How we handle your data.

• Account data — name, mobile number, email, hashed password, city.
• Health profile data — blood type, conditions, allergies, current medications, emergency contact. Optional, but useful.
• Activity data — bookings, consultations, prescriptions, orders, ambulance requests, messages.
• Device and network data — IP address, device model, app version, operating system. Used for security and performance.
• Payment data — handled by our payment processors (CMI, PayPal). We don't store card numbers ourselves.

To provide the service: signing you in, connecting you with a doctor or pharmacist, dispatching an ambulance, tracking a delivery. For security: detecting brute-force attempts, abuse, suspicious sign-ins. For improvement: aggregated usage patterns help us decide what to fix or build next.

If you choose to upload a prescription to be parsed by AI, that is a separate, explicit consent — recorded with timestamp in your account. You can withdraw it at any time. Pharmacist review still happens manually, with or without AI parsing.

• Doctors, pharmacists, ambulance and delivery providers — only the data needed to deliver the service you requested.
• Payment processors — to process payments.
• Infrastructure providers — AWS (storage), ZegoCloud (video), FCM (push), under contracts that respect the same protections.
• We do not share data with advertisers. We do not sell data.

Account data — for as long as your account exists, plus a short retention period required by Moroccan law. Medical records — retained per Moroccan medical regulations. You can request deletion of your account at any time; some records may be retained for legal compliance, with everything else fully erased.

We use TLS 1.3 in transit, bcrypt for passwords, short-lived access tokens with refresh, and rate-limited authentication endpoints. Read the Security note for the full set of choices.

• Access — request a copy of your data.
• Correction — fix anything inaccurate.
• Deletion — close your account and erase data, subject to legal retention requirements.
• Portability — export your medical records in a portable format.
• Withdrawal of consent — for the AI-parsing feature, or marketing emails.

Write to privacy@sanpha.ma. If you're not satisfied with our response, you can complain to the CNDP (Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel).