. We act as the processor, with limited retention set by the doctor, and do not use message content for our own purposes.

1.7. Operational metadata

Even where clinical content is controlled by the doctor, certain technical/operational metadata (e.g., timestamps, device/browser data, IP, delivery/quality logs) may be processed by Oladoctor in its capacity as controller for security, support and service quality purposes. We do not build profiles based on clinical content.

1.8. Joint controllership (Article 26)

If, for any specific feature, Oladoctor and a doctor jointly determine the purposes and means of processing, we will implement an Article 26 joint-controller arrangement and make the essence of that arrangement available to users.

2. Personal data we collect

We collect (i) data you provide, (ii) data generated by your use of the Services, and (iii) limited data from service providers that enable our operations.

a) Patient account & identity

Given name and surname, country of residence (used to route care/documents under local rules), date of birth, sex, ID document type and number; in some countries, residential address.
Preferred interface language and time-zone (auto-detected; editable).
Authentication: email one-time code or Google Sign-In; no patient passwords are stored. Optional 2FA (TOTP app).
Optional: phone number.

b) Doctor account & professional profile

Name, email, country of medical licence, phone, professional title, specialties, consultation languages, social profiles, referral source, medical licence number, and – where applicable – European Professional Card or education diploma.
Authentication: sign-in via email one-time code (no passwords are stored). Optional 2FA may be available.
Public profile information you choose to publish on the platform.
Onboarding & trust/safety: we process onboarding information solely to assess eligibility and platform trust & safety (administrative checks of registration details). We do not certify or guarantee clinical competence.

c) Booking, questionnaires & files (from patient to doctor)

Intake data for a specific booking: symptoms, medications, allergies, pregnancy status, medical history, reason for consultation, free-text comments.
Attachments for the doctor (PDF/JPG/PNG/DOC, up to 50 MB per file).
This may include health data. It is made available to the chosen doctor (and, where the treating doctor involves another clinician for your case, to that clinician). We do not use clinical content for our own purposes.

d) Online consultations (video/voice)

Consultations are arranged via our video provider (see Section 5). We generate the meeting link and calendar entry using your account identifiers (e.g., email), the booking time and your time zone. Oladoctor does not access call content and does not record audio or video. We do not collect call-quality or RTC statistics. Connection and session data created during the call are processed by the video provider under its own terms; if a doctor enables recording outside our platform, that is governed by the doctor’s own policy.

e) Payments & billing

Payments are processed by our payment service provider (e.g., Stripe). We receive limited transaction metadata (e.g., status, timestamps); we do not store full card numbers, billing addresses or VAT numbers, and we do not issue invoices to patients. The doctor is paid via Stripe for the consultation.

f) Customer support & safety

Messages and attachments you send to support and related operational logs used for incident investigation and fraud prevention. Please avoid including clinical information in support messages.

g) Reviews (optional)

After a completed consultation, patients may choose to leave a review about their experience with the doctor. Reviews are published anonymously on the platform after moderation. Feedback about Oladoctor may also be collected via third-party review services. Public reviews must not include private or health-related information, and Oladoctor is not responsible for the content of user-generated reviews.

h) Cookies & analytics (visitors and users)

We process device and browser information, IP address (anonymised where applicable), identifiers and usage events for analytics and service operation. Non-essential cookies and trackers (e.g., analytics or session-replay tools) run only with your consent, managed via our cookie banner and settings. Essential cookies (e.g., session or CSRF protection) are required to operate the Service. For details and retention periods, see our Cookie Policy.

3. Where we get data from

Directly from you when you register, book, upload files, pay, or contact support.
From your doctor/clinic when they use the Services as independent controllers (e.g., when a doctor uploads clinical documents for you); in these cases we host/relay them on the doctor’s instructions.
From service providers that enable our operations (e.g., hosting, payments, email delivery, video and communications, authentication/SSO), as needed to provide the Services.
From your device/browser, via cookies and similar technologies, subject to your consent; see the Cookie Policy.

4. Why we process data and legal bases

We always identify a lawful basis before processing personal data.

4.1. Oladoctor (Anvy Limited) as controller

Provide and operate the Services (accounts, bookings, routing your information to the chosen doctor, service communications, customer support, incident handling) – Art. 6(1)(b) and, where applicable, Art. 6(1)(c).
Payments (platform-side): processing transaction metadata to confirm bookings, display payment status and handle disputes/chargebacks – Art. 6(1)(b) and Art. 6(1)(f).
Security, fraud and service integrity (access controls, server/request/error logs, rate limiting) – Art. 6(1)(f), with safeguards.
Doctor onboarding & trust/safety (administrative checks of registration/licence details and eligibility to use the platform) – Art. 6(1)(b) and Art. 6(1)(f).
Analytics for product and service improvement via non-essential cookies/trackers – consent (you may withdraw at any time via the cookie banner or settings).
User-submitted reviews of doctors – consent.

