Privacy Policy

Summary

We take privacy seriously — perhaps more than most directories — because the people who use this site may be queer, trans, in the closet, in unsafe regions, or otherwise have legitimate reasons to want their use of an LGBTQ+ healthcare directory to remain private. This policy explains what we collect, why, how we use it, and how you can control it.

If you only read one section, read What we don't do.

1. Who this policy applies to

This policy applies to anyone who:

Visits lgbtdocs.com or any subdomain.
Creates an LGBTDocs account.
Submits a healthcare provider listing.
Claims an existing listing as their own practice.
Reports an issue with a listing.
Subscribes to our newsletter, if applicable.
Contacts us by email or any other channel.

Healthcare providers listed in our directory have a separate set of rights and processes — see Healthcare provider listings.

2. What we collect

Information you give us directly

Create an account

Email address, password hashed and never stored in plain text, and display name.

Submit a provider listing

Provider name, address, contact details, specialties, languages, your name and email so we can verify, and any photos or descriptions you upload.

Claim an existing listing

Verification documents, such as medical licence or business registration, and contact details.

Report a listing

Description of the issue and, optionally, your contact details.

Whatever you put in your message and the email address you sent it from.

Information collected automatically

Device and browser

Browser type, operating system, screen size, and referring URL.

IP address

Used for security, abuse prevention, and approximate location. We do not store precise location.

Usage data

Pages visited, time on page, search queries you make, and providers you click on.

Cookies and similar technologies

See Cookies and tracking.

Information we do not ask for

We never ask for your sexual orientation, gender identity, HIV status, or any other special-category personal data as a condition of using the site.
We never ask why you are searching for a particular provider.
We never ask for your date of birth other than to confirm you are an adult, where required by law.

Information we infer

If you log in and use the site, we may infer interests from the categories of providers you search for or save, for example, “interested in trans-affirming care”. This inference is held only for personalisation within your own session/account and is never shared, never sold, and never used for advertising. You can request deletion of this inferred data at any time.

3. How we use your information

We use the information we collect to:

Operate the directory — show you search results, let you save providers, and log you in.
Verify provider submissions and claims. This is a manual review.
Communicate with you about your account, your submissions, or your reports.
Send the LGBTDocs newsletter only if you have opted in — and you can unsubscribe any time.
Detect and prevent fraud, spam, scraping, and abuse.
Comply with legal obligations.
Improve the product — understand which features get used, where the search falls short, and what providers are missing from the directory.

We use aggregated, anonymised analytics, for example, “10,000 people searched for trans-affirming care in Mumbai this month”, to inform editorial and product decisions. Aggregated data cannot identify individuals.

4. Legal basis for processing

If you are in the EU/UK under GDPR or India under the DPDP Act 2023, we rely on these legal bases:

Running your account

Contract — necessary to provide the service you signed up for.

Newsletter

Consent — opt-in, withdrawable any time.

Security and fraud prevention

Legitimate interests — keeping the platform safe.

Verifying provider submissions

Legitimate interests + public interest — protecting users from misinformation.

Complying with legal requests

Legal obligation.

Aggregated analytics

Legitimate interests — with no individual-level identification.

You have the right to object to processing based on legitimate interests — see Your rights.

5. Sensitive data — special protections

The fact that someone uses LGBTQ+-specific services may itself be considered sensitive in many jurisdictions. We treat this seriously.

We deliberately do not collect information about your sexual orientation, gender identity, HIV status, or other sensitive characteristics about you as a user.

If you, as a healthcare provider, voluntarily mention your own identity, for example, “I am a queer-identifying GP”, in your listing, that information is being processed because you have made it manifestly public — but you can edit or remove it at any time.

Search activity caveat: when you search the directory, the search query is processed by our servers. If you search for “trans-affirming endocrinologist,” that query touches our infrastructure.

We do not log search queries against your account by default.
We do not share search queries with third parties for advertising.
We use aggregated, de-identified search data only for product improvement.
We allow you to clear your local search history any time.

If you would prefer to use the site without any account-level personalisation, you can browse without logging in. Most search functionality is available to anonymous users.

6. Cookies and tracking

We use cookies and similar technologies. There are three categories:

Strictly necessary

Required for the site to function — login sessions, security tokens, and language preference. These cannot be disabled.

Functional

Remember your preferences, for example saved providers and accessibility settings. You can disable these in your browser, but the site will be less convenient.

Analytics

We use Google Analytics and Firebase Analytics to understand aggregated usage and improve the website and service.

We do not use cookies or tags to sell your personal data to data brokers.

