Privacy Policy

The data controller for personal data processed through this platform is Innoviqor Consulting LP, trading as Ofllo. Ofllo is a technology platform that connects patients with independent EU-licensed medical professionals. We do not provide medical advice, diagnosis, or treatment ourselves.

For any privacy or data-protection request, email info@ofllo.com.

• Identity and contact data: full name, email, phone.
• Account data: encrypted password, role (patient / doctor), preferences.
• Health data: vitals, symptoms, lifestyle logs, uploaded medical documents, consultation notes — voluntarily provided by you or your treating physician.
• Appointment and messaging history with physicians.
• Payment data: processed by Stripe; we never store full card details on our servers.
• Technical data: IP address, browser type, device, and essential cookies required for the platform to function.

• Health data (special category): processed under Article 9(2)(a) GDPR — your explicit consent, captured at signup and recorded with a timestamp.
• Account and contact data: Article 6(1)(b) — necessary to perform the contract you enter into when creating an account.
• Payment data: Article 6(1)(b) — necessary to provide the paid service.
• Essential cookies: Article 6(1)(f) — legitimate interest in securely operating the platform.
• Analytics cookies: Article 6(1)(a) — only with your consent through the cookie banner.

All personal and health data is stored exclusively on infrastructure located within the European Union. We do not transfer your data outside the EU/EEA. Sub-processors (e.g. Stripe for payments) are bound by Data Processing Agreements and, where applicable, Standard Contractual Clauses.

• Account and profile data: kept for the lifetime of your active account.
• Health records and consultation history: retained for 10 years from the date of the consultation, as required by EU and Greek medical record-keeping rules.
• Billing and invoicing records: retained for 10 years to comply with tax law.
• Marketing and analytics data: deleted within 24 months of your last interaction, or immediately upon withdrawal of consent.
• After erasure: account data is deleted within 30 days of a verified request; health and billing records are kept for the statutory minimum and then deleted.

You can request deletion of your account and personal data at any time from your dashboard or by emailing info@ofllo.com. We verify your identity and complete the erasure within 30 days, except for data we are legally required to retain (see retention periods above).

You can download a machine-readable export of your personal data, including health logs and consultation history, from your patient dashboard. For assistance, email info@ofllo.com.

You also have the right to access your data, rectify inaccuracies, restrict or object to processing, withdraw your consent at any time, and lodge a complaint with your national Data Protection Authority — in Greece, the Hellenic Data Protection Authority (dpa.gr).

Innoviqor Consulting LP (trading as Ofllo)

Email: info@ofllo.com

We respond to all requests within 30 days.