Privacy Policy

Your privacy and data security are fundamental to SEHATI. Learn how we protect your health information and ensure HIPAA compliance.

🔒

Secure & Private

HIPAA compliant platform

Quick & Easy

Simple registration process

👨‍⚕️

Expert Care

Licensed professionals

SEHATI Privacy Policy

Last updated: January 2026

1. Information We Collect

Personal Health Information (PHI): Medical history, current medications, allergies, weight, height, health goals, and consultation records.

Personal Information: Name, email, phone number, date of birth, address, and emergency contact information.

Technical Information: IP address, browser type, device information, and usage analytics (anonymized).

Communication Data: Messages, consultation recordings (with consent), and support interactions.

2. How We Use Your Information

Healthcare Services: Providing personalized weight management programs, consultations, and medical care.

Communication: Appointment reminders, health tips, program updates, and emergency notifications.

Platform Improvement: Analyzing usage patterns to enhance our services (data is anonymized).

Legal Compliance: Meeting regulatory requirements and protecting patient safety.

3. HIPAA Compliance

SEHATI is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) and follows all Lebanese data protection regulations. We maintain the highest standards for protecting your health information.

Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).

Access Controls: Strict role-based access with multi-factor authentication for all staff.

Audit Trails: Complete logging of all access to your health information.

Business Associate Agreements: All third-party services sign HIPAA-compliant agreements.

4. Information Sharing

Healthcare Providers: Your assigned doctors, nutritionists, and care team members.

Emergency Situations: Medical emergencies or when required by law to protect health and safety.

Legal Requirements: Court orders, subpoenas, or regulatory investigations (with patient notification when legally permitted).

Never Sold: We never sell, rent, or trade your personal or health information to third parties.

5. Your Rights

Access: Request copies of your health records and personal information.

Correction: Request corrections to inaccurate or incomplete information.

Deletion: Request deletion of your account and associated data (subject to legal retention requirements).

Portability: Export your health data in a standard format.

Consent Withdrawal: Withdraw consent for marketing communications at any time.

6. Data Security

Infrastructure: Hosted on HIPAA-compliant cloud servers with 99.9% uptime guarantee.

Monitoring: 24/7 security monitoring and intrusion detection systems.

Staff Training: Regular privacy and security training for all team members.

Incident Response: Comprehensive breach response plan with patient notification procedures.

7. International Transfers

Your data is primarily stored in Lebanon and the EU. Any international transfers are protected by:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Additional safeguards for sensitive health data

8. Contact Information

For privacy-related questions or to exercise your rights:

Privacy Officer: privacy@sehati.com

Phone: +961 1 234 567

Address: SEHATI Privacy Office, Beirut, Lebanon

Response Time: We respond to all privacy requests within 30 days