1. Introduction
This Privacy Policy describes how T-care Systems Ltd(“T-care Africa”, “we”, “us”, or “our”) collects, uses, discloses, and safeguards your information when you use our healthcare technology products and services, including the T-care Plus patient mobile application, the T-care HMS hospital management system, the HiSynqplatform, and our websites (collectively, the “Services”).
T-care Systems Ltd is a healthcare technology company founded in Kenya in 2017 and operating across The Gambia, Kenya, Senegal, and Nigeria. We are committed to handling your personal and health information responsibly, transparently, and in accordance with applicable data protection laws.
By creating an account, downloading our app, or otherwise using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.
2. Scope of this Policy
This policy applies to information processed through the T-care Plus mobile app and our patient-facing Services. T-care Plus is used to register with healthcare facilities, book and pay for services, verify your identity, and view your medical records.
When you receive care at a hospital or clinic that uses T-care HMS, that facility is the controller of the clinical records it creates about you, and we process that information as a processoron the facility’s behalf and under its instructions. Where this policy refers to information we collect directly from you through T-care Plus, we act as the controller of that information.
3. Information We Collect
3.1 Information you provide to us
When you register and use T-care Plus, we collect:
- Account & identity details: phone number, first / middle / last name, date of birth, gender, marital status, nationality, location, and (optionally) blood group and occupation.
- Identity documents:government ID type and number (national ID, passport, driver’s license, voter’s card, alien ID, or birth certificate), and photographs of the front and back of your ID document submitted for verification.
- Biometric / facial images: selfie photos and short liveness-check captures (e.g. blink, smile, or head-turn) submitted during identity verification to confirm that you are a real, present person and that you match your ID.
- Next of kin / emergency contact: the name and phone number you optionally provide.
- Facility selections: the hospitals, clinics, laboratories, or pharmacies you choose to register with.
- Booking & payment details: services you book, preferred appointment dates and times, notes, the mobile-money provider you link (e.g. Wave or Waychit), and the wallet phone number used for payment.
- Authentication credentials: a 6-digit PIN you set. Your PIN is hashed and is never stored or transmitted in plain text.
- Communications: messages, feedback, correction requests, and support enquiries you send us.
3.2 Health information
Through the Services you may view and store sensitive health information, including medical reports, laboratory results, radiology / imaging results, prescriptions, diagnoses, blood group, and appointment history. See Health Information for how we treat this data.
3.3 Information collected automatically
- Device & technical data: device type (iOS or Android), operating system, app version, and a push-notification device token (when you enable notifications).
- Authentication & usage data: login times, last-login timestamp, and security events such as sign-ins from a new device.
- Log data: standard server logs generated when your app communicates with our backend (e.g. request timestamps and error information) used to operate and secure the Services.
We do not use third-party advertising networks, and we do not sell your personal information.
4. Device Permissions
The T-care Plus app requests the following device permissions. Each is used only for the stated purpose, and most are requested at the moment the feature is used. You can change permissions at any time in your device settings, though some features may not work without them.
| Permission | Why we use it |
|---|---|
| Camera | Capture your ID document and selfie / liveness images during identity verification. |
| Photos & media | Let you select an existing photo of your ID document from your gallery for upload. |
| Storage / files | Temporarily cache captured images and generate PDF copies of your medical reports for download or sharing. |
| Notifications | Send appointment reminders, results-ready alerts, KYC and security notices, and payment receipts (only the categories you enable). |
| Internet & network | Communicate securely with our servers to deliver the Services. |
5. How We Use Your Information
We use the information we collect to:
- Create and manage your account and authenticate your sign-ins.
- Register you with the healthcare facilities you select.
- Verify your identity and prevent fraud, impersonation, and duplicate records.
- Enable you to book appointments, services, and process payments.
- Make your medical reports, lab and imaging results, and prescriptions available to you.
- Send transactional and service communications, including appointment reminders, results-ready alerts, security alerts, and payment receipts.
- Provide customer support and respond to your requests.
- Operate, maintain, secure, debug, and improve the Services, and protect against abuse.
- Comply with legal, regulatory, and healthcare record-keeping obligations.
6. Legal Bases for Processing
Where applicable data protection law requires a legal basis, we rely on:
- Consent — which you give when you accept this policy at registration and when you submit biometric and identity-verification data. You may withdraw consent at any time (see Your Rights).
- Performance of a contract — to deliver the Services you request, such as bookings, payments, and access to your records.
