Sehat Sahoolat
LegalPowered by Sehat AI

Privacy Policy

Your data belongs to you. We treat it that way — encrypted, time-boxed access, and never sold or shared.

Back to homeRead our terms

What we collect

Only the data we need to give you safe, continuous care.

When you register we collect: your name, email, phone, date of birth, gender, and a photo. As you build your Electronic Medical Record, you may add medical history, current medications, vital signs, lab reports, imaging, vaccinations, allergies, and family history.

During consultations we record video / audio with your explicit, per-session consent so the AI Scribe can draft your clinical note. The raw recording is discarded once the note is signed; only the structured note persists.

How we use it

Care first. Operations second. Nothing else.

Your personal and healthcare data is used to: deliver consultations with your chosen clinicians, maintain a longitudinal Electronic Medical Record across your family, send appointment / prescription reminders, comply with our legal obligations, and continuously improve patient safety (using only de-identified, aggregated data).

We do not sell, rent, or trade your data. We never use your data to train any model that is shared outside Sehat Sahoolat.

Who can see it

A short, audited list never anyone else.

Treating clinicians can access only the parts of your EMR relevant to a confirmed upcoming appointment, for a time-boxed window before, during, and shortly after the consultation. Every access is logged in an audit trail you can review at any time from your profile.

Our engineering team can access aggregated, de-identified data only. Individual patient records are accessible to a strictly limited subset of named personnel, exclusively to investigate user-reported incidents and only under formal access-control procedures.

Storage & security

Encrypted at rest. Encrypted in transit. Regional residency by default.

All data is encrypted at rest using AES-256 and in transit using TLS 1.2+. Database backups are encrypted and stored in a separate region.

We follow the principle of least privilege for all system access; production access requires hardware-key MFA, and every privileged action is logged. We regularly conduct security audits and penetration tests.

Your rights

Access, export, correction, deletion at any time.

You can download your full EMR as a PDF (with QR verification) at any time. You can correct any of your own data inline, or request human review for clinician-authored notes. You can ask us to delete your account — we will remove your data within 30 days (some regulatory records, e.g., dispensed prescriptions, may be retained as required by Pakistani law).

Contact support@sehatsahoolat.com to exercise any of these rights. Our Data Protection Officer responds within one business day.

Want a copy of your records?

You can export your EMR as PDF in two taps — anytime, free, forever.

Sign upTalk to our DPO