GHC·Build 1.0.0·KSA
Legal Notice

Privacy Policy

Your privacy and data protection rights are fundamental to healthcare trust. This policy explains how Global Healthcare Compass collects, processes, and protects your personal and health information across our global platform.

Last updated: May 16, 2026

What Information We Collect

We collect information you provide directly, data generated through your use of our platform, and information necessary to facilitate healthcare connections.

Personal Information

  • Name, date of birth, national ID or passport number
  • Email address, phone number, mailing address
  • Gender, nationality, preferred language
  • Communication preferences, accessibility needs

Health Information

We collect health data only when you explicitly provide it or authorize its collection for care coordination.

  • Medical visits, consultations, and care requests
  • Symptoms, vital signs, test results (when shared)
  • Treatment outcomes, patient-reported outcome measures (PROMs)
  • Care preferences, provider preferences, treatment goals

Technical Information

  • Pages visited, features used, search queries
  • Device type, browser information, IP address (anonymized)
  • General geographic region (never precise location)

Data Residency & Sovereignty

Your health data never crosses a regional boundary without your explicit consent. The region operating today is the Kingdom of Saudi Arabia; as GHC expands, each new region will hold its patients' data within its own borders.

Data residency by region

Kingdom of Saudi Arabia

All Saudi patient data stored exclusively within KSA borders, compliant with PDPL requirements.

GCC Countries

Planned. As GHC expands across the GCC, each country's patient data will reside within its own borders under local law.

European Union

Planned. A GDPR-aligned region for patients in the European Union, with their data held inside the EU.

United States

Planned. A HIPAA-aligned region for patients in the United States, with state-level residency options.

Cross-border data sharing only occurs with explicit patient consent for specific care episodes, such as medical travel or specialist consultations.

Your Privacy Rights

You have comprehensive rights over your personal and health information. We provide tools to exercise these rights easily and transparently.

Right to Access

Download or view all personal data we hold about you, including your complete health record.

Data Portability

Export your health record in standard formats (FHIR R4) for use with other healthcare providers.

Right to Correction

Update or correct any personal information. Health records follow medical correction protocols.

Right to Deletion

Request deletion of your account and personal data, subject to medical record retention requirements.

How We Use Your Information

Independent Ranking Algorithm

We use anonymized, aggregated health outcomes data to power our provider ranking system. Individual patient data is never used for ranking without explicit consent and anonymization.

Platform Analytics

Usage analytics help us improve our platform. All analytics data is anonymized and aggregated to protect individual privacy.

Communications

We may contact you about your care requests, platform updates, or security notifications. Marketing communications require opt-in consent.

Information Sharing

We never sell your personal or health information. Sharing only occurs to facilitate your healthcare or with your explicit consent.

Healthcare Providers

When you request care, we share necessary information with your chosen providers to facilitate treatment and coordination.

Service Providers

Trusted partners who help us operate our platform (cloud infrastructure, payment processing) under strict data protection agreements.

Legal Requirements

We may disclose information when required by law, regulation, or court order, always seeking to minimize disclosure scope.

Data Security

We implement comprehensive security measures to protect your information from unauthorized access, alteration, or disclosure.

Security Measures

  • End-to-end encryption for all health data in transit and at rest
  • Multi-factor authentication and role-based access controls
  • Comprehensive audit logging of all data access and modifications
  • Regular security reviews; engineered to SOC 2 Type II and ISO 27001 controls.

Contact & Updates

For privacy questions, data requests, or to report concerns, contact our Data Protection Office.

Contact Information

Submit privacy questions and data requests through our contact page.

Go to contact

Policy Updates

We may update this policy periodically. Material changes will be communicated via email and prominently posted on our platform 30 days before taking effect.