Privacy Policy

1. Introduction

DeepPlane.com is operated by Gamevato OÜ ("we," "our," or "us"), a company registered in Estonia (Registry Code: 16656270). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website deepplane.com (the "Site") and use our services.

By accessing or using our Site, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Site.

2. Data Controller

The data controller responsible for your personal data is:

• Company Name: Gamevato OÜ
• Trade Name: DeepPlane.com
• Registry Code: 16656270
• Address: Tartu mnt 67/1-13b, Tallinn 10115, Estonia
• Email: Contact Us

3. Information We Collect

3.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Create an account or profile
• Submit a contact form or patient inquiry
• Subscribe to our newsletter
• Submit a patient inquiry to a surgeon
• Leave a review or comment
• Claim a surgeon profile
• Purchase a subscription plan

This information may include your name, email address, phone number, and any other information you choose to provide.

3.2 Patient Inquiry Data

When you submit a patient inquiry through our platform, we collect information necessary to connect you with surgeons, including your name, contact details, and details about your inquiry. This information is shared with the relevant surgeon(s) in an anonymized format until the surgeon uses inquiry credits to view your full contact details.

3.3 Healthcare Professional Information

We collect and display information about healthcare professionals (surgeons) from publicly available sources, including but not limited to:

• Professional medical directories and registries
• Hospital and clinic websites
• Medical board certifications
• Professional social media profiles
• Published medical literature and conference presentations

Healthcare professionals may claim their profiles and update their information directly. We provide a mechanism for professionals to request removal of their information (see Section 8).

3.4 Payment Information

Payment processing is handled by our third-party payment processor, Stripe. We do not store your full credit card details on our servers. Stripe's privacy policy governs the handling of your payment data.

3.5 Automatically Collected Information

When you visit our Site, we automatically collect certain information, including:

• IP address and approximate location
• Browser type and version
• Device type and operating system
• Pages visited and time spent on pages
• Referring website or source

4. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Facilitate patient inquiries and connect patients with surgeons
• Process subscription payments and manage surgeon accounts
• Send newsletters and marketing communications (with your consent)
• Respond to your comments, questions, and requests
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues
• Comply with legal obligations

4A. AI-Assisted Content Generation

DeepPlane.com uses artificial intelligence (AI) technology to assist in generating informational content about surgeons and procedures. This includes:

• Surgeon Profile Content: AI-generated biographical summaries, surgical methodology descriptions, and FAQ sections based on publicly available data (Google Business profiles, medical registries, professional society memberships)
• Educational Content: AI-assisted medical articles reviewed by board-certified facial plastic surgeons on our editorial board
• Data Synthesis: AI processing of Google reviews to identify themes and language patterns

All AI-generated content uses hedged language for unverified claims and undergoes quality validation against 23 editorial rules before publication. AI-generated content is clearly attributed and dated. See our Methodology page for details.

5. Legal Basis for Processing

5.1 Under GDPR (General Data Protection Regulation)

As a company registered in Estonia (an EU member state), we are fully subject to the General Data Protection Regulation (EU) 2016/679 (GDPR). We process your personal data based on the following legal bases:

• Consent (Article 6(1)(a)): Where you have given us explicit consent for specific processing activities, such as marketing communications
• Contract Performance (Article 6(1)(b)): Where processing is necessary to perform a contract with you or to take pre-contractual steps at your request, including subscription services and patient inquiry facilitation
• Legal Obligation (Article 6(1)(c)): Where processing is necessary to comply with EU or Estonian law
• Legitimate Interests (Article 6(1)(f)): Where processing is necessary for our legitimate business interests, provided it does not override your fundamental rights and freedoms

5.2 Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of Access (Article 15): Request a copy of your personal data we hold
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restriction (Article 18): Request restriction of processing in certain circumstances
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at Contact Us. We will respond to your request within 30 days.

5.3 Supervisory Authority

As we are established in Estonia, our lead supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon). You have the right to lodge a complaint with this authority or with the supervisory authority in your EU member state of residence.

• Estonian Data Protection Inspectorate
• Website: www.aki.ee
• Email: [email protected]
• Address: Tatari 39, 10134 Tallinn, Estonia

6. Information Sharing and Disclosure

We may share your information in the following situations:

• With Healthcare Professionals: When you submit a patient inquiry, your contact information is shared with the relevant surgeon once they use inquiry credits to access your details
• Payment Processor: We use Stripe to process subscription payments. Your billing information is handled directly by Stripe in accordance with their privacy policy
• Service Providers: We may share information with third-party vendors who perform services on our behalf (e.g., hosting, analytics, email delivery)
• Legal Requirements: We may disclose information if required by law or in response to valid legal requests from Estonian or EU authorities
• Business Transfers: In connection with any merger, sale, or acquisition of our business

We do not sell your personal information to third parties.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure servers, and access controls. However, no method of transmission over the Internet or electronic storage is 100% secure.

8. Your Rights and Choices

8.1 Exercising Your GDPR Rights

As detailed in Section 5.2, you have comprehensive rights under GDPR. To exercise these rights:

• Email us: Send your request to Contact Us
• Use our Data Request form: Visit our Data Removal Request page
• Response time: We will respond within 30 days of receiving your request
• Verification: We may need to verify your identity before processing your request
• Free of charge: Exercising your rights is free, except for manifestly unfounded or excessive requests

8.2 For Healthcare Professionals

If you are a healthcare professional listed on our Site and wish to:

• Claim your profile: Visit Claim Profile to verify and manage your listing
• Update your information: Contact us or use the claim process to update your profile
• Request removal: Submit a removal request via our Data Removal Request page or email Contact Us

We will process removal requests within 30 days. Note that we may retain certain information as required by law or for legitimate business purposes.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. For more information, please see our Cookie Policy.

10. International Data Transfers

Your information may be transferred to and processed in countries other than Estonia. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place in accordance with GDPR requirements.

11. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining the retention period, we consider the nature and sensitivity of the data, potential risks, and legal requirements.

12. Children's Privacy

Our Site is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at Contact Us.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

For data protection inquiries under GDPR, you may contact the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local data protection authority in the EU.