At HotDoc, we take your privacy and security seriously. 
We have a dedicated team of privacy and security experts who work hard behind the scenes to protect the privacy of your data and ensure the security of our platform.

This page includes information about how we protect your privacy and secure the information that we hold.

Privacy at HotDoc 

ⓘ Important

HotDoc takes steps to get your consent before we collect any of your data, either when you interact with us directly or by requiring practices to obtain your consent.

We also commit to:

• Any sensitive information being hosted within Australia, in a strictly controlled environment.
• Never exploit or use your data for any reason other than to provide you with the services or to comply with our obligations under the law.
• Allowing you to opt-out of using our platform.
• Allowing you to request access to, or deletion of your data at any time
• Your information only being accessible after authentication
• Making multi-factor authentication available to all patients using our platform
• Connections to our platform (websites and API) being encrypted to provide a secure connection, and your information being protected using TLS 1.2 — a secure network protocol that uses encryption to protect data transmitted between a client and server over a network, like the internet.
• Implementing a range of robust security protections to protect your data.

If you want to find out more about our commitment to your privacy, please check out our Privacy Policy.

Communications from HotDoc

HotDoc will only contact you if we have consent, either directly from yourself or from your healthcare provider if we're communicating on their behalf.

We work directly with practices to make emails and SMS messages from HotDoc easy to identify.

This article explains why you might receive a message from HotDoc from time to time.

If you would like to opt out of receiving communications from HotDoc (or specific types of communications), you can contact us using the details in our Privacy Policy. As required by the SPAM Act, you can opt out of Marketing Communications using the link found inside the SMS or email.

Scams and Phishing

Unfortunately, scammers sometimes impersonate HotDoc—or send fake emails or SMS messages—trying to trick people into giving away personal information or clicking malicious links.

To keep your information safe and help identify genuine HotDoc messages, check out Spotting scams: How to tell if a message really came from HotDoc

Security of our Platform

The HotDoc Platform has security built-in, and we have been externally audited in our security practices. These include:

• Encrypting sensitive data, both in transit and at rest within our platform
  
   
• Reviewing the security controls of the vendors and suppliers that we engage who might have access to sensitive data
  
   
• Regularly auditing our systems for access, our code and our infrastructure for vulnerabilities, including paying security researchers to test our platform
  
   
• Logging access to your data and our systems, and monitoring our services for signs of anomalous activity and audit access that could indicate a security issue 
  
   
• Running our platform in Amazon Web Services, who ensure that the infrastructure that hosts our platform is secure 
  
   
• Training all of our staff in the importance of security and the secure handling of any personal and confidential information

To prove that we do all these things, HotDoc is SOC2 Type 2 accredited, providing independent assurance that our systems meet the highest standards for data protection, security and reliability.

Security of our Payments feature

HotDoc Payments are facilitated using secure Payment Providers and industry-standard payment processes (PCI-DSS), meaning that neither HotDoc nor your practice will be able to see your card information.

For more information on HotDoc Payments security, please check out the links below:

• HotDoc Payments Security
• Payments Security FAQs