Markus Santé

    Privacy Policy - Markus Santé

    Translation for information only. The legally binding version of this document is the original French version available at markus-sante.com/politique-confidentialite.

    1. Introduction

    The purpose of this Privacy Policy is to inform users (healthcare professionals) of the Markus Santé platform, published by BraimIA, about how their personal data and that of their patients are collected, processed, and protected, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act ("loi Informatique et Libertés").

    2. Roles and Responsibilities

    • Regarding the Practitioner (Client) data: BraimIA acts as Data Controller. We collect this data to manage your subscription, your access to the service, and to analyze use of the application.
    • Regarding Patient data: The Practitioner is the Data Controller (subject to medical confidentiality). BraimIA acts exclusively as Processor. We process this health data solely on the Practitioner's instructions to provide the administrative assistance service.

    3. Data collected, Purposes and Sub-processors (Practitioner)

    To ensure the proper functioning of the platform, BraimIA collects and processes data relating to Practitioners:

    • Identification data: Last name, first name, email address, profession.
    • Billing data (via Stripe): For secure management of your payments. Stripe processes your payment information securely.
    • Browsing data (via Mixpanel): Usage analysis to improve the interface. No medical data is transmitted to Mixpanel.
    • Logging (Logs): We collect access logs for the database and the application (user ID, timestamp, action type). This collection is a legal obligation related to the hosting of health data (HDS) to ensure traceability and detect any intrusions.

    Legal basis: Performance of the contract (GTS/GTU) and legal obligation (HDS security).

    4. Patient data (processed indirectly)

    • Nature of data: Identification data, voice notes from sessions, medical history, reports, and consultation notes. This data constitutes Personal Health Data.
    • Purpose: Audio-to-text transcription, clinical structuring by AI, drafting assistance.
    • Legal basis: Performance of the processing contract (DPA).

    5. Use of Artificial Intelligence

    Patient data is processed by AI models hosted on our secure infrastructure. BraimIA guarantees that no health data is used to train, retrain, or improve third-party or internal AI models.

    6. Hosting, Security and Traceability

    • HDS: All data is hosted in France on Google Cloud servers (HDS certified).
    • Encryption: Encrypted communications (HTTPS/TLS) and data encrypted at rest (AES-256).
    • Internal Security: Access to the database by the BraimIA team is protected by multi-factor authentication (MFA) and is systematically logged.

    7. Retention period

    • Audio files: Automatically deleted from our production servers 14 days after processing.
    • Patient text data: Kept as long as the Practitioner's account is active. Permanently erased upon account closure.
    • Practitioner data: 10 years for billing (legal obligation); 13 months for analytics data (Mixpanel); 1 year for security logs.

    8. Data transfers outside the European Union

    For Practitioner data only (via Stripe and Mixpanel), transfers to the United States may take place. These transfers are governed by the European Commission's Standard Contractual Clauses (SCCs) to ensure a level of protection equivalent to the GDPR. No patient health data is transferred outside France.

    9. Rights of users and patients

    In accordance with the GDPR, you have the right to access, rectify, erase, restrict, and port your data.

    • For Practitioners: Contact us at contact@markus-sante.com.
    • For Patients: Requests must be addressed directly to the Practitioner.
    • Complaint: You have the right to lodge a complaint with the CNIL (French data protection authority) if you consider that your rights are not being respected.

    10. Contact and DPO

    For any question relating to data protection, our Data Protection Officer (DPO) can be reached at: contact@markus-sante.com.