Yes, we are supporting GDPR on our paid plans.
How we are compliant (short list)
We don't store identifiable data on your patients
As with all our Plans we do not store Personally Identified Information about your patients. While certain information might be gathered for system performance and high-level analytics, PII is not store persistently. Specifically things like: name in check-in box, audio or video media, other data shared while using the Doxy.me application.
Don't your data centers need to be in the EU now?
Not necessarily. GDPR does not require that our data centers be in the EU. GDPR allows a company to transfer data outside of the EU as long as practices are put in place to make sure that personal data is properly protected. We are certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to satisfy this requirement and also offer up our Data Processing Agreement (DPA).
What if I have a Data Subject Right (DSR) request to delete or update data?
Any other requests to correct, access, or delete information, will be handled by emailing firstname.lastname@example.org. We'll respond to this requests within 3 days.