DATA WE COLLECT (SUMMARY)
• Patients: full name, phone number, email address • Healthcare professionals: identity and credential verification documents • Sohhtak does NOT store medical records, medical prescriptions, or patient medical histories within the platform • Sohhtak does NOT store or monitor phone calls or WhatsApp messages
1. Commitment and Scope
SOHHTAK ("we" or "the Platform") is committed to protecting the personal data of patients, family representatives, and independent healthcare professionals. This policy covers all data collected through our mobile application and verification processes. By using SOHHTAK, your personal data is processed in accordance with this policy and Lebanese Law No. 81/2018.
2. Data Controller
SOHHTAK acts as the Data Controller for personal data processed through the Platform, within the jurisdiction of the Republic of Lebanon. We act strictly as a technology intermediary to facilitate access to independent, verified healthcare professionals.
3. Categories of Personal Data Collected
SOHHTAK collects only the minimum data necessary to provide its services:
- Patient Data: Full name, phone number, and email address. SOHHTAK does not collect patient addresses, GPS location, medical records, prescriptions, diagnostic reports, medical images, or payment information.
- Healthcare Professional Data: Healthcare professionals must provide verification documents including identification, professional license, diplomas, and curriculum vitae (CV). These documents are collected solely for credential verification and platform safety. They are not publicly displayed to patients and are stored securely.
- Booking Data: Service type, scheduled date and time, and booking status. No medical or clinical details are collected through the booking process.
4. Purpose and Use of Data
Data is used solely to facilitate the following:
- Verification: Identity and professional license checks for healthcare professionals.
- Operations: Account creation, booking, and scheduling.
- Governance: Dispute handling, platform safety, and legal compliance.
5. Communications
SOHHTAK does not provide in-app messaging between patients and healthcare professionals.
After booking confirmation, patients and healthcare professionals may communicate using external tools such as phone calls or WhatsApp. These communications occur outside the SOHHTAK platform and are not monitored, recorded, or stored by SOHHTAK.
Users share their contact details voluntarily for the purpose of coordinating healthcare services.
6. Data Sharing
- No Sale of Data: We do not sell or rent personal data to any third party.
- Limited Sharing: Data is shared only with verified parties directly involved in a booking (e.g., the assigned healthcare professional receives the patient name and phone number), or with legal authorities if required by law.
Data may be shared with secure infrastructure providers required to operate the platform (such as cloud hosting or authentication services). These providers only process data necessary for platform functionality and security.
7. Data Security and Retention
- Security Measures: We use technical and organizational measures, including encryption for sensitive documents and secure servers with controlled access, to protect your data.
- Retention: Personal data is retained for up to 2 years after your last activity on the platform, or as required by Lebanese law for legal and accounting purposes. After this period, your data is securely deleted or anonymized.
Verification documents are stored in Sohhtak-managed storage for credential verification and platform operations. They are not shown in patient-facing profiles.
8. User Rights
Under Law No. 81/2018, users with an account on the platform have the right to:
- Access and Correction: View and request updates to inaccurate data.
- Deletion: Eligible account holders can delete their account directly within the app. Once confirmed, the account is permanently deleted. A permanently deleted account cannot be restored or recreated with the same email address. Please use a different email address to create a new account.
- Deletion Processing: Personal data (such as name, phone number, and profile information) is anonymized immediately.
- Retention in Anonymized Form: For most users, limited data may be retained in anonymized form for operational continuity, including booking history, transaction records, and system logs and audit records. For verified healthcare providers, certain provider account or compliance records may also be retained where required for platform safety, operational continuity, fraud prevention, or legal compliance. User identifiers are removed or anonymized wherever applicable so this data no longer allows identification of the user.
- Legal Retention: Financial and accounting records may be retained as required by applicable laws.
- Deletion Assistance: If the user cannot access their account, they may contact support@sohhtak.com to request deletion assistance. Account deletion is irreversible, and the same email address cannot be reused to create a new account.
- Withdraw Consent: Where processing is based on user consent.
When an account is deleted, booking history is retained in anonymized form and user identifiers are removed or anonymized. For verified healthcare providers, uploaded verification documents including ID, CV, and professional certificates are permanently deleted from our systems. Notifications associated with the account are permanently deleted.
To delete your account, visit our account deletion page.
SOHHTAK will respond to valid privacy requests in accordance with applicable law.
9. Contact and Governing Law
- Requests: For privacy inquiries, users may contact privacy@sohhtak.com. If a user cannot access their account and needs deletion assistance, they may contact support@sohhtak.com or use official in-app support channels.
- Law: This policy is governed by the laws of the Republic of Lebanon.