Privacy Policy — doctor.co.il
Last updated: [TO BE FILLED — go-live date]
This document describes how we collect, use, and store information regarding users of the doctor.co.il website (the "Site"). Use of the Site is subject to this policy, the Terms of Service, and the Medical Disclaimer.
This English version is provided as a reference translation. In the event of a conflict between the Hebrew and English versions, the Hebrew version shall prevail.
1. Data Controller
The party responsible for the data collected on the Site (the Data Controller) is [TO BE FILLED — שם החברה / Company Name], at [TO BE FILLED — Company Address].
For any privacy-related matter, you may contact us at: [TO BE FILLED — privacy@doctor.co.il OR fallback].
2. Categories of Data Collected
The Site is in an early stage of operation (Sprint 2). At this stage, the Site does not collect identifying personal information from its users. The Site has no signup forms, no chat, and does not collect personal medical information.
The only data recorded at this stage:
- Anonymous usage data — for example: page views, country-level location, device type, browser, and referrer. Collected to understand site performance and improve content.
- Cookies — essential cookies required for proper operation of the Site, plus anonymous measurement cookies. See section 8.
- IP addresses — retained in operational logs for the purposes of security, attack prevention, and rate limiting.
- Technical error reports — in the event of a client-side or server-side fault, technical information (browser, error type, request path) is captured via Sentry. These reports do not include personal medical information.
Data not collected at this stage: names, national ID numbers, phone numbers, residential addresses, medical records, payment details, or any other identifying personal information.
3. Purposes of Processing
The data described in section 2 is processed solely for the following purposes:
- Proper operation of the Site and monitoring of its availability;
- Prevention of misuse and protection of system security;
- Improvement of content and load performance;
- Compliance with legal obligations.
4. Legal Basis
Processing relies on the following legal bases, as applicable:
- Legitimate interest — for system security, prevention of misuse, and anonymous performance measurement;
- Legal obligation — retention of operational logs to the extent required to comply with applicable law [CITATION NEEDS VERIFY — Israeli Privacy Protection Law, 5741-1981];
- Consent — for non-essential cookies, where presented to the user (see section 8).
5. Retention Periods
- Anonymous usage data — up to 26 months, after which it is deleted or aggregated into non-identifiable statistics.
- IP addresses in security logs — up to 30 days, unless longer retention is required for the investigation of a specific security incident.
- Technical error reports (Sentry) — up to 90 days.
After the retention period ends, the data is deleted or rendered no longer linkable to the user.
6. User Rights
Under the Israeli Privacy Protection Law, 5741-1981 (Article 13 et seq.) [CITATION NEEDS VERIFY — Privacy Protection Law, 5741-1981, Articles 13-14] and applicable regulations, and in parallel under the EU GDPR to the extent applicable, you have the following rights regarding data relating to you:
- Right of access — to obtain information about data held about you;
- Right to rectification — to request correction of inaccurate data;
- Right to erasure — to request deletion of data, subject to legal limitations;
- Right to object — to object to processing carried out under legitimate interest;
- Right to data portability — to receive data held about you in a structured format;
- Right to restriction of processing — in certain circumstances, to request that use of the data be paused.
Because at this stage we do not collect identifying personal information, we may not be able to associate data with you. To the extent you can provide general identifiers (IP address, time window, browser), we will make reasonable efforts to locate the relevant records.
To exercise these rights, contact us at: [TO BE FILLED — privacy@doctor.co.il OR fallback]. We will respond within 30 days of receiving the request.
7. Third-Party Sharing
We do not sell user data. However, we rely on third-party service providers (processors) who act on our behalf and are required to safeguard the data in accordance with applicable law:
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Hosting | US / EU |
| Cloudflare | CDN / WAF | Global |
| Sentry | Application error monitoring | US / EU |
| BetterStack | Operational log aggregation | EU |
Anonymous data or technical metadata may be transferred outside Israel as part of these services. In any such transfer, we rely on recognized legal mechanisms (for example, EU Standard Contractual Clauses, where relevant).
Data will be disclosed to government authorities only if required by law, court order, or other valid legal demand.
8. Cookies
The Site uses two categories of cookies:
- Essential cookies — required for proper operation (for example, language preference, load balancing). No separate consent is needed for these cookies.
- Anonymous measurement cookies — help us understand site performance and usage patterns without identifying the user.
You may block cookies through your browser settings. Blocking essential cookies may impair the Site's functionality.
9. Children Under 18
The Site is not designed to collect personal information from minors. To the extent a user under 18 browses the Site, we recommend doing so under the supervision of a parent or guardian. If we become aware that identifying personal information about a minor has been collected without the required consent, we will act to delete it without undue delay.
10. Security
We follow accepted information-security practices, including transport encryption (HTTPS), encryption at rest in cloud datastores, role-based access control, and separation of production and development environments. No information system is fully invulnerable, and we cannot guarantee absolute security.
11. Data Breach Notification
In the event of a material security incident that may affect user privacy, we will act in accordance with notification obligations under applicable Israeli law [CITATION NEEDS VERIFY — Privacy Protection Law, Amendment 13/14, security incident notification], including notice to the Privacy Protection Authority where required, and to potentially affected users — without unreasonable delay.
12. Complaints
If you are dissatisfied with how we have handled personal data relating to you, you may lodge a complaint with the Israeli Privacy Protection Authority at the Ministry of Justice, through the Authority's official website. You also retain the right to seek judicial relief.
13. Changes to this Policy
We may update this policy from time to time. Material updates will be posted on the Site and reflected in the "Last updated" date. If, in the future, identifying personal information is collected (for example, via contact forms or user signup), we will update this document accordingly before that capability is enabled.
14. Contact
For any privacy-related inquiry:
- Email: [TO BE FILLED — privacy@doctor.co.il OR fallback]
- Postal address: [TO BE FILLED — Company Address]
- Phone: [TO BE FILLED]