Privacy Policy

Version: 1.0    Effective Date: February 1, 2026

Introduction

Andromeda Information Technology Company (a Saudi closed joint-stock company), developer of AndroHealth, is committed to protecting the privacy of its website visitors and system users. This policy explains how we collect, use, protect, and share your personal data in accordance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia.

Data We Collect

Website Visitor Data

• Browsing data: IP address, browser type, pages visited, session duration
• Contact data: Name, email, phone number (when filling contact forms or requesting quotes)
• Cookies: We use cookies to improve browsing experience and analyze website usage

System User Data (Healthcare Facilities)

• Facility data: Facility name, license number, address, contact details, tax number
• User data: Name, job title, login credentials, professional license number
• Patient data: Name, National ID/Iqama, date of birth, contact details, medical history, insurance information, test results

How We Use Your Data

• Service delivery: Operating the AndroHealth system and providing required features (patient registration, appointments, billing, insurance)
• Government system integration: Sending and receiving data with NPHIES and ZATCA as required by regulations
• Technical support: Resolving technical issues and providing assistance when requested
• Service improvement: Analyzing usage patterns to develop the system and improve performance
• Communication: Sending system notifications, updates, and security alerts
• Legal compliance: Responding to requests from competent government and judicial authorities

Data Protection

We implement comprehensive security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest
• Access control: Granular role-based permissions per user, department, and function
• Audit trail: Comprehensive logging of all data access and modification activities
• Session expiration: Automatic system lock after 10 minutes of inactivity
• Cloud infrastructure: Data hosted in secure data centers within the Kingdom of Saudi Arabia
• Backup: Regular backups to ensure service continuity

Data Sharing

We do not sell or rent your personal data to any third party. We may share data only in the following cases:

• Government systems: Submitting legally required data to NPHIES, ZATCA, and the Ministry of Health
• Insurance companies: Sharing claims and eligibility data via NPHIES with patient consent
• Judicial authorities: Responding to court orders or official requests from competent authorities
• Service providers: Limited sharing with infrastructure service providers (cloud hosting) under confidentiality agreements

Your Rights

Under the Personal Data Protection Law (PDPL), you have the right to:

• Access: Request a copy of your personal data stored with us
• Correction: Request correction of any inaccurate or incomplete data
• Deletion: Request deletion of your data (subject to legal obligations for medical record retention)
• Objection: Object to the processing of your data for marketing purposes
• Portability: Request transfer of your data in a machine-readable electronic format

To exercise any of these rights, contact us at the email address listed below.

Data Retention

• Website data: We retain browsing and analytics data for no more than 24 months
• System data: We retain facility and user data throughout the subscription period and for the duration specified in the contract thereafter
• Medical records: Retained in accordance with Saudi Ministry of Health regulatory requirements
• Audit logs: Retained for the legally required period

Cookies

We use cookies for the following purposes:

• Essential cookies: To operate the website and system correctly (session management, preferences)
• Analytics cookies: To understand how the website is used and improve user experience (Google Analytics)
• Marketing cookies: To display relevant content and measure advertising campaign effectiveness

You can control cookies through your browser settings.

Policy Updates

We reserve the right to update this policy at any time. You will be notified of any material changes via email or in-system notification. Your continued use of our services after an update constitutes acceptance of the modified terms.

Contact Us

For any inquiries about the privacy policy or to exercise your rights, contact our information security team:

• Entity: Andromeda Information Technology Company – Saudi closed joint-stock company
• Address: Kingdom of Saudi Arabia, Riyadh, Al Izdihar District, Uthman Ibn Affan Road
• Email: [email protected]