Privacy Policy | DIIP Mental Health

1. Who we are

Diip is a mental health clinic operated by Diip SMC Private Limited, a company registered in Pakistan. We provide psychiatric care, therapy programs, and psychological assessments through our clinic, website (diip.pk), web portals, and mobile application.

For the purposes of this policy, "Diip", "we", "us", and "our" refer to Diip SMC Private Limited. "You" and "your" refer to anyone who uses our services, visits our website, or interacts with our platforms.

Registered address: 23-B, Al-Rehmat Project, Old Ittefaq Foundry, Kot Lakhpat, Lahore, Punjab 54000, Pakistan

Privacy inquiries: privacy@diip.org

2. Information we collect

We collect different categories of information depending on how you interact with us:

Account information

When you create an account, we collect your name, phone number (used as your primary login), and optionally your email address. Staff and clinicians additionally provide professional credentials.

Client profile

For clients receiving care, we collect your legal name, preferred name, date of birth, sex at birth, pronouns, city and locality, and a photo for identification. Each client is assigned a unique medical record number (MRN). Where a guardian manages a minor's account, we record the relationship between the account holder and the client.

Clinical data

In the course of providing care, your clinician may record diagnoses, prescriptions (medications, dosages, and instructions), vitals (weight, blood pressure), clinical notes, treatment plans, lab orders and results, referrals, and follow-up recommendations. All clinical data is encrypted at rest using field-level encryption.

Financial data

We record payment amounts, payment method (e.g., cash, bank transfer, mobile payment), receipt numbers, invoices, and account balances. If you submit proof of payment, we store the uploaded image. We do not store credit card or debit card numbers.

Communications

Messages you send or receive through WhatsApp, email, or our in-app messaging are stored to maintain a record of your interactions with us. This includes message content, timestamps, and delivery status.

Appointment and enrollment data

We record your appointment history (dates, times, providers, locations, attendance), program enrollments, and scheduling preferences.

Device and technical data

If you use our mobile app and enable push notifications, we store a device token (a unique identifier for delivering notifications) and your device platform (iOS or Android). Our mobile app collects crash reports (stack traces, device model, OS version) to diagnose and fix technical issues. Crash reports are processed on our own self-hosted error tracking infrastructure and are not shared with any third party. Our mobile app does not access your camera, contacts, location, microphone, or other device sensors.

3. How we use your information

We use your information for the following purposes:

Providing care: Scheduling appointments, delivering clinical services, managing prescriptions, coordinating referrals, and maintaining your treatment history.
Communication: Sending appointment reminders, follow-up notifications, and responding to your inquiries via WhatsApp, email, or push notifications.
Billing: Generating invoices, processing payments, tracking account balances, and maintaining financial records.
Safety: Authenticating your identity, protecting your account, preventing fraud, and maintaining the security of our systems.
Quality improvement: Analyzing aggregate, de-identified usage patterns to improve our services. We use self-hosted analytics that do not track you across other websites.

We never sell your personal information. We do not use your clinical data for advertising, marketing, or training artificial intelligence models.

4. Legal basis for processing

We process your data under the following legal bases, aligned with internationally recognized data protection principles:

Healthcare provision

Processing of clinical data (diagnoses, prescriptions, notes, vitals, lab results) is necessary for the provision of healthcare services. This data is processed as part of the therapeutic relationship between you and your clinician, and its retention is essential for continuity of care.

Legitimate interests

We process account data, appointment history, and financial records based on our legitimate interest in operating our clinic, maintaining accurate medical and financial records, and protecting against legal claims.

Consent

We obtain your explicit consent before sending you messages via WhatsApp, marketing communications, and push notifications. You may withdraw consent for these at any time. Withdrawal of consent for communications does not affect the processing of your clinical data, which is retained under the healthcare provision basis described above.

Applicable law

We comply with the Constitution of Pakistan (Article 14, right to privacy), the Prevention of Electronic Crimes Act 2016 (PECA), and the Mental Health Ordinance 2001 (Section 50, patient confidentiality; Section 51, informed consent). We voluntarily align with internationally recognized data protection standards and will comply with any data protection legislation enacted in Pakistan.

5. Information sharing

We share your information only as described below. We do not sell, rent, or trade your personal information to third parties.

Your care team

Your clinician and assigned staff have access to your clinical and scheduling data to the extent necessary for delivering your care. Providers can only access data for clients with whom they have an active treatment relationship.

Service providers

We use the following third-party services to operate our platform:

Service	Purpose	Data shared
WhatsApp Cloud API (Meta)	Messaging and OTP delivery	Phone number, message content
Email provider (SMTP)	Transactional email	Email address, notification content
Expo Push Service (Expo, Inc.)	Mobile push notification relay	Device token, notification title and body
Apple Push Notification service / Google Firebase Cloud Messaging	Mobile push notification delivery	Device token, notification title and body (relayed via Expo)

Our analytics and video conferencing systems are self-hosted on our own infrastructure. Data processed by these systems does not leave our servers.

Legal requirements

We may disclose your information if required by law, court order, or lawful request from a government authority. We will notify you of such requests unless prohibited by law.

6. Data storage and security

Where your data is stored

Our servers are hosted in Germany. Some data is transmitted to third-party services whose servers are located outside Pakistan (see Section 5). All data transmitted to third-party services is encrypted in transit using TLS.