- Legal obligation — to meet identity-verification, healthcare, and record-retention requirements.
- Legitimate interests — to secure the Services, prevent fraud, and improve our products, balanced against your rights.
7. Health Information
We treat health information as a special category of data.
Medical reports, laboratory and imaging results, diagnoses, prescriptions, and blood group are highly sensitive. We apply heightened safeguards and only make this information available to you and to authorised healthcare staff at the facility responsible for your care.
Health records are generated by the healthcare facilities you visit and are made accessible to you through T-care Plus. We do not use your health information for advertising, and we never sell it. Access to health data within our systems is limited to personnel and facility staff who need it to provide or support your care, and is governed by role-based access controls.
8. Identity Verification (KYC)
To protect patients and keep medical records accurate, T-care Plus includes a Know Your Customer (KYC) identity-verification step. During this process we collect images of your government-issued ID and facial / liveness images, and you confirm whether the matched record belongs to you or a family member.
We use this information solely to:
- Confirm your identity and that you are a live, present person;
- Match you to the correct patient record;
- Detect and prevent fraud, impersonation, and duplicate or mismatched records.
Identity verification is performed by T-care and authorised reviewers acting on behalf of the relevant facility. We do not use your ID or facial images to build facial-recognition profiles for any purpose other than the verification described above. If you prefer, you may choose in-person verification at a facility instead of submitting images through the app.
10. Data Retention
We retain personal information for as long as your account is active and as needed to provide the Services. Health and medical records, and identity-verification records, may be retained for longer where required by applicable healthcare, financial, and record-keeping laws. When information is no longer required, we delete or anonymise it.
Identity-verification images are retained only as long as necessary to complete and evidence the verification, or as required by law, after which they are securely deleted.
11. Data Security
We use technical and organisational measures to protect your information, including encryption of data in transit (HTTPS / TLS), hashed PINs, token-based authentication with short-lived access tokens, role-based access controls, and restricted server access. No method of transmission or storage is completely secure, so while we work hard to protect your data we cannot guarantee absolute security. Please keep your PIN confidential and notify us immediately if you suspect unauthorised access to your account.
12. Your Rights & Choices
Subject to applicable law, you have the right to access, correct, update, or delete your personal information, to object to or restrict certain processing, to withdraw consent, and to request a copy of your data in a portable format. You can:
- View and update much of your profile information directly in the app;
- Manage which notification categories you receive in the app’s notification settings;
- Control device permissions through your device settings;
- Submit a correction request during identity confirmation if your record details are wrong.
To exercise any right, contact us at tcareafrica@gmail.com. We will respond within the timeframe required by applicable law. Note that some health records are controlled by your healthcare facility, and requests relating to those records may be directed there.
13. Account & Data Deletion
You may request deletion of your account and associated personal data at any time by emailing tcareafrica@gmail.com from the phone number or email linked to your account, or by using the account-deletion option in the app where available. Upon verifying your request, we will delete or anonymise your personal information, except where we are required or permitted by law to retain certain records (for example, medical records subject to mandatory retention periods, or information needed to comply with legal, tax, or fraud-prevention obligations). We will tell you what, if anything, must be retained and for how long.
14. Children’s Privacy
The Services are intended for use by adults. Minors may receive care and have records managed through the app only by a parent or legal guardian who registers and consents on their behalf and identifies the relationship during verification. We do not knowingly collect personal information directly from children without such authorisation. If you believe a child’s information has been provided to us improperly, please contact us so we can take appropriate action.
15. International Data Transfers
We operate across The Gambia, Kenya, Senegal, and Nigeria, and we may use cloud infrastructure located in other countries. Where your information is transferred across borders, we take steps to ensure it remains protected consistent with this policy and applicable law.
16. Third-Party Services
The Services rely on a limited set of third-party components, such as cloud hosting, map / location display for finding facilities, SMS / OTP delivery for phone verification, and mobile-money providers for payments. These third parties process information only as needed to provide their functionality. Their handling of your data is governed by their own privacy policies. The Services may also link to external sites or apps that we do not control and that are not covered by this policy.
17. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will revise the “Last updated” date at the top of this page and, for material changes, provide additional notice through the app or by other means. Your continued use of the Services after an update takes effect constitutes acceptance of the revised policy.
18. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:
- T-care Systems Ltd
- Sukuta JolaKunda, WCR, The Gambia
- Email: tcareafrica@gmail.com
- Phone: +220 754 9736
- Web: tcaregm.cloud
