Privacy Policy

1. Introduction

ZahiFlow ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you access or use our clinic management software and related services.

2. Data We Collect

We collect the following types of information:

• Clinic Information: Clinic name, address, phone number, and professional details.
• User Accounts: Names, email addresses, and roles of clinic staff.
• Patient Data: Information you enter about your patients, including names, medical history, clinical documents and structured ICD-10 visit records. You retain full ownership of this data.
• Usage & Audit Data: Information about how you interact with our service (e.g., login times, features used, and comprehensive audit logs for compliance).

3. How We Use Your Data

We use your information strictly to provide and improve the ZahiFlow service, including:

• Operating and maintaining the platform.
• Processing billing and payments.
• Authenticating users and securing accounts.
• Sending important service updates and support communications.

4. Data Security, HIPAA & Regional Compliance

We implement industry-standard security measures to protect your data, including encryption at rest and in transit. Our architecture is designed to support HIPAA and GDPR compliance, as well as regional GCC data mandates including Saudi Arabia's NPHIES and UAE's NABIDH standards. Our platforms also follow the HL7 FHIR interoperability guidelines for secure health data exchanges. We do not sell your data to third parties.

5. Data Retention

We retain your data for as long as your account is active. Upon account deletion, your data is scheduled for permanent removal after a 30-day grace period, unless legally required otherwise.

6. Contact Us

If you have any questions about this Privacy Policy, please contact us at: support@zahiflow.com