Skip to main contentDownload App

California and Colorado Privacy Notice

Effective Date: December 22, 2023

This privacy notice applies only to California or Colorado residents. It describes how Doximity collects, uses and shares Personal Information of California and Colorado residents in connection with their use of the Service and their rights with respect to that Personal Information. For purposes of this notice, “Personal Information” has the meanings specified in the California Consumer Privacy Act of 2018 (“CCPA”) and California Privacy Rights Act of 2023 (“CPRA”), respectively, and exclude information exempted from the scope of the CCPA, CPRA, and the Colorado Privacy Act of 2023 (“CPA”), including protected health information subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This notice is intended to supplement, and should be read in conjunction with, our Privacy Policy.

  • Categories of Personal Information we collect and may share for business and commercial purposes. The following is a list of all categories of Personal Information specified in Section 1798.140(o) of the CCPA that Doximity has collected from California and Colorado residents in the twelve (12) months prior to the Effective Date, together with (1) examples of the types of Personal Information we collect within that category, and (2) the categories of sources from which we collect such Personal Information:
    • Identifiers: (1) examples of what we collect: name, username/password, email address, office and/or home address, office and/or personal phone numbers, ethnicity, voluntary video recordings, and other similar identifiers; (2) sources: you, third parties including public sources, service providers, publications, commercial clients
    • Commercial Information: (1) examples of what we collect: records of your purchases of our services, prescribing history and claims data; (2) sources: you, third parties including service providers, commercial clients
    • Online Identifiers: (1) examples of what we collect: cookies, device identifiers, IP addresses; (2) sources: you
    • Internet or Network Information: (1) examples of what we collect: browsing history, record of your browsing session, search history, and information about your interaction with our websites, applications and advertisements (collectively, “Interaction Data”); (2) sources: you
    • Geolocation Data: (1) examples of what we collect: city, state, and zip code; (2) sources: you (directly and indirectly from your IP address)
    • Inferences: (1) examples of what we collect: inferred preferences, interests, characteristics, abilities, and attitudes; (2) sources: you
    • Professional Employment Information: (1) examples of what we collect: current and past employment; (2) sources: you and third parties including business partners, service providers, commercial clients, employers, public sources, publications
    • Protected Classification Characteristics: (1) examples of what we collect: age and sex (we may not intentionally collect this information, but it may be revealed by other information we collect, e.g., photo, year of graduation, affiliations, etc.); (2) sources: you and third parties including business partners, employers, service providers, public sources
    • Physical Description: (1) examples of what we collect: physical description apparent from a photo; (2) sources: you, employers, public sources, business partners
    • Communications: (1) examples of what we collect: contents of faxes and messages exchanged through the Service; (2) sources: you and other users of the Service

      You can learn more about our Personal Information sources, the business or commercial purposes for which we collect your Personal Information, and the categories of third parties with whom we share your Personal Information in our Privacy Policy.
  • Data Retention
    • We will store Personal Information included in your Member Profile (defined below) for at least the period reasonably necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law. If you ask us to delete specific personal information from your Member Profile Personal Information (see ‘Your California and Colorado privacy rights’ below), we will honor this request unless deleting that information prevents us from carrying out necessary business functions, such as providing you the Services. For purposes of this Notice, “Member Profile" means a profile of a particular Doximity member that we generate using Personal Information collected about the member and Personal Information that you may add to your Member Profile, as described in our Privacy Policy. A member's public Doximity profile is one component of their Member Profile.
    • Contents of faxes are stored for up to seven years, but you have the option within your account settings to configure storage for one, three, or seven years.
    • Contents of text messages to patients are stored for up to seven days.
    • Interaction Data are stored for up to seven years.
    • Patient phone numbers and call logs (e.g. the fact that you made a call to a patient, date and time of that call, and duration) are stored for up to seven years.
  • Your California and Colorado privacy rights. California and Colorado residents have the rights listed below. However, these rights are not absolute and exceptions apply, so in certain cases we may decline your request as permitted by law.
    • Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
      • The categories of Personal Information that we have collected
      • The categories of sources from which we collected Personal Information
      • The business or commercial purpose for collecting and/or selling Personal Information
      • The categories of third parties with whom we share Personal Information.
      • Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient
      • Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient
    • Access. You can request a copy of the Personal Information that we have collected about you since January 1, 2022.
    • Deletion. You can ask us to delete the Personal Information that we have collected from you.
    • Opt-out of sales or sharing. If we sell or share (as defined in the CPRA) your Personal Information relating to the “Categories of Personal Information we collect and may share for business and commercial purposes” section above, you may opt-out.
    • Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying you services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
    • Correction. You can correct your own Personal Information displayed on your public profile and your Private Profile Information. You can also ask us to correct Personal Information that we have collected from you.
  • How to exercise your rights
    If you are a California or Colorado resident, you may exercise your California and Colorado privacy rights described above, subject to certain exceptions, as follows:
    • You can request to exercise your information, access and deletion rights by contacting us via your account at privacy@doximity.com. We will verify your request using information associated with your Doximity account. Government or other identification may be required. You may designate an authorized agent to make a request on your behalf, in which event we will require a valid power of attorney and the authorized agent’s government issued identification, and we may verify the authenticity of the request directly with you. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. Also, if we are unable to verify your identity or authority, we may not be able to fulfill your request. We do not keep sufficient information to enable us to readily link an identified individual with information collected from such individual in connection with a prior visit to the Service unless the individual accessed the Service as a logged-in member.
    • Note that we may deny your deletion request if retaining your information is necessary for us or our service providers to:
      • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
      • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
      • Debug products to identify and repair errors that impair existing intended functionality.
      • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
      • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
      • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
      • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
      • Comply with a legal obligation
      • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
    • Also, the CCPA temporarily exempts personal information reflecting a written or verbal business-to-business communication from some of its requirements, including access and deletion rights.
    • Response times and format. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
    • Right to opt-out of the "sale" of your Personal Information. Like many providers of free online resources, Doximity relies on advertising revenue to support the operation and development of our websites, apps, and the associated services that we offer our members for free, including editorial content, communication tools, and professional networking and employment opportunities. Also, like some other providers of online commercial resources intended for use by healthcare professionals, we may report to our commercial clients if and how specific Doximity members engaged with their advertising content displayed on the Doximity platform, as described in our Privacy Policy. These reporting activities have involved the sharing of your name, zip code, and ad engagement information during the twelve (12) months prior to the Effective Date. Based on our current understanding of the CCPA, these reporting activities may constitute a "sale" of Personal Information. California residents can request to opt-out of such sales by sending a request to privacy@doximity.com or by submitting a request through our CPRA and CPA Opt-Out Request Form. We will send a message to your Doximity account asking that you verify your request. Please note that we do not provide advertisers with our members' personal contact information or information about non-member visitors.
  • Changes to this Privacy Notice. Doximity reserves the right to modify this notice at any time in our sole discretion as described in our Privacy Policy
  • Contact Information. If you have any questions about this notice or Doximity’s privacy practices, or wish to exercise your rights under California or Colorado law, please do not hesitate to contact us at:
    Email: privacy@doximity.com
    Postal Address:
    Doximity, Inc.
    500 3rd Street, Suite 510
    San Francisco, CA 94107
    Attn: Legal Department