BeyondRounds

Legal

Privacy Policy

Last updated: March 2026

Your privacy matters

We collect only what's necessary to match you with the right group. Your medical credentials are verified and stored securely. We never sell your data to third parties.

1. Data Controller

BeyondRounds

Berlin, Deutschland

Email: contact@beyondrounds.app

2. What we collect

Account information

  • Name, email address, and date of birth
  • Medical licence number and issuing authority
  • Profile photo (optional)
  • City and preferred language

Preferences & matching

  • Interests, personality traits, and social preferences
  • Weekend availability and preferred meetup style
  • Feedback and ratings from past meetups
  • Communication preferences

Usage data

  • Device type, browser, and operating system
  • Pages visited and features used
  • Crash reports and performance data

3. Legal basis for processing

  • Contract performance (Art. 6(1)(b) GDPR) — account creation, matching, bookings
  • Legitimate interests (Art. 6(1)(f) GDPR) — security, fraud prevention, service improvement
  • Consent (Art. 6(1)(a) GDPR) — optional analytics and marketing cookies
  • Legal obligation (Art. 6(1)(c) GDPR) — retention duties under German commercial law

4. How we use your data

  • To verify your medical credentials and maintain community trust
  • To match you with compatible groups of doctors in your city
  • To communicate meetup details, updates, and important notifications
  • To improve our matching algorithm and overall service quality

5. Data processors (third parties)

We work exclusively with GDPR-compliant providers and have a Data Processing Agreement (DPA) in place with each.

ProviderPurposeLocation
Supabase Inc.Database & authenticationUSA (SCCs)
Stripe Inc.Payment processingUSA (SCCs)
Resend Inc.Transactional emailUSA (SCCs)
Brevo (Sendinblue SAS)Marketing emailFrankreich / France
Vercel Inc.Hosting & CDNUSA (SCCs)
Sentry (Functional Software)Error monitoringUSA (SCCs)

SCCs = EU Standard Contractual Clauses under Art. 46(2)(c) GDPR.

6. How we protect your data

  • All data is transmitted over encrypted connections (TLS 1.2+)
  • Medical credentials are stored in encrypted, access-controlled databases
  • Regular security audits and vulnerability assessments
  • Access to personal data is limited to authorised team members only
  • Row-Level Security (RLS) in our database: every row is scoped to its owner

7. Cookies

We use essential cookies for authentication and session management. Optional analytics and marketing cookies are only set after your explicit consent. You can manage your cookie preferences at any time via the link in the footer.

8. Your rights (GDPR Art. 15–22)

  • Right of access (Art. 15): Request a copy of your personal data
  • Right to rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion — directly via Settings → Delete account
  • Right to restriction (Art. 18): Restrict how we process your data
  • Right to data portability (Art. 20): Receive your data in a machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests

9. Right to lodge a complaint

You have the right to lodge a complaint with the supervisory authority. For Berlin:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Alt-Moabit 59–61, 10555 Berlin

www.datenschutz-berlin.de

10. Data retention

We retain your data for as long as your account is active. Upon account deletion, personal data is removed within 30 days. Booking and payment records are retained for 10 years under §§ 147 AO, 257 HGB (German tax and commercial law).

11. Children's privacy

BeyondRounds is intended for licensed medical professionals aged 18 and older. We do not knowingly collect personal information from individuals under 18.

12. Contact & data requests

For privacy-related questions or to exercise your rights, contact us at contact@beyondrounds.app. We respond within 30 days.