Privacy Policy

1. Introduction

Doha Dynamics ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how RosterMD collects, uses, discloses, and safeguards your information when you use our scheduling and roster management software (the "Service").

As a healthcare workforce management solution, RosterMD is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable data protection regulations.

2. Information We Collect

2.1 Personal Information

We collect the following types of information:

• Account Information: Username, full name, email address, role (e.g., doctor, roster manager)
• Professional Information: Employee code, department, PGY level, skills, certifications
• Scheduling Data: Shift assignments, preferences, unavailability dates, leave requests
• Usage Information: Login timestamps, session data, feature usage patterns

2.2 Automatically Collected Information

• Technical Data: IP address, browser type, device information, operating system
• Cookies and Tracking: Session cookies for authentication (HttpOnly, Secure, SameSite)

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Generate optimized shift schedules, manage roster blocks, track doctor preferences
• Authentication and Security: Verify user identity, manage sessions, prevent unauthorized access
• System Improvement: Monitor performance metrics, identify bugs, improve solver algorithms
• Compliance: Maintain audit logs, generate reports for regulatory requirements
• Communication: Send system notifications, alerts, and updates related to roster changes

4. HIPAA Compliance

RosterMD is designed as a HIPAA-compliant workforce management platform. While RosterMD does not directly store Protected Health Information (PHI) about patients, employee scheduling data may be considered PHI under certain circumstances.

Our HIPAA Safeguards Include:

• Encrypted data transmission (HTTPS/TLS)
• Encrypted data storage (database encryption at rest)
• Role-based access controls (RBAC)
• Secure session management with automatic timeouts
• Audit logging of all data access and modifications
• Business Associate Agreements (BAAs) available for covered entities

Healthcare organizations using RosterMD should execute a BAA with Doha Dynamics to ensure compliance with HIPAA regulations.

5. Data Storage and Retention

Storage Location: Data is stored in secure data centers with industry-standard physical and logical security controls.

Retention Period: We retain your data for as long as your account is active or as needed to provide services. After account termination, data is retained for a minimum of 7 years to comply with healthcare recordkeeping regulations, or longer if required by applicable law.

Data Backup: Regular automated backups are performed to ensure data availability and disaster recovery capabilities.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share data in the following circumstances:

• Within Your Organization: Authorized users (roster managers, department administrators) can access scheduling data
• Service Providers: Third-party vendors who assist with hosting, monitoring, and support (under strict confidentiality agreements)
• Legal Compliance: When required by law, court order, or regulatory investigation
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with continued protection of your data)

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Request corrections to inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Portability: Request export of your data in a machine-readable format
• Objection: Object to certain data processing activities
• Withdrawal of Consent: Withdraw consent for data processing where applicable

To exercise these rights, contact your system administrator or email us at privacy@dohadynamics.com.

8. Security Measures

We implement industry-standard security measures to protect your data:

• TLS/SSL encryption for data in transit
• AES-256 encryption for data at rest
• BCrypt password hashing
• Secure session management with HttpOnly cookies
• Regular security audits and vulnerability assessments
• Intrusion detection and prevention systems
• Multi-factor authentication (available on request)

While we strive to protect your data, no system is 100% secure. Users should use strong passwords and report any suspicious activity immediately.

9. Cookies and Tracking Technologies

RosterMD uses the following cookies:

• Session Cookies: Essential for authentication and session management (HttpOnly, Secure, SameSite=Lax)
• Preference Cookies: Store UI preferences (e.g., dismissed banners)

We do not use third-party tracking cookies or analytics tools that collect personal information. You can configure your browser to reject cookies, but this may limit functionality.

10. International Data Transfers

If you access RosterMD from outside the country where our servers are located, your data may be transferred across international borders. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions under applicable data protection laws
• Binding Corporate Rules for intra-group transfers

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top of this page indicates the most recent revision.

Continued use of RosterMD after policy changes constitutes acceptance of the updated terms.

12. Contact Us

For questions or concerns about this Privacy Policy, contact us at: