Privacy Policy

1. Introduction

DOBBS ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia.

2. Information We Collect

3. How We Use Your Information

We use your personal data to:

• Verify your identity as a registered doctor
• Provide and improve our services
• Personalize your experience (e.g., specialty-filtered content)
• Send relevant notifications and updates
• Ensure platform security and prevent abuse
• Comply with legal obligations

4. Data Sharing

We do not sell your personal data. We may share data with:

• Service providers: Cloud hosting (Supabase), analytics, and email services
• MMC: For verification purposes only (limited to name and registration number)
• Legal authorities: When required by law or to protect rights

5. Pocket EMR Data

Pocket EMR data is:

• Encrypted at rest and in transit
• Accessible only by you (strict row-level security)
• Never shared with third parties
• Deletable at your request

We strongly encourage using de-identified information (initials only) and remind users that Pocket EMR is a personal tracker, not a medical record system.

6. Data Security

We implement industry-standard security measures:

• TLS encryption for all data in transit
• AES-256 encryption for data at rest
• Row-level security policies in our database
• Regular security audits and monitoring
• Secure authentication with OAuth 2.0 and OTP

7. Your Rights Under PDPA

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information
• Withdrawal: Withdraw consent for data processing
• Deletion: Request deletion of your account and data

To exercise these rights, contact us at hello-dobbs@qmed.ai.

8. Cookies and Tracking

We use cookies for:

• Authentication and session management
• Preference storage
• Analytics (anonymized)

You can control cookies through your browser settings. Disabling cookies may affect platform functionality.

9. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

• Profile and personal data: Deleted within 30 days
• Pocket EMR data: Deleted immediately
• Public posts: May be anonymized and retained
• Audit logs: Retained for 2 years for security

10. Third-Party Services

We use the following third-party services:

• Supabase: Database and authentication (Singapore region)
• Vercel: Web hosting
• PostHog: Analytics (opt-out available)

11. International Data Transfers

Your data may be processed outside Malaysia by our service providers. We ensure appropriate safeguards are in place to protect your data in accordance with PDPA requirements.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification. The "Last updated" date indicates the most recent revision.