Privacy Policy

Last Updated: December 2025

Introduction

This Privacy Policy explains how Blue Era Company, the owner of Healthy R, collects, uses, stores, and protects personal information when you use our platform at healthyr.blue-era.io.

Who this policy applies to

This policy applies to doctors, medical representatives, and any guest participants who use Healthy R for professional scheduling and meeting coordination.

Data we collect

We may collect the following information directly from users during registration and use of the platform:

  • Full name
  • Email address
  • Mobile number, if provided
  • Role, Doctor or Medical Representative
  • Medical specialty, for doctors
  • Organization, hospital, or company name
  • City or region
  • Availability and scheduling preferences, such as time slots and meeting preferences
  • Preferred communication language
  • Basic device and usage information, such as IP address, browser type, and basic security logs
Meeting data

We may store meeting requests, confirmed appointments, attendee emails, and meeting notes entered in the platform.

Google user data usage, OAuth scopes, and limitations

Healthy R uses Google Sign In and Google Calendar only to enable authentication and professional scheduling.

Google Sign In scopes

  • openid
  • https://www.googleapis.com/auth/userinfo.email
  • https://www.googleapis.com/auth/userinfo.profile

Google Calendar scope

https://www.googleapis.com/auth/calendar.events

How we use Google Calendar access

If a doctor connects Google Calendar, Healthy R can create, update, and delete calendar events on the doctor's behalf for meetings scheduled through Healthy R. Healthy R may also add attendees to the event and request Google Meet conferencing for the meeting.

What we do not access

  • We do not request access to Gmail.
  • We do not read Google Drive files.
  • We do not access Google Calendar data beyond event creation and management required for Healthy R scheduling.

No selling, advertising, or model training with Google user data

  • We do not sell Google user data.
  • We do not use Google user data for personalized advertising.
  • We do not use Google user data to train or improve generalized AI or machine learning models.
How we use your data
  • Create and manage your account
  • Match doctors and medical representatives by specialty and preferences
  • Enable scheduling workflows, confirmations, and meeting invitations
  • Send essential service communications related to meetings and account activity
  • Maintain platform security, prevent abuse, and troubleshoot issues
  • Measure performance and improve product reliability
Security and data protection

We take reasonable and appropriate technical and organizational measures to protect personal data and sensitive data, including Google Calendar related data.

Encryption in transit

We use HTTPS and TLS to protect data transmitted between your device, our services, and third party providers.

Encryption at rest

We apply encryption at rest where supported by our infrastructure and storage providers, and we protect database and backups using provider level controls and security best practices.

Access controls

Access to production systems and personal data is restricted to authorized personnel only, using role based access controls and least privilege principles.

OAuth token protection

If OAuth access tokens or refresh tokens are stored, they are stored securely and access is restricted. Tokens are used only to provide the Google Calendar feature. Users can revoke access at any time.

Monitoring and logging

We maintain security logs for authentication and system activity to help detect abuse and investigate incidents. We do not log Google Calendar event content beyond what is necessary for troubleshooting and service operations.

Incident response

If we become aware of unauthorized access to personal data, we will take steps to contain, investigate, and remediate the issue, and we will notify affected users and authorities where required by applicable law.

Data storage and residency

Healthy R is hosted on Frappe cloud infrastructure located in Madinah, Saudi Arabia. Personal data is stored and processed within Saudi Arabia.

Data retention
  • User profile data is retained for the lifetime of the account and up to 10 years after account closure, unless a shorter period is required by law or a valid deletion request applies.
  • Appointment and meeting records may be retained for up to 10 years for audit, dispute resolution, security, and service improvement, unless a shorter period is required by law.
  • Where data is retained for legal or compliance reasons, we limit access and retain only what is necessary.
Cookies and analytics
  • Healthy R uses essential cookies for authentication, session management, and security.
  • We may use analytics tools, such as Google Analytics, to understand usage patterns and improve the platform. These analytics are not used for advertising.
Third party sharing

We share personal data only with service providers that help us operate the platform, acting as processors, such as:

  • Hosting and infrastructure providers, for example Frappe cloud
  • Email delivery providers
  • Analytics providers, for example Google Analytics

We do not sell user data and we do not share personal data with advertisers or unrelated third parties, except when required by applicable law or with your explicit consent.

Disconnecting Google account and revoking access

Users can disconnect Google from Healthy R using the in app disconnect option, or by contacting support at support@healthyr.blue-era.io. Users can also revoke access from their Google Account permissions page, which will prevent Healthy R from accessing Google Calendar.

Account deletion

Users can request deletion of their account from the in app delete option or by emailing support@healthyr.blue-era.io. Verified requests are processed within 30 days, subject to legal retention obligations.

What happens when you delete your account

Upon deletion, we delete or irreversibly anonymize personal profile data and authentication credentials. We also revoke any stored Google OAuth tokens and disconnect Google Calendar access. Minimal records may be retained where necessary for legal, accounting, security, or compliance reasons for up to the defined retention periods, after which they are deleted or anonymized.

Your rights and choices

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data. You can also object to certain processing and request data portability where applicable. To exercise these rights, contact support@healthyr.blue-era.io.

Contact us

For privacy inquiries, contact:

support@healthyr.blue-era.io
Back to Home