Skip to content
PP
Sign InSign Up

Privacy Policy

Last Updated: 1 March 2026

PROVSURE Healthcare Technologies

Effective Date: 1 March 2026

1. Introduction

PROVSURE Healthcare Technologies ("Provsure", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the Provsure platform ("Platform").

This Privacy Policy complies with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and its implementing regulations.

By creating an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is:

PROVSURE Healthcare Technologies
Email: info@provsure.com
Website: https://www.provsure.com

3. Data We Collect

3.1 Information You Provide

Account Information: Full name, email address, phone number, profession, specialty, sub-specialty, and the regulatory authority or authorities under which you are licensed.

Professional Credentials: License number, Emirates ID number (optional), licensing authority, license expiry date, and professional qualifications.

CPD Records: Certificates you upload, course completion records, CPD hours logged, provider names, accreditation bodies, dates of attendance, and categories of CPD activity.

Communication Data: Messages you send to us through the Platform or via email, feedback, and support requests.

Payment Information: If you subscribe to a paid plan, payment is processed by our third-party payment processor. We do not store your full credit card number or payment credentials on our servers.

3.2 Information Collected Automatically

Usage Data: Pages visited, features used, time spent on the Platform, actions taken within the Platform, device type, operating system, browser type, and screen resolution.

Log Data: IP address, access times, referring URLs, and error logs.

Cookies and Similar Technologies: We use essential cookies required for the Platform to function. See Section 10 for details.

3.3 Information from Third Parties

Employer-Provided Data: If your account is provisioned by your employer, your employer may provide us with your name, email address, profession, specialty, and licensing authority.

Event Providers: When you register for CPD events through the Platform, the event provider may share attendance confirmation and completion data with us.

4. How We Use Your Data

We process your personal data for the following purposes and lawful bases under the PDPL:

4.1 To Provide Our Services (Contractual Necessity)

  • Creating and managing your account
  • Tracking your CPD hours and compliance status
  • Processing certificates using AI/OCR technology
  • Generating compliance dashboards and gap analyses
  • Sending compliance alerts and deadline reminders
  • Recommending CPD courses and events based on your compliance gaps

4.2 To Improve Our Services (Legitimate Interest)

  • Analysing usage patterns to improve Platform features and performance
  • Identifying and fixing technical issues
  • Conducting internal analytics and research on aggregated, de-identified data

4.3 To Communicate with You (Contractual Necessity / Legitimate Interest)

  • Responding to your support requests and enquiries
  • Sending service-related notifications (account changes, policy updates, system maintenance)
  • Notifying you of regulatory changes that may affect your compliance obligations

4.4 To Comply with Legal Obligations (Legal Obligation)

  • Complying with applicable UAE laws, regulations, and court orders
  • Maintaining records as required by law
  • Responding to lawful requests from UAE government authorities

4.5 With Your Consent

  • Sending marketing communications about new features, courses, or events (you may opt out at any time)
  • Sharing your compliance status with your employer through the institutional dashboard (where applicable and as described in Section 6)

5. AI and Automated Processing

5.1 Certificate Processing

When you upload a CPD certificate, we use artificial intelligence and optical character recognition (AI/OCR) to extract information such as course name, provider, date, CPD hours, and accreditation body. This extracted data is presented to you for review and confirmation before being recorded.

5.2 Recommendations

The Platform uses automated systems to recommend CPD courses and events based on your compliance gaps, profession, specialty, and licensing authority. These recommendations are based on your compliance needs, not on payments from course providers (sponsored content is always labelled).

5.3 Compliance Monitoring

The Platform automatically calculates your compliance status based on CPD requirements applicable to your profession, specialty, and licensing authority. This is for informational purposes only and does not constitute a regulatory determination.

5.4 Your Rights Regarding Automated Processing

You have the right to request human review of any automated decision that significantly affects you. Contact us at info@provsure.com to exercise this right.

6. Data Sharing and Disclosure

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

6.2 Employer Access (Institutional Accounts)

If your account is provisioned through your employer, your employer may access the following through their institutional compliance dashboard:

  • Your name, profession, specialty, and licensing authority
  • Your aggregate compliance status (e.g., percentage of CPD hours completed, compliant/non-compliant/at-risk status)
  • Audit-ready compliance reports

Your employer will not have access to the specific content of individual certificates you upload, your personal contact details beyond what they already hold as your employer, or your Platform usage activity.

