At iShifa, operated by Priyo Health Inc. ("iShifa," "we," "us," or "our"), your health is personal — and so is your data. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to our website, the Patient Portal, the Doctor Portal, and any related services (collectively, the "Services").
By using the Services, you agree to the practices described here. If you do not agree, please do not use the Services.
1. Information We Collect
Information you provide
- Account details — name, email address, phone number, password, and role (patient, doctor, or health worker).
- Profile details — for patients, your iShifa Health ID, date of birth, gender, and emergency contacts; for doctors, your BMDC registration number, specialization, and professional credentials.
- Health records — prescriptions, lab results, imaging, consultation notes, and documents you or your provider upload.
- Communications — messages, support requests, and feedback you send us.
Information we collect automatically
- Usage data — pages visited, features used, and actions taken within the Services.
- Device & technical data — IP address, browser type, device identifiers, and log files.
- Cookies — small files that keep you signed in and help us improve the Services. You can control cookies through your browser settings.
2. How We Use Your Information
- To provide, maintain, and secure your account and health records.
- To connect patients with verified doctors and enable consultations.
- To power AI-assisted diagnostic support — note that AI output is informational and never replaces professional medical judgment.
- To send appointment, prescription, and account notifications by email or SMS.
- To detect, prevent, and respond to fraud, abuse, and security incidents.
- To comply with legal obligations and improve the Services.
3. How We Share Your Information
We do not sell your personal or health information. We share it only as described below:
- With your care team — doctors and health workers you choose to share records with, or who are involved in your care.
- With service providers — vetted partners that host infrastructure, deliver messages, or process payments on our behalf, bound by confidentiality obligations.
- For legal reasons — when required by law, court order, or to protect the rights, safety, and security of users and the public.
- Business transfers — in connection with a merger, acquisition, or sale of assets, with notice to you where required.
4. Data Security
We protect your data with encryption in transit and at rest, role-based access controls, audit logging, and regular security reviews. No system is perfectly secure, but we work continuously to safeguard your information and will notify you of a breach as required by law.
5. Data Retention
We retain your information for as long as your account is active or as needed to provide the Services, comply with legal and regulatory obligations, resolve disputes, and enforce our agreements. Health records may be retained for periods required by applicable medical record-keeping laws.
6. Your Rights & Choices
- Access, correct, or download your personal and health information.
- Request deletion of your account, subject to legal retention requirements.
- Manage notification preferences in your account settings.
- Withdraw consent for optional data uses at any time.
To exercise any of these rights, contact us at privacy@ishifa.com.
7. Children's Privacy
The Services are not directed to children under 13. A parent or legal guardian may manage health records on behalf of a minor in their care, consistent with applicable law.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the revised version here and update the "Last updated" date. Material changes will be communicated through the Services or by email.
9. Contact Us
Questions about this policy or your data? Reach our privacy team at privacy@ishifa.com.