Privacy Policy

1. Introduction

Sehat Doc ("we", "us", or "our") is committed to protecting the privacy and security of your personal and clinical data. This Privacy Policy outlines how we collect, use, store, and protect information within the Sehat Doc platform.

Our operations are designed to comply with highest global healthcare data standards and the relevant digital privacy regulations of Pakistan. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

We collect information to provide and improve the Service, manage your subscription, and ensure clinical accuracy. The categories of information collected include:

3. Purpose of Processing

We process your data for the following legitimate professional purposes:

• To maintain a functional electronic medical record (EMR) system for your clinic.
• To facilitate appointment bookings and patient flow management.
• To send automated SMS reminders and notifications to patients on your behalf.
• To generate financial and clinical analytics reports for your internal clinic use.
• To verify the professional standing of practitioners using the platform.
• To provide technical support and resolve platform issues.

4. Data Security & Storage

We implement robust technical and organizational measures to safeguard your data against unauthorized access, loss, or alteration.

• Encryption: All data is encrypted in transit using Transport Layer Security (TLS 1.2+) and at rest using AES-256 encryption.
• Access Controls: We enforce strict role-based access controls (RBAC) within the application, ensuring that receptionists and doctors only see data permitted by their roles.
• Secure Hosting: Our databases are hosted in world-class, ISO 27001 certified cloud environments (such as Amazon Web Services or Google Cloud Platform).
• Backups: Automated daily backups are maintained to ensure data recovery in the event of local failures.

5. Data Sharing & Third Parties

Non-Disclosure Guarantee: We do not sell, rent, or trade your clinical data, financial records, or patient lists to any third-party marketing or pharmaceutical companies.

Mandatory Disclosure: We may disclose data only under the following limited circumstances:

• Legal Warrants: When required by a valid legal order or warrant issued by a competent court in Pakistan or official law enforcement authorities (e.g., FIA Cybercrime Wing).
• Service Providers: Sharing limited metadata with trusted infrastructure partners (e.g., SMS gateway providers) who are contractually bound to maintain confidentiality.

6. Data Retention and Deletion

We retain your data for the duration of your active subscription.

• Account Cancellation: If you cancel your subscription, your data will be archived for a period of thirty (30) days to allow for final records export.
• Permanent Deletion: After the grace period, all data associated with the clinic will be permanently purged from our primary servers, unless legal or regulatory requirements necessitate longer retention.

7. Your Rights

As a User, you have the right to:

1. Access and export your full dataset at any time in digital formats (CSV/PDF).
2. Correct any inaccuracies in your professional or clinic information.
3. Request the permanent closure of your account and deletion of your data.
4. Configure and manage data access permissions for your staff members.

8. Consent and Medical Ethics

By using Sehat Doc to store patient data, you confirm that you have obtained the necessary verbal or written consent from your patients to store their medical identifiers in a digital format as per the standards of your respective Healthcare Commission.

9. Policy Updates

We may update this Privacy Policy to reflect technical or legal changes. Significant changes will be notified to the primary account holder via email. Your continued use of the الخدمة following such updates constitutes acceptance of the revised policy.