Privacy policy
This policy explains what personal health information OutcomeLoop collects, how it is stored, and who can see it.
What we collect
Your name, phone number, date of birth, diagnoses, procedures, medications, pain scores, and questionnaire responses entered by you or your clinician.
Where it is stored
On servers located in Saudi Arabia (me-jeddah-1 region). Identifiable information never leaves the Kingdom. Database backups stay inside the same region.
How it is protected
Every identifiable field is encrypted with AES-256-GCM before it reaches the database. Encryption keys are held in a separate managed vault and are rotated regularly.
Who can see it
Your enrolling clinician and clinical staff at the clinic that enrolled you. OutcomeLoop staff can access identifiable data only under a contractual data-processor agreement and with an audit-logged reason.
Third parties
We do not sell your data. Push notifications and SMS carry only appointment times — never your diagnosis or your pain score. AI features operate on de-identified data (no name, no phone, no date of birth).
Your rights
You may request a copy of your data, request corrections, or ask for deletion at any time. Email contact@outcomeloop.sa and we will respond within 30 days.