Privacy Policy
Last updated: January 1, 2026
Summary
- Your data is never sold to third parties
- End-to-end encryption of communications
- Compliant with Moroccan Law No. 09-08 (CNDP)
- You can delete your account and data at any time
1. Introduction
This privacy policy describes how Doktor (hereinafter "we", "our" or "the Platform") collects, uses, stores and protects your personal data when you use our website and mobile applications.
We are committed to protecting your privacy in accordance with Moroccan Law No. 09-08 on the protection of individuals with regard to the processing of personal data, and the regulations of the CNDP (National Commission for the Control of Personal Data Protection).
2. Data Collected
We collect the following types of data:
Identification data: - Full name - Email address - Phone number - Role (patient or doctor)
Doctor profile data (where applicable): - Medical specialty and sub-specialties - Education and qualifications - Office address - Consultation fees - Profile and office photos
Patient profile data (where applicable): - Date of birth - Gender - Blood type - Allergies - Insurance information
Usage data: - Appointment history - Published reviews and ratings - Browsing data (pages visited, session duration) - Technical data (IP address, browser type, operating system)
3. Purposes of Processing
Your personal data is collected and processed for the following purposes:
- Creation and management of your user account - Connecting patients and doctors - Appointment management (booking, confirmation, reminders, cancellation) - Displaying doctor profiles and patient reviews - Sending notifications related to your appointments - Improving our services and user experience - Compiling anonymized usage statistics - Compliance with our legal and regulatory obligations
We never process your data for commercial prospecting without your prior consent.
4. Legal Basis for Processing
The processing of your data is based on the following legal grounds:
- Contract performance (Terms): processing necessary for the provision of our services - Your consent: for sending marketing communications and collecting sensitive health data - Legitimate interest: for improving our services and Platform security - Legal obligation: for compliance with our regulatory obligations
5. Data Sharing
Your personal data is never sold to third parties.
It may be shared in the following cases:
- With doctors: when you book an appointment, the doctor accesses the information necessary for the consultation (name, phone, reason for appointment) - With patients: doctors registered on the Platform agree that their professional profile is publicly visible - With our technical service providers: hosting (Supabase), sending emails and SMS, strictly within the scope of providing our services - With competent authorities: if required by law
All our service providers are subject to confidentiality and security obligations in accordance with applicable regulations.
6. Data Retention
Your personal data is retained for the duration of your registration on the Platform, then for 3 years after the last activity on your account, for the purpose of managing potential disputes.
Appointment data is retained for 5 years in accordance with legal obligations in healthcare.
Browsing data is retained for a maximum of 13 months.
You can request the deletion of your account and data at any time (see "Your Rights" section).
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration or disclosure:
- Data encryption in transit (TLS/SSL) and at rest - Secure authentication with strong password policy - Strict data access control based on the principle of least privilege - Regular backups and disaster recovery plan - Continuous monitoring of our system security - Training our team in data protection best practices
8. Your Rights
In accordance with Law No. 09-08, you have the following rights:
- Right of access: you can obtain a copy of your personal data - Right of rectification: you can correct inaccurate or incomplete data - Right of deletion: you can request the deletion of your data - Right of objection: you can object to the processing of your data for legitimate reasons - Right to portability: you can request to receive your data in a structured, readable format
To exercise these rights, contact us at: privacy@doktor.ma
We commit to responding to your request within a maximum of 30 days.
You also have the right to file a complaint with the CNDP.
9. Cookies
The Platform uses cookies and similar technologies to:
- Ensure proper site operation (essential cookies) - Remember your language and session preferences (functional cookies) - Analyze site usage to improve our services (analytical cookies)
You can manage your cookie preferences through your browser settings. Refusing essential cookies may affect the operation of the Platform.
10. International Transfers
Your data is primarily hosted on secure servers. In the event that data is transferred outside Morocco (for example, to cloud infrastructure providers), we ensure that appropriate safeguards are in place in accordance with applicable regulations.
11. Changes
We may update this privacy policy at any time. Any substantial change will be notified to users by email or notification on the Platform. We encourage you to review this page regularly.
12. Contact
For any questions regarding this privacy policy or the protection of your data, you can contact us:
- By email: privacy@doktor.ma - By mail: Doktor - Data Protection, Casablanca, Morocco