4.2. Special-category data (health)

Clinical purposes are controlled by doctors under Art. 9(2)(h). When we host or transmit clinical information on a doctor’s behalf, we act as that doctor’s processor under Art. 28 and do not use clinical content for our own purposes.

Legitimate interests: where we rely on Art. 6(1)(f), we conduct a legitimate interests assessment (balancing test) and apply safeguards; a summary is available on request.

We share personal data only as needed to provide the Services, comply with law, or protect rights. We do not sell personal data.

Healthcare professionals (independent controllers). Clinical information you submit is made available to the healthcare professional involved in your consultation — either the doctor you select or, where applicable, a local doctor who performs a local clinical assessment (for example, where local rules require documents to be issued by a doctor practising in the patient’s country). Where a local clinical assessment is initiated, the relevant clinical information from the consultation may be shared with the local doctor for the purposes of independent clinical assessment and decision-making. Each healthcare professional acts as an independent data controller with respect to their own processing of such data.
Payments. Stripe processes card details and executes payments. We receive limited transaction metadata (e.g., status, timestamps) for booking confirmation, support, and dispute handling. Depending on the flow, Stripe may act as its own controller and/or as a processor for the doctor. We do not store full card numbers or security codes.
Infrastructure & communications (our processors).
- EU-based cloud infrastructure; transactional email (Resend – US region); video/meetings (Google Meet); customer support tooling (Intercom – US; processed under the EU Standard Contractual Clauses). These providers act on our instructions under Art. 28 GDPR. Please avoid including clinical information in support messages.
Reviews. Reviews about Oladoctor may be collected via independent third-party review services; doctor reviews on our platform are handled by us.
Authorities and legal. Regulators, courts or competent authorities where required by law, and external advisers (e.g., auditors, legal counsel).
Business transfers. In a merger, acquisition or reorganisation, with appropriate safeguards.

We maintain contracts with our processors (Art. 28) and apply appropriate transfer safeguards where applicable. A current list of key sub-processors is available on request.

6. International transfers

EEA-first hosting. Production systems, backups and log archives are hosted in the EEA.
No routine extra-EEA storage. We do not routinely store special-category data we control outside the EEA.
Limited transfers when necessary. If a transfer outside the EEA is required (e.g., certain customer-support tooling hosted outside the EEA such as Intercom (US), email delivery, video signalling, or – only with your consent – analytics), we use appropriate safeguards under the GDPR, including adequacy decisions where available or the EU Standard Contractual Clauses (SCCs) together with technical and organisational measures (encryption in transit/at rest, access controls, data minimisation).
Independent controllers. Stripe (card processing) and your doctor/clinic act as independent controllers for their parts of the flow and manage any international transfers under their own privacy notices.
Copies of safeguards. You can obtain a copy of the relevant safeguards by contacting [email protected].

7. How long we keep personal data (Retention)

We keep personal data no longer than necessary for the purposes described in this Policy. When a retention period ends, we delete or irreversibly anonymise the data. If immediate deletion is not feasible (e.g., in rolling backups), the data are isolated and removed by the next backup cycle.

Patient account & platform data (controller): kept while your account is active, then up to 3 years after account closure or last activity for queries and dispute handling.
Clinical content – patient ↔ doctor (we act as processor): retained under the doctor’s documented instructions and applicable healthcare rules. Where no instructions are provided, we apply a default retention of 12 months, then delete/irreversibly anonymise.
Documents uploaded by doctors for patients (processor): same rule as above (doctor’s instructions; 12-month default if none).
Doctor onboarding & professional profile (controller): retained while the professional account is active and for 3 years after deactivation for trust & safety and record-keeping.
Customer support records: up to 24 months.
Operational/server/request/error logs (no consultation content): 90 days.
Payment metadata on our side (status, timestamps, identifiers): until disputes/chargebacks are resolved, then up to 24 months.
Billing/tax records for patient payments: not kept by Oladoctor. For patient payments, the doctor and Stripe maintain their own billing/tax records under their notices and legal obligations.
Reviews and moderation artefacts: while the review is published; anonymised moderation copies up to 3 years.
DSAR and incident response records: 3 years after case closure.
Cookie consent logs: 12 months (see Cookie Policy).
Backups (EU-based cloud infrastructure (primary hosting in the EEA)): rotating backups with a typical retention of 30–35 days.

When you request deletion of your account or data, we remove them from live systems without undue delay and ensure residual copies expire through the backup cycle noted above.

