Privacy Policy

Effective date: 13 October 2025

This Privacy Policy explains how MikDok (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you use mikdok.comand its related digital services (collectively, the “Platform”).

MikDok is currently operated by its founders — pending formal company registration in the Republic of Albania. We follow the EU General Data Protection Regulation (GDPR) and applicable Albanian data-protection laws.

1. Data Controller

Until incorporation, the MikDok Founders act jointly as Data Controllers responsible for your data. Contact: contact@mikdok.com.

2. Personal Data We Collect

Account information: name, email, password (hash only), role (patient, doctor, clinic, admin).
Professional data (for doctors/clinics): education, specialties, license ID, clinic address, phone, working hours, pricing, profile photo, biography.
Patient data: basic contact info, age range, appointment requests, messages, uploaded documents (e.g., x-rays or reports).
Device and usage data: IP address (truncated/anonymized), browser type, device ID, session duration, pages visited (analytics via Google Analytics 4).
Location data: approximate geolocation if you allow it in the map interface to locate nearby doctors/clinics.
Cookies and local storage: for login sessions, preferences, analytics (see Cookie Policy).
Communications: chat messages between patients and doctors, support tickets, or emails.

3. How We Use Your Data

To create and manage your account.
To display doctor/clinic profiles, reviews, and listings to users.
To facilitate communication and appointment requests.
To personalize search results and recommendations.
To send transactional notifications (bookings, verification, updates).
To improve security, detect abuse, and maintain the Platform.
To perform anonymized analytics for performance and UX improvement.
For future Telehealth or payment features, only after additional consent.

4. Legal Bases for Processing

Contractual necessity – to provide Platform services (account, bookings, messages).
Legitimate interests – to ensure security, prevent fraud, and enhance user experience.
Consent – for analytics, marketing, cookies, and optional communications.
Legal obligation – to comply with health or tax laws if required.

5. Data Storage & Security

MikDok uses Firebase and Google Cloud Platform (EU region datacenters) for hosting, database, authentication, and file storage. Data is encrypted at rest (AES-256) and in transit (TLS 1.3).

Access to patient data is restricted to authorized roles only.
Passwords are stored as secure hashes using industry-standard algorithms.
Audit logs track sensitive operations (login, upload, deletion).
We maintain daily encrypted backups for disaster recovery.

6. Data Sharing

We do not sell or rent personal data. We share it only when necessary:

With doctors and clinics you contact or book through MikDok.
With Firebase (Google LLC) for hosting, messaging, authentication, analytics.
With Google Maps API for location visualization (subject to your consent).
With email providers (Brevo or Gmail API) for sending transactional messages.
With payment processors (future feature) only to execute transactions securely.
With public authorities if required by law or court order.

7. International Data Transfers

Google LLC and affiliated Firebase entities are certified under the EU-US Data Privacy Framework and use Standard Contractual Clauses (SCCs) to ensure adequate protection for data transfers outside the EEA.

8. Data Retention

Account data – kept while the account is active and deleted within 90 days after closure (unless legally required).
Logs – retained for up to 12 months for security purposes.
Messages – kept for as long as your account exists or until you delete them.
Analytics data – aggregated and anonymized after 24 months.

9. Your Rights (GDPR)

Access – request a copy of your personal data we hold.
Rectification – correct inaccurate or incomplete data.
Erasure (“right to be forgotten”) – delete your account and associated data.
Restriction – limit processing under certain conditions.
Data portability – receive your data in a machine-readable format.
Objection – oppose processing based on legitimate interest or direct marketing.
Withdraw consent – at any time for analytics or marketing cookies.

To exercise rights, contact us at contact@mikdok.com. You may also file a complaint with the Albanian Data Protection Commissioner (“Komisioneri për Mbrojtjen e Të Dhenave Personale”).

10. Cookies & Tracking

We use cookies and local storage for authentication, functionality, analytics, and marketing (subject to consent). See our Cookie Policy for details and control options.

11. Security Measures

End-to-end TLS encryption for all traffic.
Two-factor authentication for admin accounts.
Automatic logout after inactivity.
Access controls and least-privilege permissions for staff and developers.
Regular vulnerability scans and third-party library updates.

12. Children’s Privacy

MikDok is not intended for children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided data without parental consent, contact us for removal.

13. Future Features (Telehealth & Payments)

If MikDok introduces video consultations or payments, additional privacy controls and agreements will be implemented before launch, including:

End-to-end encrypted video sessions.
Explicit patient consent for telehealth data processing.
Payment data handled exclusively by licensed processors (PayPal, Stripe, banks).
No storage of payment card details on MikDok servers.

14. Automated Decisions & Profiling

MikDok may use algorithmic ranking to sort search results (e.g., by location, reviews, activity). No automated decision produces legal effects without human review.

15. Data Breach Notification

In the event of a data breach that poses a risk to your rights or freedoms, we will notify you and the supervisory authority within 72 hours, as required by GDPR Article 33.

16. Third-Party Links

Our Platform may contain links to external sites (e.g., clinic websites, social media). We are not responsible for their privacy practices and encourage you to review their policies independently.

17. Changes to This Policy

We may update this Privacy Policy periodically. The latest version will always be available atmikdok.com/privacy with an updated effective date. For significant changes, we’ll notify users by email or in-app banner.

18. Contact

For privacy questions or data requests, email us at contact@mikdok.com.
Jurisdiction: Republic of Albania (EU GDPR Zone)