Umsiti — Privacy Policy
Last updated: ⟨18 Oct 2025⟩
Effective date: ⟨18 Oct 2025⟩
Umsiti (“the App”, “we”, “us”) is provided by MNM Health Innovation (Pty) Ltd. This Privacy Policy explains what information we collect, why we collect it, and how we handle it when you use the Umsiti mobile application.
If you have questions, contact us at info@umsiti.co.za
1) What we collect
We collect only what’s needed to operate the App and its features.
a) Information you provide
- Account details (when you sign in): name, email address (via Google Sign-In or Sign in with Apple).
- Content you choose to share: profile photo, files/images you pick through the file/image picker, text you type in forms or chats.
- Support communications: messages you send to our support channels.
b) Information collected automatically
- Device & app information: device model, OS version, app version, language/region, and basic performance data.
- Crash & diagnostics: error logs, stack traces, and stability data (via Firebase Crashlytics).
- Push notification identifiers: a Firebase/FCM token or Apple/APNs token used to deliver notifications.
- Location data (if you enable it): approximate or precise location to power features such as maps, address lookup, or location-based functionality. You can disable location at the OS level at any time.
c) Information from third-party sign-in
- Google Sign-In / Sign in with Apple: authentication token and basic profile (name, email). We do not receive your password.
2) How we use your information
- Provide and operate the App: account login, core features, device compatibility.
- Communications: in-app, push, and local notifications (e.g., appointment reminders or updates you opt into).
- Safety and performance: debugging, crash reporting, preventing misuse, and improving reliability.
- Maps & geocoding: showing maps, locating addresses, and related location features you request.
- Legal compliance: meeting legal, regulatory, and audit requirements.
We do not sell your personal data.
3) Legal bases (EEA/UK users)
We process data on these bases:
- Performance of a contract (to provide the App you requested).
- Legitimate interests (app security, crash analytics, improving reliability).
- Consent (location access, notifications, optional features). You can withdraw consent in your device settings.
4) Third-party services (processors)
We rely on reputable providers to run the App:
- Google Firebase (Auth, Crashlytics, Cloud Messaging, Installations) — authentication, crash logs, notifications, identifiers.
- Google Maps Platform (Maps SDK, Geocoding) — maps and address services.
- Google Sign-In — optional account sign-in.
- Apple Sign in with Apple — optional account sign-in.
These providers process data on our behalf under their terms. They may store data in data centers outside your country (see “International transfers”).
5) Permissions we request (you can deny or change them anytime)
- Location (Approximate/Precise): for maps or location-based features.
- Notifications: to send alerts you opt into (you can turn off in Settings).
- Photos/Media/Files / Camera: only when you choose to upload or capture an image/file.
- Background processing (if enabled on iOS/Android): to complete certain tasks reliably (e.g., notification handling); we limit this to necessary operations.
We only access these when a feature requires it, and you can revoke in your device settings.
6) Data retention
- Account & profile data: kept while your account is active.
- Crash logs & diagnostics: typically retained by Firebase per its standard retention (e.g., 90 days) to improve stability.
- Push tokens: retained while you use notifications and reset periodically.
- Files/photos you upload: retained as needed to provide the feature.
When you delete your account or request deletion, we delete or anonymize data not required for legal or security reasons within a reasonable time.
7) Your choices & rights
- Access & correction: request a copy or correction of your data.
- Deletion: request deletion of your account and associated personal data.
- Consent withdrawal: turn off location and notifications in device settings.
- Portability & objection (where applicable): EEA/UK residents can exercise GDPR rights.
- To make a request, email info@umsiti.co.za
8) Children’s privacy
The App is not directed to children under 13 (or the age required by your region’s law). If you believe a child has provided us personal information, contact us and we will delete it.
9) Security
We use administrative, technical, and organizational safeguards, including:
- Encryption in transit (HTTPS/TLS) for communications with our servers and third-party services.
- Restricted access and monitoring on our systems and within our processors’ platforms.
No method of transmission or storage is 100% secure; we work to continually improve protections.
10) International transfers
We and our processors may process data in countries outside your own (e.g., the EU, UK, and US). Where required, we rely on appropriate safeguards (such as standard contractual clauses) to protect your information.
11) Sharing
We do not sell personal data. We may share:
- With service providers that help us run the App (see “Third-party services”).
- For legal reasons (to comply with law, enforce terms, or protect rights, safety, and security).
- Business changes: in a merger, acquisition, or asset transfer, your information may be transferred under this Policy.
12) Data specific to notifications & messaging
- Push notifications: we use device tokens/FCM tokens solely to send messages you’ve opted into. You can disable notifications at any time.
- Crash reporting: crash data may include device state and anonymized identifiers strictly for troubleshooting stability issues.
13) Contact us
Controller: MNM Health Innovation
Email: info@umsiti.co.za
14) Changes to this Policy
We may update this Policy to reflect changes to the App or laws. We’ll post the updated version with a new “Last updated” date. Material changes may be communicated in-app or by email where appropriate.