Privacy Policy

Last updated June 2026

Doctorly builds and hosts websites for physicians. Because of how our product works — we assemble doctor websites from public records before a doctor ever signs up — our privacy practices cover a few different groups of people: doctors whose sites we build, doctors who become customers, patients and visitors who use those sites, and people who simply browse doctorly.me. This policy explains, in plain English, what we collect from each group and what we do with it.

Information we collect about doctors

We create draft websites using information that is already public or professionally published: National Provider Identifier (NPI) registry records, state medical board license data, board certification listings, hospital affiliation pages, published research (for example, PubMed and ClinicalTrials.gov), and practice details such as address, phone number, and office hours from sources like Google Business Profile. We do not collect or use any patient medical records, and we never access non-public clinical information.

When a doctor claims their site, we additionally collect the information needed to run their account: name, email address, verification details, theme and content choices, and billing status.

Doctor data removal requests

If we have built a site for you and you would rather we had not, tell us. Email us or use the contact form on our About page, and we will take the site down and remove your profile from our system. You do not need to be a customer, give a reason, or prove anything beyond a reasonable confirmation that you are the doctor in question. Removal requests are typically processed within a few business days.

Information from visitors to doctor sites

Doctor websites hosted on Doctorly include a contact form. When a visitor submits that form, the name, email address, phone number, and message they provide are stored by us and delivered to the doctor's practice. We hold this information on behalf of the doctor, who is responsible for how it is used after delivery. Contact form submissions are not medical records, and the form should not be used to send clinical information — if you include health details in a message, they are handled as ordinary correspondence by the practice, not by Doctorly.

Information we collect automatically

Like most websites, we collect basic technical information when you visit doctorly.me or a hosted doctor site: IP address, browser type, pages viewed, and referring page. We use privacy-respecting aggregate analytics to understand traffic and improve the product, and we share aggregate visit statistics (never individual visitor identities) with doctors about their own sites.

How we use information

We use the information above to build and host doctor websites, verify doctors who claim their sites, process subscriptions, deliver contact form leads to practices, provide support, measure and improve the product, and meet legal obligations. We do not sell personal information, and we do not use contact form submissions for advertising.

Cookies

We use a small number of cookies: session cookies that keep signed-in doctors logged in to their dashboard, and analytics cookies that help us understand how the site is used. We do not use third-party advertising cookies. You can block or delete cookies in your browser settings; the marketing site and doctor sites will still work, though dashboard sign-in requires session cookies.

Third-party services

We rely on a small set of service providers to run Doctorly: Supabase (database and authentication infrastructure, where site content and contact form submissions are stored), Stripe (payment processing — we never see or store full card numbers), Google (fonts, business profile data, and analytics), and our hosting provider. Each of these processes data on our behalf under their own security and privacy commitments.

Data retention and security

We keep doctor account data for as long as the account is active, and contact form submissions for as long as the related doctor site is active. Unclaimed draft sites and their underlying profiles are removed promptly on request. Data is encrypted in transit, access is restricted to staff who need it, and we review access regularly. No system is perfectly secure, but we take reasonable, industry-standard measures to protect what we hold.

Your rights

Depending on where you live, you may have the right to access, correct, or delete personal information we hold about you. Whether or not a specific law applies, our practice is simple: ask us what we have, and ask us to fix or delete it, and we will.

Changes and contact

If we make material changes to this policy, we will update the date above and, for customers, send a notice by email. Questions, requests, or concerns can be sent through the contact form on our About page.