Privacy Policy

Last updated: 1 May 2025

1. Information We Collect

We collect the following categories of data when you use Cure2Pure:

• Account data: name, email, phone number, password (hashed)
• Health data: medical history, consultation notes, prescriptions, allergies
• Payment data: processed via Stripe — we do not store card details
• Usage data: IP address, browser type, pages visited (for security and analytics)

2. How We Use Your Data

• To facilitate telemedicine consultations between patients and doctors
• To send appointment reminders and transactional emails
• To process payments and issue digital prescriptions
• To comply with Pakistani healthcare regulations and legal obligations

3. Data Sharing

We share your health data only with:

• The PMDC-licensed doctor you book a consultation with
• Stripe (payment processing) — governed by Stripe's Privacy Policy
• Resend (transactional email) — email content only, no health data
• Neon (database hosting) — encrypted at rest on AWS us-east-1

We do not sell your data to third parties.

4. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access tokens expire after 15 minutes. Refresh tokens are rotated on each use. Our infrastructure complies with PECA 2016.

5. Your Rights

• Right to access: request a copy of your data at any time
• Right to deletion: request account deletion via email
• Right to correction: update your profile from the dashboard

6. Data Retention

Active account data is retained while your account is active. Consultation records and prescriptions are retained for 5 years as required by Pakistani medical record regulations. Deleted accounts are anonymized within 30 days.

7. Cookies

We use only essential cookies (session management). No tracking or advertising cookies are used. See our Cookie Policy for details.

8. Contact

Privacy queries: privacy@cure2pure.com