Privacy Policy

At Tellop (Pathnomic Labs FZ-LLC), protecting your privacy and securing sensitive medical information is our highest priority. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered client assistant and scheduling platform.

This policy applies to all users, including medical professionals (doctors, clinics) and clients interacting with our Services.

1. Information We Collect

We collect different types of information depending on your role and how you interact with our platform.

1.1 Information from Medical Professionals

When you register as a medical professional, we collect:

• Account Information: Name, email address, phone number, password (hashed), and Two-Factor Authentication (2FA) credentials.
• Professional Details: Medical specialty, license information (if verified), clinic name, address, and bio.
• Billing Information: Payment details for subscription fees (processed securely via Stripe; we do not store full credit card numbers).
• Calendar Data: Appointment availability synced from Google Calendar.
• Usage Data: Login times, IP addresses, browser types, pages accessed, and feature usage patterns.

1.2 Information from Clients

When clients interact with the AI Assistant or book appointments, we collect:

• Personal Information: Name, email, phone number, date of birth, and location.
• Medical Information (PHI - Protected Health Information): Responses to appointment forms (medical history), including details about medical conditions, medications, allergies, previous surgeries, and symptoms.
• Medical Photos: Images uploaded by clients for initial consultations (e.g., for cosmetic procedures, dermatology, or other assessments).
• Communication Data: Chat transcripts with the AI Assistant and human staff.
• Payment Information: Consultation fee payment details (processed via Stripe).
• Appointment Data: Scheduled appointment times, cancellations, and rescheduling history.

1.3 Automatically Collected Information

• Device Information: Device type, operating system, and unique device identifiers.
• Log Data: IP address, browser type, access times, and pages viewed.
• Cookies and Tracking: We use cookies and similar technologies for authentication, preferences, and analytics (see Section 10).

2. How We Use Your Information

2.1 To Provide and Improve Services

• Facilitate AI-powered client conversations and triage.
• Enable medical professionals to review client submissions and approve consultations.
• Schedule and manage appointments via Google Calendar integration.
• Process consultation fee payments via Stripe.
• Provide personalized landing pages (e.g., tellop.ai/{slug}) for medical professionals.
• Improve our AI models, user experience, and platform features.

2.2 For Communication

• Send appointment confirmations, reminders, and updates.
• Notify medical professionals of new client inquiries and approvals.
• Provide customer support and respond to inquiries.
• Send service announcements, security alerts, and policy updates.

2.3 For Security and Compliance

• Maintain audit logs of all access to Protected Health Information (PHI).
• Detect and prevent fraud, abuse, and security threats.
• Enforce our Terms of Service.
• Comply with legal obligations, including GDPR and HIPAA requirements.

2.4 For AI Processing

We use AI language models (OpenAI, Anthropic) to:

• Conduct client conversations and collect medical history.
• Summarize client information for physician review.
• Provide contextual responses based on medical specialty and procedures.

Important: Client data sent to AI providers is processed under strict data protection agreements. We use "Zero Data Retention" options where available to ensure AI providers do not store or train models on client data.

3. The "Secure Vault" Architecture

To protect sensitive medical data, we have implemented a multi-layered security architecture called the "Secure Vault." This system segregates data based on sensitivity and applies appropriate security controls.

3.1 Data Classification Levels

3.2 Encryption

• In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.3.
• At Rest: Medical photos stored in Cloudflare R2 are encrypted using server-side encryption (SSE-S3 or SSE-KMS).
• Text Data: Medical form text is stored in plain text within MongoDB to enable AI summarization and search capabilities. However, access is strictly controlled through application-level security, role-based permissions, and audit logging.

3.3 Presigned URL System (Ephemeral Access)

Client medical photos are never publicly accessible. When a medical professional views a client record, our system generates a presigned URL that:

• Is valid for only 15 minutes.
• Is tied to the specific authenticated user session.
• Cannot be shared or reused after expiration.
• Is logged in the audit trail (who requested access and when).

4. Advanced Authentication and Access Control

4.1 Mandatory Two-Factor Authentication (2FA)

All medical professional accounts must enable Two-Factor Authentication to access client data. We support:

• TOTP (Time-based One-Time Password): Via apps like Google Authenticator or Authy.
• SMS OTP: As a backup method (via Twilio).

4.2 Role-Based Access Control (RBAC)

Access to client data is determined by role:

• Doctors/Physicians: Full access to their clients' data.
• Assistants/Staff: Limited access as delegated by the physician.
• AI Agent: Context-isolated access only during active client conversations (wiped immediately after).

4.3 Zero-Trust Principle

By default, no one has access to client data. Access is explicitly granted on a need-to-know basis and logged.

