Effective date: July 1, 2025

This Privacy Policy explains how Integrated Health Services (IHS) ("we", "us", "our") collects, uses, discloses, and protects information when you use our mobile application (the "App"), our website, or other services (collectively, the "Services"). This Policy describes the data we collect when you: (a) install or use the App, (b) visit our website, or (c) communicate with us.

1. Scope & App Store Compliance

This Policy covers our practices for both mobile and web platforms. We maintain a privacy policy URL in the Google Play Console and in App Store Connect and disclose our data practices as required by both Google Play and the Apple App Store. Please note that we also complete any required developer declarations (such as Google Play's Data Safety and Apple's App Privacy information) to accurately reflect the data types and uses described here.

2. Information We May Collect

We collect information that helps us provide, maintain, and improve the Services. This may include:

2.1 Personal Identification Information

• Name, email address, phone number, postal address.
• Account credentials (username, password) and profile information.

2.2 Health & Medical Information (Sensitive Data)

Because the App is a health services application, it may collect information relating to your health (medical history, treatment data, vitals, medications, symptoms, appointments). Health data is sensitive and subject to additional protections under laws such as the EU GDPR (special categories of personal data) and other regional laws; we handle it with heightened safeguards and only with your explicit consent unless otherwise permitted by law.

2.3 Device & Usage Data

• Device identifiers (e.g., device model, operating system version, unique device ID)
• App usage data, crash reports, performance logs, and analytics
• IP address, language, timezone, and server logs

2.4 Location & Sensors

With your permission, we may collect precise or coarse device location and sensor data (accelerometer, gyroscope) required for certain app features. We request such permissions at runtime and provide in-app explanations for needed sensors.

2.5 Payment & Billing

If you make purchases or pay for services, payment details are processed by third-party payment processors; we do not store full payment card numbers on our servers unless otherwise stated and only with explicit consent.

2.6 Third-Party Data

We may obtain data about you from third parties (e.g., identity verification providers, labs, healthcare providers) when you authorize such sharing.

3. How We Use Your Information

• To provide, maintain, and improve the App and Services.
• To deliver health services, appointment scheduling, telehealth, or treatment-related features.
• To communicate with you (notifications, e-mails, appointment reminders).
• For research, quality improvement, analytics and product development (aggregated or pseudonymized where possible).
• To comply with legal obligations, protect safety, or respond to lawful requests.

4. Legal Bases for Processing (where applicable)

For users in jurisdictions such as the EU, we rely on one or more lawful bases to process personal data, including:

• Your consent (for optional features such as analytics, targeted communications, or collection of sensitive health data where required).
• Performance of a contract (to deliver services you request).
• Legal obligations (to comply with applicable laws).
• Legitimate interests (where permitted, balanced with your rights and freedoms).

5. Sharing & Disclosure

We do not sell your personal data. We may share personal information in the following circumstances:

• With healthcare providers, labs, insurers, or other service providers you engage through the App to provide care.
• With third-party service providers (hosting, analytics, crash reporting, payments) that process data on our behalf under contract. We disclose the categories of data and purposes in the App Store / Play Console declarations.
• To comply with legal process, law enforcement, or government requests, or to protect rights, safety, or property.
• In connection with business transfers (e.g., merger, sale), subject to contractual protections for user data.

6. Third-Party Services, SDKs & Analytics

We use third-party SDKs and services (such as analytics, crash reporting, mapping, payment processors). These third parties may collect device identifiers and usage telemetry. We list these providers in our developer declarations for app stores and, where feasible, within the App's settings. You can opt out of certain analytics where described in-app.

7. Cookies & Similar Technologies (Website)

Our website uses cookies and similar technologies for site functionality, analytics, and performance. You may manage cookie preferences via your browser or through any preference controls we provide on the site.

8. Security

We implement technical and organizational measures to protect personal data (encryption at rest and in transit where appropriate, access controls, regular security reviews). However, no system is completely secure; if a breach affecting your personal data occurs, we will notify you and regulators where required by law.

9. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and purpose; specific retention schedules are available upon request.

10. Children & Minors

The App and Services are not directed to children under the age of 13 (or higher age where local law requires). We do not knowingly collect personal data from children without parental consent. If you believe we have collected a child's data, contact us to request deletion.

11. Your Rights & Choices

Depending on your location and applicable law you may have rights including:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete information.
• Deletion: request deletion of your personal data (subject to legal exceptions).
• Restrict or object to processing, and portability where applicable.
• Withdraw consent for processing you previously agreed to (withdrawal does not affect processing already lawfully carried out).

To exercise your rights, contact us using the details below. We will respond in accordance with applicable law.

12. Sensitive Health Data — Additional Protections

Health information is treated as sensitive. We will only collect or process health data where you provide explicit consent for the specific purpose (unless another lawful basis applies). We apply enhanced safeguards, limit access to authorized personnel, and require strict contractual protections for third-party processors. For users in the EU and similar jurisdictions, special-category data processing is carried out only where lawful conditions are satisfied (for example explicit consent or health care provision permitted under law).

13. International Transfers

We may transfer personal data to countries with different data protection laws. Where required, we use legal safeguards (e.g., standard contractual clauses) or rely on adequacy decisions. Contact us for details about specific transfers.

14. App Permissions & In-App Disclosures

The App will request permissions at runtime (e.g., location, camera, contacts) and will provide clear, contextual reasons for each request. You may revoke permissions via your device settings at any time; revoking permissions may disable certain features. We also publish in-app disclosures and maintain consistency between the App's behavior and the privacy / data safety information submitted to Google Play and Apple App Store.

15. Links to Other Sites

The Services may link to third-party websites or services not controlled by IHS. We are not responsible for third-party practices. Review third-party privacy policies before providing information.

16. Changes to This Policy

We may update this Policy to reflect changes in our practices, legal requirements, or app store rules. When we make material changes, we will notify users via the App or by other means and update the "Effective date" above. You should review this Policy periodically.

17. Contact & Data Protection Officer

If you have questions, requests, or complaints about this Privacy Policy or our data practices, contact:

Integrated Health Services (IHS)
Email: privacy@ihspakistan.com
Address: Integrated Health Services (IHS)
G-8 Markaz G 8 Markaz G-8, Islamabad, 44000

If you are a resident of a jurisdiction with a supervisory authority (such as the EU), you may also lodge a complaint with your local data protection authority.

18. Additional Notices for App Store Submission

We maintain accurate App Store and Google Play disclosures, including:

• The types of data collected (and whether they are linked to the user)
• Purposes of data collection
• Third parties with whom data is shared
• Whether data is used for tracking or advertising (and an opt-out if applicable)

These disclosures are completed in App Store Connect and Play Console as part of the app submission process. Failure to keep declarations consistent with actual practices may lead to enforcement action by the stores.