Our Commitment
GlobeDoc is built on the principle that your health data is yours — not ours. The EU General Data Protection Regulation (GDPR) gives you strong rights over your personal data. We fully embrace these rights and have designed GlobeDoc from the ground up to comply with them.
Health data is classified as special category data under GDPR and receives the highest level of protection. We take this responsibility very seriously.
Your Six Core Rights
To exercise any of these rights, email hello@globedoc.com. We will respond within 30 days at no charge.
Legal Basis for Processing
Under GDPR, we must have a lawful basis to process your data. Here is how we process different types of data and why:
Processed on the basis of contract performance — necessary to provide you with the GlobeDoc service you signed up for.
Processed on the basis of your explicit consent — you choose what to store and who to share it with. You may withdraw consent at any time by deleting your data or account.
Processed on the basis of our legitimate interest in improving the platform — always anonymised and aggregated, never linked to individual users.
Processed on the basis of legal obligation where we are required to retain certain records by law.
Data Controller
GlobeDoc acts as the data controller for your personal and health data. For technical infrastructure (cloud hosting), we engage carefully selected processors under GDPR-compliant data processing agreements.
All data is stored within the European Union. We do not transfer personal data outside the EU/EEA without appropriate safeguards in place.
Data Retention
We retain your personal data for as long as your account is active. When you delete your account:
- All personal and health data is permanently deleted within 30 days
- Backups are purged within 90 days
- Anonymised aggregate data (not linked to you) may be retained indefinitely for platform improvement
Security Measures
We protect your data with:
- Encryption in transit: all data transferred over TLS 1.2+
- Encryption at rest: databases and backups encrypted at the storage level
- Access controls: role-based access, multi-factor authentication for staff
- Regular audits: security reviews and penetration testing
- Breach notification: we will notify affected users and the relevant authority within 72 hours of any confirmed data breach
Data Breach Notification
In the unlikely event of a data breach affecting your personal data, we will notify you directly by email without undue delay and within 72 hours of becoming aware of the breach. We will provide clear information about what happened, what data was affected and what steps you should take.
Consent & Withdrawal
Where we process your data based on consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal. You can manage your consent settings in your GlobeDoc account, or contact us directly.
Complaints
If you believe we have not handled your data correctly, please contact us first at hello@globedoc.com — we want to resolve any concerns directly and promptly.
You also have the right to lodge a complaint with your national supervisory authority. In Sweden, this is the Integritetsskyddsmyndigheten (IMY) at imy.se. In other EU countries, contact your local data protection authority.
Contact Our Data Team
For any privacy or GDPR-related request:
We aim to respond to all data requests within 5 business days and complete them within 30 days as required by GDPR.