DownToDate Privacy Policy

Welcome to the DownToDate Privacy Policy (“Policy”). This explains how we collect, store, protect, and share your information, and with whom we share it. We suggest you read this in conjunction with our Terms and Conditions of Use.

While you’re enjoying the DownToDate mobile application (“App”), our websites and microsites (such as DownToDate.org), collect some information about you. We may also need to share your information sometimes.

Who We Are

The App and Sites are operated by “DownToDate LLC” (also referred to in this policy as “we” or “us”).

DownToDate has designated a Data Protection Officer and they can be reached by emailing admin@downtodate.org

1. Collection of Information

Registration Information

When you download the App and create an account (“Account”), we may collect certain information (“Registration Information”) about you, such as:

Name;
Email address;
NPI Number;
Mobile number;
Gender identity;
Date of birth;
Sexual preference;
Photographs;
Level of Training; and
Location

You will also be required to create a password in connection with the registration of your Account. Once you register, you will be able to review and change this information at any time just by logging in to DownToDate. It is your responsibility to ensure that your account details are kept up to date. If your phone number changes, please ensure that you update this in your account.

The information we collect helps to enhance the App and verify our Users. Registration Information such as your name, age, and medical specialty may be visible to other Users who view your profile page.

For Users who are California residents, the data we may collect falls within the following categories of “personal information”, as defined by the California Consumer Privacy Act (CCPA):

Identifiers, such as name and location;
Personal information, as defined in the California customer records law, such as contact (including email and telephone number) and financial information;
Characteristics of protected classifications under California or federal law (if you choose to provide them), such as age, gender identity, marital status, sexual orientation, race, ancestry, national origin, religion, and medical conditions;
Commercial information, such as transaction information and purchase history;
Biometric information;
Internet or network activity information, such as browsing history and interactions with our Sites and App;
Geolocation data, such as mobile device location;
Audio, electronic, visual and similar information, such as photos and videos;
Professional or employment-related information, such as work history and prior employer;
Non-public education information; and
Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.

Profile Information

We recommend and encourage all our users to think carefully about the information you disclose about yourself. We also do not recommend that you put email addresses, URLs, instant messaging details, phone numbers, full names or addresses, credit card details, national identity numbers, drivers’ license details and other sensitive information which is open to abuse on your profile.

When you post information about yourself or use the “Pager” messaging function to communicate with other Users, the amount of personal information you share is at your own risk. Please see Section 4 below for more information on who can access what you post on DownToDate.

Profile Verification Information

For safety and to ensure you have the best possible user experience, we require all Users to have their account verified prior to activation. To do this, we ask for your name, email, phone number, NPI number, and photo verification. We want to make sure you are who you say you are. We also want to avoid fake DownToDate accounts being created which can be used for malicious activities and cybercrime. This verification is required by us for the prevention of fraud.

Purchase Information

If you decide to purchase any of our services, we will process your payment information and retain this securely for the prevention of fraud and audit/tax purposes.

DownToDate uses a third party processing system which includes the iOS App Store and Google Play Store to process payments. DownToDate does not process any User’s payment or store this information.

Geolocation Information

If you have given DownToDate access to your location in your device settings, when you use your mobile device, we will collect information about WiFi access points as well as other location information about your longitude and latitude and may save your device’s coordinates to offer certain features to you. This information helps us identify your physical location and we use it to personalize the App to make it easier for you to interact with other Users by enabling the general locality information to be displayed to Users seeing your profile and showing you the profiles of other nearby Users.

If you have given DownToDate access to your location, but wish to turn this off, you can do so by the following methods:

iPhone app — settings, privacy, location services, DownToDate
Android — settings, location, DownToDate, permissions, location

Device Information

We may collect information about your device when you use the App including the unique device identifier, device model, and operating system for a number of purposes, as set out in this policy.

Links

We may keep track of how you interact with links available on DownToDate including third party services by redirecting clicks or through other means. We may share aggregate click statistics such as how many times a particular link was clicked on.

