Encrypted in Transit
All data travels over HTTPS/TLS. Every connection between the app, staff devices, and our backend is encrypted. There is no unencrypted data path.
No Patient PHI Stored
1 CLICKAWAY does not store patient medical records, diagnoses, or treatment data. Requests contain only operational fields: room, language, department, and timestamp.
Role-Based Access
Every account has an assigned role โ Doctor, Interpreter, Porter, Nurse, or Admin. Access rules ensure each role can only read and write data within its own scope.
Regulatory Alignment
UAE ADHICS & PDPL
The UAE's Health Data Protection Standards (ADHICS) and the Personal Data Protection Law (PDPL) set requirements for how healthcare systems handle personal and operational data. Here is how 1 CLICKAWAY aligns:
- Minimal data collection โ only fields operationally necessary are stored. No biometrics, no clinical notes, no payment data.
- Role-based access controls โ admins have full visibility; staff see only what is relevant to their role.
- Full audit trail โ every request is timestamped at each stage. Exportable log for compliance reporting.
- Data retention control โ hospitals can request data deletion at any time, fulfilled within 72 hours.
- Data Processing Agreement โ a signed DPA is provided with every contract, documenting the controller/processor relationship as required by PDPL.
Data residency: For hospitals with strict UAE data residency requirements, we offer an Enterprise plan with a migration path to Gulf-region hosting. Contact us to discuss options before signing.
Kingdom of Saudi Arabia
Saudi PDPL Alignment
Saudi Arabia's Personal Data Protection Law (PDPL, effective 2024) requires that personal data processing is lawful, limited to its stated purpose, and that data subjects have access and deletion rights.
- Lawful basis: legitimate interest (operational healthcare management)
- Purpose limitation: data is used exclusively for dispatching and tracking operational requests
- Staff data collected only with hospital authority and used only within the platform
- Deletion requests fulfilled within 72 hours
Access & Authentication
Who can log in and what can they see
Staff accounts
- Credential-based login managed by hospital admin
- No self-registration โ all accounts created by admin
- Admin can deactivate any account instantly
- Each role sees only its own operational data
Admin accounts
- Separate protected admin portal
- Full read access to all requests, staff, and reports
- Account creation, deactivation, and role assignment
- Activity is logged for audit purposes
Transparency
What 1 CLICKAWAY does not do
- We do not sell or share hospital operational data with any third party
- We do not use hospital data to train AI models or for product analytics
- We do not store credit card or payment information โ billing is by bank transfer or invoice
- We do not access patient medical records โ we have no integration that pulls clinical data
- Analytics tracking is present on the marketing site only โ never inside the operational apps
Incident Response
Security incident & breach notification
If a confirmed data breach occurs affecting hospital data processed by 1 CLICKAWAY, we will notify the affected hospital client within 24 hours of discovery and, where required by law, notify the UAE Data Office (the designated supervisory authority under Federal Decree-Law No. 45 of 2021) within 72 hours. Written notification will include: the nature of the breach, categories and estimated volume of data affected, immediate containment steps taken, and recommended remediation actions. We cooperate fully with hospital IT and legal teams throughout the incident and remediation process.
Security concerns: Report suspected incidents immediately to siddiqomer00@gmail.com โ acknowledged within 2 hours during business hours.