Effective from April 22, 2026
DaktariSheba is a product of KiyanSolutions UG, a company registered in Germany. This policy applies to all users of our platform: patients, doctors, and ambulance service providers. It explains what data we collect when you use our platform, why we collect it, and how we keep it safe.
We do not sell, rent, trade, or otherwise monetise your personal or health data. We do not use health data for advertising or behavioural profiling for marketing purposes.
Data Controller: KiyanSolutions UG, operator of DaktariSheba. Where required by applicable law, we will designate a Data Protection Officer or EU Representative and publish the contact details accordingly. Until then, all privacy enquiries should be sent to [email protected] (Subject: Privacy Request).
Because DaktariSheba is operated by a German company, we process your data in line with the EU General Data Protection Regulation (GDPR) and applicable Bangladesh laws. Our legal bases are:
You can withdraw consent at any time from the app settings or by emailing [email protected]. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
AI features on DaktariSheba are optional and require your explicit consent before activation. AI systems are probabilistic, may be trained on historical patterns, and may produce inaccurate, incomplete, misleading, or outdated outputs — including outputs that appear confident. AI outputs are informational and educational only and are not a medical diagnosis, prescription, or substitute for professional medical advice.
Several features on DaktariSheba use third-party AI services to process your data. Specifically:
When you use these features:
You may decline or withdraw consent for AI feature usage at any time from Settings → Privacy → AI. Withdrawing consent does not affect the lawfulness of processing that occurred before withdrawal and does not affect your ability to book appointments, access records, or use other platform features.
AI infrastructure region. Backend AI orchestration runs on our EU-hosted infrastructure. When OpenAI or Google Gemini is invoked, the relevant inputs may be processed in the providers' US (or other) regions under Standard Contractual Clauses. Operational logs from AI features (used for debugging and abuse prevention) are retained for up to 30 days, after which they are deleted or anonymised, unless longer retention is required by law.
DaktariSheba is operated by KiyanSolutions UG in Germany, with infrastructure hosted in the European Union. Some of our service providers are located outside the European Economic Area (EEA):
For transfers outside the EEA, we rely on the Standard Contractual Clauses (SCCs) approved by the European Commission and, where available, supplementary technical and organisational measures such as encryption in transit and at rest. You can request a copy of the safeguards used for a specific transfer by contacting us at [email protected].
We engage carefully selected service providers (“Subprocessors”) who process personal data on our behalf under written data processing agreements that require confidentiality, security safeguards, and compliance with applicable data protection laws. Subprocessors act solely under our instructions and may not use personal data for their own independent purposes.
| Subprocessor | Purpose | Location |
|---|---|---|
| OpenAI, L.L.C. | AI Health Chat (GPT), voice transcription (Whisper) | USA |
| Google LLC | Gemini OCR for documents, Google Maps for nearby services | USA / Global |
| Amazon Web Services (AWS) | Application hosting, database, file storage | EU (primary), with limited US redundancy |
| Apple Push Notification service (APNs) | Push notification delivery on iOS | USA / Global |
| Firebase Cloud Messaging (FCM) | Push notification delivery on Android | USA / Global |
| Expo / EAS (Expo Application Services) | Over-the-air updates, build pipeline, crash symbolication | USA |
| SMS gateway providers | OTP and transactional SMS delivery | Bangladesh / Global |
| Email service provider | Transactional email delivery (verification, receipts, alerts) | EU / USA |
| Payment gateway partners | Processing payments and refunds | Bangladesh / Global |
This list may be updated as our infrastructure evolves. We will reflect any material change here and, where required by law, notify affected users.
Our mobile app is built with Expo and React Native. We keep the SDK footprint small and do not embed advertising or behavioural tracking SDKs. The third-party components used in the mobile app are:
We do not use Firebase Analytics, Google Analytics for Firebase, Crashlytics, Sentry, Mixpanel, Amplitude, Meta / Facebook SDK, AppsFlyer, or advertising SDKs inside the mobile app. If we add any of these in the future, we will update this policy and, where required, ask for your consent before they are enabled.
On the web, we use minimal first-party analytics for page-view counts and error reporting. See our Cookie Policy for details.
You can control permissions any time from your device settings. If a permission is denied, some related features may not work.
We never sell your personal or health data to advertisers or marketing companies.
Your data is encrypted both in transit and at rest. We use access controls, security audits, and monitoring to prevent unauthorized access. That said, no online system is perfectly secure, so we do our best but cannot guarantee absolute protection.
We keep your data while your account is active and as needed to meet legal, medical, accounting, and anti-fraud obligations under applicable Bangladesh laws and regulations. You can request deletion from within the app (Account Deletion) or by contacting us at [email protected]. Once a deletion request is confirmed, we delete or de-identify data that we are not legally required to retain.
Under GDPR and applicable Bangladesh laws, you can:
You can permanently delete your DaktariSheba account and all associated data in two ways:
Visit our dedicated Account Deletion page for instructions on how to request deletion by email. You can also email [email protected] from your registered email address or phone number.
What gets deleted: Your profile, personal details, health records, appointment history, and all associated data are permanently deleted. Anonymised, aggregated data that cannot identify you may be retained for platform analytics.
Retention period: Deletion is processed within 30 days. Certain data may be retained longer if required by Bangladesh law (for example, financial transaction records kept for up to 7 years).
The Services are intended for users aged 16 and above. We do not knowingly allow children under 16 to create their own DaktariSheba account or to provide personal data directly to us. Where required by applicable law, users between 16 and 18 may need parental or legal-guardian consent.
Health records for children under 16 may be managed by a parent or legal guardian through our Family Health Hub, using the guardian's own DaktariSheba account. In that case the guardian is responsible for the lawful basis to upload and manage the child's data.
If we become aware that an account has been created by a person under 16 without the required consent, we may suspend the account and delete associated data in accordance with applicable law.
If we make meaningful changes, we will let you know through the platform or by email. Continued use after an update means you accept the revised policy.
Data Controller: KiyanSolutions UG (Germany), operator of DaktariSheba.
For anything privacy-related:
Email: [email protected]
Phone: +880 1673-639809
Address: 56 Inner Circular (VIP) Road, Eastern Trade Center (3rd Floor), Room 07-10, Nayapaltan, Dhaka-1000