Privacy Policy

Last updated: February 9, 2026

1. Introduction

This Privacy Policy explains how Daraport (we, us, our) collects, uses, discloses, and protects information when you use our software-as-a-service platform (the Service). It applies to patients, clinicians, organizations, and other users of the Service and describes your choices and rights regarding your information.

2. Scope and Applicability

This policy covers the types of information we collect, how we use it to deliver the Service, the legal bases for processing where required, how we protect it, when we share it, and how long we keep it. Customers operating in regulated sectors remain responsible for meeting their own legal and regulatory obligations. We design features to help customers meet applicable privacy and security requirements but do not assume customers' compliance responsibilities.

3. Information We Collect

We collect the following categories of information:

  • Account and contact information: name, email, phone, organization, role.
  • Clinical and health-related information: appointment notes, treatment plans, clinical messages, and other health-related data when entered into the Service.
  • Usage and device data: IP address, device type, browser, log files, session times, and feature usage.
  • Payment and billing information: billing contact, invoices, and payment method metadata.
  • Communications and uploaded content: messages, documents, images, and files you or your users upload.

How we obtain information - We collect information directly from you when you sign up or use the Service, from your organization or administrators, and automatically from your device when you interact with the Service.

4. How We Use and Share Information

We use and share information for the following purposes:

  • Provide and operate the Service: scheduling, video visits, messaging, records, billing, and integrations.
  • Security and fraud prevention: detect and prevent abuse, secure accounts, and investigate incidents.
  • Customer support and communications: respond to requests, send service notices, and provide updates.
  • Legal and compliance: comply with legal obligations, respond to lawful requests, and enforce our terms.
  • Service providers: We share information with vendors who perform services on our behalf such as hosting, analytics, payment processing, and telephony or video providers. We require vendors to protect data and process it only according to our instructions.
  • Legal requests and safety: We may disclose information to comply with laws, respond to subpoenas, or to protect safety and rights.
  • Aggregated and de-identified data: We may use or share aggregated or de-identified information that cannot reasonably be used to identify an individual.

Legal bases for processing - Where applicable, we rely on consent, contract performance, legitimate interests, and legal obligations as permitted by law.

5. Security, Retention and Deletion

Security measures:

  • Encryption and transport security: We protect data in transit using TLS and protect stored data using industry-standard encryption. For real-time audio and video we use secure connections and strong encryption standards.
  • Access controls and monitoring: Role-based access controls, authentication options, and audit logging limit access to authorized personnel.
  • Hosting and operations: We host data with reputable cloud providers that maintain physical and operational security controls.
  • Incident response: We maintain an incident response program and will notify affected customers and individuals as required by law.

Retention and deletion - We retain account and service data for as long as needed to provide the Service, to meet contractual obligations, and to comply with legal requirements. Retention periods may vary by customer contract and applicable law.

Deletion requests: Customers may request deletion of their account data. Deletion of clinical or regulated records may be subject to legal or contractual retention obligations. We will honor deletion requests to the extent permitted by law and contract.

6. Your Rights and Contact

Access, correction, and portability - You may request access to or correction of your personal information and, where applicable, request a copy of your data in a commonly used, machine-readable format.

Marketing and communications - You can opt out of marketing communications by following unsubscribe instructions in those messages. Transactional and service messages are not optional.

Cookies and tracking - We use cookies and similar technologies for functionality, analytics, and performance. You can control cookie preferences through your browser and account settings.

Privacy contact - For questions about privacy, to exercise your rights, or to request data access or deletion, contact us at contact@daraport.com.