Curis Privacy Policy
This Privacy Policy explains how Citrus Labs Limited handles the collection, use, protection, and disclosure of personal data through the Curis platform, specifically for users operating under the Receptionist and Clinic Assistant accounts. By using Curis, you agree to this policy and accept your responsibilities under Kenyan law.
1. Introduction
a. Who We Are
Curis is a proprietary product of Citrus Labs Limited, built to enhance healthcare administration efficiency. It provides a secure, role-based interface for clinic receptionists and assistants to manage patient data, appointments, and communication.
b. Policy Scope
This policy applies strictly to the handling of personal and clinic-related data accessed or entered by Receptionist and Clinic Assistant users on Curis.
c. User Consent
By logging into and using the Curis platform, you explicitly consent to the collection, processing, and handling of data in line with this policy.
2. Information We Collect
Curis collects the following data when Receptionist and Clinic Assistant users interact with the platform:
a. Personal & Contact Information
Includes patient names, phone numbers, email addresses, and gender—used for identification and communication purposes.
b. Receptionist & Clinic Staff Info
Includes your user ID, name, login credentials, and activity logs for audit and access control.
c. Notification Preferences
Captures each patient's communication preferences (SMS, email) for appointment reminders and payment notifications.
d. Device & Usage Data
Includes device type, IP address, browser type, and activity timestamps, used for platform performance and security monitoring.
3. How We Use Information
The information collected is used for the following purposes:
a. Using Curis Platform Features
Enabling authorized users to manage appointments, register patients, update visit records, and initiate billing workflows.
b. Sending Updates & Alerts
Sending notifications to patients, including appointment confirmations, reminders, and payment alerts, based on their consent.
c. Compliance with Legal Duties
Ensuring records are maintained accurately for regulatory compliance, internal audits, and healthcare governance standards in Kenya.
4. Data Protection
a. Platform Security Measures
Curis uses role-based access, two-factor authentication (2FA), and real-time logging to prevent unauthorized access.
b. How Data is Stored
All data is encrypted and stored on secure servers in data centers compliant with Kenyan Data Residency Regulations.
c. Breach Notifications
In the unlikely event of a data breach, Citrus Labs will notify affected users and the Office of the Data Protection Commissioner (ODPC) within 72 hours, as required by law.
5. Your Rights & Choices
As a user or data subject, you are entitled to the following:
a. Access Your Data
Request and review the personal data stored or processed via the Curis platform.
b. Correct or Update Info
Correct inaccuracies or outdated information related to patients or staff.
c. Unsubscribe from Notifications
Patients may opt out of receiving SMS or email reminders at any time.
d. Raise Privacy Concerns
You may escalate any data privacy concerns to our Data Protection Officer using the contact methods below.
6. Policy Updates
a. When We Update the Policy
This policy may be revised periodically to reflect legal updates, feature enhancements, or changes in data handling practices. All changes will be posted on the Curis platform. Continued use after updates indicates acceptance.
7. Contact & Support
For questions, complaints, or assistance, please reach out via the following:
- Email: legal@citruslabs.co.ke
- Phone: +254 112 400 000
- Mailing Address: P.O. Box 23983 - 00100, Nairobi, Kenya
Citrus Labs Limited is committed to safeguarding your privacy and complying fully with Kenya's Data Protection Act and relevant healthcare regulations.