5. Audit Logging and Transparency

Every interaction with Protected Health Information (PHI) is logged in an immutable audit trail. This "Trust Log" includes:

5.1 What We Log

• VIEW_PATIENT: When a user views a client card.
• VIEW_PHOTO: When a presigned URL is generated for a medical photo.
• EXPORT_DATA: When client data is exported or downloaded.
• LOGIN_ATTEMPT: All login attempts (successful and failed), including IP addresses and device information.
• AI_ACCESS: When the AI agent processes client data for summarization or conversation.
• FORM_EDIT: When medical forms are created, updated, or deleted.

5.2 Audit Log Access

Medical professionals can view the access log for any client to see:

• Who accessed the record (doctor, assistant, AI).
• What action was performed.
• When it occurred (timestamp).
• IP address and device information (for human users).

5.3 Tamper Evidence

Audit logs are stored in a separate, append-only database collection to prevent tampering. Future implementations may include cryptographic hashing or blockchain-based verification for enhanced tamper evidence.

6. Data Sharing and Third-Party Processors

We share data with trusted third-party service providers only to deliver our Services. These providers are bound by strict data protection agreements.

6.1 AI Language Model Providers

OpenAI and Anthropic: We use these providers for AI conversation capabilities. Patient medical information may be sent to these services for processing.

• Data Retention: We use API configurations that prevent AI providers from storing or training on client data ("Zero Data Retention" mode where available).
• Compliance: These providers maintain SOC 2 Type II, GDPR, and other certifications.

6.2 Payment Processor

Stripe: We use Stripe for payment processing. Stripe handles credit card information directly; we do not store full card numbers. Stripe is PCI-DSS Level 1 certified.

6.3 Calendar Integration

Google Calendar API: We sync appointment availability and bookings with Google Calendar. Only appointment times and basic details (not PHI) are shared.

6.4 Communication Services

Twilio: For WhatsApp and SMS communications. Message content may include appointment reminders but does not include detailed PHI.

6.5 Storage Infrastructure

Cloudflare R2: For secure, encrypted storage of medical photos. Data is stored in private buckets with server-side encryption.

MongoDB Atlas: For database hosting. Data is stored in encrypted clusters with access controls and backups.

6.6 We Do Not Sell Your Data

We never sell, rent, or trade client data or medical professional information to third parties for marketing or advertising purposes.

7. Your Privacy Rights

7.1 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Restrict Processing: Request limitation of data processing.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent for data processing at any time.

7.2 HIPAA Rights (U.S. Patients)

If your medical provider is subject to HIPAA (U.S. healthcare law), you may have additional rights regarding your Protected Health Information (PHI). Please contact your medical provider directly to exercise HIPAA rights.

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected] or contact your medical provider directly. We will respond to verified requests within 30 days.

8. Data Retention and Deletion

8.1 Retention Periods

• Professional Account Data: Retained for the duration of your account plus 7 years for legal and tax purposes.
• Patient Data (Booked Appointments): Retained according to medical record retention laws (typically 7-10 years, varies by jurisdiction).
• Unbooked Patient Inquiries: Medical professionals can configure auto-deletion after 30, 60, or 90 days if no appointment is booked.
• Audit Logs: Retained for 7 years to comply with healthcare compliance requirements.

8.2 Data Deletion Process

When you request data deletion or when retention periods expire:

• Data is permanently deleted from active databases.
• Encrypted backups containing your data are overwritten within 90 days.
• Some data may be retained in de-identified form for analytics and service improvement.

9. International Data Transfers

Our services are hosted on cloud infrastructure that may process data in multiple geographic regions, including the United States, Europe, and the UAE.

For European users, we ensure adequate data protection through:

• Standard Contractual Clauses (SCCs) with third-party processors.
• Service providers certified under EU-U.S. Data Privacy Framework where applicable.
• Technical and organizational measures equivalent to GDPR standards.

10. Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential Cookies: Required for authentication, security, and core functionality.
• Preference Cookies: Remember your settings and language preferences.
• Analytics Cookies: Understand how users interact with our platform (we use privacy-focused analytics tools).

You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using certain features.

11. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from minors without parental/guardian consent. If we become aware that we have collected data from a minor without proper consent, we will delete it promptly.

12. Security Incidents and Breach Notification

In the unlikely event of a data breach affecting Protected Health Information (PHI), we will:

• Notify affected medical professionals within 72 hours of discovery.
• Notify affected clients as required by law (typically within 60 days).
• Notify relevant regulatory authorities (e.g., HHS for HIPAA, data protection authorities for GDPR).
• Provide details about the breach, the data affected, and steps taken to mitigate harm.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Email notification to registered users.
• Prominent notice on our platform.
• Updating the "Last Updated" date at the top of this policy.

Your continued use of the Services after such notification constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: