Home
Aafia EMR

Privacy Policy

Aafia EMR At Aafia Health Technology W.L.L., we are committed to protecting the privacy of your personal data and the sensitive patient data processed through our platform. This Privacy Policy explains how we collect, use, store, and protect information when you use Aafia EMR.

Our Commitment to Privacy

Aafia EMR handles highly sensitive healthcare data on behalf of clinics and their patients. We treat data protection not just as a legal obligation but as a core responsibility. Our platform is designed to comply with the Personal Data Protection Law (PDPL) of Bahrain and applicable GCC healthcare regulations.

Information We Collect

We collect the following types of information when you use Aafia EMR:

  • Account Information Name, email address, phone number, job title, and clinic details provided during registration and account management.
  • Patient Data Medical records, diagnoses, prescriptions, lab results, consent forms, and other clinical data entered into the platform by your healthcare team. This data is processed on your behalf as a data processor.
  • Billing Information Payment details, subscription history, and invoice data required to manage your subscription. Payment card data is processed securely by our payment processor and is not stored on our servers.
  • Device & Usage Data IP address, browser type, device information, and platform usage logs collected automatically to maintain service security and performance.
  • Cookies We use session and preference cookies to maintain your login state and remember your settings. For details, please review our (Cookie Policy)

How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Aafia EMR platform and its features.
  • To process payments, manage subscriptions, and send billing notifications.
  • To send service-related communications, including security alerts and system updates.
  • To provide customer support and respond to your enquiries.
  • To monitor platform usage, diagnose technical issues, and improve our Service.
  • To comply with applicable laws, regulations, and legal obligations in Bahrain and the GCC.

Regarding Patient Data

  • Patient data entered into Aafia EMR is processed solely on your behalf as the data controller.
  • We do not use patient data for advertising, profiling, or any purpose beyond providing the Service.
  • Your clinic remains responsible for obtaining patient consent and complying with applicable data protection obligations.

How We Share Information

We do not sell your data or patient data to third parties. We share data only in the following limited circumstances:

  • Cloud Infrastructure Our platform is hosted on secure cloud infrastructure. All data is stored in data centres with strong physical and logical security controls, subject to data processing agreements.
  • Payment Processors Billing information is shared with our payment processor solely for the purpose of processing subscription payments. Payment processors are PCI-DSS compliant.
  • Legal & Regulatory Requirements We may disclose information to competent authorities when required by law, court order, or applicable healthcare regulations, including mandatory reporting requirements under Bahraini law.

Data Security

We implement industry-standard security measures to protect your data, including AES-256 encryption at rest and TLS encryption in transit, role-based access controls, multi-factor authentication, regular penetration testing and security audits, and automatic session timeouts. While we take all reasonable measures to protect your data, no system is completely immune to security risks. We encourage you to use strong passwords and enable multi-factor authentication on your account.

Your Data Rights

Under Bahrain's Personal Data Protection Law (PDPL), you have the following rights regarding your personal data:

  • The right to access, correct, or delete your personal data held by us.
  • The right to restrict or object to certain types of processing.
  • The right to data portability — to receive your data in a structured, machine-readable format.
  • To exercise any of these rights, please contact us at privacy@aafiaemr.com. We will respond to your request within 30 days. privacy@aafiaemr.com

Data Retention

We retain account and subscription data for as long as your account is active and for a period of 7 years after account closure, as required by Bahraini commercial and healthcare regulations. Patient data is retained in accordance with applicable healthcare record-keeping requirements. You may request deletion of your data by contacting us, subject to any legal retention obligations.

Children's Privacy

Aafia EMR is designed for use by healthcare professionals and is not directed at children under the age of 18. We do not knowingly collect personal information directly from individuals under 18. Patient records for minor patients are handled under the responsibility of the treating healthcare provider in accordance with applicable clinical and legal standards.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by email or through a prominent notice in the platform at least 14 days before the changes take effect. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact our Data Protection Officer at: privacy@aafiaemr.com. You may also write to us at: Aafia Health Technology W.L.L., Manama, Kingdom of Bahrain. privacy@aafiaemr.com.

Last Updated: January 2025

Ready to transform your clinic?

Start your free 30-day trial today — no credit card required. Experience secure, compliant EMR built for GCC healthcare providers.

Start Free 30-Day Trial
Request a Demo

  • No Credit Card Required

  • Money Back Guarantee

  • Cancel Anytime