Privacy Policy

Welcome to Balsam Care. We are committed to protecting your privacy and your sensitive medical information. This Privacy Policy explains how we collect, use, and protect your data across our platform, including our Patient application and our Doctor application (Balsam Pro).

We collect information to provide medical consultation services to patients and professional tools to healthcare providers:

• Shared Personal Information:  Name, phone number, and account credentials (username / password).
• Patients – Health & Medical Data:  Age, gender, cancer subtypes, disease stages, hormone receptor status, symptoms, current medications, vital signs, and any other health-related information you provide.
• Doctors – Professional Data:  Name, medical specialization, occupation, and professional credentials.
• Communication & AI Interaction Data:  Text messages, files, and AI chat interactions sent through our in-app chat between patients, healthcare providers, and AI services.
• Patients – Treatment Data:  Medication logs including dosage, frequency, timing, and adherence records managed by authorized doctors.
• Doctors – Activity Data:  Consultation reviews, medical feedback, and urgent case management records.
• Device & Technical Information:  Firebase push-notification tokens, device vibration settings, app usage statistics, IP address, operating system, and app version.
• Research & Statistical Data:  Anonymized or aggregated health data used for medical research and scientific analysis in collaboration with research partners.

We use the collected data for the following purposes:

• Facilitating secure medical consultations and chat communication between patients and doctors.
• Managing medication schedules, dosage tracking, and treatment logs for patient care.
• Verifying the identity and professional status of healthcare providers.
• Reviewing and improving medical consultation quality through doctor feedback.
• Analyzing app performance to improve user experience and clinical workflows.
• Sending critical updates and real-time notifications via Firebase Cloud Messaging (FCM).
• Processing AI chat interactions through third-party AI providers (including OpenAI) to generate medical guidance and conversational responses under doctor supervision.
• Conducting medical research and statistical analysis using anonymized or aggregated health data in collaboration with authorized research partners.
• Improving AI model accuracy and healthcare outcomes through de-identified data analysis.

• Encryption:  All data is encrypted in transit using HTTPS/TLS.
• Access Control:  Only authorized medical professionals and administrators have access to health data.
• Storage:  Data is stored on secure servers with industry-standard protection measures.

We do not sell or rent your personal or medical data to third parties for commercial purposes. We share data only in the following circumstances:

• AI & Research Partners:  Third-party AI providers (such as OpenAI) for processing conversational data, and authorized research partners for the purpose of medical research and statistical analysis.
• Notification Services:  Firebase Cloud Messaging (Google Firebase) solely for delivering push notifications and app functionality.
• Healthcare Providers:  Doctors and authorized medical professionals within the platform who are directly involved in a patient's care.
• Analytics Providers:  Aggregated, anonymized data may be shared with analytics partners to improve application performance.
• Legal Requirements:  If required by law, court order, or government regulation, we may disclose data to comply with valid legal processes.
• Business Transfers:  In the event of a merger, acquisition, or sale of assets, user data may be transferred to the successor entity under the same privacy obligations.

Our application integrates advanced artificial intelligence to assist in symptom tracking and patient support.

• Data Sharing:  We share chat interactions and relevant medical data (such as symptoms and current medications) with third-party AI providers, including OpenAI.
• Purpose:  This data is processed to generate conversational responses, provide medical guidance under doctor supervision, and is utilized for advanced medical and scientific research.
• AI Provider Policies:  Data shared with OpenAI is governed by OpenAI's Privacy Policy and Terms of Service. We encourage you to review their policies at openai.com/privacy.
• Data Retention by AI Providers:  AI providers may retain interaction data for a limited period as outlined in their own privacy policies for safety and improvement purposes.

Our application integrates several third-party SDKs and services to deliver core functionality. Each service operates under its own privacy policy:

• Firebase Cloud Messaging (FCM) – Google:  Used for real-time push notifications. Collects device tokens. Governed by the Google Privacy Policy.
• Firebase Authentication – Google:  May be used for identity verification flows. Governed by the Google Privacy Policy.
• OpenAI API – OpenAI:  Used to power AI-assisted symptom tracking and patient chat support. Processes chat interactions and relevant medical context. Governed by the OpenAI Privacy Policy.
• Google Fonts:  Loads typography assets (Inter, Noto Sans Arabic) from Google servers, which may log IP address information. Governed by the Google Privacy Policy.
• Research & Analytics Partners:  Anonymized or aggregated data may be shared with authorized academic or medical research institutions for statistical analysis and advancing healthcare outcomes.

You have the right to access, correct, and request deletion of the personal and health data we hold about you. You may also request a copy of your data or object to certain types of processing. We will process your request within 30 days.

• Right of Access:  Request a copy of all personal and health data we hold about you.
• Right to Rectification:  Request correction of inaccurate or incomplete data.
• Right to Erasure:  Request deletion of your account and all associated data.
• Right to Object:  Object to processing of your data for research or AI purposes where applicable.
• Right to Withdraw Consent:  Withdraw your consent to data processing at any time, without affecting the lawfulness of processing before withdrawal.

We may update our Privacy Policy from time to time to reflect changes in our practices, SDKs, AI service integrations, or applicable law. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. Continued use of the application after changes are posted constitutes your acceptance of the revised policy.