Privacy Policy
Effective Date: April 11, 2026
Doko Medical Inc. ("Doko", "we", "us", or "our") - www.doko.md

This Privacy Policy explains how Doko Medical Inc. collects, uses, discloses, and safeguards your information, including Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. We are committed to protecting your privacy and complying with all applicable federal and state laws, including HIPAA Privacy, Security, and Breach Notification Rules.

1. Information We Collect

We collect two main types of information:

Personally Identifiable Information (PII) and Protected Health Information (PHI)

• Contact information (name, email, phone number, address)
• Demographic details (age, gender)
• Medical and health information (symptoms, medical history, diagnoses, treatment records, lab results, imaging such as CT scans for AI-PDAC analysis)
• Insurance and payment information (including Medicare details)
• Telehealth visit data (video/audio recordings if applicable, chat logs, notes)
• Account credentials and usage data

Non-Personal Information

• Usage data, cookies, IP address, browser type, and device information (for analytics and site improvement)

2. How We Use Your Information

We use and disclose your PHI only as permitted or required by HIPAA and other laws. Primary uses include:

• Providing telehealth services, care coordination, and treatment
• Billing and payment (including submission to Medicare, insurance carriers, or third-party payers)
• Healthcare operations (quality improvement, care management, AI model training - always de-identified where possible)
• Appointment reminders, care updates, and service communications (including SMS with your consent)
• Complying with legal obligations, public health requirements, or court orders

We will never sell your PHI or personal information.

3. How We Share Your Information

We may share your PHI with:

• Our healthcare providers, staff, and contractors who need access to provide care (minimum necessary rule applies)
• Business Associates (e.g., telehealth platforms, billing services, AI service providers, electronic health record vendors) - all of whom have signed HIPAA Business Associate Agreements (BAAs) with us
• Your other healthcare providers or insurers with your authorization or as permitted for treatment/payment/operations
• As required by law (e.g., public health reporting, abuse reporting, law enforcement with valid process)

We do not share PHI with third parties for marketing purposes.

4. Your Rights Under HIPAA

You have the following rights regarding your PHI:

• Access: Request a copy of your medical records
• Amendment: Request corrections to inaccurate or incomplete information
• Accounting of Disclosures: Receive a list of certain disclosures of your PHI
• Restriction: Request restrictions on certain uses or disclosures (we are not required to agree to all requests)
• Confidential Communications: Request communications through alternative means or locations
• Breach Notification: Be notified in case of a breach of your unsecured PHI
• Revoke Authorization: Withdraw any previously given authorization (does not apply retroactively)

To exercise these rights, contact us using the details at the bottom of this page. We will respond within the timelines required by HIPAA (typically 30 days).

5. Security Safeguards

We implement administrative, physical, and technical safeguards to protect your PHI:

• Encryption of data in transit (HTTPS/TLS) and at rest
• Access controls and role-based permissions (only authorized personnel have access)
• Secure telehealth platforms with end-to-end encryption where applicable
• Regular security risk assessments and workforce training on HIPAA
• Business Associate Agreements with all vendors who may handle PHI
• Incident response and breach notification procedures

6. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience. You can manage cookie preferences through your browser settings. We do not use tracking technologies for cross-site advertising of PHI.

7. SMS Communications

By providing your phone number and opting in, you consent to receive SMS notifications related to appointments, care, and services. You may opt out at any time by replying STOP.

8. Links to Third-Party Sites

Our website may contain links to external sites. We are not responsible for their privacy practices.

9. Changes to This Privacy Policy

We may update this policy from time to time. We will post the revised version on this page with an updated effective date. Continued use of our services after changes constitutes your acceptance.

10. Contact Us / Privacy Officer

If you have questions, concerns, or wish to exercise your rights:

Privacy Officer,
Doko Medical Inc.,
Email: support@doko.md
Phone: 1-888-910-DOKO (3656)

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights if you believe your rights have been violated.