1. Introduction

Welcome to Cita. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our hospital management platform, including our web application and related services.

By accessing or using Cita, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our services.

2. Information We Collect

2.1 Personal Information

When you register and use Cita, we may collect the following personal information:

• Full name, email address, and phone number
• Professional credentials and medical license information (for healthcare providers)
• Role and department within your healthcare organization
• Login credentials and authentication data
• Profile photo (if provided)

2.2 Patient Data

Cita processes patient data on behalf of your healthcare organization. This may include:

• Patient names, contact details, and demographic information
• Appointment records and scheduling data
• Medical history and clinical notes (as entered by authorized staff)
• Billing and payment information
• Insurance details

2.3 Usage Data

We automatically collect certain information when you use our platform:

• IP address, browser type, and device information
• Pages visited, features used, and time spent on the platform
• Error logs and performance data
• Login timestamps and session duration

3. How We Use Your Information

We use the collected information for the following purposes:

• To provide, operate, and maintain the Cita platform
• To manage user accounts, authentication, and access control
• To facilitate appointment scheduling, patient management, and hospital operations
• To process payments and generate billing reports
• To send important notifications about appointments, system updates, and account security
• To improve our services, fix bugs, and develop new features
• To ensure compliance with healthcare regulations and legal obligations
• To provide customer support and respond to inquiries

4. Data Security

We implement industry-standard security measures to protect your data, including:

• End-to-end encryption for data in transit (TLS/SSL)
• Encryption of sensitive data at rest
• Role-based access control (RBAC) to ensure only authorized personnel can access specific data
• Regular security audits and vulnerability assessments
• Secure authentication mechanisms including multi-factor authentication
• Automatic session timeouts and activity logging

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With your healthcare organization as the data controller
• With trusted service providers who assist in operating our platform (e.g., cloud hosting, payment processing), bound by strict confidentiality agreements
• When required by law, regulation, or legal process
• To protect the rights, safety, or property of Cita, our users, or the public
• In connection with a merger, acquisition, or sale of assets (with prior notice)

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. We will also retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Patient data retention periods are determined by your healthcare organization in accordance with applicable medical record-keeping regulations.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data, subject to legal retention requirements
• Right to data portability: Request your data in a structured, machine-readable format
• Right to object: Object to the processing of your personal data in certain circumstances
• Right to withdraw consent: Withdraw your consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the information provided below.

8. Cookies and Tracking Technologies

Cita uses essential cookies and local storage to maintain your session, remember your preferences (such as language and theme settings), and ensure the proper functioning of the platform. We do not use third-party advertising or tracking cookies.

9. Children's Privacy

Cita is designed for use by authorized healthcare professionals and administrative staff. Our platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of Cita after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

• Email: jaberalyamy2025@gmail.com