Multi-condition care across PK, SA, US, UK, and CA.

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect the following categories of information:

  • Personal identification: Name, email address, phone number, date of birth, gender
  • Health information: Medical history, condition details, relevant photos, current medications, allergies
  • Account information: Login credentials, communication preferences
  • Payment information: Billing address, payment method details (processed securely by our payment provider)
  • Usage data: Device information, IP address, browsing activity on our platform
  • Location data: Country of residence for service delivery and regulatory compliance

2. How We Use Your Information

Your information is used to:

  • Facilitate clinician consultations and create personalised treatment plans
  • Process prescriptions and coordinate with our pharmacy partner
  • Deliver treatments to your address
  • Send treatment reminders, follow-up notifications, and care updates
  • Process payments and manage your subscription
  • Improve our services and develop new features
  • Comply with legal and regulatory requirements

3. Data Sharing

We share your information only with: your assigned dermatologist and authorised clinical staff for treatment purposes; our licensed pharmacy partner for prescription fulfilment; payment processors for billing; courier services for delivery (name and address only); and as required by law. We never sell your personal or health data to third parties for marketing purposes.

4. Data Security

We implement industry-standard security measures including: encryption of all data in transit (TLS 1.3) and at rest (AES-256); role-based access controls limiting who can view patient data; regular security audits and penetration testing; secure, access-controlled data centres; and automatic session timeouts and multi-factor authentication for clinical staff.

5. Data Retention

We retain your personal data for as long as your account is active plus a reasonable period for legal compliance. Medical records are retained in accordance with applicable healthcare regulations for the markets we serve. You may request deletion of non-medical personal data at any time.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data and receive a copy
  • Correct inaccurate or incomplete data
  • Request deletion of your personal data (subject to legal retention requirements)
  • Restrict or object to certain processing of your data
  • Data portability (receive your data in a structured, machine-readable format)
  • Withdraw consent for optional data processing

7. Cookies

We use essential cookies for authentication and session management. We use analytics cookies to understand how our platform is used. You can control cookie preferences through your browser settings. Our platform functions with essential cookies only.

8. International Data Transfers

Your data may be processed in one or more jurisdictions required to provide VitalNoor services. We ensure appropriate safeguards are in place for any cross-border data transfers, including contractual protections and data localisation where required by local law.

9. Children's Privacy

Our services are available to individuals aged 16 and above. Users between 16 and 18 require parental consent. We do not knowingly collect data from children under 16. If we learn we have collected data from a child under 16, we will delete it promptly.

10. Contact Us

For privacy-related enquiries or to exercise your rights, contact our Data Protection Officer at [email protected]. We aim to respond to all privacy requests within 30 days.