✚
✚
✚
← Back to EaseMed
πŸ›‘οΈ

Privacy Policy

EaseMed Clinical Clerk System · How we collect, use, and protect your personal data
We are committed to your privacy. Please read this policy carefully.

πŸ“… Effective: July 2026 🌍 Uganda πŸ”’ Data Protected πŸ“„ 12 Sections
πŸ“§ What We Collect Your name, email, professional role, institution, and the clinical records you create on the platform.
🎯 Why We Use It To run your account, power your clerking modules, and allow authorised supervisors to review your work.
🚫 We Never Sell It Your personal data is never sold, rented, or shared with advertisers or any commercial third party.
1

Who We Are

EaseMed is a clinical clerking and medical education platform built specifically for medical students, intern doctors, clinical officers, nurses, and other healthcare learners β€” primarily within Uganda and across East Africa. The platform is structured around Hutchison's Clinical Methods (25th Edition) and provides structured modules for history-taking, patient documentation, and ward round preparation during clinical attachments.

This Privacy Policy explains who we are, what personal data we collect when you use EaseMed, why we collect it, how we store and protect it, who we share it with, and what rights you have over your own data. It applies to all users of the EaseMed platform, including students, clinicians, educators, and administrators.

By registering for an EaseMed account or using any feature of the platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your data as described herein. If you do not agree, you must not use EaseMed.

πŸ“Œ Who is the Data Controller? EaseMed acts as the data controller for account and profile information you provide. For patient-related clinical data that you enter into the platform during clerking sessions, you β€” the user β€” act as the data controller, and EaseMed acts only as a data processor storing that data on your behalf.
2

Information We Collect

We collect different categories of information depending on how you interact with EaseMed. Below is a full breakdown of what we collect, what it includes, and why:

CategoryWhat It IncludesWhy We Collect It
Account Information Full name, email address, phone number (optional), professional role, university or institution, year of study, license number (optional), practice location or hospital To create, verify, and manage your EaseMed account and personalise your experience
Clinical Records Patient clerking data you enter into modules β€” including presenting complaints, history of presenting complaint, past medical history, examination findings, review of systems, and management plans To power your clerking sessions, save your work, and allow authorised supervisors or administrators to review clerkship activity
Session & Security Data Login timestamp, IP address, browser type, device/operating system information, session duration To monitor for unauthorised access, enable admin oversight of active users, and maintain platform security
Google OAuth Data Name, email address, and Google profile picture (if you choose to sign in with Google) To authenticate your identity without requiring a separate EaseMed password
Usage & Analytics Data Pages visited, modules opened, time spent on platform, error events β€” collected anonymously via Vercel Analytics To understand how the platform is being used, identify bugs, and improve the overall experience
Communication Data Content of emails or messages you send to our support address To respond to your queries, support requests, or data rights requests

We collect only the information that is necessary for the above purposes. We do not collect biometric data, financial information, or government-issued identification numbers. Optional fields (such as phone number and license number) are never required to access the platform.

3

How We Use Your Information

EaseMed uses the personal information we collect for clearly defined, legitimate purposes related to delivering, maintaining, and improving the platform. Specifically, we use your data to:

  • Create, authenticate, and maintain your EaseMed account securely
  • Allow you to access and use the clinical clerking modules appropriate to your role and year of study
  • Save, retrieve, and display the patient clerking records you create within the platform
  • Enable authorised EaseMed administrators and clinical supervisors to monitor clerkship activity, review student records, and track ward round readiness within their institution
  • Monitor login sessions and IP addresses for security purposes and to detect and respond to unauthorised access attempts
  • Send you important account-related communications β€” such as email verification links, password reset emails, and account activation or expiry notifications
  • Respond to support queries, data rights requests, or feedback you send us directly
  • Analyse anonymous, aggregated usage patterns to identify bugs, improve platform stability, and guide future development of EaseMed's features and modules
  • Comply with any applicable legal obligations, court orders, or regulatory requirements
βœ… We Do Not Use Your Data for Advertising EaseMed does not run advertisements of any kind. Your personal data is never used to build advertising profiles, target you with commercial offers, or generate revenue through data monetisation. We have no advertising partners and no data broker relationships.

We process your data on the following legal bases: (a) contract β€” to deliver the service you signed up for; (b) legitimate interests β€” for security monitoring and platform improvement; and (c) legal obligation β€” where required by applicable law.

4

Patient Data & Your Responsibility

When you use EaseMed to document a patient encounter during a clinical attachment, ward round, or clerking session, you may enter health-related information about that patient. This is the most sensitive category of data that flows through EaseMed, and it requires careful handling.

As the person entering patient data into EaseMed, you are the data controller for that information. EaseMed acts only as a data processor β€” storing and displaying that data at your direction. This means that the legal and professional responsibility for how patient data is handled rests primarily with you, not with EaseMed.

By entering any patient-related information into EaseMed, you confirm that:

  • You have the right under your institution's policies to document this patient encounter using a digital tool
  • You are complying with all applicable patient confidentiality obligations, including Uganda's National Health Policy and the ethical codes of your professional body
  • You understand that EaseMed is not a legally recognised medical records system and must not be used as such
  • You will not enter information in a way that would allow a third party to identify a specific patient without additional context
⚠️ Anonymise All Patient Records β€” This Is Critical Do not enter full patient names, National ID numbers, hospital file numbers, addresses, phone numbers, or any other directly identifying information into EaseMed. Use initials, ward-assigned codes, or anonymised patient identifiers at all times, in full compliance with your hospital's data handling protocols. EaseMed does not require identifying patient details to function.

EaseMed accepts no liability for confidentiality breaches, professional sanctions, or legal consequences that arise from a user entering identifiable patient data into the platform in violation of their institutional or professional duties. If you are ever unsure whether certain patient information is appropriate to enter into EaseMed, do not enter it β€” document it through your hospital's official channels instead.

5

Where Your Data Is Stored

EaseMed uses Supabase as its primary backend database, authentication, and storage provider. Supabase is a trusted, enterprise-grade cloud infrastructure provider built on top of PostgreSQL and hosted on Amazon Web Services (AWS). Your data is stored on Supabase's secure servers, which may be physically located outside of Uganda.

Supabase implements the following security measures to protect your data:

  • Encryption at rest: All stored data is encrypted using AES-256, one of the strongest encryption standards available.
  • Encryption in transit: All data transmitted between your device and Supabase's servers is encrypted using TLS (Transport Layer Security), preventing interception.
  • Access controls: Database access is governed by Row-Level Security (RLS) policies, ensuring that users can only access their own data unless explicitly granted broader permissions by an administrator.
  • SOC 2 compliance: Supabase maintains SOC 2 Type II certification, demonstrating rigorous standards for security, availability, and confidentiality.
  • Regular backups: Supabase performs automated database backups to protect against data loss.

EaseMed is also hosted on Vercel, a secure cloud hosting platform. Vercel handles the delivery of EaseMed's web application and collects anonymous analytics data. Vercel operates its own privacy and security standards, which you can review at vercel.com.

πŸ“Œ Cross-Border Data Transfer By using EaseMed and creating an account, you consent to your personal data being transferred to and stored on servers outside of Uganda, as part of the Supabase and Vercel infrastructure. We ensure that these providers maintain appropriate security and privacy standards.
6

Sharing Your Information

EaseMed does not sell, rent, license, or share your personal data with any third party for commercial, marketing, or advertising purposes. We share your data only in the following limited, clearly defined circumstances:

  • Authorised Administrators & Supervisors: EaseMed administrators at your institution β€” such as clinical supervisors, medical educators, or department coordinators β€” may have access to your account status, profile information, clerking records, and session activity for the purpose of academic oversight, clerkship review, and ward round preparation. This is a core part of how EaseMed functions as an institutional learning tool.
  • Service Providers: We share necessary data with our infrastructure providers β€” Supabase (database and authentication) and Vercel (hosting and analytics) β€” solely to the extent required to deliver and operate EaseMed. These providers are bound by their own data processing agreements and do not use your data for any independent purpose.
  • Google (OAuth): If you choose to sign in using your Google account, limited authentication data is exchanged with Google as part of the OAuth process. See Section 7 for full details.
  • Legal Obligations: EaseMed may be required to disclose certain data if compelled to do so by a valid legal process, court order, regulatory authority, or applicable Ugandan law. We will only disclose the minimum information required to comply with such obligations, and will notify affected users where legally permitted to do so.
  • Protection of Rights: In cases where we believe disclosure is necessary to protect the safety of EaseMed users, prevent fraud or misuse of the platform, or protect the legal rights of EaseMed and its developers, we may share relevant data with appropriate parties.
βœ… No Sale of Data β€” Ever EaseMed has never sold user data and commits to never doing so in the future. This applies to all categories of data described in this policy, including account information, clinical records, and session data.
7

