Privacy Policy

This Privacy Policy describes how Sala Health ("we", "our", or "us") collects, uses, and handles data through the Sala Health EMR Assistant Chrome extension and the Sala Health web platform. The Sala Health EMR Assistant extension is deployed for authorized clinical staff at healthcare providers using the Sala Health platform, including current deployments at Ayala Healthway Medical Center. The Sala Health platform is designed to support clinical workflows, patient communication, and prescription processing for participating healthcare providers.

This policy applies to:

• Nurses, pharmacists, and other authorized clinical staff who use the Sala Health EMR Assistant extension
• Patients registered in the Sala Health platform by participating healthcare providers

The extension is not available to the general public. Access requires an authorized Sala Health staff account issued by your clinic administrator.

Through the Chrome extension and web platform, we collect the following:

From clinical staff (extension users)

• Login credentials (email and password) used to authenticate with the Sala Health platform
• Session tokens stored locally in Chrome to maintain authenticated sessions
• Screenshots of the active browser tab may be temporarily captured in order to extract structured medical information needed to generate care plans and prescription documents.
• Product usage information, such as feature interactions, performance diagnostics, and error logs, used to maintain, secure, and improve the platform

From EMR screenshots

• Patient name and date of birth
• Prescribing and consulting doctor names
• Prescription date and prescribed medications
• Doctor notes, recommendations, and take-home instructions

From patient registration

• Patient name, phone number, and date of birth
• HMO affiliation and company name (optional)
• Record of consent to data collection and sharing

Data collected through the extension and platform may be used for the following purposes:

• Authenticate and authorize clinical staff access to the Sala Health platform
• Extract structured medical information from EMR screenshots using AI-assisted parsing
• Generate personalized post-consultation care plan messages sent to registered patients
• Generate prescription documents forwarded to the Ayala Healthway pharmacy
• Maintain a record of patient communications and follow-ups within the platform
• Monitor and improve platform performance, security, and reliability
• Conduct internal analytics to improve platform functionality and clinical workflows

We do not use identifiable patient data for marketing or advertising purposes.

Sala Health may create and use de-identified, aggregated, and derived data sets derived from information processed through the platform.

De-identified data is processed in a manner that removes or obscures personal identifiers so that individuals cannot reasonably be re-identified.

This data may be used for purposes including:

• Improving the Sala Health platform
• Developing new features and services
• Training and improving AI systems used within the platform
• Generating statistical insights, research, and healthcare analytics
• Producing industry benchmarking reports and aggregated clinical insights

Sala Health may also generate statistical models, analytical insights, and other derived information based on aggregated platform data. Such data will not identify any individual patient, healthcare provider, or clinical staff member. Sala Health retains the right to use such de-identified, aggregated, and derived data for research, analytics, product development, and commercial insights.

Use of the Sala Health platform may generate system interaction data and operational metrics that may be used by Sala Health to improve services and develop new products.

Patient and clinical data is shared only as necessary to deliver the services described above:

• Within healthcare providers — authorized clinical staff can view patient records, generated messages, and prescriptions within the platform
• Pharmacy — generated prescriptions may be forwarded to partner pharmacies for fulfillment
• Messaging providers — care plan messages are delivered to patients via third-party messaging services (Viber and/or SMS). Only the patient's phone number and message content are transmitted.
• AI processing — EMR screenshot content may be processed by AI systems in order to extract structured clinical information needed to provide services. Screenshot capture and processing occurs automatically within the extension and is limited to extracting clinical information necessary to provide the service.
• Third-party service providers — Sala Health may use trusted service providers for hosting, messaging delivery, analytics, and infrastructure support. These providers process data solely on our behalf and under appropriate contractual confidentiality and security obligations. Data may be processed by infrastructure or service providers located in other jurisdictions that maintain appropriate security and confidentiality safeguards.

• Screenshots captured by the extension are not permanently stored. They are transmitted for AI processing and discarded.
• Extracted clinical data and generated messages are retained in the Sala Health platform for clinical record-keeping purposes.
• Session tokens are stored locally in Chrome and are cleared on logout or expiry.
• Patient registration records are retained for as long as the patient is active in the Sala Health platform, or until a deletion request is fulfilled.
• De-identified and aggregated data may be retained for longer periods for analytics, research, and product improvement purposes.

We implement reasonable technical and organizational measures to protect personal and clinical data against unauthorized access, disclosure, or loss. All data transmitted between the extension and the Sala Health platform is encrypted in transit via HTTPS. Access to the platform is restricted to authenticated staff with valid session tokens.

Sala Health cannot guarantee absolute security of information transmitted through the internet. While we implement industry-standard safeguards, no method of transmission or storage can be guaranteed to be completely secure. In the event of a data breach, we will notify affected parties in accordance with applicable regulations.

Patients and clinical staff may request the following at any time:

• Access to personal data we hold about you
• Correction of inaccurate or incomplete data
• Deletion of your personal data from our systems
• A copy of your data in a portable format

To exercise any of these rights, contact us at support@salahealth.co.

Sala Health operates in compliance with the Philippine Data Privacy Act of 2012 (Republic Act No. 10173) and its implementing rules and regulations as enforced by the National Privacy Commission (NPC).

We may update this policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the extension or platform after an update constitutes acceptance of the revised policy.

For questions about this policy or data-related requests, contact:

Sala Health
Email: support@salahealth.co