Privacy, Retention & Security Policy
JPR Telemedicine — John Paulo D. Ramos, MD | Last updated: June 2026 | Version 2.1
1. Data Controller
John Paulo D. Ramos, MD — General Medicine & Telemedicine
PRC License No. 0159928 | PTR No. MKT10093938MN
jpdjramos@gmail.com | +639672305477
For privacy-related concerns: email the address above with subject "Privacy Request".
2. What Data We Collect
| Category | Specific data | Source |
|---|
| Identity | Full name, date of birth, sex | You (via Messenger questionnaire or intake form) |
| Contact | Mobile number, home address, Facebook Messenger PSID | You (via Messenger) |
| Government ID | Photo / scan of a valid Philippine government-issued ID | You (uploaded via Messenger) |
| Health information | Symptoms, duration, known conditions, current medications, allergies, reason for consultation | You (via questionnaire or intake form) |
| Payment proof | Screenshot of GCash or Maya transaction confirmation, reference number | You (uploaded via Messenger) |
| Communication | Chat transcript (last 40 messages, 14-day rolling window) | Automatically captured from Messenger |
| Issued documents | Medical certificate content, prescription details, lab request items, document IDs | Generated by the physician upon issuance |
| Consent record | Timestamp and method of consent capture | Automatically recorded at submission |
| Booking records | Appointment date, time, type of service, notification delivery status | Automatically captured when an appointment is scheduled |
3. Why We Process It (Purposes & Legal Basis)
| Purpose | Legal basis (RA 10173) |
|---|
| Evaluate teleconsultation request and issue medical documents | Consent (§12(a)) + Medical purposes by a licensed health professional (§13(e)) |
| Identity verification (to prevent fraud) | Consent; legitimate interest of the physician |
| Payment verification | Performance of a service contract (§12(b)) |
| Physician's mandatory medical record-keeping | Compliance with legal obligation (§12(c)) |
| Certificate authenticity verification (QR scan) | Legitimate interest; only document validity is confirmed — no medical details disclosed |
| After-care follow-up (3-day wellness check) | Consent; continuing care obligation |
| Appointment reminders (15-min pre-call) | Consent; performance of service |
| Daily operational digest (physician only) | Legitimate interest of the physician; data not shared externally |
4. Data Storage & Infrastructure Security
All records are stored in Cloudflare Workers KV, a globally distributed key-value store with the following security properties:
- Encryption at rest — all KV data is encrypted at rest by Cloudflare using AES-256.
- Encryption in transit — all data is transmitted over TLS 1.2 or 1.3 only. Plain HTTP connections are rejected.
- Access control — the physician dashboard is protected by a session-authenticated password. Five failed login attempts trigger a 15-minute IP-level lockout.
- Process isolation — the system runs in Cloudflare's V8 isolate sandbox; no other tenant shares the same runtime.
- Tamper-evident documents — every issued document carries a unique ID (e.g., JPR-20260617-XXXX) and a QR code linking to the live verification endpoint. Anyone can confirm authenticity without accessing medical details.
- One-time session tokens — patient intake form links use cryptographically random tokens (UUID v4) that expire in 30 minutes and are invalidated after a single use.
- File access tokens — ID and payment proof images are stored under unguessable 16-character random tokens; retrieval requires dashboard authentication.
- Webhook signature verification — all inbound Messenger webhooks are verified against Meta's HMAC-SHA256 signature before processing.
⚠️ Messenger channel notice: Communication occurs via Facebook Messenger, operated by Meta Platforms, Inc. and subject to Meta's own Privacy Policy. Do not send sensitive information you are not comfortable transmitting through Messenger. For end-to-end encrypted transmission, contact Dr. Ramos directly via the email address above.
5. Retention Schedule
| Data type | Retention period | Basis |
|---|
| Government ID photos | 30 days after case is resolved or rejected | Minimum necessary for identity verification; auto-expired by KV TTL |
| Payment proof screenshots | 12 months after payment date | Financial record-keeping; auto-expired by KV TTL |
| Chat transcripts | 14 days rolling window (last 40 messages) | Operational support (live takeover); auto-expired by KV TTL |
| Medical records (case records, SOAP notes, issued documents) | 10 years minimum | DOH Administrative Order No. 2016-0002 and standard Philippine medical record-keeping practice; after 10 years, records are securely deleted |
| Prescriptions (Rx records) | 10 years | Same as above |
| Audit logs | 10 years | Compliance; legal defence |
| Booking & appointment records | 2 years | Operational; then purged |
| Session state / questionnaire progress | 12 hours inactivity | Auto-expired; abandoned intakes are cleared automatically |
6. Data Sharing & Third Parties
We do not sell, trade, or otherwise transfer your personal data to third parties. Data may be disclosed only in the following limited circumstances:
- Certificate verification — when an employer, school, or government agency scans the QR code on your document, the system confirms only whether the document ID is authentic and who issued it. Your medical details are never disclosed.
- Legal requirement — if compelled by Philippine law, court order, or a regulatory body with lawful authority.
- Infrastructure providers (data processors only):
- Cloudflare, Inc. — hosting, KV storage, and edge compute
- Meta Platforms, Inc. — Messenger communication channel
- Google LLC — encrypted backup spreadsheet (physician access only)
Each operates under its own security and privacy frameworks and processes data only as instructed.
7. Your Rights Under RA 10173 (Data Privacy Act of 2012)
- Right to be informed — this notice constitutes that disclosure.
- Right to access — request a copy of personal data held about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to object — object to processing for legitimate interest purposes.
- Right to erasure — request deletion of data, subject to the physician's mandatory retention obligations described in Section 5.
- Right to data portability — request your data in a structured, machine-readable format.
- Right to complain — file a complaint with the National Privacy Commission (privacy.gov.ph).
To exercise any right, email paulo.ramos@astra.feu-nrmf.edu.ph with subject "Privacy Request" and describe your request. We will respond within 15 business days.
8. Consent & Truthfulness Declaration
By submitting the intake questionnaire or intake form, you:
- Freely give, and specifically consent to, the collection and processing of your personal and health information as described in this policy.
- Certify that all information provided is true, accurate, and complete to the best of your knowledge.
- Understand that providing false or misleading information may void any issued document and may expose you to civil or criminal liability under applicable Philippine law.
- Acknowledge that the final clinical decision to issue, withhold, or qualify any medical certificate or prescription rests solely with the licensed physician.
- Understand that this service is for non-urgent concerns only, and that emergencies must be brought to the nearest emergency room immediately.
9. Policy Updates
This policy may be updated from time to time. The current version and effective date are shown at the top of this page. Continued use of the service after a material update constitutes acceptance of the revised policy. Material changes will be communicated via Messenger to active patients.