Privacy Policy & Legal Disclaimer

PRIVACY POLICY

MedOptia – Privacy Policy

Last updated: February 3rd, 2026

1. Introduction

Medoptia (“we”, “us”, “our”) provides digital solutions for clinics, including communication automation, appointment handling, and documentation support.

We take the protection of personal data very seriously and process personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website or use our services.

2. Data Controller

Data Controller:
Daniel Froreich
Seilerstr. 28
30171 Hannover
Germany

and

Assetavenue OÜ
Harju maakond, Tallinn, Kesklinna linnaosa, Pille tn 11/1- 32, 10138

Registry code

17164154

Email: inf[email protected]

3. Types of Data We Process

Depending on the context, we may process the following categories of data:

3.1 Website Visitors

Name

Email address

Phone number

IP address

Browser and device information

Submitted form data

3.2 Business Clients (Clinics)

Contact details of clinic staff

Configuration data for communication systems

Usage data related to the platform

3.3 Patient-Related Data (on behalf of clinics)

Medoptia processes patient-related data only as a data processor, not as a data controller.

This may include:

Contact details (name, phone number, email address)

Appointment-related information

Communication content (messages, call summaries)

Uploaded documentation (notes, audio recordings, images)

Medoptia does not provide medical diagnosis, medical advice, or treatment and does not act as a healthcare provider.

4. Purpose of Data Processing

Personal data is processed for the following purposes:

Providing and operating our services

Managing patient communication and appointment workflows

Generating documentation drafts and summaries

Improving service quality and reliability

Customer onboarding and support

Compliance with legal and security obligations

5. Legal Basis for Processing (GDPR Art. 6)

Data is processed based on one or more of the following legal bases:

Performance of a contract

Legitimate interests (e.g. service operation, security, improvement)

Consent, where required

Compliance with legal obligations

For patient-related data, clinics are responsible for ensuring a valid legal basis and obtaining any required patient consent.

6. Role as Data Processor

When processing patient-related data on behalf of clinics, Medoptia acts as a data processor within the meaning of GDPR Article 28.

Clinics remain the data controllers and are responsible for:

Lawful data collection

Providing privacy information to patients

Obtaining and documenting consent where required

A Data Processing Agreement (DPA) in accordance with GDPR Article 28 is available and concluded with clients as part of the contractual relationship.

7. Use of AI and Automation

Medoptia uses AI-supported systems to assist with:

Communication handling

Text generation and summarization

Documentation drafting

Safeguards include:

AI outputs are provided as drafts only

No medical diagnosis or treatment recommendations are generated

Automated processes are designed to support human review and control before sensitive information is finalized or transmitted.

Final review and decisions remain with human users

8. Data Storage and Security

We implement appropriate technical and organizational measures to protect personal data, including:

Encrypted data transmission

Access control and authentication mechanisms

Logical separation of clinic data

Restricted internal access

Monitoring and logging

We aim to use European hosting locations where feasible.

Where international transfers occur, appropriate safeguards such as Standard Contractual Clauses or equivalent legal mechanisms are applied.

9. Data Retention

Personal data is retained only for as long as necessary to fulfill the intended purpose or to comply with legal obligations.

Clients may request deletion or export of data, subject to statutory retention requirements.

10. Third-Party Services

We may use carefully selected third-party service providers, including:

Cloud and hosting providers

Communication service providers (phone, SMS, WhatsApp)

AI service providers

Analytics and monitoring tools

All providers are selected with due regard to data protection and security requirements.

11. Data Subject Rights

Under the GDPR, data subjects have the right to:

Access personal data

Rectify inaccurate data

Request deletion

Restrict processing

Data portability

Withdraw consent

Requests may be submitted to:
[email protected]

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.
The current version will always be available on our website.

TERMS AND CONDITIONS

Medoptia – Terms and Conditions

Last updated: February 3rd, 2026

1. Scope

These Terms and Conditions govern the use of Medoptia’s website and services.

By using the services, you agree to these Terms.

2. Services

Medoptia provides software-based solutions for clinics, including:

Communication automation

Appointment handling and reminders

Documentation assistance

Workflow optimization

Medoptia does not provide medical services, medical advice, diagnosis, or treatment.

3. No Medical Advice

All outputs generated by Medoptia are provided for administrative and informational purposes only.

AI-generated content is provided as a draft

Clinics remain responsible for all medical decisions

Medoptia does not act as a healthcare provider

4. Client Responsibilities

Clients are responsible for:

Lawful use of the services

Compliance with applicable healthcare and data protection laws

Obtaining patient consent where required

Reviewing all generated content before use or communication

5. Availability and Support

We aim to provide reliable service availability but do not guarantee uninterrupted or error-free operation.

Support is provided according to the agreed scope and availability.

Founder-led support and personal involvement may be provided but do not constitute a guarantee of permanent or exclusive availability.

6. Intellectual Property

All software, systems, and content provided by Medoptia remain the intellectual property of Medoptia unless otherwise agreed in writing.

Clients receive a non-exclusive, non-transferable right to use the services.

7. Limitation of Liability

To the maximum extent permitted by law:

Medoptia is not liable for indirect or consequential damages

Medoptia is not responsible for medical outcomes or decisions

Liability is limited to foreseeable damages directly related to service provision

The client is solely responsible for verifying outputs before use in clinical or patient communication.

8. Termination

Either party may terminate the contractual relationship in accordance with agreed terms.

Upon termination:

Access to services may be discontinued

Data handling follows applicable retention and deletion obligations

9. Confidentiality

Both parties agree to treat confidential information as confidential and protect it from unauthorized disclosure.

10. Governing Law and Jurisdiction

These Terms and Conditions are governed by the laws of Germany.

The place of jurisdiction, to the extent legally permissible, is Germany.

11. Changes to These Terms

We may update these Terms and Conditions from time to time.
Continued use of the services constitutes acceptance of the updated Terms.

12. Contact

For legal or contractual inquiries: [email protected]

Website Compliance & Data Responsibility

Role of the Platform

Our services provide administrative, communication, and workflow support tools for healthcare providers. We act as a data processor on behalf of the respective clinic or medical organization (the “Controller”). The clinic remains responsible for patient relationships, medical decisions, and compliance with applicable professional and regulatory obligations.

Transparency of Automated Communication

Where automated systems or artificial intelligence are used to communicate with patients (for example for appointment coordination, reminders, or information collection), individuals are informed that they are interacting with a digital assistant. Human staff remain responsible for all clinical matters and final decisions.

No Medical Advice or Diagnosis

The platform is strictly limited to organizational and administrative support. It does not provide medical diagnoses, therapy recommendations, or clinical decision-making. Any health-related assessment or treatment responsibility lies solely with licensed healthcare professionals.

Patient Consents

The clinic, as Controller, is responsible for obtaining and documenting any legally required consents from patients, including for communication channels such as SMS, messaging services, email, or call recording where applicable. Our systems process data exclusively under the documented instructions of the clinic.

Data Processing Agreement

Before live patient data is processed through the platform, customers receive a Data Processing Agreement (DPA) that defines responsibilities, security measures, subprocessors, and support procedures for data subject rights such as access or deletion.

Infrastructure & Security Development

We are continuously building our technical and organizational measures to support secure, auditable, and regionally compliant data handling. Detailed documentation is made available to customers during onboarding.

Subprocessors

To deliver the service, we rely on specialized technology partners (for example CRM, telephony, messaging, and hosting providers). Information regarding subprocessors is available upon request.