Privacy and cookie policy

Clinic data needs careful boundaries before automation goes live.

This page explains the current RODOWEB audit flow and the decisions that must be confirmed before connecting calendars, CRMs, SMS, email automation, patient intake, or staff dashboards.

Current audit flow

The "Send audit request" button first submits business/workflow audit details to the RODOWEB OS public endpoint at /api/public/events, running on the RODOWEB VPS and storing data in the RODOWEB PostgreSQL database. If that self-hosted endpoint is unavailable, the form may use FormSubmit.co as an email fallback to info@rodoweb.com. If a visitor accepts marketing follow-up in cookie choices and later enters a valid email address in the audit form, the site may send RODOWEB OS a separate follow-up consent notice even before the full audit request is submitted. These forms do not create a patient intake record or a RODOWEB clinical database.

RODOWEB acts as the controller for business/workflow audit leads submitted through this site. RODOWEB OS is the self-hosted primary intake and tracking system; FormSubmit is used only as a fallback form-forwarding provider/processor if the primary path is unavailable.

FormSubmit may temporarily process and retain submitted form data only when the fallback path is used. RODOWEB should review any external provider terms and processor obligations before scaling paid traffic or connecting CRM automations.

RODOWEB keeps audit leads and marketing-consent records for up to 12 months after the last contact unless deletion is requested earlier, consent is withdrawn earlier, or a signed client relationship requires a different retention setup.

Visitors should not include patient names, health information, treatment history, prescriptions, photos, clinical notes, or any other medical details in the audit request.

Information requested by the forms

Clinic name
Website URL
Contact email
Clinic/service type
Estimated monthly lead volume
Biggest operational booking problem
Package interest when selected from the pricing section
Marketing follow-up consent and email address when a visitor accepts marketing follow-up and enters an email in the audit form

Accepting only required cookies does not subscribe a visitor to emails and does not give RODOWEB an email address. RODOWEB may save an email for marketing follow-up only when a visitor has accepted marketing follow-up in cookie choices and then manually enters a valid email address in the audit form. If a visitor declines optional choices or turns marketing follow-up off, an unfinished audit-form email is not sent as a separate marketing consent.

Marketing follow-up consent is used for private contact about a clinic booking-system audit. Visitors can withdraw consent or request deletion by contacting `info@rodoweb.com`.

AI and medical boundary

RODOWEB systems do not diagnose, prescribe, or replace medical staff. AI is used for intake, education, routing, reminders, and approved clinic communication only.

Any real patient intake, clinical eligibility review, treatment discussion, prescribing decision, or medical record handling must remain under the clinic's own licensed staff, policies, and approved tools.

Before real automation is connected

RODOWEB operates from a Latvia/EU baseline for this v1 website. Before any real client automation goes live, the founder and clinic must confirm data storage location, access controls, consent wording, processor agreements, analytics setup, and whether any health-related data is collected at all.

RODOWEB should not connect a real intake workflow for patient or medical information until privacy, GDPR, and clinic-specific compliance requirements have been reviewed.

Cookie policy

The current site uses first-party preference cookies named `rodoweb_cookie_choice`, `rodoweb_cookie_analytics`, and `rodoweb_cookie_marketing` to remember the visitor's choices. These preference cookies do not identify clinic visitors and are not used for advertising.

If optional analytics cookies are accepted, the site sends first-party funnel events to the RODOWEB OS public endpoint, such as page visits, audit CTA clicks, audit-form starts, and package-interest clicks. These analytics events do not include email addresses, clinic names, website URLs, business problems, or form-field answers.

Cookie acceptance alone does not give RODOWEB an email address. RODOWEB receives an email address for marketing follow-up only when the visitor has accepted marketing follow-up and then manually enters a valid email address in the audit form.

After saving a choice, visitors can reopen the cookie choices panel from the small button on the site and change optional analytics or marketing consent.

RODOWEB should not add third-party analytics, retargeting, chat widgets, pixels, or third-party marketing cookies until the founder chooses a compliant setup and this policy is updated.

Founder review needed

RODOWEB OS public endpoint monitoring and FormSubmit fallback review
Email/SMS provider
CRM or booking-calendar provider
Consent and privacy wording
Any client-specific retention change beyond the 12-month audit-lead default
GDPR processor agreements

Recommended default

Keep public audit requests limited to business contact and workflow information. Do not collect patient-level medical data through the website unless a proper secure intake provider and compliance process are chosen.

Contact

For privacy or data-handling questions, contact `info@rodoweb.com`.

Back to audit form