Privacy Policy

Last updated: 4 June 2026

VoyaMed ("VoyaMed", "we", "us") connects international patients with independent specialist doctors and clinics in Egypt and coordinates their care. This policy explains what personal data we collect, why, the legal basis for processing, who we share it with, and the rights you have under the EU/UK General Data Protection Regulation (GDPR).

1. Who we are (data controller)

VoyaMed is the data controller for the personal data described in this policy. For any privacy question, or to exercise your rights, contact our privacy team at privacy@voyamed.com. Where required, we will identify a Data Protection Officer or EU/UK representative; their contact details will be published here.

2. What data we collect

• Account data: name, email address, password (stored only as a secure hash), role (patient, doctor, or clinic).
• Location: your city in Egypt (or "not decided yet" for patients).
• Patient health data (special-category): medical history, allergies, the procedures and bookings you request, and documents you upload. This is sensitive data given special protection under GDPR Article 9.
• Doctor / clinic professional data: specialty, university, fellowship/board membership, certifications, and your Egyptian tax-registration document and other verification documents.
• Booking, messaging, and notification data generated as you use the platform.
• Technical data: log data, request identifiers, and security/audit records (for example, login attempts and changes to records).

We do not store full payment card or bank details — payments are processed by our payment provider (see §4).

3. Why we process your data and the legal basis

• To provide the service — matching patients with doctors/clinics, managing bookings and messaging. Legal basis: performance of a contract.
• To process your health data for care coordination. Legal basis: your explicit consent (GDPR Art. 9(2)(a)), which you give at registration and may withdraw at any time.
• To take payments through our provider Paymob, which holds funds in escrow until the procedure is successfully completed. Legal basis: performance of a contract.
• To verify doctors and clinics (including tax-registration and certification documents) and meet legal/regulatory obligations. Legal basis: legal obligation and legitimate interests in platform integrity.
• To secure the platform (audit logs, abuse prevention). Legal basis: legitimate interests.

4. Who we share data with

• Matched doctors and clinics — the information needed to coordinate your care.
• Paymob — to process payments. Paymob acts as an independent controller/processor for payment data under its own terms.
• Service providers (sub-processors) — hosting, storage, email delivery, and similar infrastructure, under contract and only as needed.
• Authorities — where we are legally required to disclose.

We do not sell your personal data.

5. International transfers

Because our patients are international and our specialists are in Egypt, your data may be transferred across borders. Where data is transferred outside the EEA/UK, we rely on appropriate safeguards (such as Standard Contractual Clauses) or your explicit consent, and we take steps to ensure your data remains protected.

6. How long we keep your data

We keep your data for as long as your account is active and as needed to provide the service, then for any period required by law (for example, medical, tax, or accounting record-keeping). When data is no longer needed, we delete or anonymise it. You can request deletion at any time, subject to legal retention obligations.

7. Your rights

Under the GDPR you have the right to:

• Access the personal data we hold about you;
• Rectify inaccurate or incomplete data;
• Erase your data ("right to be forgotten"), subject to legal limits;
• Restrict or object to certain processing;
• Data portability (receive your data in a portable format);
• Withdraw consent at any time — this does not affect processing already carried out;
• Lodge a complaint with a supervisory authority.

To exercise any right, email privacy@voyamed.com. We respond within the timeframes required by law.

8. How we protect your data

We use encryption in transit and at rest for sensitive data, role-based access controls so users can only see their own data, and audit logging of changes to records. No system is perfectly secure, but we work to protect your information and to detect and respond to incidents.

9. Patients — additional information

Your medical information is processed only to coordinate your care with the doctor or clinic you choose. VoyaMed is a referral and coordination platform: the treating doctor or clinic is solely responsible for clinical decisions, treatment, and outcomes. VoyaMed is not responsible for the medical outcome of any procedure.

10. Doctors & clinics — additional information

We collect your professional and tax-registration documents to verify your account and meet legal requirements; these documents are private to you and authorised VoyaMed administrators. The relationship between you and VoyaMed is that of an independent practitioner — VoyaMed is not your employer and refers patients to you while you act on your own professional responsibility (including clinical decisions, regulatory compliance, taxes, insurance, and licensing).

11. Changes to this policy

We may update this policy from time to time. We will post the new version here and update the "last updated" date. Material changes affecting how we use your data will be communicated where appropriate.