CareConnect : a healthcare app for doctors and patients and a medical e-commerce platform for Mauritius.
+230 5919 1100

Privacy Policy

Privacy Policy

At careconnect.mu, operated by Care Connect Ltd, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, and protect your personal information in accordance with The Data Protection Act 2017 of Mauritius.

1. Information We Collect

We collect the following types of information:

1.1 E-Commerce Platform

  • Personal Identification Information: Name, email address, phone number, billing and shipping address, and any other relevant details required to process transactions or provide customer support.
  • Payment Information: While payment information, such as credit/debit card details, is processed by third-party payment processors, we ensure this data is securely handled in compliance with industry standards.
  • Technical Information: This includes your IP address, browser type, device information, and cookies that help us improve the functionality and performance of our website.
  • Order Information: Details about your purchase history, product preferences, and customer service inquiries.

1.2 Mobile Healthcare Application

  • Account Information: Name (first and last), email address, phone number, mobile number, user ID, Firebase UID.
  • Health & Medical Information: Health journal entries (symptoms, mood, energy level, sleep hours, medication side effects), health vitals (blood pressure, heart rate, temperature, weight, glucose, oxygen saturation), medical records (surgeries, hospitalizations, diagnoses, prescriptions), allergies and medications, appointment details and consultation notes, blood group, date of birth, gender, insurance information (provider, policy number, member ID).
  • Location Data: Address information (street, city, state, postal code, country) for appointment and service delivery purposes.
  • Photos & Files: Profile images, medical document uploads, prescription images.
  • Device & Analytics Data: Device ID, FCM tokens for push notifications, app interactions, crash logs, diagnostic data collected through Firebase Analytics and Crashlytics.
  • Communications: In-app messages, appointment notes, patient-doctor communications.

2. How We Use Your Information

We use your personal information for the following purposes:

  • To Process Orders & Appointments: Including managing payments, delivering products, scheduling appointments, and offering customer support.
  • To Provide Healthcare Services: Managing patient records, facilitating doctor-patient consultations, tracking health vitals, medication management, and appointment scheduling.
  • To Communicate with You: About your order status, appointment reminders, updates, and customer service responses via email, SMS, and push notifications.
  • To Improve Our Services: By analyzing user behavior, preferences, and website/app interactions through Firebase Analytics.
  • Marketing Communications: To send you promotional offers and updates, subject to your consent. You can opt out at any time.
  • Security & Fraud Prevention: To protect user accounts, prevent unauthorized access, and maintain system security.
  • Legal Compliance: To fulfill legal obligations under Mauritian law, including The Data Protection Act 2017 and healthcare regulations.

3. Data Protection and Security

We take appropriate security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS protocols.
  • Encryption at Rest: Sensitive medical data (symptoms, diagnoses, prescriptions, medical notes) is encrypted in our database.
  • Secure Storage: Authentication tokens are stored using FlutterSecureStorage on mobile devices. Medical records are stored on secure servers with restricted access.
  • Access Controls: Role-based access controls ensure only authorized healthcare professionals can access patient medical records.
  • Firebase Security: We use Firebase Authentication for secure user authentication and Firebase services comply with industry-standard security practices.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Medical records are retained in accordance with healthcare regulations (typically 7-10 years).

4. Sharing Your Information

We may share your personal data with the following third parties:

  • Service Providers: Including shipping companies, payment processors, and IT service providers, who assist in running our website and services.
  • Firebase Services (Google): Firebase Authentication, Firebase Analytics, Firebase Crashlytics, Firebase Cloud Messaging for app functionality, analytics, crash reporting, and push notifications.
  • Healthcare Providers: Your medical information is shared with assigned doctors and healthcare professionals for consultation and treatment purposes.
  • Legal Authorities: When required by law or to enforce our legal rights.

Any third-party service providers we work with are contractually obliged to maintain the confidentiality and security of your data and to use it only for the specific purposes we specify.

5. Cookies and Tracking Technologies

Our website uses cookies and other tracking technologies to provide a better browsing experience, remember your preferences, and analyze website traffic. You can control or disable cookies through your browser settings, although doing so may affect website functionality.

6. Your Rights Under Mauritian Law

In accordance with The Data Protection Act 2017, you have the following rights regarding your personal data:

  • Access: You can request access to the personal data we hold about you.
  • Correction: You can ask us to correct any inaccurate or incomplete data.
  • Account Closure: You can request closure of your account. Upon account closure, your personal identifiable information will be anonymized while medical records are retained as required by healthcare regulations and legal obligations.
  • Data Portability: You can request a copy of your personal data in a commonly used format (subject to technical feasibility).
  • Objection: You can object to the processing of your personal data for direct marketing purposes or on other lawful grounds.
  • Withdrawal of Consent: If we are processing your data based on your consent, you can withdraw this consent at any time, without affecting the lawfulness of processing prior to withdrawal.

Important Note on Medical Records: Due to legal and regulatory requirements for healthcare services, complete deletion of medical records is not possible. Medical records must be retained for a minimum period as required by law (typically 7-10 years) for legal compliance, continuity of care, and audit purposes. When you request account closure, your personal identifiable information (name, email, phone, address) will be anonymized, but de-identified medical records will be retained for the legally required period.

7. International Data Transfers

As careconnect.mu operates in Mauritius, your personal data may be transferred to countries outside of Mauritius, such as where our service providers (including Firebase/Google services) are based. We ensure that these transfers are made in compliance with applicable data protection laws and take steps to safeguard your privacy.

8. Children's Privacy

Our website and mobile application are not intended for individuals under the age of 18 without parental consent. We do not knowingly collect personal information from minors without appropriate parental or guardian consent. If we become aware that such information has been provided without consent, we will take steps to delete it.

9. Mobile Application Specific Information

9.1 Permissions

Our mobile application requests the following permissions:

  • Camera & Photo Library: To upload profile pictures, medical documents, and prescription images.
  • Notifications: To send appointment reminders, medication alerts, and important health updates.
  • Internet Access: To communicate with our servers and provide app functionality.

9.2 Third-Party Services in Mobile App

Our mobile application uses the following third-party services:

  • Firebase Authentication: For secure user login and account management.
  • Firebase Analytics: To understand app usage and improve user experience.
  • Firebase Crashlytics: To detect and fix app crashes and errors.
  • Firebase Cloud Messaging: To send push notifications for appointments and health reminders.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Any changes will be posted on this page, and you will be notified by email if the changes are significant. The "Last Updated" date at the bottom of this policy indicates when it was last revised.

11. Contact Information

If you have any questions or concerns about this Privacy Policy, or if you would like to exercise your data protection rights, please contact us at:

Care Connect Ltd
Address: Floréal Business Park, Floréal, Mauritius
Email: [email protected]
Phone: +230 5919 1100

Last Updated: January 24, 2026