Privacy Policy

1. Introduction

DermPro Connect ("DermPro Connect," "we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you access or use our website, mobile applications, software, communications, dashboards, directories, scheduling tools, payment workflows, and related services (collectively, the "Platform").

This Privacy Policy applies to Health Care Providers, Expert Faculty, administrators, and other authorized users of the Platform. The Platform is intended for professional healthcare users and is not intended for patients, consumers, caregivers, or members of the general public seeking medical care.

By accessing or using the Platform, you agree to the practices described in this Privacy Policy and to our Terms of Service.

2. Key Definitions

"Health Care Provider" means a licensed clinician or other qualified healthcare professional who uses the Platform to submit de-identified dermatology-related cases or request peer educational consultation. This may include physicians, nurse practitioners, physician assistants, and other eligible healthcare professionals.

"Expert Faculty" means an approved expert user who provides educational, peer-to-peer dermatology consultation, written feedback, or live discussion through the Platform.

"Case" means a de-identified case submission, question, file, image, lab result, document, or related information submitted through the Platform.

"Consultation" means a Platform-facilitated Async Case Review, Live Consultation, Scheduled Live Consultation, On-Demand Live Consultation, or Extension Session.

"Protected Health Information" or "PHI" has the meaning given under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended. For purposes of this Privacy Policy, PHI also includes patient-identifying health information or content that reasonably could identify an individual patient.

"Personal Information" means information that identifies, relates to, describes, or can reasonably be associated with an individual user, subject to applicable law.

3. Information We Collect

We may collect the following categories of information, depending on how you use the Platform:

• Account information, such as name, email address, password or authentication information, phone number, account type, profile status, and communication preferences.
• Professional and credential information, such as NPI, professional role, specialty, credentials, practice or institution, city and state, professional biography, expertise areas, availability, and information submitted for Expert Faculty review or approval.
• De-identified Case information, such as case questions, history, images, documents, lab results, uploaded files, and related information submitted by a Health Care Provider after removing patient identifiers.
• Expert Faculty feedback, such as written responses, uploaded feedback documents, educational comments, and other feedback submitted through the Platform.
• Scheduling and consultation information, such as availability, booking requests, consultation type, date, time, status, attendance indicators, cancellations, extensions, and related operational records.
• Payment and payout information, such as transaction records, subscription status, app-store purchase status, Stripe or Stripe Connect account status, payout status, receipts, refunds, credits, failed payment indicators, and tax-related information where applicable. We do not store full payment card numbers.
• Communications and support information, such as messages you send to us, customer support requests, administrative messages, email delivery records, notifications, and related correspondence.
• Device, usage, and technical information, such as IP address, browser type, operating system, device identifiers, pages viewed, date and time of access, feature usage, logs, crash data, and security events.
• Cookies and similar technologies, such as analytics data and session tools used to operate, secure, and improve the Platform.

4. No PHI or Identifiable Patient Information

DermPro Connect is not currently intended to receive, create, store, transmit, or process PHI or identifiable patient information. Users must not submit PHI or identifiable patient information through the Platform.

Before submitting a Case, uploading a file, joining a live discussion, or providing Expert Faculty feedback, users are responsible for removing or obscuring patient identifiers. Examples include patient names, dates of birth, addresses, phone numbers, email addresses, medical record numbers, account numbers, insurance identifiers, full-face photographs, image metadata, unique identifying marks when not clinically necessary, and any other information that could reasonably identify a patient.

If you believe PHI or identifiable patient information has been submitted to the Platform, please notify us promptly at Admin@DermProConnect.com. We may remove, restrict, quarantine, delete, or request correction of the material.

Unless DermPro Connect enters into a separate written Business Associate Agreement with you, DermPro Connect is not acting as your Business Associate under HIPAA or similar law. Inadvertent receipt of PHI does not create a Business Associate Agreement and does not authorize continued PHI submission.

5. How We Use Information

We may use information for the following purposes:

• To create, manage, verify, and secure user accounts.
• To review and approve Expert Faculty applications and support credential-related workflows.
• To operate the Platform, including case submission, expert matching, scheduling, live sessions, async reviews, extensions, notifications, and administrative tools.
• To process payments, subscriptions, refunds, credits, payouts, disputes, failed payments, and related financial records.
• To provide support, respond to requests, troubleshoot issues, and communicate about your account or Platform activity.
• To send transactional communications, including verification emails, password reset emails, appointment notifications, case status updates, payment notices, security alerts, and administrative notices.
• To improve Platform performance, usability, reliability, security, and user experience.
• To detect, prevent, and respond to fraud, abuse, security incidents, unauthorized access, payment circumvention, or violations of our Terms of Service.
• To comply with legal, regulatory, tax, accounting, payment provider, app-store, and dispute-resolution obligations.
• To send optional marketing or educational communications where permitted by law and subject to applicable opt-out rights.

6. AI-Powered Matching and Automated Tools

The Platform may use automated tools, matching logic, artificial intelligence, or similar technologies for administrative, operational, routing, scheduling, quality, security, and user-experience purposes.

These tools may help route de-identified Cases to Expert Faculty based on profile information, expertise areas, availability, case category, or related matching factors. These tools are not intended to diagnose, treat, prevent, monitor, predict, or manage disease or health conditions. They are not medical advice and should not be relied on as the sole basis for any clinical decision.

