Data Protection Policy

Last updated: 26 May 2026

Operated by Eden World Company Limited · Dar es Salaam, Tanzania · esiri.africa

A Tanzanian Telemedicine Platform — Anonymous Patient Access · Verified Doctors · Mobile Money Payments

This policy applies to all data processed through the eSIRIPlus platform, including patient data and provider data.

Purpose

This policy describes the technical and organizational safeguards eSIRIPlus uses to protect health information at every layer of the platform. It sits alongside the eSIRIPlus Privacy Policy, which explains what patient information we collect and why.

1. Governing Principles

  • Privacy by design. Patient anonymity is built into the system architecture, not added as a setting. The patient identity schema contains no personally identifying fields by design.
  • Data minimization. We collect only the data necessary to deliver healthcare services.
  • Purpose limitation. Data is used only for the purposes described in the eSIRIPlus Privacy Policy and Provider Privacy Policy.
  • Regulatory alignment. Our data governance is aligned with the Tanzania Personal Data Protection Act (PDPA) and informed by international standards including GDPR principles.

2. Encryption

  • In transit. All data exchanged between your device and our servers uses TLS 1.2 or higher.
  • At rest. Stored data, including provider credentials and consultation records, is encrypted using AES-256.
  • Communications. Chat messages are encrypted in transit and at rest (AES-256). They are visible to your treating provider and are processed by our systems to generate your consultation report; chat history is automatically deleted 14 days after the consultation. Voice and video calls are encrypted in transit (DTLS-SRTP) and are never recorded or stored.

3. Authentication and Session Security

  • Patient security question answers are hashed using PBKDF2 before storage. The original answers are never stored on our servers at any point.
  • Session tokens expire automatically after 24 hours. A separate refresh token (valid up to 30 days) is used to issue new sessions securely. Each session is bound to a specific device and cannot be reused once it expires.
  • After 10 failed Patient ID recovery attempts, recovery is temporarily locked for 30 minutes to prevent unauthorized access.
  • Biometric data (fingerprint or face) used for device login is stored only on the user's own device and is never transmitted to or stored on eSIRIPlus servers.

4. Access Controls

  • Row Level Security is configured at the database level so that each patient can access only their own records — by design, not merely by policy.
  • No patient can view another patient's data.
  • Our team accesses personal data only where necessary to operate, support, and maintain the platform, under least-privilege access controls with audit logging of staff actions. Routine operations and analytics rely on anonymized or aggregated data.
  • Provider credentials are held in secure, access-controlled storage.

5. No Plaintext Secrets

Sensitive tokens, keys, and credentials are never stored as plain text in our applications. All such secrets are encrypted at rest using industry-standard methods.

6. Infrastructure and Data Location

  • Platform infrastructure is hosted on managed cloud infrastructure (Supabase) in a Central European (EU) region, with daily encrypted backups and a 99.9% availability target.
  • Auto-scaling is used to maintain performance during demand peaks.

Cross-border processing. Because our primary data centre is located in the European Union, some personal data is processed outside Tanzania. The EU maintains a strong, comparable data-protection framework, and we apply contractual and technical safeguards for these transfers consistent with the Tanzania Personal Data Protection Act.

7. Security Testing and Audits

  • We conduct regular internal security reviews and vulnerability testing of our systems.
  • Third-party penetration testing forms part of our security roadmap.
  • Security practices are reviewed and updated in line with current standards in healthcare data protection.

8. Anonymized and Aggregated Data

Where eSIRIPlus produces aggregated public-health insights — such as anonymized symptom and geographic trend data — that data contains no individual patient information, and any location used is generalized to district or region level.

Operational location data is resolved to a region → district → ward → street tuple and is attached only to an anonymous session record — never to a name or identity. It is captured to match patients with nearby providers and to surface local offers, and is not tracked continuously in the background.

9. Data Breach Response

In the event of a suspected data security incident, eSIRIPlus will:

  • Investigate the incident promptly
  • Take steps to contain and remedy it
  • Notify affected parties and the relevant Tanzanian authorities where required by law
  • Review and strengthen controls to prevent recurrence

10. Data Retention

Data typeRetention period
Consultation records7 years (Tanzanian healthcare regulations)
Chat messagesAutomatically deleted 14 days after the consultation
Payment recordsAs required by Tanzanian financial regulations
Patient ID and health profileUntil deletion is requested, subject to the periods above
Provider professional profileFor as long as the provider account is active

When you request deletion, your account enters a recovery grace period (30 days), after which your data is securely and permanently purged — subject to the legal retention periods above. Data that reaches the end of its retention period is likewise securely and permanently deleted.

11. Your Rights

Both patients and providers have the right to access the data held about them, correct inaccurate information, request deletion (subject to the legal retention periods in section 10), export their data, and withdraw consent. Patients can exercise these rights through in-app Help & Support; providers can do so through the Doctor Portal. These rights are described more fully in the eSIRIPlus Privacy Policy and Provider Privacy Policy.

12. Changes to This Policy

We may update this Data Protection Policy from time to time to reflect changes in technology, regulation, or platform practice. When we do, we will revise the “Last Updated” date above and notify users within the app where changes are significant.

13. Contact Us

eSIRIPlus · Eden World Company Limited · Dar es Salaam, Tanzania