Yes, we support GDPR on our paid plans.
How we are compliant (short list)
We don't store identifiable data on your patients
As with all our Plans we do not store Personally Identified Information about your patients. While certain information might be gathered for system performance and high-level analytics, PII is not store persistently. Specifically things like: name in check-in box, audio or video media, other data shared while using the Doxy.me application.
Email email@example.com to sign the EU Data Protection Addendum
Don't your data centers need to be in the EU now?
Not necessarily. GDPR does not require that our data centers be in the EU. GDPR allows a company to transfer data outside of the EU as long as practices are put in place to make sure that personal data is properly protected. We are certified under the EU-U.S. and Swiss-U.S. Privacy Shield (pending status) frameworks to satisfy this requirement and also offer up our Data Processing Agreement (DPA).
What if I have a Data Subject Right (DSR) request to delete or update data?
Any other requests to correct, access, or delete information, will be handled by emailing firstname.lastname@example.org. We'll respond to this requests within 3 days.
Why is GDPR only on paid plans?
GDPR requires an additional step that HIPPA does not require. That step requires you to have a Custom TOS checkbox. Our Custom TOS checkbox has always been on our paid plans.