Privacy Policy

1. Scope

This Policy applies to patients, healthcare providers, organization administrators, and visitors who use the Tenaye website, web portal, or mobile applications. It does not cover the privacy practices of independent clinicians once data is delivered to them in their professional capacity, or third-party websites and services we do not control.

2. Information We Collect

We collect the following categories of information depending on how you use the Service:

• Account information: name, email, phone number, date of birth, preferred language, profile photo, and (where required) identity-verification documents.
• Health information (patients): medical history, symptoms, medications, allergies, prescriptions, lab results, consultation notes, and other clinical data you or your clinician provides.
• Professional information (providers): medical license, specialty, education, experience, professional credentials, availability schedule, and clinical notes you author.
• Organizational information (administrators): contact details, role, and limited information about the organization's sponsored members necessary to administer the relationship.
• Payment information: billing details and transaction records. Full card numbers are processed and stored by our payment-processing partners — not by Tenaye.
• Communications: messages with clinicians and support, plus records of consultations you consent to record.
• Device and technical data: IP address, device type, operating system, app version, browser, log timestamps, and crash diagnostics.
• Location: approximate location derived from IP, plus precise location only when you explicitly enable a feature that requires it.

3. How We Collect Information

We collect information directly from you when you create an account, complete profile fields, schedule a consultation, message a clinician, or contact support. We collect information automatically when you interact with the Service. We may receive information from clinicians (e.g., consultation notes), from organizations that sponsor your account, and from third parties such as payment processors and identity-verification providers.

4. How We Use Information

We use information to:

• Operate the Service and connect patients with culturally-competent clinicians;
• Verify identity and professional credentials;
• Process payments, subscriptions, and provider/organization payouts;
• Send appointment reminders, OTPs, security alerts, and important service notices;
• Detect and prevent fraud, abuse, and security incidents;
• Comply with legal, regulatory, and licensing obligations;
• Improve quality, perform analytics on de-identified data, and develop new features.

5. How We Share Information

We share information only as described below. We do not sell personal or health information.

• With clinicians you choose to consult, so they can deliver care.
• With organization administrators who sponsor your account, limited to information necessary to administer that relationship.
• With service providers acting on our behalf under confidentiality obligations — including video and audio infrastructure providers, payment processors, SMS and email providers, identity-verification providers, and cloud-hosting providers.
• To comply with law, respond to lawful requests from authorities, or enforce our Terms.
• In a merger, acquisition, or transfer of assets, subject to continued protection of your information.
• With your consent, for purposes you have explicitly approved.

6. Legal Basis for Processing

Where applicable law requires a legal basis, we rely on: (a) performance of our contract with you; (b) your consent (which you may withdraw at any time); (c) compliance with legal obligations; (d) protecting vital interests in a medical emergency; and (e) our legitimate interests in operating, improving, and securing the Service, balanced against your rights.

7. Data Security

We use safeguards including encryption in transit (TLS) and at rest, role-based access controls, multi-factor authentication, audit logging, network segmentation, and regular vulnerability testing. No system is perfectly secure, but we work continuously to reduce risk and to detect and respond to incidents quickly. If a breach affects your information, we will notify you and the appropriate authorities as required by law.

8. Data Retention

We retain account data for as long as your account is active and for a reasonable period afterward to support audits, dispute resolution, and legal obligations. Medical records are retained for the period required by applicable health-records law in the relevant jurisdiction. You may request deletion of your account; some information may be kept where retention is required by law or for legitimate operational reasons.

9. Your Rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you;
• Correct inaccurate or incomplete information;
• Request deletion of your account and associated data, subject to legal retention;
• Receive a portable copy of information you provided to us;
• Object to or restrict certain processing;
• Withdraw consent at any time, without affecting prior lawful processing;
• Lodge a complaint with the data-protection authority in your jurisdiction.

10. Children's Privacy

The Service is not directed to children under 13. Minors may receive care through a parent or legal guardian's account. We do not knowingly collect information from children under 13 without verifiable parental consent. If you believe a child has provided information to us without consent, contact privacy@tenaye.net so we can take appropriate action.

11. Cookies & Similar Technologies

We use cookies and similar technologies to keep you signed in, remember preferences, secure sessions, and understand how the Service is used. You can manage cookies through your browser settings; disabling some cookies may affect functionality. Where required by law, we ask for consent before placing non-essential cookies.

12. International Data Transfers

We are based in Ethiopia, and our service providers may operate in other countries. When we transfer your information internationally, we use appropriate safeguards — such as contractual protections — to keep it secure and to comply with applicable law.

13. Third-Party Services

The Service integrates with third parties — for example, video and audio infrastructure providers, payment processors, SMS providers, and email providers. These providers process information only as necessary to deliver their services and are bound by their own privacy practices. Links to external sites are provided for convenience and we are not responsible for their content or privacy practices.

14. Automated Processing

We use automated logic for matching patients with culturally-competent providers, fraud detection, and basic personalization. None of these systems make legally significant decisions about your healthcare without a clinician's review. You may contact us to request human review of an automated decision that meaningfully affects you.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service before they take effect. The "Last updated" date at the top of this Policy reflects the most recent revision.

16. Contact

Privacy questions, requests, or complaints? Email our Data Protection Officer at privacy@tenaye.net or write to: Tenaye Health Technologies, Addis Ababa, Ethiopia.