Privacy Policy
Your privacy and data protection rights are fundamental to healthcare trust. This policy explains how Global Healthcare Compass collects, processes, and protects your personal and health information across our global platform.
What Information We Collect
We collect information you provide directly, data generated through your use of our platform, and information necessary to facilitate healthcare connections.
Personal Information
- Name, date of birth, national ID or passport number
- Email address, phone number, mailing address
- Gender, nationality, preferred language
- Communication preferences, accessibility needs
Health Information
We collect health data only when you explicitly provide it or authorize its collection for care coordination.
- Medical visits, consultations, and care requests
- Symptoms, vital signs, test results (when shared)
- Treatment outcomes, patient-reported outcome measures (PROMs)
- Care preferences, provider preferences, treatment goals
Technical Information
- Pages visited, features used, search queries
- Device type, browser information, IP address (anonymized)
- General geographic region (never precise location)
Data Residency & Sovereignty
Your health data never crosses a regional boundary without your explicit consent. The region operating today is the Kingdom of Saudi Arabia; as GHC expands, each new region will hold its patients' data within its own borders.
Data residency by region
Kingdom of Saudi Arabia
All Saudi patient data stored exclusively within KSA borders, compliant with PDPL requirements.
GCC Countries
Planned. As GHC expands across the GCC, each country's patient data will reside within its own borders under local law.
European Union
Planned. A GDPR-aligned region for patients in the European Union, with their data held inside the EU.
United States
Planned. A HIPAA-aligned region for patients in the United States, with state-level residency options.
Cross-border data sharing only occurs with explicit patient consent for specific care episodes, such as medical travel or specialist consultations.
Your Privacy Rights
You have comprehensive rights over your personal and health information. We provide tools to exercise these rights easily and transparently.
Right to Access
Download or view all personal data we hold about you, including your complete health record.
Data Portability
Export your health record in standard formats (FHIR R4) for use with other healthcare providers.
Right to Correction
Update or correct any personal information. Health records follow medical correction protocols.
Right to Deletion
Request deletion of your account and personal data, subject to medical record retention requirements.
How We Use Your Information
Independent Ranking Algorithm
We use anonymized, aggregated health outcomes data to power our provider ranking system. Individual patient data is never used for ranking without explicit consent and anonymization.
Platform Analytics
Usage analytics help us improve our platform. All analytics data is anonymized and aggregated to protect individual privacy.
Communications
We may contact you about your care requests, platform updates, or security notifications. Marketing communications require opt-in consent.
Information Sharing
We never sell your personal or health information. Sharing only occurs to facilitate your healthcare or with your explicit consent.
Healthcare Providers
When you request care, we share necessary information with your chosen providers to facilitate treatment and coordination.
Service Providers
Trusted partners who help us operate our platform (cloud infrastructure, payment processing) under strict data protection agreements.
Legal Requirements
We may disclose information when required by law, regulation, or court order, always seeking to minimize disclosure scope.
Data Security
We implement comprehensive security measures to protect your information from unauthorized access, alteration, or disclosure.
Security Measures
- End-to-end encryption for all health data in transit and at rest
- Multi-factor authentication and role-based access controls
- Comprehensive audit logging of all data access and modifications
- Regular security reviews; engineered to SOC 2 Type II and ISO 27001 controls.
Contact & Updates
For privacy questions, data requests, or to report concerns, contact our Data Protection Office.
Contact Information
Submit privacy questions and data requests through our contact page.
Go to contact →Policy Updates
We may update this policy periodically. Material changes will be communicated via email and prominently posted on our platform 30 days before taking effect.