Curis Privacy Policy

For Receptionist and Clinic Assistant Accounts

Effective Date: January 11th, 2025

Last Updated: March 21st, 2025

This Privacy Policy explains how Citrus Labs Limited handles the collection, use, protection, and disclosure of personal data through the Curis platform, specifically for users operating under the Receptionist and Clinic Assistant accounts. By using Curis, you agree to this policy and accept your responsibilities under Kenyan law.


1. Introduction

a. Who We Are

Curis is a proprietary product of Citrus Labs Limited, built to enhance healthcare administration efficiency. It provides a secure, role-based interface for clinic receptionists and assistants to manage patient data, appointments, and communication.

b. Policy Scope

This policy applies strictly to the handling of personal and clinic-related data accessed or entered by Receptionist and Clinic Assistant users on Curis.


2. Information We Collect

Curis collects the following data when Receptionist and Clinic Assistant users interact with the platform:

a. Personal & Contact Information

Includes patient names, phone numbers, email addresses, and gender—used for identification and communication purposes.

b. Receptionist & Clinic Staff Info

Includes your user ID, name, login credentials, and activity logs for audit and access control.

c. Notification Preferences

Captures each patient's communication preferences (SMS, email) for appointment reminders and payment notifications.

d. Device & Usage Data

Includes device type, IP address, browser type, and activity timestamps, used for platform performance and security monitoring.


3. How We Use Information

The information collected is used for the following purposes:

a. Using Curis Platform Features

Enabling authorized users to manage appointments, register patients, update visit records, and initiate billing workflows.

b. Sending Updates & Alerts

Sending notifications to patients, including appointment confirmations, reminders, and payment alerts, based on their consent.


4. Data Protection

a. Platform Security Measures

Curis uses role-based access, two-factor authentication (2FA), and real-time logging to prevent unauthorized access.

b. How Data is Stored

All data is encrypted and stored on secure servers in data centers compliant with Kenyan Data Residency Regulations.

c. Breach Notifications

In the unlikely event of a data breach, Citrus Labs will notify affected users and the Office of the Data Protection Commissioner (ODPC) within 72 hours, as required by law.


5. Your Rights & Choices

As a user or data subject, you are entitled to the following:

a. Access Your Data

Request and review the personal data stored or processed via the Curis platform.

b. Correct or Update Info

Correct inaccuracies or outdated information related to patients or staff.

c. Unsubscribe from Notifications

Patients may opt out of receiving SMS or email reminders at any time.

d. Raise Privacy Concerns

You may escalate any data privacy concerns to our Data Protection Officer using the contact methods below.


6. Policy Updates

a. When We Update the Policy

This policy may be revised periodically to reflect legal updates, feature enhancements, or changes in data handling practices. All changes will be posted on the Curis platform. Continued use after updates indicates acceptance.


7. Contact & Support

For questions, complaints, or assistance, please reach out via the following:

  • Email: legal@citruslabs.co.ke
  • Phone: +254 112 400 000
  • Mailing Address: P.O. Box 23983 - 00100, Nairobi, Kenya

Citrus Labs Limited is committed to safeguarding your privacy and complying fully with Kenya's Data Protection Act and relevant healthcare regulations.