Privacy Policy

Introduction

Altabib ("we", "us", or "our"), operated by alkhazerpharmac, operates a medical appointment booking and management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

Information We Collect

Personal Information

• Account Information: name, email address, phone number, date of birth, gender
• Medical Information: medical history, allergies, current medications, chronic conditions (stored securely)
• Appointment Data: appointment dates, times, visit reasons, physician notes
• Payment Information: processed through secure third-party payment processors (we do not store card details)
• Identity Verification: government-issued ID images for physician and staff accounts

Automatically Collected Information

• Device Information: device type, operating system, unique device identifiers
• Usage Data: app features accessed, pages viewed, time spent in app
• Location Data: approximate location (when permission granted) to find nearby clinics
• Notifications: push notification tokens for appointment reminders

Health Information

We collect and store protected health information (PHI) including:

• Medical history and conditions
• Prescriptions and medications
• Lab test orders and results
• Physician visit notes
• Uploaded medical documents and images

How We Use Your Information

• Appointment Facilitation: booking, managing, and confirming medical appointments
• Health Communication: enabling communication between patients, physicians, and staff
• Medical Records: maintaining your health records and appointment history
• Notifications: sending appointment reminders and important updates
• Service Improvement: analyzing usage patterns to improve app functionality
• Security: detecting and preventing fraud or unauthorized access
• Compliance: meeting legal and regulatory requirements

Information Sharing and Disclosure

We do not sell your personal information. Your health data is never shared with third-party brokers, never used for ad-tracking networks, and never used for behavioral telemetry mining. We share information only in these circumstances:

With Healthcare Providers

• Physicians and staff assigned to you can access medical information necessary for treatment
• Clinic administrators can view appointment and scheduling data

With Service Providers

• Firebase / Google Cloud: database hosting and authentication
• Cloud Storage: secure storage of medical documents
• Notification Services: push notification delivery
• Payment Processors: secure payment processing (where applicable)

Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect rights, safety, and security.

Data Security

We implement industry-standard security measures:

• Encryption: all data in transit uses SSL/TLS encryption
• Firebase Security Rules: strict access controls on the database — patient records are segregated and accessible only to the patient and their authorized practitioners
• Authentication: multi-factor authentication for sensitive accounts
• Role-Based Access: users only access data required for their role
• Regular Audits: periodic security assessments

However: no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your Rights and Choices

Access and Update

• View and update your personal information in app settings
• Request a copy of your data by contacting us

Account Deletion

• Delete your account through the app settings (Profile → Delete Account), or via our account deletion request page
• Deletion permanently removes your authentication account and all linked personal health records
• We retain certain information only where required by law

Opt-Out

• Notifications: disable push notifications in device settings
• Location: revoke location permission in device settings

Data Portability

• Request your data in a portable format

Children's Privacy

Tabiby is not intended for children under 13. We do not knowingly collect information from children under 13. Parents/guardians must create accounts on behalf of minors.

International Data Transfers

Your information may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place.

Data Retention

We retain your information:

• Active Accounts: for the duration of your account
• Medical Records: as required by healthcare regulations (typically 7–10 years)
• Deleted Accounts: anonymized data may be retained for analytics

Changes to This Privacy Policy

We may update this policy periodically. We will notify you of significant changes through:

• In-app notifications
• Email notifications
• Updating the "Last Updated" date

Compliance

Tabiby complies with:

• General Data Protection Regulation (GDPR) where applicable
• California Consumer Privacy Act (CCPA) where applicable
• Health Insurance Portability and Accountability Act (HIPAA) principles
• Local health data protection regulations

Consent

By using Tabiby, you consent to this Privacy Policy and our collection and use of information as described.