How we protect your data

Encryption at rest: All clinical data (diagnoses, prescriptions, clinical notes, medication records, referrals) and your date of birth are encrypted at rest using field-level encryption.
Encryption in transit: All connections to our servers use HTTPS with TLS. Our database connections use SSL.
Passwords: Stored using industry-standard one-way hashing. We never store passwords in plain text.
Access control: Staff access is limited by role and capability. Clinicians can only access data for clients they actively treat.
Two-factor authentication: Enforced for all administrative access.
Brute force protection: Accounts are temporarily locked after repeated failed login attempts.
Mobile app: Authentication tokens are stored in your device's secure storage (iOS Keychain or Android Keystore). App data backup is disabled.

7. Data retention

We retain different categories of data for different periods:

Data category	Retention period	Reason
Clinical records	10 years after last interaction	Continuity of care and professional medical standards
Financial records	7 years after transaction	Tax and audit requirements
Messages and conversations	3 years after resolution	Support history and dispute resolution
Inactive accounts (no clinical data)	3 years after last login	Account recovery
Analytics data	24 months	Service improvement

When you request account deletion, we delete your account data and non-clinical information within 30 days. Clinical records are retained for the period stated above to support continuity of care — they are de-identified (unlinked from your account) rather than destroyed. This is standard medical practice and is consistent with the healthcare provision basis described in Section 4.

8. Children and minors

We provide mental health services to clients of all ages, including children.

Under 16: A parent or legal guardian must create and manage the account on behalf of the child. The guardian's consent is required before any clinical data is collected or treatment begins, consistent with Section 51 of the Mental Health Ordinance 2001.
16 and older: Individuals may create and manage their own account. For clients under 18, parental consent for treatment is obtained as part of the clinical intake process.

We do not knowingly collect data from children under 16 without parental or guardian involvement. If you believe a child under 16 has created an account without parental consent, please contact us at privacy@diip.org and we will promptly address it.

9. Your rights

You have the following rights regarding your personal data:

Access: You may request a copy of the personal data we hold about you.
Correction: You may request correction of inaccurate or incomplete data. You can update most account information directly through the app or portal.
Deletion: You may request deletion of your account and personal data. Clinical records will be de-identified and retained as described in Section 7.
Portability: You may request your data in a structured, machine-readable format.
Withdraw consent: You may withdraw consent for WhatsApp messages and push notifications at any time through your notification preferences or by contacting us.
Object: You may object to processing based on legitimate interests. We will cease processing unless we have compelling grounds that override your interests.

To exercise any of these rights, contact us at privacy@diip.org. We will respond within 30 days. We may need to verify your identity before processing your request.

10. Cookies and analytics

Cookies

Our website and portals use a minimal number of cookies:

Session cookie: Maintains your login session in the admin panel. Expires after 2 weeks of inactivity.
CSRF cookie: Protects against cross-site request forgery attacks. A security measure, not used for tracking.

Our web portals (client portal, staff portal) use local storage — not cookies — to store your authentication tokens. These tokens are only accessible to our application and are not sent to third parties.

Analytics

We use a privacy-focused analytics platform that we self-host on our own servers. Our analytics:

Do not use cookies
Do not store IP addresses
Do not track you across other websites
Use a daily-rotating anonymous hash that cannot be used to identify you after 24 hours

We collect page URLs, referrer information, browser type, device type, and city-level location (derived from your IP address, which is then immediately discarded). When you are logged in, your activity is associated with your account for understanding service usage patterns.

Analytics data never leaves our infrastructure and is not shared with any third party.

11. WhatsApp communications

We use the WhatsApp Cloud API (operated by Meta Platforms, Inc.) to send you appointment reminders, one-time verification codes (OTP), and other service-related messages.

We only send WhatsApp messages after you provide explicit opt-in consent. The method and time of your consent are recorded.
Messages are end-to-end encrypted by WhatsApp's protocol.
Your phone number and message content are transmitted to Meta's infrastructure for delivery. Meta processes this data as described in their privacy policy.
You can opt out of WhatsApp messages at any time by updating your notification preferences in the app or by contacting us. Opting out does not affect your ability to receive care.

12. Telehealth sessions

Video sessions are conducted through infrastructure that we self-host on our own servers. Your audio and video streams are transmitted directly between your device and our server — they do not pass through any third-party infrastructure.

We record session metadata (start time, end time, participant join times) for operational purposes. We do not record audio or video content of your sessions.

13. Limits of confidentiality

Your clinical information is confidential and will not be disclosed without your consent except in the following circumstances, as recognized by Pakistani law and professional medical ethics:

Risk of harm: If your clinician believes there is a serious and imminent risk of harm to you or another person.
Child protection: If there is reasonable suspicion of abuse or neglect of a minor.
Court order: If we receive a valid court order or other legally binding directive requiring disclosure.
Continuity of care: When referring you to another healthcare provider, with your knowledge, we may share relevant clinical information to ensure safe and effective care.

Your clinician will inform you of these limits at the start of your treatment relationship.

14. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify you through the app, by email, or by posting a notice on our website. The "Last updated" date at the top of this page indicates when the most recent changes were made.

Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

15. Contact us

If you have questions about this policy, want to exercise your rights, or have concerns about how we handle your data, contact us:

Email: privacy@diip.org

General inquiries: frontdesk@diip.org

Address: Diip SMC Private Limited, 23-B, Al-Rehmat Project, Old Ittefaq Foundry, Kot Lakhpat, Lahore, Punjab 54000, Pakistan