Privacy Policy

Last updated: July 2026

PsychNow Cartagena (“PsychNow”, “we”, “us”) operates a technology marketplace that connects patients with independently licensed physicians in Colombia. This policy describes how we collect, use, and protect personal data under Colombian Law 1581 of 2012 (Habeas Data) and Decree 1377 of 2013.

Data controller (Responsable del Tratamiento)

The data controller is Luis De Pombo, a Colombian persona natural operating PsychNow Cartagena. For habeas data / privacy requests, email [email protected] or [email protected] (both monitored by the controller). You may also write via the contact channels published on psychnow.co.

Data we collect

We may collect: name, email, phone/WhatsApp number, visit location, medication or health-related information you provide in forms, payment status from Mercado Pago, language preference, referral source, consent timestamps, and technical logs needed to operate and secure the service.

Sensitive data

Health-related information is treated as sensitive personal data (“dato sensible”) under Ley 1581. We collect it only with your prior, express, and informed consent and use it solely to facilitate a consultation with an independent licensed physician. You are not obliged to provide sensitive data to browse the site; providing it is voluntary for the service request. We inform you of this before collection.

Purpose and legal basis

We process data to: match you with a physician, coordinate a home visit, process payment, send service communications, operate admin workflows, keep a consultable record of your authorization (Ley 1581 Art. 9), and comply with applicable law. Legal basis is your prior, express, informed authorization and, where applicable, performance of the facilitation contract. We do not sell personal data.

Your rights (habeas data)

You may know, access, update, correct, or request deletion of your data; request proof of authorization; be informed of uses; revoke consent; and file complaints before the Superintendencia de Industria y Comercio (SIC). To exercise rights, email [email protected] or [email protected] with your full name and enough detail to locate your records. We will respond within the statutory timelines.

Security and confidentiality

We apply technical, human, and administrative measures appropriate to the sensitivity of the data (access controls, encrypted transport, least-privilege admin access). Anyone with access to patient data has an indefinite duty of confidentiality.

Processors and international transfers

We use service providers such as Vercel (hosting), Supabase (database — may process outside Colombia), Mercado Pago (payments), Resend (email), Cloudflare (DNS/CDN/email routing), and ntfy (operational alerts). They process data only as needed to provide their services under confidentiality and security commitments. By authorizing treatment you acknowledge these transfers are necessary to operate the platform.

Retention

We retain request and consent records as long as needed for the service, legal obligations, dispute resolution, and operational audit (including proof of authorization). Callback leads are retained only as needed to complete follow-up and for short operational history, then deleted or anonymized.

National database registry

The Registro Nacional de Bases de Datos (RNBD) obligation under SIC rules currently applies to sociedades and certain non-profits above 100,000 UVT in total assets, and to public legal entities — not to this persona-natural operator. Ley 1581 duties still fully apply. If the business incorporates as a SAS/LLC that crosses the RNBD threshold, databases will be registered with the SIC. Questions: [email protected] or [email protected].