Privacy Policy

At MySheba, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you use our healthcare platform.

1. Information We Collect

1.1 Personal Information

When you create an account or use our services, we collect:

• Account Information: Full name, email address, phone number, and password (encrypted using bcrypt hashing)
• User Role: Patient or healthcare professional designation
• Professional Information: For healthcare providers - license number, specialization, qualifications, years of experience, bio, and consultation fees

1.2 Health and Medical Information

Through our telemedicine and healthcare services, we may collect:

• Appointment details and medical history
• Prescriptions and diagnoses from healthcare professionals
• Chat messages and communications with healthcare providers
• Medical files and attachments uploaded during consultations
• Appointment notes and consultation records

1.3 Blood Donor Information

If you register as a blood donor, we collect:

• Name, blood type, and phone number
• Availability status (active/inactive)
• Location information

1.4 Device and Technical Information

We automatically collect:

• Device information including FCM (Firebase Cloud Messaging) tokens for push notifications
• Platform type (Android/iOS) and device name
• Geolocation data (country, city, region) for service optimization
• IP address and browser information
• Usage data and analytics through Google Analytics and Meta Pixel

2. How We Use Your Information

We use your information for the following purposes:

• Service Delivery: To provide telemedicine consultations, book appointments, process prescriptions, and facilitate blood donor connections
• Communication: To send appointment reminders, notifications, and updates via push notifications and in-app messaging
• Account Management: To authenticate users, maintain sessions, and protect account security
• Healthcare Delivery: To enable video consultations, real-time chat, and secure file sharing between patients and healthcare professionals
• Analytics and Improvement: To understand usage patterns, improve our services, and optimize user experience
• Legal Compliance: To comply with applicable healthcare regulations and legal requirements

3. Authentication and Security

3.1 Authentication Methods

Important: MySheba does NOT use Facebook Login or any social media authentication.

We use only email and password-based authentication with the following security measures:

• Passwords are encrypted using bcrypt hashing with salt rounds
• Session-based authentication using Redis for secure session storage (NOT JWT tokens)
• Sessions expire after 7 days for security
• HTTP-only cookies to prevent XSS attacks
• Secure cookies (HTTPS only) in production environments
• SameSite cookie policy for CSRF protection

3.2 Data Security

We implement industry-standard security measures:

• MySQL database with SSL encryption for data transmission
• Secure file storage using AWS S3 with access controls
• Redis session store with connection pooling and encryption
• Regular security audits and updates

4. How We Share Your Information

We share your information only in the following circumstances:

4.1 Healthcare Professionals

Your medical information is shared with healthcare professionals you consult through our platform to provide medical services.

4.2 Third-Party Service Providers

We use the following trusted third-party services:

• Firebase (Google): For push notifications (FCM tokens) to send appointment reminders and updates
• AWS S3: For secure storage of medical files, prescriptions, and attachments
• Agora: For video calling functionality during telemedicine consultations
• Ably: For real-time chat messaging between patients and healthcare professionals
• Google Analytics: For website usage analytics and service improvement
• Meta Pixel (Facebook): For website analytics and advertising optimization

4.3 Legal Requirements

We may disclose your information when required by law, court order, or government regulations.

5. Data Retention

We retain your information for the following periods:

• Account Data: Until you request account deletion
• Medical Records: As required by healthcare regulations (typically 7-10 years)
• Session Data: 7 days from creation
• Chat Messages: Until appointment completion or deletion request
• FCM Tokens: Until device unregistration or token expiry

6. Your Rights

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
• Opt-Out: Disable push notifications through device settings
• Data Portability: Request your data in a portable format

7. Children's Privacy

MySheba is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries outside Bangladesh where our service providers operate. We ensure appropriate safeguards are in place for such transfers.

9. Cookies and Tracking

We use the following cookies and tracking technologies:

• Session Cookies: To maintain your login session (session_id cookie)
• Google Analytics: To analyze website traffic and usage patterns
• Meta Pixel: To track page views and optimize advertising

You can control cookies through your browser settings, but disabling them may affect functionality.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes through our website or app notifications. Your continued use of MySheba after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: