Data Processing Agreement (DPA)
Version 3.1 — Effective: [YYYY-MM-DD]
Signed between Doctori (as data processor) and any doctor or clinic (as controller) entering patient data on the platform. Sub-processor list: /subprocessors.
1. Definitions
- Controller: the doctor or clinic that determines the purposes and means of processing patient data.
- Processor: Doctori platform.
- Data subject: the patient.
- Personal data: any information relating to an identified or identifiable patient.
- Sub-processor: any entity engaged by the Processor to perform processing on behalf of the Controller.
2. Subject Matter, Duration, Nature
- Subject matter: provision of medical appointment booking, queue management, patient record storage, prescription issuance, and analytics.
- Duration: as long as the Controller's account on Doctori is active + retention period.
- Nature: storage, organization, retrieval, transmission, deletion of patient data.
3. Categories of Data Subjects and Personal Data
- Data subjects: patients of the Controller (including minors via parental consent).
- Personal data categories:
- Identification (name, DOB, gender, phone)
- Contact (email, address)
- Medical (conditions, allergies, medications, history, prescriptions)
- Financial (payment records, if any)
- Technical (device, IP for audit)
4. Obligations of the Processor (Doctori)
The Processor shall:
- Process only on documented instructions from the Controller (this DPA, the Doctor Service Agreement, and the platform's standard configuration).
- Ensure confidentiality — staff bound by confidentiality obligations.
- Implement technical and organizational security (TLS 1.3, encryption at rest, RLS, audit chain, biometric lock, JIT elevation).
- Not engage sub-processors without prior general or specific written authorization (general authorization granted for the list at /subprocessors; 30-day notice for any new sub-processor with right to object).
- Assist Controller in fulfilling data subject rights requests within 30 days.
- Notify Controller of a personal data breach within 72 hours of discovery.
- Cooperate with audits on reasonable notice (max once per year unless triggered by breach).
- Delete or return all personal data at the end of the relationship + provide certificate of deletion on request.
5. Sub-processors of Doctori
| # | Sub-processor | Service | Country | Data |
|---|---|---|---|---|
| 1 | Supabase Inc. | DB, Auth, Storage, Realtime, Edge Functions | DE (Frankfurt) | All app data |
| 2 | OTPiq | OTP via SMS / WhatsApp / Telegram | IQ | Phone, OTP code |
| 3 | Apple Inc. | iOS push (APNs) | Global Apple | Device token, opaque payload |
| 4 | Google LLC | Android push (FCM) | Global Google | Device token, opaque payload |
| 5 | Cloudflare Inc. | CDN | Global edge | Cached static assets |
Right to object: the Controller may object to a new sub-processor within 30 days. If the objection cannot be resolved, either party may terminate the affected service.
6. Data Transfers
- Patient data is transferred from Iraq to Frankfurt, Germany (Supabase infrastructure).
- Mechanism: Standard Contractual Clauses (SCCs) signed with Supabase + explicit patient consent at onboarding.
7. Term, Termination, Deletion
- This DPA is effective as long as the Controller's Doctori account is active.
- Upon termination:
- Doctori provides Controller a data export within 30 days.
- After export, Doctori deletes or anonymizes Controller's data per retention policy.
- Deletion certificate provided on request.
8. Liability
- Doctori is liable for damages caused by its non-compliance with this DPA.
- Liability cap: as per the Doctor Service Agreement — greater of 1,000,000 IQD or fees paid in the last 12 months.
- Caps do not apply to willful misconduct or gross negligence.
9. Governing Law
- Iraqi law.
- Disputes: Baghdad Commercial Court.
Signed by Doctori: [signature block]
Signed by Controller (Doctor / Clinic): [signature block]