For Patients Using WhatsApp

What Information Do We Collect?

When you use SugaryMe through WhatsApp, we may collect the following personal information:

• Your phone number (used to identify you and communicate with you via WhatsApp)
• Your name and identification number
• Health data you send via WhatsApp, including:
  • Blood glucose readings
  • Blood pressure measurements
  • HbA1c test results
  • Medication intake records
  • Exercise logs
  • Photos of test results or health documents
• Messages you send to us via WhatsApp, including questions, concerns, or requests for help
• Your preferred language (to communicate with you in your preferred language)
• Message metadata, such as when you send messages and when messages are read (through WhatsApp Business API)

How Do We Collect Information?

We collect information from you in the following ways:

• When your doctor links you to the SugaryMe service, we collect your phone number and basic information provided by your doctor or hospital.
• When you send health data, messages, or photos via WhatsApp, we collect and store this information on our secure servers.
• When you respond to our WhatsApp messages or reminders, we collect your responses and interactions.
• Through WhatsApp Business API, we automatically receive message delivery status and read receipts (when available).

How Do We Use Your Information?

We use the information we collect from you for the following purposes:

• To provide healthcare services by sharing your health data with your authorized doctors and healthcare providers
• To send you reminders about medications, appointments, and health screenings
• To respond to your questions and provide support via WhatsApp
• To help your doctors monitor your health and provide better care
• To improve the SugaryMe service and develop new features
• To protect the security and integrity of the service
• To comply with legal obligations and healthcare regulations

WhatsApp Business API and Meta

SugaryMe uses WhatsApp Business API, which is provided by Meta (Facebook). When you communicate with us through WhatsApp, your messages are processed by Meta's services. This means:

• Your phone number and messages are processed by Meta in accordance with Meta's Privacy Policy and Terms of Service
• Meta may collect technical information about your device and WhatsApp usage
• We receive your messages and phone number through Meta's secure API, but we do not have access to your full WhatsApp contact list or other WhatsApp conversations
• Message delivery and read receipts are provided by Meta through the WhatsApp Business API

We encourage you to review Meta's Privacy Policy to understand how they handle your data. However, once we receive your messages and health data, we handle it according to this privacy policy and applicable South African data protection laws.

How Do We Share Your Information?

We share your personal information in the following ways:

• With your authorized doctors and healthcare providers: Your health data and messages are shared with doctors and healthcare staff at the hospital or clinic where you receive care. This is necessary to provide you with medical care and support.
• With service providers: We use service providers to help us operate the SugaryMe service, including hosting providers, WhatsApp Business API providers, and technical support services. These providers only have access to your information to perform their services and are bound by strict confidentiality agreements.
• With Meta (WhatsApp): As explained above, your messages are processed through Meta's WhatsApp Business API in accordance with Meta's privacy policy.
• With law enforcement or government authorities: We may share your information if required by law, court order, or to protect the safety of our users or the public.

We do not sell your personal information to third parties. We may share aggregated and anonymized health data (that cannot identify you) for research purposes to improve diabetes care, but we will never share information that can identify you individually.

For Doctors and Hospitals Using the Dashboard

What Information Do We Collect?

When you use the SugaryMe dashboard as a doctor or hospital staff member, we may collect the following information:

• Your name, email address, and professional credentials
• Your hospital or clinic affiliation
• Account login information (email and password)
• Your actions on the dashboard, such as viewing patient data, adding notes, or updating patient information
• Patient data that you access, view, or modify through the dashboard
• Audit logs of when and how you accessed patient information (for security and compliance purposes)

How Do We Collect Information?

We collect information from doctors and hospitals in the following ways:

• When you register for a dashboard account, we collect your name, email address, and professional information.
• When you log into the dashboard, we collect login information and track your session for security purposes.
• When you access, view, or modify patient information, we log these actions to maintain audit trails and ensure patient data security.
• When you link patients to your account or add patient information, we collect and store this information.

How Do We Use Your Information?

We use the information we collect from doctors and hospitals for the following purposes:

• To provide you with access to the dashboard and patient information
• To authenticate your identity and secure access to patient data
• To maintain audit logs for compliance with healthcare regulations and data protection laws
• To improve the dashboard functionality and user experience
• To communicate with you about the service, updates, or important information
• To protect the security and integrity of the system

How Do We Share Your Information?

We share information about doctors and hospitals in the following ways:

• With service providers who help us operate and maintain the dashboard, such as hosting providers and security services. These providers are bound by strict confidentiality agreements.
• With your hospital or clinic administration, if required for account management or compliance purposes.
• With law enforcement or regulatory authorities if required by law or to investigate security breaches.

We do not share your account information or access logs with third parties except as described above. Patient data that you access through the dashboard is subject to the patient privacy protections described in the "For Patients Using WhatsApp" section above.

General Information

How Do We Protect Information?

We take reasonable measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. We use encryption, firewalls, access controls, and other security technologies to safeguard your personal information on our servers. All data transmission between WhatsApp and our servers, and between your browser and our dashboard, is encrypted. However, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information.

How Do We Store Information?

We store your personal information on our servers located in South Africa. We retain your personal information for as long as necessary to provide healthcare services, to comply with legal obligations (including healthcare record retention requirements), or to resolve disputes. For patients, we retain health records in accordance with South African healthcare regulations, which typically require retention for a minimum period. For doctors and hospitals, we retain account information and audit logs as long as your account is active and for a reasonable period after account closure for security and compliance purposes.

You can request us to delete your personal information at any time by contacting us at info@sugaryme.com. However, we may be required to retain some information for legal or healthcare compliance purposes, such as medical records that must be kept according to South African law.

Your Rights

Under South Africa's Protection of Personal Information Act (POPIA) and other applicable laws, you have certain rights regarding your personal information. You can exercise these rights by contacting us at info@sugaryme.com. These rights include:

• The right to access your personal information that we hold about you
• The right to correct or update your personal information that is inaccurate or incomplete
• The right to erase or delete your personal information, subject to legal and healthcare record retention requirements
• The right to object or restrict our processing of your personal information for certain purposes
• The right to withdraw your consent to our processing of your personal information at any time (note: withdrawing consent may affect our ability to provide healthcare services)
• The right to receive a copy of your personal information in a structured, commonly used, and machine-readable format
• The right to lodge a complaint with the Information Regulator of South Africa if you believe that we have violated your privacy rights

We will respond to your requests within a reasonable time frame and in accordance with applicable South African laws, including POPIA. We may ask you to verify your identity before fulfilling your requests to protect your privacy and security.

Children's Privacy

SugaryMe is not intended for children under the age of 13. We do not knowingly collect or solicit any personal information from children under the age of 13 without parental or guardian consent. If we become aware that we have collected personal information from a child under 13 without proper consent, we will promptly delete such information. For children between 13 and 18, we require parental or guardian consent before providing healthcare services through the platform.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website or by sending you a message via WhatsApp (for patients) or email (for doctors). Your continued use of SugaryMe after such changes constitutes your acceptance of the updated privacy policy.

Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or how we handle your personal information, please contact us at:

Email: info@sugaryme.com

You also have the right to contact the Information Regulator of South Africa if you have concerns about how we handle your personal information.