DermPro Connect will not use Case materials to train third-party artificial intelligence models unless disclosed in this Privacy Policy or separate written terms and authorized by applicable law and any required rights, permissions, or consents.

7. Live Consultations

Live Consultations are intended to be real-time peer-to-peer educational discussions between participating provider users. DermPro Connect does not currently record, transcribe, or store live session audio, video, or transcripts.

We may retain administrative records related to live sessions, such as scheduling data, attendance indicators, transaction records, technical logs, security logs, and support records. If DermPro Connect later introduces recording, transcription, or session storage functionality, we will update applicable privacy disclosures and consent workflows before making that functionality available.

8. How We Disclose Information

We may disclose information as follows:

• To other authorized Platform users as needed to operate the Platform. For example, de-identified Case information may be shared with Expert Faculty, and Expert Faculty feedback may be shared with the submitting Health Care Provider.
• To service providers and vendors that help us operate the Platform, including hosting, database, security, email, authentication, analytics, app-store, video or communication, payment, payout, tax, customer support, and technical service providers.
• To payment processors and app stores, including Stripe, Stripe Connect, Apple, Google, and similar providers, as needed to process payments, subscriptions, refunds, disputes, payouts, verification, and related transactions.
• To comply with law, legal process, regulatory requests, audits, professional obligations, tax obligations, payment provider requirements, app-store requirements, or to protect rights, safety, security, and Platform integrity.
• In connection with a business transaction, such as a merger, acquisition, financing, reorganization, asset sale, or similar event, subject to appropriate protections where required by law.
• With your consent or at your direction.

We do not sell Personal Information for money. If our use of cookies, analytics, or similar technologies is considered a sale, share, or targeted advertising under applicable law, we will provide any required notices and choices.

9. Payment Processing

Payments, subscriptions, refunds, credits, and payouts may be processed by Stripe, Stripe Connect, Apple, Google, or other third-party payment providers. These providers may collect and process payment information according to their own terms and privacy policies.

DermPro Connect does not store full payment card numbers. We may receive and store limited transaction information, such as payment status, subscription status, purchase history, receipts, refund status, payout status, and identifiers needed to reconcile transactions and operate Platform access.

Users must not include PHI or identifiable patient information in payment fields, payment descriptions, customer support communications related to payment, or third-party payment systems.

10. Cookies, Analytics, and Tracking Technologies

We may use cookies, pixels, logs, analytics tools, and similar technologies to operate the Platform, maintain sessions, remember preferences, improve performance, measure usage, detect security issues, and understand how users interact with the Platform.

You may be able to control cookies through your browser settings. If you disable cookies, some Platform features may not function properly. Where required by law, we will provide additional notices or choices related to analytics, cookies, tracking, or similar technologies.

11. Data Security

We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure. These measures may include access controls, role-based permissions, encryption where appropriate, secure hosting, password protections, security monitoring, and vendor controls.

No internet-based platform is perfectly secure. You are responsible for using secure devices, secure networks, strong passwords, and protecting your login credentials. If you believe your account or information has been compromised, contact us promptly.

12. Data Retention

We retain information for as long as reasonably necessary to operate the Platform, provide services, maintain accounts, comply with legal, tax, accounting, regulatory, app-store, and payment obligations, resolve disputes, enforce agreements, prevent fraud, maintain security, and support business operations.

Retention periods may vary depending on the type of information, account status, transaction history, legal requirements, operational needs, and the nature of the Platform feature involved. We may retain de-identified, anonymized, or aggregated information where permitted by law.

13. Your Choices and Privacy Rights

Depending on where you live and the laws that apply, you may have rights to access, correct, delete, restrict, object to, or receive a copy of certain Personal Information. You may also have rights to opt out of certain marketing communications, targeted advertising, sale or sharing of personal information, or similar processing where applicable.

To make a privacy request, contact us at Admin@DermProConnect.com. We may need to verify your identity and authority before responding. Some requests may be limited by legal, professional, security, payment, fraud-prevention, dispute-resolution, or operational obligations.

You may unsubscribe from optional marketing emails using the instructions in those emails. You may still receive transactional or service-related communications, such as security notices, account notices, payment notices, password reset emails, and consultation-related notifications.

14. State, International, and Professional Privacy Laws

We aim to comply with privacy laws that apply to our operation of the Platform. Depending on your location, this may include U.S. state privacy laws, Canadian privacy laws, the General Data Protection Regulation, the UK GDPR, or other applicable laws.

DermPro Connect is designed for professional users. Users are responsible for complying with laws, regulations, professional rules, privacy obligations, and organizational policies that apply to their own use of the Platform, including any obligation to de-identify Case materials before submission.

15. Children and Patients

The Platform is not intended for children under 18. We do not knowingly collect Personal Information directly from children.

The Platform is not intended for patient use. Patients, consumers, caregivers, and members of the general public should not create accounts or submit information through the Platform.

16. Third-Party Links and Services

The Platform may contain links to, or integrate with, third-party websites, apps, payment processors, app stores, video tools, email tools, analytics tools, or other services. We are not responsible for the privacy practices, security, availability, or content of third-party services. Your use of third-party services may be governed by their own terms and privacy policies.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify users by email, in-app notice, website posting, app-store notice, or another reasonable method. Your continued use of the Platform after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy.

18. Contact

Questions, requests, or concerns about this Privacy Policy may be directed to: Admin@DermProConnect.com