Google Sign-In & OAuth

EaseMed offers the option to sign in using your existing Google account through Google's OAuth 2.0 authentication system. This is provided as a convenience β€” you are never required to use Google sign-in and may always choose to register with an email address and password instead.

When you choose to sign in with Google, the following occurs:

  • Google verifies your identity and shares your name, email address, and profile picture with EaseMed via a secure, encrypted token.
  • EaseMed uses this information to create or log in to your EaseMed account. Your Google profile picture may be used to personalise your account display.
  • EaseMed does not receive your Google password, payment information, contacts, calendar data, or any other Google account data beyond what is described above.
  • EaseMed does not post, modify, or delete anything in your Google account. We only read the basic profile information you authorise at sign-in.

Your use of Google sign-in is also governed by Google's Privacy Policy and Terms of Service. EaseMed is not responsible for Google's data practices. If you do not wish to share your Google account data with EaseMed, please use email and password sign-in instead.

You may revoke EaseMed's access to your Google account at any time through your Google Account settings under "Third-party apps with account access." Revoking access will prevent future Google sign-ins but will not delete your EaseMed account or the data already associated with it.

8

Your Rights

As a user of EaseMed, you have the following rights with respect to your personal data. These rights apply to the information EaseMed holds about you as a data controller β€” i.e., your account and profile data, session records, and any other personal information you have provided directly to EaseMed.

πŸ‘οΈ
Right to AccessYou may request a copy of the personal data that EaseMed holds about you. We will provide this in a readable format within 14 working days of a verified request.
✏️
Right to RectificationIf any personal data we hold about you is inaccurate or out of date, you have the right to ask us to correct it. You may update basic profile information directly within the platform.
πŸ—‘οΈ
Right to ErasureYou may request the deletion of your EaseMed account and all personal data associated with it. We will action verified deletion requests within 30 days, subject to any legal retention obligations.
πŸ“¦
Right to Data PortabilityYou may request a copy of your personal data and clinical records in a portable, machine-readable format (such as JSON or CSV), allowing you to transfer your data to another service.
🚫
Right to ObjectYou may object to how EaseMed is processing your personal data, particularly where processing is based on legitimate interests. We will review and respond to all valid objections.
⏸️
Right to RestrictionIn certain circumstances, you may ask EaseMed to restrict the processing of your data β€” for example, while a dispute about its accuracy is being resolved.
↩️
Right to Withdraw ConsentWhere EaseMed relies on your consent to process data, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
πŸ“§
How to Exercise Your RightsEmail support@easemedapp.site with the subject line "Data Rights Request" and describe what you are requesting. We will respond within 14 working days.

EaseMed will never penalise you for exercising your data rights. We may need to verify your identity before processing a request to protect against unauthorised access to another person's data.

9

Data Retention

EaseMed retains your personal data only for as long as it is necessary to fulfil the purposes described in this Privacy Policy, or as required by applicable law. The following retention periods apply:

  • Account and profile data: Retained for as long as your EaseMed account remains active. If your account is deactivated or expires, your profile data may be retained for up to 12 months in case of reactivation, after which it will be deleted unless a deletion request has been made earlier.
  • Clinical clerking records: Retained for the duration of your active account and for up to 12 months following account deactivation. Your institution's administrator may request that records be retained for longer for academic audit or supervisory purposes, in line with their own data retention policy.
  • Session and security logs: Login session records and IP address logs are retained for a maximum of 90 days, after which they are automatically purged from the system.
  • Support correspondence: Emails and messages sent to EaseMed support are retained for up to 24 months for reference and quality assurance purposes.
  • Anonymous analytics data: Vercel Analytics data is aggregated and anonymised. It does not identify individual users and is retained indefinitely for platform improvement purposes.

If you request deletion of your account and associated data, EaseMed will action your request within 30 days. Some data may be retained beyond this period where required by Ugandan law, a legal obligation, or a legitimate dispute resolution process. We will inform you if this is the case.

πŸ“Œ Requesting Early Deletion You do not need to wait for the standard retention period to end. You may request deletion of your data at any time by emailing support@easemedapp.site. We will confirm receipt and action your request within 30 days.
10

Cookies & Analytics

EaseMed uses a minimal approach to cookies and local storage, collecting only what is necessary to operate the platform securely and effectively.

  • Local Storage (Session Data): EaseMed uses your browser's localStorage to store your login session token and basic display preferences (such as your display name). This is essential for keeping you logged in between page loads. It is not a cookie and cannot be accessed by other websites.
  • Supabase Auth Cookies: When you sign in, Supabase may set secure, HTTP-only authentication cookies to manage your session. These cookies are essential for authentication and cannot be disabled without preventing login.
  • Vercel Analytics: EaseMed uses Vercel's built-in analytics tool to collect anonymous, aggregated usage data β€” such as which pages are visited most frequently and how long users spend on each module. Vercel Analytics does not use third-party tracking cookies, does not fingerprint individual users, and does not share data with advertisers.

EaseMed does not use:

  • Third-party advertising cookies or tracking pixels of any kind
  • Social media tracking scripts (Facebook Pixel, Twitter/X tracking, etc.)
  • Cross-site user profiling or behavioural targeting technologies
  • Google Analytics or any other full-featured analytics platform that identifies individual users
βœ… No Ad Tracking. No Profiling. No Surveillance. Your usage of EaseMed is for learning β€” not for building a commercial profile about you. We keep our tracking minimal, transparent, and strictly in service of improving the platform.
11

Children's Privacy

EaseMed is intended exclusively for adults aged 18 years and older. The platform is designed for university-level medical students, qualified health professionals, and clinical educators β€” none of whom should be under 18 years of age in the context of their professional training.

EaseMed does not knowingly collect personal data from individuals under the age of 18. If we become aware that a person under 18 has registered for an EaseMed account or provided us with personal data, we will take prompt steps to:

  • Suspend the account pending verification of the user's age
  • Delete all personal data associated with that account from our systems
  • Notify the user (or their guardian, if appropriate) that the account has been closed

If you believe that a person under 18 has created an EaseMed account or submitted personal data to EaseMed, please contact us immediately at support@easemedapp.site so that we can investigate and take appropriate action.

EaseMed notes that pediatric patient data may be entered by adult healthcare learners into the Pediatrics clerking module during ward attachments. This is clinical data about patients β€” not account data of minors β€” and is subject to the patient data handling obligations described in Section 4 of this policy.

12

Contact Us

If you have any questions about this Privacy Policy, wish to exercise any of your data rights, want to report a privacy concern or potential data breach, or simply need to understand more about how EaseMed handles your personal information β€” please do not hesitate to reach out.

We are committed to being transparent, responsive, and accountable in how we handle your data. All privacy-related queries are handled with confidentiality and professionalism. We aim to respond to all requests within 14 working days, and to data rights requests within 30 days at the latest.

πŸ“§ Email: support@easemedapp.site
πŸ₯ Platform: EaseMed Clinical Clerk System
🌍 Built for: Ugandan Medical Students & Healthcare Learners
πŸ“… General queries: Response within 14 working days
πŸ—‘οΈ Data deletion requests: Actioned within 30 days
πŸ”’ Data breach reports: Use subject line "EaseMed β€” Privacy Breach" for priority handling
πŸ‘€ Data rights requests: Use subject line "Data Rights Request"

EaseMed is committed to protecting the privacy and dignity of every user of the platform. Your trust is essential to our mission of improving medical education in Uganda β€” and we do not take it lightly.

↑ Back to top