CureTicket

Privacy Policy

Effective date: 01 Jan 2026

This Privacy Policy explains how CureTicket collects, uses, shares, and protects information when you use the Service.

1) Patient Data Minimization (Including Output-Only Name)

Stored patient data: We store only the clinic patient reference number (clinic card number) plus gender and year of birth (not full DOB), to support interoperability and potential future portability.

Patient name (output only; not stored server-side): A prescriber may enter a patient name for output only. The patient name is not stored by CureTicket servers or databases, and may be embedded in printable/QR outputs transmitted to intended recipients. Where enabled, encryption of such outputs may be performed on-device using a client-side randomly generated PIN. If a patient imports a prescription into the patient mobile app, the patient name may be stored encrypted locally on the patient's device, not on our servers.

Users must not enter national IDs or prohibited identifiers into free-text fields.

2) What We Collect

A) User/Account Data: name, phone, email (if provided), clinic/pharmacy/company information, licenses/verification documents, authentication data, and support communications.

B) Prescription/Service Data: prescription content and metadata required to operate the Service, routing identifiers (for example prescriber/pharmacy), timestamps, delivery/status logs, and stored patient fields listed above (clinic reference number, gender, year of birth).

C) Device/Usage Data: device/OS, app version, IP address, logs, diagnostic/performance information, and (where applicable) app-generated installation or device identifiers used for security, abuse prevention, and operating app features.

D) Payment/Commercial Data (if applicable): invoices, billing records, payment status, and transaction references for any paid features.

E) Patient Mobile App Data (Patients Only):

  • Camera permission: used to scan prescription QR codes and authorization QR codes; we do not require photo/video uploads for core functionality.
  • Local encrypted storage: prescriptions (including patient name for display) may be stored encrypted locally on the device and may be deleted when the app is uninstalled.
  • Installation identifier: the app may send an app-generated installation identifier to our servers when requesting authorization codes and when retrieving or refreshing prescription information, for security/abuse prevention and to provide the feature.
  • No biometric collection: the app may require device lock/biometrics for access control, but biometrics are handled by the operating system; we do not collect or store biometric data.

3) How We Use Information

We use information to:

  • Provide and operate the Service (create, store, display, transmit prescription content)
  • Authenticate users and prevent fraud/abuse
  • Enforce our Terms of Service
  • Provide customer support and service communications
  • Improve reliability, performance, and user experience
  • Produce aggregated, non-identifying insights about broad trends only when sufficient volume exists to avoid singling out any doctor, pharmacy, or clinic

4) What We Do Not Do

  • We are not an e-pharmacy: we do not sell, dispense, distribute, or deliver medications.
  • We do not influence prescribing or dispensing decisions and do not benefit based on what is prescribed.
  • We do not sell personal data.
  • We do not share doctors', pharmacies', or patients' names or contact details with third parties for their own marketing.
  • We do not provide individualized analytics stating that a particular doctor or pharmacy prescribed or dispensed specific amounts of any medication.

5) How We Share Information

We may share information only:

  • With service providers that help operate the Service (hosting, authentication, monitoring, security, content delivery) under obligations to protect data and use it only to provide services to us
  • If required by law, court order, or lawful governmental request
  • To protect rights/safety, investigate fraud/abuse, respond to security incidents, or enforce our Terms
  • As part of a merger, acquisition, reorganization, or asset transfer, subject to appropriate safeguards

Company profiles: Companies control what they choose to publish on the platform.

6) Security

We maintain commercially reasonable security measures consistent with widely available industry practices. However, no system can guarantee absolute security, including against vulnerabilities in third-party infrastructure, tools, or user devices.

7) Retention

We retain data as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and account status.

8) Requests and Rights

Subject to applicable law, you may request access, correction, deletion, or export of certain data. Please submit requests through our Contact page.

9) International Processing

We may process data in countries where we or our service providers operate, with safeguards consistent with this Policy.

10) Changes

We may update this Policy and will post the updated version with a new effective date.

11) Contact

For privacy questions or requests, please use our Contact page: Contact Us.