Privacy Policy for Pathfinder Application

1. Introduction

This Privacy Policy describes how Rayn ("we," "us," or "our") collects, uses, and safeguards your personal information and the personal information of your clients when you use our mobile application, Pathfinder ("the App"). Rayn is the parent company and data controller for the information collected via the App.

This policy is specific to the Pathfinder App and should be read in conjunction with our main company Terms & Conditions, which govern your overall relationship with Rayn. By using the App, you agree to the collection and use of information in accordance with this policy.

Important Note: This App is designed for use by healthcare providers and service organizations to register and track services provided to clients. The App collects and processes sensitive personal and health information. As a healthcare provider using this App, you are responsible for obtaining appropriate consent from your clients before entering their information into the App.

2. Information We Collect

We collect information that is essential for the operation and improvement of the App. This information is categorized as follows:

a) Provider Account Information

When you register for an account, we collect:

• Full Name: Used for authentication and to identify service providers
• Email Address: Used for account authentication and communication
• Username: Used for secure login via our authentication service provider (Clerk)
• Password: Encrypted and managed securely by our authentication service provider

b) Client Information You Enter

As a healthcare provider using the App, you will enter the following information about your clients:

Personal Identification Information:

• Full Name
• CNIC (Computerized National Identity Card) / Unique Identification Number
• Father's/Husband's Name
• Date of Birth and Age
• Contact Information (Mobile Number, Email Address, Alternative Contact)
• Address Details (District, Taluka, Union Council, Complete Address)
• Marital Status
• Education Level
• Occupation

Sensitive Health Information:

• Pregnancy Status and History
• Contraception Methods and Administration Dates
• Sexual and Reproductive Health History
• Menstrual History
• Medical Conditions (including but not limited to HIV status, Diabetes, Hypertension, Cardiovascular Disease)
• Medication Information
• STI/HIV Test Results
• Blood Pressure Readings
• Physical Measurements (Height, Weight, BMI)
• Breastfeeding Status
• Previous Pregnancy Outcomes (Miscarriage, Abortion, Delivery dates)
• Counseling Records
• Service Provision Details
• Referral Information

c) Information Collected Automatically During Use

• Device Information:

  We collect technical information about your device, such as the model, operating system version, and unique device identifiers. This helps us with troubleshooting, app performance monitoring, and as metadata to uniquely store your information.

• Usage and Error Data:

  We collect information about how you interact with the App, including the features you use, form completion times, and technical errors that occur. This data is collected through Sentry, our error monitoring service provider, to help us improve app stability and user experience.

• Network Connectivity Status:

  The App monitors your device's internet connectivity status to enable offline functionality and automatic data synchronization when connection is restored.

3. How We Use Your Information

Your information and your clients' information is used for the following specific purposes:

• To Provide Core Services: To operate and maintain the App, enable client registration and profile management, track counseling sessions, service provision, and referrals, maintain service delivery records, and enable offline data entry with automatic synchronization.
• To Manage Your Account: To authenticate your access to the App, prevent fraud and secure your account, and track service provider activity for quality assurance.
• For Communication: To contact you with important information about the App, notify you of updates to our services or this policy, and provide technical support when requested.
• For Improvement and Support: To understand how our users interact with the App, troubleshoot technical issues and monitor app performance, improve functionality and user experience, and analyze usage patterns for service improvement.
• Data Synchronization: To sync data between your device and our secure cloud servers, enable access to client records across multiple sessions, and provide backup and data recovery capabilities.

4. Data Sharing and Disclosure

We are committed to protecting your privacy and the privacy of your clients. We do not sell personal data or health information. We may share information only in the following limited circumstances:

• With Service Providers: We share information with trusted third-party vendors who perform services on our behalf: Clerk (clerk.com) for authentication and user management services, Sentry (sentry.io) for error monitoring and application performance tracking, and secure cloud hosting providers for data storage and synchronization. These providers are bound by strict confidentiality agreements and are only permitted to use the information to provide services to us.
• For Legal Reasons: We may disclose information if required to do so by law or in response to a valid request from a government authority or law enforcement agency in Pakistan, particularly in matters related to public health, safety, or legal proceedings.
• With Healthcare Institutions: If you are employed by or affiliated with a healthcare institution, we may share service delivery reports and anonymized statistics with that institution for quality assurance and program evaluation purposes, only with your explicit consent.
• With Your Explicit Consent: We may share information with other third parties if you have given us your clear and explicit consent to do so.