A cookie banner appears on your first visit if you are in a region requiring opt-in, such as the EU/UK, and lets you accept or reject non-essential cookies.

We share information only in these circumstances:

Service providers — hosting, email delivery, analytics, fraud prevention

To run the platform. Each is contractually bound to use the data only for the purpose we have engaged them for. List available on request.

Healthcare providers you contact directly

If you click a provider website or email link, you are leaving our platform. Their privacy policy applies to that interaction.

Authorities, when legally required

If we receive a valid legal order. We will challenge requests we believe are overbroad and, where legally permitted, will notify the affected user.

A successor entity

If LGBTDocs is acquired, merged, or transferred, your information would transfer too — under the same protections as this policy, or you would be notified and given the option to delete your account first.

We do not:

Sell your personal data to anyone, ever.
Share your personal data with advertisers, data brokers, or marketing networks.
Share information about your searches, account, or activity with third parties for their own purposes.

8. International data transfers

LGBTDocs operates globally. Our servers are hosted in Singapore and United States cloud infrastructure regions, with content delivery nodes worldwide.

If you are in the EU/UK, data transferred outside the EEA is protected by Standard Contractual Clauses or an adequacy decision, where required.

If you are in India, we comply with cross-border transfer rules under the Digital Personal Data Protection Act 2023 as they come into effect.

You can request a copy of the safeguards we use for cross-border transfers by emailing privacy@hyphias.com.

9. How long we keep data

Account information

While your account is active, plus 90 days after deletion in case you reactivate.

Provider submissions you made

While the listing is live; if you withdraw it, we keep records for 12 months for audit.

Reports you have filed

24 months, then anonymised.

Server logs — IPs and request data

30 days, then deleted.

Aggregated analytics

Indefinitely, because it does not identify you.

Up to 12 months, or until you clear them.

If you delete your account, all account-linked data is deleted within 90 days, except where we are legally required to retain it, for example for fraud investigation or legal hold.

Account deletion page: https://hyphias.com/delete-account.

10. Your rights

Depending on where you live, you have some or all of these rights:

Access — get a copy of the personal data we hold about you.
Correction — fix inaccurate data.
Deletion — have your data removed.
Object/Restrict — stop us processing your data for certain purposes.
Portability — get your data in a machine-readable format.
Withdraw consent — where we rely on it (e.g. newsletter).

How to exercise your rights

Email us at privacy@hyphias.com with the subject line "Data Rights Request." We will verify your identity before processing the request to protect your security. We do not charge a fee for reasonable requests.

11. Healthcare provider listings

Our directory includes information about healthcare providers. This information is either:

Submitted by the provider or their authorised staff.
Submitted by a user of the site.
Collected from publicly available sources (websites, public registers).

If you are a provider and wish to claim, edit, or remove your listing, please email providers@hyphias.com.

We process provider business data based on our legitimate interest in providing a public directory of LGBTQ+ affirming healthcare, which is in the public interest.

12. Children's privacy

LGBTDocs is intended for use by adults. We do not knowingly collect personal data from children under 18 (or the age of majority in your jurisdiction) without parental consent. If we learn we have collected data from a child without verification, we will delete it immediately.

13. Security

We use industry-standard security measures:

HTTPS encryption for all data in transit.
Encrypted password hashing.
Regular security audits and dependency updates.
Strict access controls for our staff.

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

14. What we don't do

Our Non-Negotiables

No Data Sales

We will never sell your personal data, search history, or contact info to anyone.

No Ad Networks

We do not use Facebook Pixels or other invasive ad-network tracking.

No Shadow Profiles

We don't buy data from third parties to build secret profiles of our users.

No Targeted Ads

We don't use your medical interests to target you with ads on other sites.

15. Changes to this policy

We may update this policy occasionally. If we make material changes, we will notify you by email (if you have an account) or by a prominent notice on the homepage.

16. How to contact us

For privacy-related questions or to exercise your rights, email our Privacy Officer:

Data Protection Officer

Email: privacy@hyphias.com
Address: 160 Robinson Road, #14-04, Singapore Business Federation Center, Singapore 068914

17. Region-specific rights

California (CCPA/CPRA)

We do not “sell” or “share” personal information as defined by California law. You have the right to request a notice disclosing the categories of personal information we have collected.

India (DPDP Act 2023)

You have the right to nominate an individual to exercise your rights in the event of death or incapacity. You have the right to readily available grievance redressal.

Singapore (PDPA)

We comply with the Personal Data Protection Act 2012 of Singapore.