Privacy Policy
Organization: Dodo Inc.
Location: San Francisco, California, USA
Effective Date: 05/11/2025
Last Updated: 05/11/2025
Introduction
Dodo Health (“we,” “our,” or “the Company”) is committed to safeguarding the privacy and security of personal and health information.
This Privacy Policy explains how we collect, use, store, disclose, and protect information in connection with our websites, mobile applications, and healthcare technology services.
Our privacy and security practices comply with the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), and we align our internal controls with the SOC 2 Trust Services Criteria, under which our security and privacy controls are independently audited.
Scope
This policy applies to all individuals who use or interact with Dodo’s services, including patients, healthcare professionals, business associates, contractors, and website visitors.
Information We Collect
Personal Information: Includes your name, contact details, user credentials, billing information, and other identifiers.
Protected Health Information (PHI): Medical records, treatment history, clinical data, or any information shared through our healthcare platform, processed in compliance with HIPAA.
Technical and Usage Data: Information such as IP address, browser type, device identifiers, access times, and usage activity to maintain and improve platform performance.
Cookies and Similar Technologies: We use cookies and similar tracking technologies to improve site functionality, enhance user experience, and ensure security.
For transparency, a detailed explanation of cookie types and preferences is available in our Cookie Policy and can be managed via our cookie consent management tool.
Purpose of Use
We collect and use data for legitimate and clearly defined purposes, including:
Delivering and managing healthcare and digital health services
Maintaining account authentication and access control
Securing and monitoring our technology infrastructure
Processing payments, insurance, and administrative functions
Conducting analytics to improve product performance and reliability
Meeting legal, regulatory, and contractual obligations
Performing research or quality improvement using anonymized or aggregated data
Dodo Health does not sell or rent personal or health information under any circumstances.
Legal Basis for Processing (GDPR)
Where GDPR applies, we process personal data only when one or more lawful bases exist:
Consent: You have provided explicit consent for processing.
Contract: Processing is necessary to provide requested services.
Legal Obligation: Processing is required under applicable law.
Legitimate Interest: To enhance operations, security, and user experience.
Vital Interest: To protect life or health in urgent medical or safety situations.
Data Sharing and Disclosure
We may share information under strict contractual safeguards with:
Authorized healthcare providers or partners involved in patient care
Business Associates under HIPAA-compliant agreements
Service providers (cloud hosting, analytics, communication tools) under data protection contracts
Auditors, regulators, or law enforcement when legally required
All third parties must maintain equivalent standards of security and confidentiality.
International Data Transfers
As a U.S.-based organization, Dodo may transfer personal data across jurisdictions.
When transferring data from the European Economic Area (EEA) or United Kingdom, we rely on approved mechanisms such as Standard Contractual Clauses (SCCs) or other lawful safeguards ensuring adequate protection.
Data Retention and Security
We retain personal and health information only as long as necessary to fulfil operational, contractual, or legal requirements.
To protect your information, we maintain comprehensive security controls, including:
Encryption (AES-256 at rest, TLS 1.3 in transit)
Role-based access control and multi-factor authentication
Continuous security monitoring and vulnerability testing
Regular third-party audits against the SOC 2 Trust Services Criteria
HIPAA-compliant administrative, technical, and physical safeguards
Your Rights
Under GDPR
You have the right to:
Access your personal data and request a copy
Request corrections or updates to inaccurate information
Request erasure of data (“right to be forgotten”) when legally applicable
Restrict or object to specific types of processing
Receive your data in a portable format
Withdraw consent at any time
File a complaint with your local supervisory authority
Under HIPAA
You have the right to:
Access and obtain copies of your Protected Health Information
Request corrections to PHI maintained by Dodo
Receive an accounting of certain disclosures of your PHI
Request restrictions on uses or disclosures permitted by HIPAA
Requests to exercise these rights may be submitted to our Privacy Officer at founders@dodo.health.
Children’s Privacy
Dodo Health recognizes that privacy protection for minors differs by jurisdiction.
General Website Use (COPPA): We do not knowingly collect data from children under 13 without verified parental consent.
EU/EEA Data Subjects (GDPR Art. 8): We do not process data from children under 16 without parental or guardian authorization.
Healthcare Data (HIPAA and State Law): When minors may legally consent to their own care (e.g., under California Family Code §6920 et seq.), they retain control over their own medical records.
Policy Updates
We may update this Privacy Policy to reflect changes in law, regulation, or company practices.
The revised version and effective date will always be posted on our official website.
Material updates will be communicated directly when required by law.
Contact Information
Dodo Inc.
Email: founders@dodo.health
Address: Dodo Inc., San Francisco, California, USA
Terms of Service for Dodo
Effective Date: 12/18/2025
Last Updated: 12/18/2025
Company: Dodo Inc.
Location: San Francisco, California, USA
Contact: founders@dodo.health
1. Introduction
These Terms of Service (“Terms”) govern your access to and use of Dodo’s websites, applications, and related services (collectively, the “Services”).
By accessing or using the Services, you agree to these Terms and to our Privacy Policy. If you do not agree, do not use the Services.
2. No Medical Advice
Dodo provides software tools and information for educational and administrative purposes only.
The Services do not provide medical advice, diagnosis, or treatment and are not a substitute for professional healthcare judgment.
Always consult a qualified provider for medical concerns. Dodo is not liable for any harm arising from reliance on platform content.
3. Account Responsibilities
You must provide accurate information and keep your account information up to date.
You are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account. Notify us immediately if you suspect unauthorized access or use.
4. Acceptable Use
You agree not to:
misuse or interfere with the Services,
upload malicious code or harmful content,
attempt unauthorized access to any systems or data,
use the Services in a way that violates applicable law.
Violation of these Terms may result in suspension or termination of access.
5. Privacy and Data Protection
Your use of the Services is subject to Dodo’s Privacy Policy.
We handle personal data and, where applicable, protected health information (PHI) consistent with applicable privacy and security requirements.
6. Data Ownership
You retain ownership of your personal data and any PHI you provide.
You grant Dodo a limited license to process and store such data solely to provide and improve the Services.
We do not sell or rent your data.
7. BAA / MSA Supersedence
If you or your organization has entered into a Business Associate Agreement (BAA) and/or Master Services Agreement (MSA) with Dodo, those agreements govern and control in the event of a conflict with these Terms.
8. Intellectual Property
All content, software, and trademarks used in the Services are owned by Dodo or its licensors.
You may use the Services only as permitted under these Terms. You may not copy, modify, distribute, sell, lease, reverse engineer, or create derivative works from any part of the Services except as expressly permitted by law.
9. Dispute Resolution & Arbitration
Any dispute arising from these Terms or the Services will be resolved by binding arbitration under the rules of the American Arbitration Association (AAA) in San Francisco, California.
You and Dodo agree that claims may be brought only in an individual capacity and not as a plaintiff or class member in any purported class or representative proceeding.
If arbitration is deemed unenforceable, disputes shall be heard exclusively in the state or federal courts located in San Francisco County, California.
10. Limitation of Liability
To the fullest extent permitted by law, Dodo will not be liable for indirect, incidental, special, consequential, or punitive damages, including loss of data, profits, revenue, or service interruption.
Dodo’s total liability under these Terms will not exceed the amounts paid by you for the Services in the twelve (12) months preceding the event giving rise to the claim.
11. Termination
We may suspend or terminate your access to the Services at any time if we reasonably believe you have violated these Terms or if necessary to protect the Services, users, or third parties.
After termination, your right to access the Services ends and data will be handled in accordance with our Privacy Policy and any applicable agreements.
12. Changes to These Terms
We may update these Terms from time to time.
For material changes, we will provide at least 30 days’ notice via email or an in-Service message. Continued use of the Services after the updated Terms take effect constitutes acceptance.
13. Contact
If you have any questions about these Terms, contact us at:
Email: founders@dodo.health
Company: Dodo Inc.
Location: San Francisco, California, USA
