Privacy Policy

We collect information you provide directly to us when you create an account (name, email address, role), when hospital administrators update bed inventory data, and when dispatchers submit emergency dispatch requests. We also collect usage data such as log timestamps, IP addresses, and browser identifiers to maintain system security and reliability.

Your data is used exclusively to operate the HealthBed AI platform. This includes authenticating your account sessions using JSON Web Tokens (JWT), routing emergency ambulance dispatches to the correct hospital admin, and displaying anonymized bed availability statistics on the public hospital directory. We do not sell, lease, or share your data with third parties for marketing purposes.

All sensitive data (passwords, tokens) is protected using bcrypt hashing and AES encryption. All data in transit is secured via HTTPS/WSS (TLS 1.3). Database access is controlled by role-based policies and all bed reservation transactions use pessimistic locking (PostgreSQL FOR UPDATE) to prevent data races. We follow OWASP security best practices in all API endpoint validation using Zod schema enforcement.

Access to data is strictly role-gated. Patients (public users) can only read anonymized hospital bed counts. Hospital Admins can only read and write data for their specifically assigned hospital. System Administrators have full read access and approval authority. All requests are validated at the backend API middleware layer using JWT role claims.

You may request access to, correction of, or deletion of your personal data at any time by contacting support@healthbed.ai. We will respond within 72 hours. Hospital Admin accounts may be deactivated by the System Administrator at any time. All associated patient-linked data is anonymised upon account deletion.