To main content

Privacy and cookies

What we do with your data, what data we use, why, and where we use it. And how to opt-out.

Confrere (the responsible body) lets you make video calls through a web browser on any modern web-enabled device. Confrere is best suited for video calls between a professional (such as a doctor or a lawyer) and a client.

Confrere makes it easy for professionals and clients to meet over video. In such meetings, confidential information is exchanged, and we are adamant about safeguarding you and your data. Confrere is both GDPR (EU/EEA) and HIPAA (USA) compliant and following the privacy and security requirements of regulations such as the Norwegian health sector regulation Normen. We comply with NEN 7510 (NL) and Appendix 31b of the German Federal Contract - Physicians (information security in video consultations).

This privacy notice applies to you, whether you are just browsing on our website, visiting a professional’s Confrere, joining a call as a visitor, or offering video calls through your Confrere account. We collect data about you several times: when you visit our website, ask a question or contact us, participate in a call or sign up for an account. If you believe we ask for more data than needed or in some other way act unethically or in a way that is not transparent, please contact us with your concerns.

What types of data do we collect, and why

We do not have access to the video calls made via Confrere: no one has access except for participants in the call. Thus it follows that we do not record or store the video calls. Read more about end-to-end encryption.

Joining a video call as a visitor

When you join a video call as a visitor, you do not go through a sign-up process nor create a Confrere account. We do not collect health information about you or other sensitive data.

When you show up for your call, you fill out a form where you might enter your:

  • Name
  • Phone number
  • Payment details if you pay by card
  • Personal identification number (if you are located in Scandinavia)

This data is displayed on the professional’s dashboard (with the exception of complete payment details), along with information about the date and length of the call. In addition, we store some technical information about the network quality and which actions were made in the call (screen sharing, muting, and camera permissions), for troubleshooting reasons.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

No one can access this information other than the professional, any third-party integrations that the professional has connected to Confrere (most commonly an electronic health record system), or Confrere engineers with security clearance. Their access to this data is secure and logged. We store this information in our database in AWS. Data is automatically deleted after a period of time determined by each individual Confrere organization. Our provider for BankID and NemID (Scandinavia only) is Criipto.

We retain this data for 3 months unless otherwise specified by the professional organization. Data retention can be set to as little as 1 day by the individual Confrere organization.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

Though we know that the calls you have joined have happened and with whom, we do not structure and save sets of data about visitors and their calls.

Payment details are handled by Stripe. In order to provide support, some Confrere employees have access to partial information about credit card transactions, and their access to this data is secure and logged. Transaction data is stored for 5 years.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a. The legal basis for the retention of transaction data is legal requirement, cf. GDPR art. 6 (1) item c.

In case you require technical support in connection with your call, we enable the chat tool Intercom. The information we collect about you for this purpose is not tied to your personal information given to the professional, so Confrere support personnel do not see your name or your telephone number. Scandinavian residents may be prompted to give their PIN to the professional, in which case the customer support personnel cannot see your PIN either.

They do, however, have access to your:

  • Media test results
  • Browser, browser version, and browser language
  • Country/city level location (or the location of your IP address)
  • URL you are currently on
  • Operating system
  • Support chat history if you have had previous support chat conversations with us

If you have previously given us your phone number, name, or email address in such a support chat, this might be contained within the support chat history.

The legal basis for the processing of all of the above is the performance of a contract, cf. GDPR art. 6 (1) item b.

Metadata such as this is automatically deleted after 9 months. We can also manually delete it at your request. Contact us to request deletion.

Signing up and using Confrere

If you create a trial account or sign up for one of our plans in order to offer video calls through Confrere, we collect and store data about you in various systems in order to deliver the service and help you use it.

For the system to function we need your:

  • Name
  • Organization or place of work
  • Email address

To alert you of new visitors, you may provide us with your phone number (optional).

For our contract, we need your:

  • Payment details
  • Industry
  • Signature

To help you with technical issues, you may reach out to us via email or via live chat. To be able to help you via live chat, we need your:

  • Browser, browser version, and language
  • Location
  • Operating system and device
  • Media test results
  • In-call events (screen sharing, muting, camera and microphone permissions)
  • Call and invitation history in Confrere
  • Support chat conversation history (in Intercom)

The legal basis for the processing of all of the above is the performance of a contract, cf. GDPR art. 6 (1) item b.

As a signed up user, we couple the personal information we have about you with the technical information above (unlike what we do with your visitors’ data). When you are logged in, our chat tool, Intercom, will let the support personnel know your name, your contact info, and which organization you belong to.

The legal basis for this processing is the performance of a contract, cf. GDPR art. 6 (1) item b.

As for payment details and information about your call history, this is restricted information that requires a Confrere engineer with database access to log into our database to see. This access is secure and logged. We store payment details in Stripe, and financial info pertaining to your paid Confrere plan in our accounting system, 24SevenOffice.

The legal basis for this processing is the performance of a contract, cf. GDPR art. 6 (1) item b.

We use a tool called Intercom to help you get started with Confrere by sending you messages about features and functionality, and updates when we launch new features.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

Criipto is our provider for BankID and NemID (Scandinavia only).

The legal basis for this processing is the performance of a contract, cf. GDPR art. 6 (1) item b.

Asking a question

If you interact directly with us through the chat on our site (“Intercom"), you will be given a reference number instead of a name (unless you already have a Confrere account). We will then start saving your conversation history. Intercom will ask you for a way to reach you if you message us at a time when support is not attended, and answering is optional. On some pages, you can also book a demo by leaving your email address in the chatbox. If you leave a phone number or email address at this point, that data will be associated with your conversation and confrere.com browsing history.

This lets us better help you by making us aware of what problems you have run into in the past, and what questions you have. If you request a demo, we use the information to get in touch with you to set up a time and date and nothing else.

The legal basis for this processing is the performance of a contract, cf. GDPR art. 6 (1) item b.

Just browsing

When you are a visitor to confrere.com we use Plausible (a privacy-first web analytics tool) to track your browsing. Plausible does not use cookies, anonymizes all data, and only provides an overview of our website statistics so that no individual visitor usage is tracked. Read more about how Plausible works.

We do not know who you are or have any personal information about you besides the above.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

If you fill out a form to order a guide or white paper, or if you attend a webinar or event, we receive an email with the info you gave us in the form. This may include your:

  • Name
  • Address
  • Place of work
  • Email address
  • Phone number

We use Google Docs and Typeform to collect signups and orders.
This information is not stored anywhere tied to your browsing or behavior mentioned above and is deleted after your order is sent or the event is over.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

Cookies and how to disable them

We use cookies to better understand those who visit our website, join a video call, and/or have a Confrere account so we may offer them a more tailored service. Cookies do things like remember your camera settings, prefill form fields and let you remain logged in.

Cookies are small files saved to your computer’s hard drive that track information about how you use and interact with a website. Some cookies are “session” cookies, which delete automatically when you leave Confrere. Others are “persistent” cookies which do not delete themselves and track your use of Confrere over time.

The legal basis for this processing is your consent, cf. GDPR art. 6 (1) item a.

We also use third party service providers who set cookies.
See “third parties” for an overview of cookies set by Confrere.

Most cookies can be disabled in your browser settings.

Third Parties: Who else has access to your data?

In order to make the tools we use for support, billing, and similar work as well as intended, it is often necessary to share some of your data with our third-party providers. We only share data when it is necessary, and we share as little as possible.
We have strict data processing agreements with all our providers and control how they handle data. So if you tell us to change or delete information, those changes will also be reflected in data they can access if these overlap.
If data is transferred or stored outside of the EU, we ensure that the transfer is in compliance with Applicable Data Protection Law and protected by standard contractual clauses (SCC).

Payment and billing

ServiceInformationWhy we use itWhere data is storedLegal basis
Stripe (for EEA residents)- Contact information
- Financial info
We handle payments to Confrere through StripeEUGDPR 6.1.b
Stripe (for USA residents)- Contact information
- Financial info
We handle payments to Confrere through StripeUSA (data is stored in the USA only if the customer resides there)GDPR 6.1.b
24SevenOffice- Contact information
- Place of work
- Organization number (in Norway)
We do invoicing through 24SevenOfficeEUGDPR 6.1.b

Support, communication, and marketing

ServiceInformationWhy we use itWhere data is storedLegal basis
IntercomContact informationWe use Intercom to onboard new users, send emails with tips and suggestions, and send feature announcement emails to our users.EUGDPR 6.1.b

Video calls

ServiceInformationWhy we use itWhere data is storedLegal basis
AWSEUGDPR 6.1.b
Sinch (for all non-USA phone numbers)- Contact informationIf you choose to send text messages through Confrere to any non-USA phone number.EUGDPR 6.1.b
Twilio (for USA phone numbers)- Contact informationIf you choose to send text messages through Confrere to a USA phone number.USA (data is stored in the USA for USA phone numbers only)GDPR 6.1.b

Statistics

ServiceInformationWhy we use itWhere data is storedLegal basis
PlausibleHow anonymized website visitors use ConfrereTo see how anonymous visitors move around our website confrere.com (but not the video calling platform). Stores no identifying data, and IP addressed are not collected.EUGDPR 6.1.b

Changing and Deleting Data: You have the right to change and delete your information

We have firmly established that we do collect data about you. However, your personal data remains your own and under your control, so you have the right to tell us how to handle it.

to request any changes in how we handle your data.

  • You have the right to know exactly what data we have collected about you.
    If requested, we will provide a full overview within four weeks.
  • You have the right to know who can access and alter your data.
  • You have the right to change and update your information if what we have is incorrect.
  • You have the right to move your data to another provider.
    If , we will provide you with all your information in a file format readable by other web services.
  • You have the right to be deleted and forgotten, with a small exception for billing and payment data, which we are lawfully required to keep. See our terms of service for more information on billing.
  • You have the right to complain to a government instance about how we use data.
    This complaint should be lodged with Datatilsynet in Norway. We would also appreciate it if you would so we can correct it.

We retain your contact data as long as we have an active customer relationship with you. If the customer relationship ends, we keep your contact data for another 90 days before we delete it from our systems, with the exception of invoices and transactions, that we are required to keep for 5 years.

The legal basis for the retention of transaction data is legal requirement, cf. GDPR art. 6 (1) item c.

Looking for the DPA (data processing agreement) or BAA (business associate agreement)?

Head on over to the Terms of service, where this is covered in greater depth.

Data Protection Officer: Svein Willassen
Confrere AS, Dovresvingen 6b, N-1184 OSLO
Email: svein@confrere.com

You made it!

We know this was long.

We hope you enjoy using Confrere! Since you actually read all this way, you can

, tweet us at @confrere_video, or send an email to hello@confrere.com saying “dinosaur”, and somebody from our team will draw you a dinosaur!