MedFund Privacy Policy

1. Scope of This Policy

• Visitors to the MedFund website
• Campaign organizers and beneficiaries
• Donors
• Hospitals, NGOs, and partners
• Users of our mobile and web applications

This Policy covers all personal and sensitive data processed through the Platform. For specific details regarding public fundraising, please see our Fundraising Consent Addendum.

2. Information We Collect

2.1 Personal Information

• Full name
• Phone number
• Email address
• National ID or passport (where required)
• Payment information (processed by third-party providers)
• Location and country of residence

2.2 Medical & Health Information (Sensitive Data)

• Medical reports, diagnosis letters, prescriptions
• Hospital invoices and treatment estimates
• Doctor or facility details
• Treatment progress updates

Medical data is collected strictly to verify campaigns and process disbursements.

2.3 Donation & Transaction Data

• Donation amounts
• Transaction dates and times
• Payment method used
• Payout details and recipients

2.4 Technical & Usage Data

• IP address
• Device type and browser
• Pages visited and interactions
• Cookies and similar technologies

3. How We Use Your Information

• Verify medical fundraising campaigns
• Process donations and payouts
• Communicate updates and support messages
• Prevent fraud and misuse
• Comply with legal and regulatory obligations
• Improve platform functionality and experience

4. Legal Basis for Processing

• User consent
• Performance of a contract
• Legal obligations
• Legitimate interests (security, fraud prevention)
• Protection of vital medical interests

5. Sharing & Disclosure of Information

Service Providers

Payment processors, identity verification services, cloud hosting, and IT providers under strict confidentiality agreements.

Medical Institutions & NGOs

Hospitals, clinics, medical professionals, and partner NGOs where necessary for care delivery or verification.

Legal & Regulatory Authorities

Where required by law, court orders, or investigations.

Public Campaign Information

Campaign titles, beneficiary names, amounts raised, and donor messages may be visible publicly. Medical documents are never displayed publicly.

6. International Data Transfers

Data may be processed outside Uganda where service providers operate, with appropriate safeguards and legal protections in place.

7. Data Retention

We retain data only as long as necessary for platform operations, legal compliance, and dispute resolution. Medical records are kept for the minimum required period.

8. Data Security Measures

We implement encryption, secure servers, access controls, and regular security reviews. However, no system is completely secure.

9. Your Rights

• Access your personal data
• Correct inaccurate information
• Withdraw consent
• Request deletion or restriction
• Request data portability

10. Children’s Privacy

Campaigns involving minors must be created by parents, guardians, or authorized representatives. We do not knowingly collect data directly from children without consent.

11. Cookies & Tracking Technologies

Cookies are used to improve performance, remember preferences, and analyze usage. Users may control cookies via browser settings.

12. Third-Party Links

MedFund may link to third-party services. We are not responsible for their privacy practices.

13. Changes to This Policy

Updates will be communicated via the Platform or email. Continued use indicates acceptance of the revised Policy.

14. Contact Us

15. Governing Law

This Privacy Policy is governed by the laws of Uganda, including applicable data protection regulations.