Skip to content

Privacy policy

Effective date: May 3, 2026. This policy is designed to set clear data protection expectations while acknowledging that no platform can provide absolute technical or legal guarantees.

1. Purpose and scope

  • This Privacy Policy explains how Dawa processes personal data when you use our websites, applications, demos, and related services.
  • Where you use Dawa on behalf of a clinic or organisation, that organisation may act as data controller for patient data and we may act as a processor/service provider depending on your configuration and contract.

2. Data categories we may process

  • Account and identity data (for example, user name, email, role, login metadata).
  • Operational data (for example, reminder schedules, delivery events, response keywords, audit logs, and support interactions).
  • Patient/contact data that you choose to input (for example, names, phone numbers, and medication reminder preferences).

3. How we use data

  • To provide, secure, monitor, and improve the Service; to process reminders and related workflows; and to troubleshoot incidents.
  • To meet legal obligations, enforce our terms, and prevent abuse, fraud, and security threats.

4. Legal and consent responsibilities

  • You are responsible for ensuring a valid legal basis for any personal data you submit, including required patient consent and notice obligations under applicable laws.
  • You should configure data minimisation, role-based access, and retention policies to align with your jurisdiction and organisational requirements.

5. Security controls and limits

  • We use administrative, technical, and organisational safeguards designed to protect data. However, no system is completely secure and we cannot guarantee absolute security.
  • You must maintain strong credentials, least-privilege access, secure endpoint practices, and internal governance controls.

6. Third-party processors and integrations

  • We may use third-party providers (such as hosting, analytics, or messaging infrastructure) to operate the Service.
  • Provider availability, data handling practices, and cross-border transfer frameworks may change over time; you are responsible for assessing their suitability for your regulated workloads.

7. Retention and deletion

  • We retain data for as long as needed to operate the Service, satisfy legal obligations, resolve disputes, and enforce agreements, unless a different retention period is required by law or contract.
  • You can request deletion or export support by contacting us, subject to legal, security, and operational constraints.

8. Your rights and choices

  • Depending on jurisdiction, individuals may have rights to access, correct, delete, restrict, or object to processing, and to data portability.
  • If we process data on behalf of your organisation, we may direct individual requests to that organisation as the responsible controller.

9. Policy updates

  • We may update this policy to reflect legal, technical, or operational changes. Material updates will be posted with a revised effective date.

For privacy requests, DPA inquiries, or compliance questionnaires, contact privacy@dawa.help.