Trust and protection
Security, privacy and data protection
What we collect, where we store it, who we share it with and what you can request. We comply with GDPR and treat health data with the heightened care the category demands.
- Encryption
- TLS 1.3 + at-rest
- Hosting
- EU
- Log retention
- 12 months
- DPO
- privacy@
Data we collect
Form leads
Name, email, phone, city, treatment and optional message. Forwarded only to the clinics you select.
Aggregate analytics
Traffic, device and source. No personal identifiers when non-essential cookies are rejected.
Verified reviews
Optional patient identification, validated before publication.
GDPR rights
Access
Machine-readable copy of your data.
Rectification
Correction of inaccurate data.
Erasure
Deleted within 30 days of formal request.
Objection and portability
Available anytime via privacy@clinicadefertilidade.pt.
Technical security
TLS 1.3
End-to-end encrypted traffic.
At-rest encryption
Lead data encrypted in the EU database.
Cloudflare WAF
Malicious traffic filtering and rate limiting.
Honeypots
Bot protection without invasive CAPTCHA.
Breach notification
If a personal-data breach occurs, we notify the supervisory authority within 72 hours and contact affected users directly. A public post-mortem is published on this page.
Related editorial pages
Editorial transparency
Frequently asked questions
How is my form data stored?
+
Submitted leads are stored encrypted at rest in the EU and forwarded only to the clinics you select. Logs are retained 12 months.
Is the site GDPR-compliant?
+
Yes. Data subject requests go through privacy@clinicadefertilidade.pt and are handled within 30 days.
Do you sell data?
+
Never. We only forward leads to clinics with the user's explicit consent on the form.
Are payments processed on-site?
+
We don't process payments — all transactions happen with the clinic of your choice.
Is the site protected against bots?
+
Yes — Cloudflare WAF, rate limiting on forms, and silent honeypots. We don't deploy invasive CAPTCHAs.
What if there is a breach?
+
We notify affected users within 72 hours and publish a public post-mortem on /security.