Privacy Policy

Last updated · April 2026·HI DOCTOR AI SL·hello@hi-doctor.ai

The Spanish version of this document is the authoritative legal text. The English translation is provided for convenience only.

Data controller

HI DOCTOR AI SL — hello@hi-doctor.ai. We process your data under Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection and the Guarantee of Digital Rights (LOPDGDD).

Data Protection Officer

You can reach our Data Protection Officer (DPO) at dpo@hi-doctor.ai for any question about how we process your personal or health data.

What data we process

Identification data: name, email, phone number.
Health data provided in the questionnaire.
Payment data (processed by our certified payment provider).

Purpose

Delivering the medical consultation and issuing a prescription where appropriate.
Operational communications (email, the platform's private chat).
Meeting legal obligations.

Legal basis

Explicit consent (art. 6.1.a GDPR), performance of the contract (6.1.b) and compliance with a legal obligation (6.1.c). For health data, art. 9.2.h GDPR — processing by healthcare professionals.

Retention

We keep your data while your account remains active, and for up to five years after the last consultation to meet medical-legal obligations (AEMPS).

Recipients

Your data is not shared with third parties for commercial purposes. Our data processors (EU hosting, email delivery, PCI DSS-certified payment provider) sign GDPR-compliant processor agreements under art. 28 GDPR.

International transfers

By default, your data is hosted on servers located within the European Union. If a processor outside the EEA is exceptionally used, the appropriate safeguards under Chapter V GDPR apply (EU-approved Standard Contractual Clauses).

Security measures

We implement the technical and organisational measures required by art. 32 GDPR: encryption in transit and at rest, role-based access control, audit logging, encrypted backups, ongoing staff training, and incident-response procedures.

Your rights

Access, rectification, erasure, objection, restriction, portability.
Withdrawing your consent at any time.
Filing a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — aepd.es).

Exercise your rights by writing to hello@hi-doctor.ai. We reply within 30 days at the latest.

Last updated · April 2026·HI DOCTOR AI SL·hello@hi-doctor.ai

The Spanish version of this document is the authoritative legal text. The English translation is provided for convenience only.

Data controller

Data Protection Officer

You can reach our Data Protection Officer (DPO) at dpo@hi-doctor.ai for any question about how we process your personal or health data.

What data we process

Identification data: name, email, phone number.
Health data provided in the questionnaire.
Payment data (processed by our certified payment provider).

Purpose

Delivering the medical consultation and issuing a prescription where appropriate.
Operational communications (email, the platform's private chat).
Meeting legal obligations.

Legal basis

Explicit consent (art. 6.1.a GDPR), performance of the contract (6.1.b) and compliance with a legal obligation (6.1.c). For health data, art. 9.2.h GDPR — processing by healthcare professionals.

Retention

We keep your data while your account remains active, and for up to five years after the last consultation to meet medical-legal obligations (AEMPS).

Recipients

International transfers

Security measures

Your rights

Access, rectification, erasure, objection, restriction, portability.
Withdrawing your consent at any time.
Filing a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — aepd.es).

Exercise your rights by writing to hello@hi-doctor.ai. We reply within 30 days at the latest.

Data controller

Data Protection Officer

What data we process

Purpose

Legal basis

Retention

Recipients

International transfers

Security measures

Your rights

Let's talk.

We'll tell you when we add new treatments.

Privacy policy

Data controller

Data Protection Officer

What data we process

Purpose

Legal basis

Retention

Recipients

International transfers

Security measures

Your rights

Let's talk.