Privacy policy.

Hamdam.care is a product of Rahinex Technologies SMC Ltd, a software company registered in Pakistan. This privacy policy applies to hamdam.care, the Hamdam.care clinic dashboard, and the patient-facing WhatsApp interactions we operate on behalf of clinics who use our platform.

For privacy questions specifically about this service, contact privacy@hamdam.care.

We collect three categories of information.

Doctor and clinic information. Name, qualifications, schedule, consultation fees, PMDC registration number, clinic name, clinic address, billing contact, and official communications.

Patient information processed on behalf of clinics. Patient name, WhatsApp phone number, appointment details, messages exchanged with the clinic, and media (prescriptions, lab reports) shared via WhatsApp. We process this data only on the instructions of the clinic.

Technical data. IP address, browser user-agent, device category, pages viewed, and anonymised usage analytics across the Hamdam.care dashboard and hamdam.care marketing site.

We use information only for the following purposes.

WhatsApp communication management. Routing, replying to, and archiving WhatsApp conversations between patients and the clinic.

Appointment booking and reminders. Scheduling, confirming, and sending pre-visit reminders to patients on WhatsApp.

AI-powered automated responses. Our AI assistant reads message content to generate context-aware replies in English, Urdu, and Sindhi. The model is tuned per clinic.

System improvement and analytics. Aggregated, anonymised usage patterns help us debug, improve reliability, and plan new features.

Hamdam.care acts as a data processor. The clinic that subscribes to Hamdam.care is the data controller for patient information. We process patient data on behalf of the clinic, under its instructions, for the purposes described in this policy and the clinic's service agreement.

The clinic determines what patient data is collected, how long it is retained within the caps we publish, and how it is used. Clinics are responsible for obtaining valid patient consent where required by Pakistan law and by Meta's WhatsApp policies.

WhatsApp messages sent and received through Hamdam.care flow through Meta's WhatsApp Business Cloud API. Meta's own privacy policy applies to the WhatsApp infrastructure that carries those messages.

We do not sell WhatsApp message data. We do not share it with advertisers or data brokers. Our AI assistant processes message content at the time of reply to generate context-aware responses; a message summary is retained for audit purposes per the retention schedule in section 8.

Hamdam.care holds the whatsapp_business_messaging and whatsapp_business_management permissions granted by each clinic through Meta's Embedded Signup flow. These permissions are scoped to the clinic that authorises them and can be revoked at any time from the clinic's Meta Business settings.

We never sell your data. We share it only with:

Hosting and infrastructure providers. Cloud hosting providers for our web app, backend compute and AI, and database and storage — each under a written data processing agreement. A current list of named sub-processors is available on request.

WhatsApp / Meta. For message delivery via the WhatsApp Business Cloud API, as an inherent part of providing the service.

Legal authorities. If required by Pakistan law, a validly issued court order, or comparable legal process — and only the minimum information compelled by that request.

We protect data using industry-standard practices.

Encryption at rest and in transit. TLS 1.2+ for every network connection; AES-256 for data at rest.

Secure API access with authentication. JWT-based authentication, short-lived tokens, and mandatory re-auth for sensitive actions.

Role-based access controls. Clinic staff only see information required for their role — receptionist, doctor, owner, or admin.

Regular security audits. Internal reviews monthly, third-party review annually, and dependency vulnerability scans on every deploy.

Clinic data isolation. The Hamdam.care database is multi-tenant with Row-Level Security. Every row is scoped to a clinic; no clinic can ever read another clinic's data.

We retain each category of data for a fixed period.

Messages. 2 years.

Appointments. 5 years.

Patient media. 2 years.

Audit logs. 3 years.

Data is deleted sooner on verified user request, subject to legal and clinic retention obligations. Anonymised aggregates may be retained indefinitely.

You have the right to:

Access a copy of the personal data we hold about you.

Correct information that is inaccurate or incomplete.

Delete information, subject to legal and clinic retention obligations.

Withdraw consent for any processing that relies on consent.

Data portability. Receive a machine-readable export of your data.

Send requests to privacy@hamdam.care. We respond within 14 business days.

Privacy queries: privacy@hamdam.care

Support: support@hamdam.care

Rahinex Technologies SMC Ltd
Pakistan

Patient data for minors (under 18) is processed only with the consent of a parent or legal guardian. Clinics are responsible for obtaining this consent at registration and recording it in the patient file.

We apply the same retention, encryption, and access controls to minors' data as we do to adult patient data. Parents or guardians may exercise the rights listed in section 9 on behalf of a minor by contacting the clinic or writing to privacy@hamdam.care.

Hamdam.care does not knowingly market services directly to children. The Hamdam.care marketing site and dashboard are intended for healthcare providers and adult patients.