6.3 Service Providers

We share data with the following categories of service providers who process data on our behalf and under our instructions:

  • Cloud infrastructure: Microsoft Azure (UAE North region) for hosting and data storage
  • AI processing: Azure OpenAI Service (UAE-deployed) for certificate OCR and classification
  • Payment processing: Third-party payment processor for subscription billing
  • Email delivery: For sending notifications and alerts

All service providers are contractually required to protect your data and process it only as instructed by us.

6.4 Course and Event Providers

When you register for a CPD event through the Platform, we share the minimum information necessary with the event provider to process your registration (typically your name and email address). This is disclosed to you at the point of registration.

6.5 Legal and Regulatory Disclosure

We may disclose your data if required to do so by UAE law, regulation, court order, or lawful request from a UAE government authority. We may also disclose data where reasonably necessary to protect the rights, safety, or property of Provsure, our users, or the public.

6.6 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

7. Data Storage and Security

7.1 Data Residency

All user data is stored on servers located within the United Arab Emirates (Microsoft Azure UAE North region). No user data is stored, processed, or transferred outside the UAE. This applies to all data categories described in this Policy, including backups.

7.2 Security Measures

We implement technical and organisational security measures to protect your data, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls and the principle of least privilege
  • Regular security assessments and vulnerability monitoring
  • Secure software development practices
  • Incident response procedures

7.3 PII Sanitisation

Where we process your data for analytics or system improvement purposes, we apply sanitisation techniques to remove or mask personally identifiable information before processing.

7.4 Security Incidents

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities in accordance with the PDPL and applicable regulations.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Platform's services.

Account Data: Retained for the duration of your account and for a period of two (2) years following account deletion, after which it is permanently deleted.

CPD Records and Certificates: Retained for the duration of your account plus five (5) years following account deletion, to allow you to retrieve historical records if you return to the Platform and to support any ongoing compliance audit requirements. You may request earlier deletion.

Usage and Log Data: Retained for twelve (12) months, then deleted or anonymised.

Payment Records: Retained for the period required by UAE tax and commercial law (currently five years).

If you request account deletion, we will delete or anonymise your personal data within thirty (30) days, except where retention is required by law or for the purposes described above.

9. Your Rights

Under the PDPL, you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you.

9.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data.

9.3 Right to Erasure

You have the right to request that we delete your personal data, subject to our legal obligations and legitimate retention needs.

9.4 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

9.5 Right to Object

You have the right to object to the processing of your personal data where we rely on legitimate interest as the lawful basis.

9.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

9.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

9.8 Exercising Your Rights

To exercise any of these rights, contact us at info@provsure.com. We will respond to your request within thirty (30) days. We may request verification of your identity before processing your request.

9.9 Right to Complain

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with the UAE Data Office.

10. Cookies

The Platform uses the following categories of cookies:

Essential Cookies: Required for the Platform to function, including session management and authentication. These cannot be disabled.

Analytics Cookies: Used to understand how users interact with the Platform, helping us improve features and performance. These are only activated with your consent.

Third-Party Analytics: The Platform currently uses Google Analytics to collect anonymised usage data (pages visited, device type, general location). This data may be processed on servers located outside the UAE. We are actively implementing a UAE-hosted analytics solution to ensure full data residency compliance. In the interim, analytics data collected is limited to non-identifiable usage patterns and does not include your name, email, credentials, or CPD records. You may disable analytics cookies through your browser settings.

You can manage your cookie preferences through the cookie settings on the Platform.

11. Children

The Platform is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. International Considerations

As stated in Section 7.1, all data is stored and processed within the UAE. We do not transfer personal data outside of the UAE. If this position changes in the future, we will update this Policy and obtain any necessary consents or approvals before any cross-border transfer.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you via the email address associated with your account or through a notice on the Platform at least fourteen (14) days before the changes take effect. Your continued use of the Platform after the effective date constitutes your acceptance of the revised Policy.

14. Contact

For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

PROVSURE Healthcare Technologies
Data Protection Enquiries: info@provsure.com
General Support: info@provsure.com
Website: https://www.provsure.com