We apply appropriate technical and organisational measures to protect personal data. Measures are reviewed regularly and after material changes.

Access and governance. Role-based, least-privilege access; multi-factor authentication for administrative access; joiner/mover/leaver controls; staff confidentiality and regular training.
Confidentiality and integrity. Encryption in transit and at rest; key-management controls; segregation of environments and tenant data; no clinical content is written to system logs; pseudonymisation where appropriate.
Data minimisation and retention. Collection limited to what is necessary; retention per Section 7; secure deletion or irreversible anonymisation when no longer needed; backups kept in the EEA and expire per the backup cycle.
Secure development and change control. Code review, dependency/vulnerability management, controlled deployments; periodic independent security testing.
Monitoring and audit. Logging of administrative access and security-relevant events and regular review of alerts.
Continuity and recovery. Encrypted backups and documented recovery procedures with periodic restore tests.
Incidents and breach notification. Documented process for detection, containment, investigation and remediation. We notify the competent supervisory authority and affected individuals without undue delay and, where required, within 72 hours of becoming aware of a personal data breach. We coordinate with doctors/clinics where they are the controller.
Vendors and sub-processors. Due diligence before onboarding; Article 28 data-processing agreements; written authorisation and list of sub-processors; appropriate safeguards for any extra-EEA processing (see Section 6).
Data protection by design and by default (Article 25). Privacy-preserving defaults, consent gating for non-essential cookies/trackers, and strict separation of roles (doctor as independent controller for clinical content).

For further details on our measures, contact [email protected].

9. Cookies and similar technologies

We use cookies and similar technologies to operate and improve the Services.

Consent and control. Non-essential cookies/trackers run only if you opt in via our cookie banner and settings. You can change or withdraw your choices at any time via the “Cookie Policy” link in the footer or at /cookie-policy. We keep consent records for 12 months. The banner is shown to users in the EEA/UK/CH.

Essential cookies (no opt-out). Strictly necessary cookies are used to provide the Service (e.g., session, security/CSRF, load-balancing). These do not require consent.

Analytics (opt-in). If you consent, we use analytics tools (such as Google Analytics and Microsoft Clarity) to understand usage and improve the Service. We configure these with data-minimisation measures (e.g., masking in Clarity to avoid capturing free-text or health information).

Legal bases. Essential cookies: Art. 6(1)(b) and/or Art. 6(1)(f) GDPR. Non-essential analytics/trackers: consent (Art. 6(1)(a) GDPR).

Details of categories, providers and lifetimes are set out in our Cookie Policy at /cookie-policy.

10. Your rights and how to exercise them

You have the following rights under the GDPR (subject to conditions and exceptions):

Access to your personal data and information about our processing.
Rectification of inaccurate or incomplete data.
Erasure (“right to be forgotten”) where applicable.
Restriction of processing.
Objection to processing based on legitimate interests.
Data portability: receive the personal data you provided to us in a structured, commonly used, machine-readable format (CSV/JSON) and/or have it transmitted to another controller where the processing is based on consent or contract and carried out by automated means (Art. 20).
Withdraw consent at any time (for processing based on consent).

Clinical records (scope). Clinical consultation content and patient records are controlled by your doctor/clinic. To exercise rights over those data, contact the doctor/clinic shown in your booking. If you send such a request to us, we will forward or notify the appropriate controller and assist as their processor.

10.1. How to submit a request

Email [email protected] (privacy/DPO). For support matters use [email protected].

Identity verification. To protect your data, we may verify your identity by asking you to sign in or via a one-time code to your email (and, where strictly necessary, by requesting limited additional information).

Response times. We respond within one month of receiving your request. For complex or numerous requests, we may extend by up to two further months and will inform you within the first month.

Representatives. We accept requests from an authorised representative where adequate proof of authority is provided.

Fees. Requests are free of charge. We may charge a reasonable fee or refuse to act only where a request is manifestly unfounded or excessive (Art. 12(5)).

Automated decisions. We do not make decisions based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you. If we introduce such processing, we will provide the required information and a way to request human review.

You also have the right to lodge a complaint with a supervisory authority. See Section 11 for the competent authority.

11. Supervisory authority

Our lead supervisory authority under the GDPR is the Office of the Commissioner for Personal Data Protection (Cyprus). You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. We cooperate with the lead authority under the GDPR one-stop-shop mechanism.

12. Changes to this Policy

We may update this Policy to reflect operational, legal or regulatory changes. For material changes, we will notify registered users by email.

The updated Policy is effective when posted (see “Last updated” at the top). If you do not agree with the updated version, you may stop using the Services and request deletion of your data by contacting [email protected].