TapDoc

Privacy Policy

Last updated: 20 June 2026

This Privacy Policy explains how TapDoc ("we") collects, uses and protects personal data when you use the Platform. We act as a data controller for the data described below. We design for data minimisation: we deliberately collect as little as possible.

1. Data we collect

Patients

  • Name and mobile number, verified by one-time SMS code.
  • Booking details (selected professional, time, and the free-text need you describe in chat).
  • We do not collect government ID numbers.

Professionals

  • Account details (name, email, password hash) and profile/minisite content you publish.
  • Google Calendar authorization tokens (stored encrypted at rest) used only to read free/busy and write the appointments you receive.
  • Subscription and billing metadata (processed by Paddle; we do not store full card details).

Unclaimed listings

For unclaimed professional listings we process limited professional information obtained from public sources, including business directories (e.g. Google Places) and official public licensing registers. Where we process such data without collecting it from you directly, this section serves as our notice under GDPR Article 14 and equivalent laws. You may request access, correction or removal at any time via our data requests page.

2. How we use data & legal bases

  • To provide the service (matching, booking, calendar sync): performance of a contract / legitimate interests.
  • To verify your phone: consent and security.
  • To process payments: contract and legal obligation (via Paddle).
  • To maintain accurate public listings: legitimate interests, balanced against your rights, with opt-out.

3. Processors we share data with

  • Google: Places/Maps (search & location) and Calendar (free/busy & events).
  • Twilio: SMS one-time-passcode verification.
  • Paddle: merchant of record for billing and tax.
  • Google Gemini: to interpret your chat request; we send the text you type, not your identity.
  • Hosting & database providers (e.g. Vercel, Neon) to operate the Platform.

4. International transfers

We operate across Australia, Israel, New Zealand, Ireland, Sweden, Norway, Denmark, the UAE, Singapore and Poland. Where data is transferred internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses) where required.

5. Retention

We keep personal data only as long as necessary for the purposes above or as required by law. One-time-passcodes expire within minutes. You can request deletion of your data.

6. Your rights

Depending on your jurisdiction (e.g. GDPR/EEA, UK GDPR, Australia's APPs, UAE PDPL, Singapore PDPA, Israel's Privacy Protection Law), you may have rights to access, correct, delete, restrict or object to processing, and to data portability. Exercise these via our data requests page or privacy@tapdoc.ai.

7. Security

We use industry-standard measures including encryption in transit and encryption at rest for sensitive tokens. No system is perfectly secure, but we work to protect your data.

8. Cookies

We use essential cookies to operate the Platform and optional cookies to improve it. You can choose your preference via the cookie banner.

9. Children

The Platform is not directed to children and we do not knowingly collect their data.

10. Contact

Privacy enquiries: privacy@tapdoc.ai.