DownToDate Success Stories, Surveys and other Contributions

From time to time, we run surveys for research purposes and we may contact you to find out if you would like to take part. We may also contact you to find out if you would like to provide feedback, a testimonial, or take part in marketing campaigns (for example, if you let us know that your “Requested Consult” was successful on the App, we may contact you to ask if you would like to be featured in advertising for DownToDate). Such surveys and marketing campaigns are optional and more information will be provided at the point of contact. If you are contacted and do not wish to take part in a survey or marketing campaign, please inform admin@downtodate.org upon first contact.

When you Contact Customer Support

If you contact our Customer Support team via our email admin@downtodate.org, we will receive your email address, and may track your IP address, as well as the information you send to us to help resolve your query. We will keep records of our communications with you, including any complaints that we receive from you about other Users (and from other Users about you) for 6 years after deletion of your account.

Cookies & Similar Technologies

When you visit our Sites or when you use our App, we may collect personal data from you automatically by using cookies or similar technologies. A cookie is a small file that can be placed on your device or browser that allows us to recognize and remember you.

If you would like to find out more about cookies, including how we use them and what choices are available to you, please refer to our Cookie Policy.

2. Use Of Your Information

Our main goal is to ensure your experience on DownToDate is enjoyable. In order to deliver, we may use your Registration and other information to:

offer you our services and features;
contact you with information about the App (e.g., updates and new features);
personalize the App/Sites and the content we deliver to you;
conduct research and analytics about how you use and interact with the App/Sites;
resolve disputes, troubleshoot problems and to enforce our Terms & Conditions;
investigate fraud, protect our legal rights, and to enforce our Terms & Conditions;
to send you information about the promotions and offers we have available - you can withdraw this consent at any time via emailing admin@downtodate.org with your request); and
protect our Users and third parties from harm

Moderation Practices

We use a combination of automated systems and a team of moderators to monitor and review messages and content to ensure there are no breaches of our Terms and Conditions of Use. If an account or message meets certain criteria that demonstrate that the Terms and Conditions of Use are likely to have been breached, the relevant account will be subject to a warning and the user’s access restricted and/or blocked. Affected Users can contact DownToDate to contest the decision.

If you post anything that is inconsistent with our Terms and Conditions of Use, we reserve the right to terminate or restrict access to your Account.

Lawful Basis

Under US data protection laws, we are required to tell you our lawful basis for using your data and we have set this out in the table below. Where the legal basis is consent, you can withdraw consent at any time. Where the legal basis is legitimate interests, you have a right to object to our use of your data. We explain in the relevant sections in this Policy how you can withdraw consent or opt-out of certain data uses (where applicable).