5. Data Security and Retention

Security Measures

We employ multiple layers of security to protect sensitive health information:

• Device-Level Security: Data is stored locally on your device in a secure SQLite database. The App requires user authentication to access any client information with automatic logout after periods of inactivity.
• Transmission Security: All data transmitted between your device and our servers is encrypted using industry-standard HTTPS/TLS protocols with secure API endpoints using authentication tokens.
• Server-Level Security: Data stored on secure cloud infrastructure with encryption at rest, access controls and authentication mechanisms, regular security audits and monitoring, and backup and disaster recovery procedures.
• Access Controls: Only authenticated healthcare providers can access the App, with role-based access controls and audit logs of data access and modifications.

Data Retention

• Active Client Records: We will retain client information for as long as necessary to provide healthcare services and maintain medical records in accordance with healthcare regulations in Pakistan.
• Provider Accounts: Your account information will be retained while your account is active and for a reasonable period thereafter to comply with legal obligations and resolve disputes.
• Deleted Accounts: When you request account deletion, we will immediately revoke your access to the App, delete or anonymize your personal information within 90 days, and retain only necessary information to comply with legal obligations.

6. Your Rights and Choices

You have certain rights regarding the personal information we hold about you:

• Access and Correction: You can access and update your account information at any time through the App settings. You are responsible for ensuring the accuracy of client information you enter.
• Data Portability: You may request a copy of the data you have entered into the App in a structured, machine-readable format by contacting us.
• Account Deletion: You may request the deletion of your account and associated personal data by contacting us. We will comply with such requests within 90 days, subject to legal or regulatory retention obligations.
• Client Rights: Your clients have rights regarding their personal and health information including the right to access their information, request corrections, request deletion (subject to legal/medical record retention requirements), and restrict processing. As the healthcare provider, you are responsible for facilitating these rights for your clients.

7. Special Protections for Sensitive Health Information

Given the sensitive nature of health information collected through this App, we implement additional safeguards:

• Purpose Limitation: Health information is collected and processed solely for the purpose of providing healthcare services, tracking service delivery, and improving health outcomes.
• Confidentiality: All users of the App are required to maintain strict confidentiality of client information in accordance with healthcare professional ethics and applicable laws.
• Informed Consent: Healthcare providers using this App must obtain informed consent from clients before collecting and entering their health information.
• Data Minimization: Only collect health information that is necessary for service provision and record-keeping.

8. Offline Functionality and Data Synchronization

The Pathfinder App operates in an offline-first mode to ensure service continuity in areas with limited connectivity:

• Local Storage: Client data is initially stored on your device in a secure local database. Data remains accessible even without internet connection and is protected by device-level security and authentication.
• Automatic Synchronization: When internet connectivity is available, data automatically syncs to our secure cloud servers. Synchronization happens in the background and you can view sync status in the App.
• Data Conflicts: In case of synchronization conflicts, the most recent data entry will take precedence unless manual intervention is required.

9. Third-Party Services

The App integrates with the following third-party services:

• Clerk Authentication Service: Used for user authentication and account management. Data Shared: Email, username, authentication tokens. Privacy Policy
• Sentry Error Monitoring: Used for application error tracking and performance monitoring. Data Shared: Error logs, device information, usage statistics (no health data). Privacy Policy

10. Children's Privacy

In line with our company's Terms & Conditions, this App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

However, the App may be used to register clients who are minors. In such cases, healthcare providers must obtain appropriate consent from parents or legal guardians before entering information about minor clients.

11. Governing Law

This Privacy Policy and any disputes related to it shall be governed by and construed in accordance with the laws of Pakistan, without regard to its conflict of law provisions.

12. Healthcare Provider Responsibilities

As a healthcare provider using this App, you acknowledge and agree that:

• You will obtain appropriate informed consent from clients before entering their information
• You will maintain the confidentiality of client information
• You will use the App in compliance with professional healthcare ethics and applicable laws
• You will ensure the accuracy of information you enter
• You will not share your account credentials with others
• You will immediately report any suspected security breaches or unauthorized access
• You understand that you are a data processor for client information and have responsibilities under applicable data protection laws

13. Data Breach Notification

In the event of a data breach that compromises the security of personal or health information, we will:

• Investigate and contain the breach
• Notify affected users within 72 hours of becoming aware of the breach
• Report the breach to relevant authorities as required by law
• Take corrective measures to prevent future breaches
• Provide guidance to affected users on protective steps they can take

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any significant changes by posting the new policy within the App, sending an email notification to your registered email address, or displaying a prominent notice on our official website.

We encourage you to review this policy periodically. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at: