Last updated: February 2026
1. Commitment and Scope
SOHHTAK ("we" or "the Platform") is committed to protecting the personal data of patients, family representatives, and independent healthcare professionals. This policy covers all data collected through our mobile application, in-app communications, and verification processes. By using SOHHTAK, your personal data is processed in accordance with this policy and Lebanese Law No. 81/2018.
2. Data Controller
SOHHTAK acts as the Data Controller for personal data processed through the Platform, within the jurisdiction of the Republic of Lebanon. We act strictly as a technology intermediary to facilitate access to independent, verified healthcare professionals.
3. Categories of Personal Data Collected
SOHHTAK collects only the minimum data necessary to provide its services:
- Patient & Family Data: Full name, phone number, general location (Governorate and district; no precise GPS tracking), and booking details.
- Healthcare Professional Data: Full name, phone number, profile photo, National ID, and relevant professional license details.
- Sensitive Medical Data: This includes medical prescriptions, care instructions, and health-related information shared strictly for service delivery.
- External Communications: WhatsApp messages, phone calls, and other communications occurring outside the SOHHTAK platform are not stored, recorded, or monitored by SOHHTAK. These are private exchanges between users.
4. Purpose and Use of Data
Data is used solely to facilitate the following:
- Verification: Identity and professional license checks for healthcare professionals.
- Operations: Account creation, booking, and scheduling.
- Governance: Dispute handling, platform safety, and legal compliance.
Important: SOHHTAK does not use personal data for medical diagnosis or decision-making. SOHHTAK collects and processes only the minimum data necessary for these purposes.
5. Medical Data Privacy & Sharing
- Access Control: Medical prescriptions and health information are accessible only to the assigned healthcare professional for a specific booking and authorized compliance staff. Access is limited to the duration of the relevant booking and any legally required retention period.
- Third-Party Disclosure: We do not sell or rent data. Data is shared only with verified parties involved in a booking or legal authorities if required by law.
6. Data Security and Retention
- Security Measures: We use technical and organizational measures, including encryption for sensitive documents and secure servers with controlled access, to protect your data.
- Retention: Personal data is retained for up to 2 years after your last activity on the platform, or as required by Lebanese law for legal and accounting purposes. After this period, your data is securely deleted or anonymized.
Sensitive documents are not stored in publicly accessible locations or URLs.
7. User Rights
Under Law No. 81/2018, all users have the right to:
- Access and Correction: View and request updates to inaccurate data.
- Deletion: Request data removal by contacting privacy@sohhtak.com or through the in-app support. Upon receiving a valid request, SOHHTAK will delete your personal data within 30 days, subject to legal retention obligations.
- Withdraw Consent: Where processing is based on user consent.
SOHHTAK will respond to valid data requests within 30 days, in accordance with applicable law.
8. Contact and Governing Law
- Requests: For privacy inquiries, users may contact privacy@sohhtak.com or use official in-app support channels designated for privacy matters.
- Law: This policy is governed by the laws of the Republic of Lebanon.