Purpose for which data is used	Data	Source	Legal basis
To provide you with the DownToDate social networking service	Name, email address, date of birth, NPI number, location (CCPA Categories A and B)	You provide your name, email address, NPI number and date of birth to us. We obtain location data from the device that you use to access the service	Contractual necessity
To facilitate networking opportunities on the DownToDate App	Information that you provide in your profile, including through profile verification, which may include information about your sexual preferences, gender, religion, ethnic background, photos etc. (CCPA Categories C, H, I, J)	You provide this information to us	Consent
To verify your identity, prevent fraud, and to ensure the safety and security of Users	Phone number, NPI number, and photo as part of profile verification (Categories B and H)	You provide this information to us	Legitimate interests – it is in our legitimate interests to ensure that accounts are not fraudulent and to safeguard Users of the site
To take payment for premium services (not applicable for Users making payments via the Apple App Store)	Payment card details (CCPA Categories B and D)	You provide this information to us	Contractual necessity
To send you marketing information about our offers and services	Email address and mobile phone number (CCPA Category B)	You provide this information to us	Consent
To show you other Users near you	WiFi access points and location data when you use the App (if you give us permission) (CCPA Category G)	We obtain this information from the device that you use to access the service (if you give us permission)	Legitimate interests – it is in our legitimate interests to provide this functionality as part of the services
To carry out research and analysis to help us improve the App	Log and usage data, including IP address, browser type, referring domain, pages accessed, mobile carrier and search terms, images and video (CCPA Categories F and H)	You provide photos and videos to us. We obtain the log and usage information from the device that you use to access the service	Legitimate interests – it is in our interests to analyze the way in which Users are accessing and using our services so that we can further develop the App, implement security measures and improve the service
To respond to correspondence and queries that you submit to us, including social media queries	Email address and IP address, social media name, phone number (CCPA Categories B and F)	You provide your email address, social media name and phone number to us when you contact us and we obtain your IP address from the device that you use to contact us	Legitimate interests – it is in our legitimate interests to respond to your queries to ensure that we provide a good service to Users and troubleshoot problems
To block accounts as part of our anti-spam procedures	Email address, phone number, IP address and IP session information, social network ID, username, user agent string (CCPA Categories B and F)	You provide your email address, and phone number to us. We obtain the other information from the device that you use to access the service	Legitimate interests – it is in our legitimate interests to prevent unauthorized behavior and to maintain the safety and security of our services
To investigate and block Users for reported infringements of our Terms & Conditions of Use	Name and user registration details, profile information, content of messages and photographs (CCPA Categories A, B, C, E, and H)	You provide your name, profile content and activities on the App to us	Legitimate interests - it is in our legitimate interest to prevent unauthorized behavior and to maintain the safety and integrity of our services
To block payment transactions as part of our anti-fraud procedures	Name, IP address, email address, mobile number, cardholder name, payments received, type of payment, user ID, country (CCPA Categories, A, B, and D)	You provide your name, email address, mobile number and card details to us. We obtain your IP address from the device that you use to contact us. We obtain your payment information from your interactions with our service	Legitimate interests – it is in our legitimate interest to prevent fraudulent transactions and to maintain the security of our services
To serve promo cards and advertisements on the App	Location, gender, age, and information that you have optionally provided us with via your profile (CCPA Categories A, C and G)	We obtain age, gender and profile information from you, and location data from the device that you use to access the service	Legitimate interests – it is in our legitimate interest to target advertisements so that Users see relevant advertisements and to allow us to generate income from advertising revenue
To serve advertisements on third party networks and measure the effectiveness of such ads	Data about your visit to our Sites or App and action taken on those (for example if you downloaded our App or created an account with DownToDate), IP address (and your estimated location based on your IP address), age and gender, device ID (CCPA Categories B, C, G, F and K)	We obtain age and gender from you and we obtain other information from the device or browser that you use to access the service	Consent – as indicated by you in your Privacy Settings/Cookie s Settings preferences and via your browser or device privacy preferences (where required by your device manufacturer, for example Apple devices using iOS 14.5).
To contact you in order to run surveys for research purposes and to obtain feedback, and to find out if you want to take part in marketing campaigns	Email address and mobile phone number (CCPA Category B)	You provide this information to us	Legitimate interests – it is in our legitimate interests to carry out research so that we can further develop the app and improve the service
To defend legal claims, protect legal rights and to protect people from harm	This could include any information that is relevant to the issue	This information may be obtained directly from you, from your device or from third parties, depending on the information involved	Legitimate interests – it is in our legitimate interest to protect our legal rights, defend legal claims and to protect our Users and third parties from harm

3. Disclosure Of Information

Our policy is to not disclose your Registration Information or personal data, except in the limited circumstances described here:

Circumstances where data may be disclosed	Disclosed data
Service Providers – We engage certain trusted third parties to perform functions and provide services to us. We may share your Registration Information or personal data with these third parties, but only for the purposes of performing these functions and providing such services. More information about this is available directly below	This could include all data, including all CCPA Categories listed above
Moderators – To monitor activity on the App and approve content	Name and user registration details, profile information, content of messages and photographs (CCPA Categories A, B, C, E, and H)
Payment Processing and Telecommunications Companies – To facilitate payments for our premium services.	Cardholder name, cardholder address, card number, payment amount, transaction date/time (CCPA Categories A, B, and D)
Law and Harm – As we mentioned in the Terms & Conditions, we think it is very important that all Users behave whilst using the App. We will cooperate with all third parties to enforce their intellectual property or other rights. We will also cooperate with law enforcement inquiries from within or outside your country of residence where we are required by law, where there is an investigation into alleged criminal behavior or to protect the vital interests of a person. This may include preserving or disclosing any of your information, including your Registration Information, if we believe in good faith that it is necessary to comply with a law or regulation, or when we believe that disclosure is necessary to comply with a judicial proceeding, court order, or legal request; to protect the safety of any person; to address fraud, security or technical issues e.g. through anti-spam providers to protect the service from criminal activity or to protect our rights or property or those of third parties. In such cases we may raise or waive any legal objection or right available to us.	This could include any personal data that DownToDate holds about you, depending on the nature of the request or the issue that we are dealing with, including all CCPA Categories listed above
Business Transfers – In the event that DownToDate undergoes a business transition or change of ownership, such as a merger, acquisition by another company, reorganization, or sale of all or a portion of its assets, or in the event of insolvency or administration, we may be required to disclose your personal data.	This could include all personal data that DownToDate holds about you, including all CCPA Categories listed above
Marketing Services Providers – To help us serve marketing and advertising on third party websites and applications and measure the effectiveness of our advertising campaigns. More information on this is available below.	Advertising identifier associated with your device (Device ID), estimated location (based on your IP address), age, gender and data about your visit to our Sites or App and action taken on those (for example if you downloaded our App or created an account with our App) (CCPA Categories B, C, G, F and K)
Anti-Spam and Anti-Fraud – Your data may be shared with other DownToDate Group companies, for example, to block accounts and suspected fraudulent payment transactions as part of our anti-spam and anti-fraud procedures.	Email address, phone number, IP address and IP session information, social network ID, username, user agent string, and transaction and payment data (CCPA Categories B, F and D).

Aggregated Information – We may share aggregated information with third parties that includes your personal data (but which doesn’t identify you directly) together with other information including log data for industry analysis and demographic profiling.

DownToDate does not sell your data.

More Information About Disclosures

Sharing your personal data with Service Providers

We engage certain trusted third parties to perform functions and provide services to us (“Service Providers”). The suppliers with which DownToDate shares User personal data vary depending on a variety of factors, such as which of our App, Sites and services a User engages with. For example, to provide our services to Users, we typically use the following suppliers:

Billing services – to allow customers to purchase paid features of our App (for example, Google Play)
Authentication services – to allow customers to authenticate their account (for example, Jumio)
Product improvement and market research – we use third party platforms and agencies to carry out customer surveys and market research to improve our products and services
IT services – some of the third-party software providers used in the operation of our business may process Users’ personal data

We carry out due diligence on all Service Providers we engage to ensure they have adequate data protection and information security measures in place and only provide them with the personal data necessary to the service they are providing. Measures are taken to ensure that the data shared is non-attributable to the greatest extent possible and our suppliers are also subject to extensive obligations under our contractual arrangements, including strict data retention limits.

Sharing your personal data with Marketing Service Providers

We partner with providers of marketing services (such as Facebook for example) (‘Marketing Services Providers’) to help us market and advertise our App and services on third party websites and applications and measure the effectiveness of our advertising campaigns. For example:

to exclude you from advertising campaigns aimed at finding new users, if you already have a DownToDate account;
to show DownToDate adverts to users who have visited the DownToDate App/Sites but haven’t yet created a DownToDate account;
to show DownToDate adverts to existing Users to encourage them to use the service (for example, when we release new features for the App, we may advertise these features to existing users);
to create an audience for our advertisements of other potential users who have similar characteristics to you based on the information the Marketing Service Providers holds about you (also known as a Lookalike Audience); or
to include you in a ‘custom audience’ that will receive DownToDate advertising content (a custom audience is essentially a list of people who we think are most likely to be interested in a particular advertisement).

