Privacy policy.

Hamdam.care is a product of Rahinex Technologies SMC Ltd, a software company registered and headquartered in Hyderabad, Sindh, Pakistan. This privacy policy applies to hamdam.care, the Hamdam.care clinic dashboard, and the patient-facing WhatsApp interactions we operate on behalf of clinics who use our platform.

For privacy questions specifically about this service, contact privacy@hamdam.care.

We collect three categories of information.

Doctor and clinic information. Name, qualifications, schedule, consultation fees, PMDC registration number, clinic name, clinic address, billing contact, and official communications.

Patient information processed on behalf of clinics. Patient name, WhatsApp phone number, appointment details, messages exchanged with the clinic, and media (prescriptions, lab reports) shared via WhatsApp. We process this data only on the instructions of the clinic.

Technical data. IP address, browser user-agent, device category, pages viewed, and anonymised usage analytics across the Hamdam dashboard and hamdam.care.

We use information only for the following purposes.

WhatsApp communication management. Routing, replying to, and archiving WhatsApp conversations between patients and the clinic.

Appointment booking and reminders. Scheduling, confirming, and sending pre-visit reminders to patients on WhatsApp.

AI-powered automated responses. Our AI assistant reads message content to generate context-aware replies in English, Urdu, Sindhi, and Roman Urdu. The model is tuned per clinic.

System improvement and analytics. Aggregated, anonymised usage patterns help us debug, improve reliability, and plan new features.

Hamdam.care acts as a data processor. The clinic that subscribes to Hamdam.care is the data controller for patient information. We process patient data on behalf of the clinic, under its instructions, for the purposes described in this policy and the clinic's service agreement.

The clinic determines what patient data is collected, how long it is retained within the caps we publish, and how it is used. Clinics are responsible for obtaining valid patient consent where required by Pakistan law and by Meta's WhatsApp policies.

WhatsApp messages sent and received through Hamdam.care flow through Meta's WhatsApp Business Cloud API. Meta's own privacy policy applies to the WhatsApp infrastructure that carries those messages.

We do not sell WhatsApp message data. We do not share it with advertisers or data brokers. Our AI assistant processes message content at the time of reply to generate context-aware responses; a message summary is retained for audit purposes per the retention schedule in section 8.

We never sell your data. We share it only with:

Hosting and infrastructure providers. Vercel (web hosting), Google Cloud (backend compute and AI), and Supabase (database and storage) — each under a written data processing agreement.

WhatsApp / Meta. For message delivery via the WhatsApp Business Cloud API, as an inherent part of providing the service.

Legal authorities. If required by Pakistan law, a validly issued court order, or comparable legal process — and only the minimum information compelled by that request.

We protect data using industry-standard practices.

Encryption at rest and in transit. TLS 1.2+ for every network connection; AES-256 for data at rest.

Secure API access with authentication. JWT-based authentication, short-lived tokens, and mandatory re-auth for sensitive actions.

Role-based access controls. Clinic staff only see information required for their role — receptionist, doctor, owner, or admin.

Regular security audits. Internal reviews monthly, third-party review annually, and dependency vulnerability scans on every deploy.

Clinic data isolation. The Hamdam.care database is multi-tenant with Row-Level Security. Every row is scoped to a clinic; no clinic can ever read another clinic's data.

We retain each category of data for a fixed period.

Messages. 2 years.

Appointments. 5 years.

Patient media. 2 years.

Audit logs. 3 years.

Data is deleted sooner on verified user request, subject to legal and clinic retention obligations. Anonymised aggregates may be retained indefinitely.

You have the right to:

Access a copy of the personal data we hold about you.

Correct information that is inaccurate or incomplete.

Delete information, subject to legal and clinic retention obligations.

Withdraw consent for any processing that relies on consent.

Data portability. Receive a machine-readable export of your data.

Send requests to privacy@hamdam.care. We respond within 14 business days.

Privacy queries: privacy@hamdam.care

Support: support@hamdam.care

Rahinex Technologies SMC Ltd
Hyderabad, Sindh, Pakistan