Dripfy mobile app and patient portal
Privacy Policy
This policy explains how DRIPFY UK LTD collects, uses, stores, protects, and shares personal data and health data in connection with the Dripfy mobile app, patient portal, and related health services.
1. Controller and Contact
The controller responsible for personal data processing is:
DRIPFY UK LTD
71-75 Shelton Street, Covent Garden
London WC2H 9JQ, United Kingdom
General support: support@dripfy.app
Privacy requests: privacy@dripfy.app
Phone: +49 69 33299155
2. Data We Process
- Identity and contact data: name, date of birth, profile information, email address, phone number, and postal address.
- Account data: authentication credentials, role assignment, account status, language preferences, and security settings.
- Health data: medical history, blood test results, biomarker values, biological-age assessments, treatment records, prescriptions, vital signs, allergy information, medications, and wearable or device data when enabled.
- Financial data: billing data, invoice records, payment status, and payment method tokens processed through payment providers.
- Communication data: patient-provider messages, support tickets, appointment notes, notifications, and service emails.
- Technical data: IP address, device type, browser or app version, operating system, diagnostic logs, security events, and access timestamps.
3. Purposes and Legal Bases
- Service delivery: account management, appointment scheduling, treatment administration, health dashboard access, and patient-provider communication.
- Health data processing: explicit consent for special-category health data, including biomarker analysis, biological-age features, wearable sync, and optional health insights.
- Legal obligations: medical record keeping, tax retention, healthcare documentation, audit logging, and regulatory compliance.
- Payments: processing subscriptions, invoices, refunds, and transaction confirmations.
- Security and reliability: fraud prevention, abuse detection, incident investigation, error monitoring, and platform integrity.
- Optional communications: marketing or non-essential notifications only where legally permitted or consented to.
4. Health Data Protections
Health data is treated as special-category data under GDPR Article 9. Access is limited to authorized medical, operational, or support personnel with a valid role-based purpose. Dripfy uses encryption in transit and at rest, access controls, audit logs, and data minimization controls.
Optional features such as HealthKit or wearable sync are used only after you enable them. You may withdraw consent for optional health data processing through the app or by contacting the privacy address above.
5. Processors and Recipients
Dripfy may use service providers for hosting, authentication, payment processing, video consultation infrastructure, transactional email, SMS, diagnostics, analytics, and push notifications. These providers process data only for Dripfy service purposes and under appropriate contractual safeguards.
Dripfy does not sell personal data or health data.
6. International Transfers
Where data is transferred outside the EU or EEA, Dripfy uses appropriate safeguards such as EU Standard Contractual Clauses, adequacy decisions, data processing agreements, and additional technical or organizational protections.
7. Retention
- Medical records are retained according to applicable medical documentation requirements.
- Financial and tax records are retained according to commercial and tax-law obligations.
- Account data is retained while the account is active and then deleted or anonymized according to the account deletion workflow and legal retention requirements.
- Technical logs are retained only as long as needed for security, reliability, debugging, and legal compliance.
8. Your Rights and Privacy Choices
You may request access, correction, deletion, restriction, portability, objection, withdrawal of consent, or review of automated processing where applicable. You can exercise rights in the Dripfy app or by emailing privacy@dripfy.app.
You may also request account deletion from within the app where the account deletion feature is available. Certain medical, financial, or compliance records may be retained where legally required.
9. Complaints
You may lodge a complaint with a competent supervisory authority. DRIPFY UK LTD is registered with the UK Information Commissioner's Office (ICO) under registration reference ZC027335. You may also contact the supervisory authority in your place of residence.
10. Changes
We may update this Privacy Policy. Material changes will be communicated through the app, website, or email where required.