Privacy Policy for mPallCare

mPallCare is developed and managed by MRT IT Peaks Limited in collaboration with the African Palliative Care Association (APCA) and the University of Leeds. This Privacy Policy explains how we collect, use, disclose, and protect personal information processed through mPallCare.

By using mPallCare, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

mPallCare collects and processes the following categories of information:

• User Profile Information: Names, contact details, and facility identifiers of clinicians and health workers registered on the system.
• Patient Information: Health-related data, including symptoms, treatment outcomes, and other clinical information entered by authorized health workers.
• Location Data: Facility and patient-level location data for service mapping and reporting.
• Device and Usage Data: Device type, OS version, and usage metrics for performance monitoring.

2. How We Use the Information

• Support clinical decision-making and patient care.
• Enable communication between patients, caregivers, and providers.
• Generate anonymized reports for monitoring and evaluation.
• Improve system performance, security, and user experience.
• Fulfill reporting obligations to APCA, University of Leeds, and Ministry of Health (in aggregated formats only).

3. Data Sharing and Disclosure

We do not sell or rent user or patient information. Data may be shared only:

• With APCA, University of Leeds, or Ministry of Health in aggregated, non-identifiable form.
• With authorized administrators for maintenance or support.
• When required by law or regulation.

4. Data Storage and Security

• Data is securely stored on Digital Ocean servers, encrypted in transit (HTTPS/SSL) and at rest.
• Access is role-based and restricted to authorized personnel.
• Regular backups and audits are performed to prevent unauthorized access.
• Login credentials are encrypted and never shared with third parties.

5. User Accounts and Access Control

• Accounts are created and managed by authorized clinicians or administrators.
• Patients and caregivers do not manage accounts directly.
• Access to patient data is restricted to linked healthcare providers.

6. Data Retention and Deletion

Data is retained only as long as necessary for healthcare or legal reasons. When no longer required, it is securely deleted or anonymized.

Users may request data correction or deletion via official channels.

7. Your Rights

• Request access to your personal information.
• Request correction or deletion of data.
• Withdraw consent for non-essential processing.
• Lodge a complaint with Uganda’s Personal Data Protection Office (PDPO).

Requests can be sent to peaks@mrtitpeaks.com.

8. Third-Party Services

We use trusted third-party services for:

• Cloud hosting – Digital Ocean
• Data analytics – aggregated and anonymized

All third parties comply with GDPR and Uganda’s Data Protection and Privacy Act.

9. Updates to This Policy

We may update this policy periodically to reflect improvements or legal changes. Updates will appear on our official site and within the app.

10. Contact Us

MRT IT Peaks Limited
Ndikutamadda, Busabala Road
Kampala, Uganda
📧 Email: peaks@mrtitpeaks.com
🌐 Website: https://mrtitpeaks.com