Privacy Policy

We collect account information such as name, email address, username, phone number, NIC or passport details, date of birth, gender, city, country, and role-specific professional or organization details.

We process health-related information such as appointments, medical records, prescriptions, clinical notes, uploaded documents, allergies, chronic disease details, and other records entered by authorized users.

We use data to create and verify accounts, provide healthcare portals, manage records and appointments, support doctor-patient and medical-center associations, support pharmacy access to prescriptions, and protect platform security.

Processing is intended to be transparent, purpose-limited, accurate, retained only as needed, and protected with appropriate safeguards, in line with Sri Lanka Personal Data Protection Act principles.

Information may be visible to users and organizations connected through the platform, such as patients, doctors, medical centers, pharmacies, and administrators, based on role and workflow permissions.

We may share information when required for service delivery, security, support, legal obligations, or where the user has authorized a healthcare relationship or invitation flow.

Users may request access, correction, completion, deletion, restriction, or withdrawal of consent where applicable under law and platform obligations.

Privacy requests should be sent to privacy@hcare.example. Some requests may be limited by medical-record retention duties, clinical safety, legal obligations, or operational requirements.

We use administrative, technical, and operational safeguards to protect personal and health information against unauthorized access, loss, misuse, and disclosure.

Records are retained only for operational, clinical, legal, security, and audit purposes, and retention periods should be confirmed by legal and clinical governance before production use.