Curis Logo

Privacy Policy – Patient Account (Curis Platform)

Effective Date: January 11th, 2025

Last Updated: March 21st, 2025

Introduction

Who We Are

Curis is a digital health platform owned by Citrus Labs Limited, designed to enhance patient care, appointment management, and health record access across Kenya.

Scope of This Policy

This Privacy Policy explains how we collect, use, share, and protect your personal data as a Patient user of the Curis platform.

This policy applies exclusively to all Patient account holders using Curis within the Republic of Kenya.

Key Terms Explained

Throughout this policy, we refer to terms related to your data and privacy rights as defined under Kenyan law.

Information We Collect

We collect only the data necessary to deliver and improve the services we provide. This includes:

Personal Identifiers

Name, ID number, gender, date of birth

Contact Information

Phone number, email, mailing address

Health & Appointment Data

Medical history, doctor visits, appointment dates

Payment Information

MPesa details, invoice history, transaction records

MPesa Details

Transaction codes and payment confirmation details

Transaction Records

History of payments and service charges

Device & Usage Information

Information automatically collected as you use our services

Device Information

IP address, browser type, mobile device information

Log Data

Actions taken on the platform, access times, usage patterns

Cookies & Tracking Technologies

Small data files stored on your device to enhance your experience

How We Use Your Information

Your information is used strictly for:

Service Delivery & Improvements

  • Delivering healthcare services via the platform
  • Appointment scheduling and management
  • Accessing and updating medical records

Patient Communications

  • Secure processing of payments
  • Sending service-related updates (SMS or email)

Information Sharing

We do not sell your data. Information may only be shared under the following conditions:

With Service Providers

For platform operations (bound by strict confidentiality)

Data Security

We apply robust security protocols including:

Security Measures

Encryption of stored and transmitted data

Where Your Data is Stored

Role-based access control for all health personnel

Secure servers located within compliant jurisdictions

How Long We Keep Data

  • Active data is retained for as long as your account is active
  • Inactive data is archived securely and deleted upon verified request
  • You may submit a deletion request via legal@citruslabs.co.ke

In Case of a Data Breach

Breach notification protocols, should any unauthorized access occur

Your Rights & Choices

As a Curis Patient, your rights include:

Access Your Information

You may request to view your personal data

Update Your Information

You may request corrections to inaccurate data

Request Data Deletion

You may request full data deletion

Opt Out of Communications

You may opt-out of marketing or non-essential communications

File a Privacy Complaint

If you have concerns about how your data is handled, you can file a complaint with our Privacy Officer.

Policy Updates

How We Update the Policy

We may revise this policy from time to time.

How You'll Be Notified

Any significant changes will be communicated via email or platform notification. The latest version will always be available at www.curis.ke/privacy.

Contact Us

For questions or concerns regarding your privacy:

Email Support

legal@citruslabs.co.ke

Phone Number

+254 112 400 000

Contact Privacy Officer

Mailing Address: P.O. Box 23983 - 00100, Nairobi, Kenya

Privacy Officer: Reachable through the contact email above