We share a limited amount of your personal data with these Marketing Services Providers, namely:

the advertising identifier associated with your device (this is a random number assigned by your mobile device manufacturer (for example Apple or Google) to your device to help advertisers (including the manufacturer) know when an ad has been viewed or clicked in an app, and when an ad causes a ‘conversion’ (for example, downloading the app advertised to you))
your estimated location (based on your IP address)
age and gender
data about your visit to our Sites or App and action taken on those (for example if you downloaded our App or created an account with our App)

For more information about how we use cookies and other tracking technologies, including how you can set and manage your preferences with regards to such technologies, please see our Cookie Policy.

Some platforms require user consent before DownToDate is permitted to use data gained through the platform for advertising purposes and where this is the case, DownToDate will only use this data where the necessary consent has been obtained. Through your device’s privacy settings, you also have the option to prevent or limit device identifiers being shared with third party advertisers and what use is made of the device identifiers. If you would like more information about your choices and how you can stop your device identifiers being shared with third party advertisers, please visit this page.

In some cases, these third parties will also use the data that they collect for their own purposes, for example they may aggregate your data with other data they hold and use this to inform advertising related services provided to other clients.

Sharing with Facebook

Where we share data with Facebook as our Marketing Service Provider (including via the Facebook “Like” function), we are Joint Data Controllers with Facebook for this processing. This arrangement means that DownToDate has to provide you this notice, but you should contact Facebook if you wish to exercise your data protection rights. Further information, including how Facebook enables you to exercise your data protection rights, and subsequently processes your information as an independent data controller can be found in Facebook Data Policy. If you want more information relating to the nature of the arrangement we have in place with Facebook, please email admin@downtodate.org.

This data referred to above can include actions that you take on our website such as your interactions with our Sites or other information collected from cookies or similar technologies including the Facebook pixel. This allows us to measure the effectiveness of our advertising, improve our marketing practices, and helps us deliver more relevant advertising to you and people like you (including on social media such as Facebook).

4. What Others May See About You

When using the DownToDate App, you should assume that anything you post or submit on the App may be publicly-viewable and accessible, both by Users and non-users of the App, although our hope is that the app content remains as private as HIPAA. We want our Users to be careful about posting information that could eventually be made public.

Please be careful about posting sensitive details about yourself. While you may voluntarily provide this information to us when you create your profile, including your specialty preferences, there is no requirement to do so. Please remember that photographs that you post on DownToDate may reveal information about yourself as well. By uploading content, you are explicitly consenting to our processing of this information and making it public to other Users.

5. Our Policy Towards Users

Although we want as many users as possible to enjoy our creation, you have to be at least 18 years old, currently in the United States, and a medical physician to use the App - sorry kids, global applicants, other medical professionals, and medical students, you’ll have to come back when we’ve rolled out our next phase of healthcare inclusive use, coming soon.

If we become aware that a minor or otherwise non-physician has registered with us, we will take steps to terminate that user's registration and delete their Registration Information from DownToDate. If we delete a profile because you violated our rules, we may retain your email and IP address to ensure that you do not try to get around our rules by creating a new profile.

6. Security

Here at DownToDate, we pride ourselves on taking all appropriate security measures to help protect your information against loss, misuse and unauthorized access, or disclosure. We use reasonable security measures to safeguard the confidentiality of your personal information such as secured servers using firewalls.

Unfortunately, no website or internet transmission is ever completely 100% secure and even we cannot guarantee that unauthorized access, hacking, data loss, or other breaches will never occur, but here are some tips to help keep your data secure:

Please make sure you log out of your Account after use as you never know who may use your Account!
Please don’t share the password you use to access your DownToDate Account with anyone.
Change your password periodically.

If you ever think someone has had access to your password or Account, please follow the steps set out here. We cannot guarantee the security of your personal data while it is being transmitted to our site and any transmission is at your own risk.

7. Your California Privacy Rights

For Users who are California residents, you have the following rights (in addition to those listed at section 8 below) under the California Consumer Privacy Act, and you have the right to be free from unlawful discrimination for exercising your rights under the Act:

You have the right to request that we disclose certain information to you and explain how we have collected, used and shared your personal information over the past 12 months.
You have the right to request that we delete your personal information that we collected from you, subject to certain exceptions.

In addition, under California law, operators of online services are required to disclose how they respond to “do not track” signals or other similar mechanisms that provide consumers the ability to exercise choice regarding the collection of personal information of a consumer over time and across third party online services, to the extent the operator engages in that collection. At this time, we do not track our Users’ personal information over time and across third-party online services. This law also requires operators of online services to disclose whether third parties may collect personal information about their users’ online activities over time and across different online services when the users use the operator’s service. We do not knowingly permit third parties to collect personal information about an individual User’s online activities over time and across different online services when using the App.

8. Your Rights

Privacy laws applicable in the US may give you the following rights:

Right to be informed: what personal data an organization is processing and why (we provide this information to you in this Privacy Policy).
Right of access: you can request a copy of your data.
Right of rectification: if the data held is inaccurate, you have the right to have it corrected.
Right to erasure: you have the right to have your data deleted in certain circumstances.
Right to restrict processing: in limited circumstances, you have the right to request that processing is stopped but the data retained.
Right to data portability: you can request a copy of certain data in a machine-readable form that can be transferred to another provider.
Right to object: in certain circumstances (including where data is processed on the basis of legitimate interests or for the purposes of marketing) you may object to that processing.
Rights related to automated decision-making including profiling: there are several rights in this area where processing carried out on a solely automated basis results in a decision which has legal or significant effects for the individual. In these circumstances your rights include the right to ensure that there is human intervention in the decision-making process.

If you want to exercise any of your rights listed above please email us at admin@downtodate.org.
For your protection and the protection of all of our Users, we may need to request specific information from you to help us confirm your identity before we can answer the above requests.

If you have a concern about how we have processed your request or your personal data, you should contact us in the first instance via the contact details listed above.

9. Data Locations

We want you to be able to access DownToDate wherever you happen to be in the US. To enable us to provide that service, we operate a network of servers in the US. The hardware is located in third-party data centers. We ensure that the data is adequately protected by ensuring that valid, legal mechanisms are in place.

10. Data Retention And Deletion

We keep your personal information only as long as we need it for the legal basis relied upon (as set out in Section 2 above) and as permitted by applicable law.

You may permanently delete your Account at any time.

When your Account is deactivated, we take reasonable efforts to make sure it is no longer viewable on the App. For up to 28 days, it is still possible to restore your Account if it was accidentally or wrongfully deactivated. After 28 days, we begin the process of deleting your personal information from our systems, unless:

we must keep it to comply with applicable law (for instance, if you make purchases within the App, some personal data may need to be kept for accounting purposes);
we must keep it to evidence our compliance with applicable law;
there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved; or
information must be kept for our legitimate business interests, such as fraud prevention and enhancing Users’ safety and security. For example, information may need to be kept to prevent a user who was banned for unsafe behavior or security incidents from opening a new account.

Where DownToDate uses machine learning, for example, to help us detect and prevent fraudulent card transactions, and to detect and prevent spam communications on the App (as explained above), we may need to keep personal information for a longer period than the retention periods explained above, to enable the machine learning to work properly. Where this is the case, we always seek to minimize the amount of personal information that is used and kept securely from other User personal information. We regularly review the period for which personal information is required for machine learning purposes and delete any identifiable information when it is no longer required.

To prevent abuse and/or misuse of DownToDate by a User following termination or deletion of a profile/Account we shall retain such information as we deem in our sole discretion may be necessary to ensure that User does not open a new Account and profile in breach of our Terms & Conditions of Use and to ensure compliance with all laws and regulations.

Warning: Even after you remove information from your profile or delete your Account, copies of that information may still be viewable and/or accessed to the extent such information has been previously shared with others, or copied or stored by others. We cannot control this, nor do we accept any liability for this. If you have given third party applications or websites access to your personal information, they may retain such information to the extent permitted under their terms of service or privacy policies.

11. Changes To This Policy

As DownToDate evolves, we may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will always be at DownToDate.org. If we make a change to this policy that, in our sole discretion, is material, we will notify you, for example, via an email to the email associated with your Account or by posting a notice within DownToDate.

Effective date

The Privacy Policy was last updated on: 13th September, 2022.