Privacy Policy
This Privacy Policy explains how the SireeNova platform processes information entered by participating hospitals and their authorized staff. It applies to all users of the platform.
Scope
This policy covers data processed through the platform, including donor records, blood inventory data, transfer requests, and account information used to sign in.
Data we process
Donor identifiers and clinical screening results, blood unit records, hospital operational data, and account credentials. Sensitive medical data is processed strictly for clinical and operational purposes.
Hospital privacy isolation
Donor and inventory records are visible only to staff of the hospital that created them. The platform enforces strict per-hospital isolation through row-level security at the database layer.
Role-based access control
Access is granted per role (doctor, hospital admin, platform super admin). Each role sees only the data needed to perform its function.
Multi-factor authentication
All accounts are protected by MFA. Privileged actions may require an additional step-up verification.
Audit logging
All access and changes to sensitive records are logged with the actor, timestamp, and action. Logs are reviewed for security and compliance purposes.
Secure cloud storage
Data is stored in encrypted form using industry-standard cloud infrastructure with transport-layer encryption (TLS) and at-rest encryption.
Data retention
Clinical records are retained for the duration required by medical record-keeping practice. Audit logs are retained for security review.
Your rights
Donors may request information about how their data is held by their hospital. Requests are processed by the hospital that holds the record.
Contact
For privacy questions, contact your hospital administrator or reach the platform team via the Contact page.