Privacy Policy

1. Introduction

Informedica ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform ("Platform").

This policy applies to users worldwide, including users in the Philippines, United States, and European Union. Where applicable, we comply with:

• Philippines: Data Privacy Act of 2012 (Republic Act No. 10173)
• European Union: General Data Protection Regulation (GDPR)
• United States: Applicable federal and state laws, including the California Consumer Privacy Act (CCPA)

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, profile picture
• Professional Information: Medical school, graduation status, current title, specialization, skills, credentials
• Organization Information: Organization name, role, membership details
• Communication Data: Messages sent through the Platform, support inquiries
• Payment Information: Payment method details (processed by Stripe), transaction history
• User Content: Documents, certificates, recommendations you upload

2.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, features used, time spent on Platform, click patterns
• Location Data: General geographic location based on IP address
• Cookies and Tracking: See our Cookie Policy for details

2.3 Information from Third Parties

• Social Login: If you sign in via Google, Microsoft, or other providers, we receive basic profile information
• Credential Verification: Verification status from organizations that verify your credentials
• Payment Processor: Transaction status and limited payment information from Stripe

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Provide and Improve Services

• Create and manage your account
• Process credential verification requests
• Facilitate job applications and postings
• Enable messaging and communication features
• Process payments and subscriptions
• Provide customer support
• Analyze usage and improve the Platform

3.2 Communication

• Send service-related notifications
• Respond to your inquiries
• Send marketing communications (with your consent)
• Notify you of changes to our policies

3.3 Security and Compliance

• Detect and prevent fraud
• Enforce our Terms of Service
• Comply with legal obligations
• Protect the rights and safety of users

4. Legal Bases for Processing (GDPR)

For users in the European Union, we process personal data based on the following legal bases:

• Contract Performance: Processing necessary to provide our services to you
• Legitimate Interests: Processing for our legitimate business interests, such as fraud prevention and service improvement
• Consent: Processing based on your explicit consent, such as for marketing communications
• Legal Obligation: Processing necessary to comply with applicable laws

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 With Your Consent

When you direct us to share information with third parties, such as when you apply for a job or request credential verification.

5.2 Service Providers

We share information with third-party vendors who perform services on our behalf:

• Stripe: Payment processing
• Cloud Hosting: Data storage and infrastructure
• Analytics: Usage analysis and improvement
• Email Services: Transactional and marketing emails

5.3 Organizations

When you request credential verification or apply for jobs, relevant information is shared with the respective organizations.

5.4 Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect the rights, property, or safety of Informedica, our users, or others.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• EU Users: We rely on Standard Contractual Clauses approved by the European Commission for transfers outside the EEA
• Philippine Users: Cross-border transfers comply with the Data Privacy Act of 2012

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes.

8. Your Privacy Rights

8.1 Rights for All Users

• Access: Request a copy of your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Data Portability: Request your data in a portable format
• Opt-Out: Opt out of marketing communications

8.2 Additional Rights for EU Users (GDPR)

• Restriction: Request restriction of processing
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time
• Complaint: Lodge a complaint with a supervisory authority

8.3 Additional Rights for California Users (CCPA)

• Know: Know what personal information is collected and how it's used
• Delete: Request deletion of personal information
• Non-Discrimination: Not be discriminated against for exercising your rights
• Opt-Out of Sale: We do not sell personal information

8.4 Additional Rights for Philippine Users

• Information: Be informed about data processing
• Object: Object to processing, including profiling
• Erasure: Request erasure or blocking of data
• Damages: Claim compensation for damages
• Complaint: Lodge a complaint with the National Privacy Commission

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication mechanisms
• Regular security assessments and audits
• Access controls and monitoring
• Employee training on data protection

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

The Platform is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on the Platform
• Updating the "Last Updated" date
• Sending you an email notification (for significant changes)

Your continued use of the Platform after changes become effective constitutes acceptance of the revised policy.

13. Contact Information

For privacy-related inquiries or to exercise your rights, contact us:

For EU Users: Our EU representative can be contacted at legal@informedica.llc.

For Philippine Users: You may also contact the National Privacy Commission at www.privacy.gov.ph.