Privacy Policy

Effective Date: April 20, 2026 · Last Updated: April 20, 2026

Governing Law: UAE PDPL, UAE Health Data Law, DHA Regulations, NABIDH

1. Who We Are

RepHigh (“we,” “us,” “our”) is a patient relationship management (PRM) platform operated for private healthcare clinics in Dubai, UAE. We provide automated patient communication, follow-up, reactivation, and organic growth services via WhatsApp Business API and content workflows.

Data Role:

  • For clinic staff and account data: RepHigh is the Data Controller
  • For patient data processed on behalf of clinics: RepHigh is the Data Processor; the licensed healthcare clinic is the Data Controller

Registered Address: Dubai, United Arab Emirates
Data Protection Contact: support@rephigh.com

2. Scope

This Privacy Policy applies to:

  • Healthcare clinic owners, administrators, and staff who use the RepHigh platform (“Clinic Users”)
  • Patients whose data is processed by RepHigh on behalf of clinics (“Patients”)
  • Visitors to rephigh.com

3. Legal Basis for Processing

All data processing by RepHigh is grounded in lawful bases under UAE PDPL and UAE Federal Law No. 2 of 2019 (Health Data Law), including contractual necessity, explicit consent (obtained by clinic), legitimate interest, and legal obligation.

Critical Note on Health Data: Patient health data is classified as Sensitive Personal Data under UAE PDPL. Processing requires explicit, specific, informed consent. Clinics are responsible for obtaining and documenting this consent.

4. Data We Collect

4.1 Clinic User Data

Identity (name, title), contact (email, phone), business (clinic name, DHA license), financial (billing, tokenized payment), and usage data (login timestamps, IP).

4.2 Patient Data

Identity (first/last name), contact (WhatsApp number), appointment details (date, time, treatment type, doctor), engagement data (delivery status, read receipts), and reactivation data (last visit date).

What We Do NOT Collect: Medical diagnoses, prescriptions, test results, insurance information, or biometric data.

5. How We Use Data

RepHigh processes patient data exclusively to deliver DHA-compliant communication workflows: appointment reminders, post-visit follow-up, patient reactivation, no-show recovery, review collection, and AI-assisted message generation.

6. Data Residency and Storage

All patient data is stored exclusively within the United Arab Emirates. No patient data is transferred outside the UAE without explicit DHA approval and patient consent.

7. Data Retention

Patient communication logs and consent records: 25 years (DHA Health Data Quality Policy). Clinic account data: contract duration + 7 years. Billing records: 7 years. Marketing analytics: 2 years.

8. Data Sharing

RepHigh does not sell patient data. We share data only with: WhatsApp Business API (Meta) for message delivery, AI model provider for message generation, UAE-based cloud infrastructure for hosting, and payment processor for billing.

9. Security Measures

AES-256 encryption at rest, TLS 1.3 in transit, role-based access control, multi-factor authentication, regular penetration testing, and automated vulnerability scanning.

10. Data Subject Rights

Patients have the right to: know what data is held, access their data, rectify inaccuracies, request erasure (subject to DHA retention), withdraw consent, data portability, and object to processing. Contact your clinic or email support@rephigh.com.

11. Consent Management

Clinics must obtain explicit, documented patient consent before adding any patient to RepHigh workflows. Every WhatsApp message includes opt-out instructions. Opt-outs are processed immediately.

12. Data Breach Notification

RepHigh will investigate and contain breaches within 24 hours, notify affected clinics within 24 hours, and provide full details within 72 hours. UAE Data Office and DHA will be notified as required by law.

13. DHA-Specific Compliance

RepHigh complies with DHA Health Data Quality Policy, NABIDH Framework, DHA Standards for Telehealth Services, and DHA Medical Advertisement Guidelines. RepHigh is a communication platform. All clinical decisions remain with DHA-licensed professionals.

14. Contact

Data Protection Officer
RepHigh, Dubai, UAE
Email: support@rephigh.com
Response time: 5 business days

For urgent data breach notifications: support@rephigh.com (24/7 monitored)