Privacy policy

The controller of personal data processed in connection with the DossiMed service is REC SUARL, Société Unipersonnelle à Responsabilité Limitée, with status Société totalement exportatrice, under the jurisdiction of Tunisie.

• Registered office: Complexe Emna C 4 4, 2083 Raoued, Ariana, Tunisie
• Trade / tax register: 1808396F

Article 27 GDPR representative: À RENSEIGNER (représentant UE Art. 27) — appointment in progress; contact details will be published here and notified to supervisory authorities once appointed.

For questions about personal data protection or exercising your rights, contact the DPO at dpo@dossimed.ai.

We distinguish ordinary personal data (Article 6 GDPR) from health-related data (special categories, Article 9 GDPR).

Category	Examples	Regime
Identity & account	Name, email, technical account identifiers, UI preferences	Art. 6 / Art. 9 depending on context
Medical record content	Prescriptions, reports, lab results, treatment plans, attachments	Art. 9 — health data
Technical data	Security event logs, device type, app version	Art. 6
Telephony	E.164 number (OTP, WhatsApp, Premium voice)	Art. 6 (and Art. 9 if health content in messages)
Subscription	Premium status, payment-provider identifiers	Art. 6

The table links each purpose to its main legal basis. Where health data are processed, explicit consent (Art. 9.2.a) or the data subject’s manifest initiative may apply in addition to Article 6, as indicated.

Purpose	Legal basis (Articles 6 & 9 GDPR)
Account creation & management	Art. 6.1.b — contract
Storage & processing of medical documents	Art. 6.1.a and Art. 9.2.a — explicit consent
Treatment plan generation	Art. 6.1.a and Art. 9.2.a — explicit consent
Push reminders	Art. 6.1.a — consent
WhatsApp escalation & voice call (Premium)	Art. 6.1.a — consent
QR sharing with a healthcare professional	Art. 6.1.a and Art. 9.2.a — data subject initiative / consent
AI clinical summary (physician viewer)	Art. 6.1.a and Art. 9.2.a — consent
Subscription management	Art. 6.1.b — contract
User support	Art. 6.1.f — legitimate interests
Security & fraud prevention	Art. 6.1.f — legitimate interests
Accounting & tax obligations	Art. 6.1.c — legal obligation

Processing relies on technical and functional processors (hosting, messaging, document AI, notifications, subscriptions, etc.).

The full, up-to-date list of processors, their role, location, and status of transfer instruments / DPAs is published on the dedicated page: Subprocessor list.

Destination / vendor	Mechanism	Comment
Switzerland (e.g. Supabase)	Adequacy decision (Art. 45 GDPR)	No supplementary contractual mechanism required for transfers covered by the decision.
United States (e.g. RevenueCat, parts of Vercel infrastructure depending on config)	Standard Contractual Clauses (SCCs) and supplementary measures post-Schrems II	A transfer impact assessment (TIA) is maintained.
Microsoft Azure, Google FCM	EU location preferred where the product allows	Configuration prioritising European territory for relevant processing.

Data / log	Period
Active user account	While the account remains open
Medical documents	Cascade deletion when the account is deleted
notification_log table	90 days (automatic purge)
call_log table	12 months (automatic purge)
phone_otp_send_events table	24 hours (automatic purge)
Expired share tokens (share_tokens)	30 days after expiry
Accounting records	10 years — legal obligation

You have in particular the following rights:

• Access (Art. 15) — obtain a copy and information about processing;
• Rectification (Art. 16);
• Erasure (Art. 17);
• Restriction (Art. 18);
• Data portability (Art. 20) — for data provided under contract or consent; structured export may be requested via Settings → Privacy / export in the mobile app (path similar to /app/account/privacy, export-account feature);
• Objection (Art. 21), in particular where processing is based on legitimate interests;
• Withdraw consent (Art. 7.3) at any time, without affecting lawfulness of prior processing;
• Post-mortem instructions regarding your health data where applicable national law provides for them.

Response time: within one month, extendable by two further months where requests are complex or numerous — you will be informed.

Preferred channel: dpo@dossimed.ai.

DossiMed does not perform automated medical decision-making. The document-AI pipeline proposes structured data that you validate manually before operational use. The prescribing physician remains solely responsible for clinical decisions. No profiling within the meaning of Art. 22.1–22.3 GDPR is used to replace you in therapeutic choices.

Appropriate technical and organisational measures include:

• PostgreSQL row-level security (RLS);
• signed URLs and short-lived access to files;
• SHA-256 hashing of sensitive tokens;
• encryption in transit (TLS);
• daily backups;
• PKCE for public clients;
• administrator access logging and periodic review.

Without prejudice to any other administrative or judicial remedy, you may lodge a complaint with a supervisory authority in your habitual residence, place of work, or place of the alleged infringement.

Examples:

• Tunisia — INPDP: www.inpdp.tn
• France — CNIL: www.cnil.fr
• Belgium — APD / GBA: www.autoriteprotectiondonnees.be
• Netherlands — AP: autoriteitpersoonsgegevens.nl
• Switzerland — FDPIC (EDÖB): www.edoeb.admin.ch
• Any other EU/EEA supervisory authority according to your situation.

This policy is versioned. The date shown at the top of the page matches version 2026-05-15 (single reference SITE_CONFIG.policyVersion).

For material updates affecting legal bases, purposes, or rights, you will be asked to reconfirm your consent in the mobile app where processing is based on consent (in particular health data — Art. 9).