Privacy Policy — Doktor

Effective date: 27 April 2026

Doktor is a clinical workspace built and operated by FleyLab LLC for clinics and individual practitioners. Because Doktor handles health data, this policy is strict about what we touch and why.

1. Who we are

FleyLab LLC (“Fleylab”, “we”) is a software company registered in Baku, Azerbaijan. Doktor is deployed for clinics and individual practitioners under separate service agreements; the clinic / practitioner is the controller for patient data, and Fleylab acts as a processor under those agreements. Privacy questions: privacy@fleylab.com.

2. Health data — special category

Doktor processes data concerning health, which is a special category of personal data under most data-protection regimes. We process it strictly to provide the clinical workspace to the clinic on its instructions. We do not use health data to train AI models, do not share it with advertising or analytics networks, and do not use it for any secondary purpose.

3. Data we handle on the clinic's behalf

3.1 Patient records

  • Identifying information: name, date of birth, contact details, identification number where collected by the clinic
  • Clinical notes and diagnoses entered by practitioners
  • Appointment history and scheduling information
  • Prescriptions, lab orders, and uploaded medical files
  • Billing items linked to a patient (without payment card data — see §4)

3.2 Secure messaging

  • Messages exchanged between patient and practitioner inside Doktor
  • Read receipts and timestamps required to operate the messaging feature

3.3 Practitioner and staff data

  • Email and password hash for staff accounts (Supabase Auth)
  • Role, clinic, license/specialty info if provided
  • Action audit log (who accessed what record, when)

4. How data is used

All patient data is processed strictly to deliver the clinical workspace: scheduling appointments, displaying records to authorized practitioners, sending appointment reminders to patients via the channels the clinic configures, generating invoices and statements, and producing aggregated reports for the clinic about its own operations. We do not use patient data for any other purpose.

Payments are processed by external providers (e.g. Stripe or local providers depending on the clinic). Card data and bank details never reach Doktor servers.

5. Sub-processors

  • Supabase (Postgres, Auth, Storage; AWS eu-central-1, Frankfurt) — primary data store.
  • Cloudflare — DNS, CDN, attack mitigation, no cookies.
  • Resend — outbound transactional email (e.g. appointment confirmations, when the clinic enables them).
  • SMS / WhatsApp Business providers — only if the clinic enables messaging delivery to patients.
  • Payment provider chosen by the clinic (Stripe, Paddle, or local equivalent) — billing data only, no medical content.
  • Sentry — error reporting (payloads scrubbed of patient identifiers).

We do not use any AI model on patient data without the clinic's explicit, separately-documented authorization. If a clinic enables an AI feature in the future (for example structured note drafting), the policy and sub-processor list will be updated and the clinic will receive a separate notice.

6. Retention

Patient records are retained per the clinic's instructions and applicable health-records law (which often mandates multi-year retention). When the clinic's contract with Fleylab ends, we delete or return data within 90 days unless local law requires otherwise. Audit logs are retained for at least 12 months. Backups are overwritten within 30 days.

7. Patient rights

If you are a patient of a clinic using Doktor and want to access, correct, or delete your data, contact the clinic directly — they are the controller. We will support them in fulfilling your request as quickly as the architecture allows. Fleylab can also be reached at privacy@fleylab.com for escalation.

8. Security

  • HTTPS / TLS 1.2+ for all traffic.
  • Per-clinic data isolation via Postgres row-level security.
  • 2FA mandatory for staff accounts that access patient records.
  • File uploads (lab results, scans) stored in Supabase Storage with signed-URL access only.
  • Audit log entries cannot be edited or deleted by clinic staff via the product UI.
  • Tokens and secrets encrypted at rest, never logged.
  • Data-breach notification within 72 hours of confirmed incident, in line with applicable law.

9. Children

Doktor handles paediatric records when the clinic provides paediatric care. In that case, the patient is a child, parental consent is collected by the clinic at intake, and the same protections in this policy apply.

10. Contact

Privacy: privacy@fleylab.com
Legal: legal@fleylab.com
Mailing address: FleyLab LLC, Baku, Azerbaijan.