Privacy Policy

Introduction

We are committed to privacy-by-design and transparent data practices.

Information We Collect

• Account details (name, email, organization)
• Operational data (logs, device/browser metadata)
• Support communications
• Clinical/EHR data as configured by customers

How We Use Information

• Provide, secure, and improve the services
• Support and communications
• Legal and compliance purposes

Legal Basis

Contractual necessity, legitimate interests, legal obligations, and consent where required.

Sharing

We don't sell personal data. We may use vetted subprocessors under DPAs and equivalent security obligations.

International Transfers

We implement appropriate safeguards (e.g., SCCs) and regional hosting options where applicable.

Data Security

• Encryption in transit and at rest
• Access controls and least privilege
• Audit logging and monitoring
• Backups and tested recovery

Retention & Deletion

We retain only as long as necessary or required by law; deletion/anonymization upon request or contract end.

Your Rights

Access, rectification, deletion, restriction, objection, portability, and consent withdrawal (jurisdiction-dependent).

Cookies

We use essential cookies and optional analytics cookies; manage via browser or in-product settings where available.

Contact

Reach us at privacy@tiba.co.ke.