Compliance & Data Trust
Your clients' data is
safe, local, and under your control.
A plain-English overview of how Rendevy handles data, which regulations we comply with, and what we have done — so you don't have to take our word for it.
Six commitments
What we guarantee — by design, not by policy.
01
UAE North · Geo-locked
Data stored in the UAE
All client and appointment data is stored in Azure CosmosDB — UAE North data centre (Dubai). A geo-lock policy prevents replication outside the UAE. Data never moves to Europe or the US without your knowledge.
02
PDPL · Consent · Rights
UAE PDPL compliant
We operate under UAE Federal Decree-Law No. 45 of 2021 (PDPL). Clients give explicit consent before any data is collected. They can request deletion, export, or correction of their data at any time.
03
Appointment data only · 10-yr retention
DHA-aware architecture
Rendevy stores appointment metadata only — no clinical notes, no diagnoses, no prescriptions. Health record retention periods (up to 10 years for medical clinics) are automatically enforced per UAE Health Data Law.
04
Azure · Twilio · Google
Sub-processor DPAs signed
Every third-party service we use — Microsoft Azure, Twilio, Google — has a signed Data Processing Agreement in place. We share data only for the purpose of delivering the service, never for their own marketing.
05
YES / STOP flow · Timestamped
Explicit consent built in
Every client types YES before the bot collects any data. Consent is timestamped and version-stamped in the database. Clients can withdraw at any time by replying STOP. No grey areas.
06
Immutable · 5-yr retention
Full audit trail
Every data access, every record change, every login — logged with a timestamp and the identity of the actor. In a DHA inspection, you can show exactly who saw what and when. Logs are retained for 5 years.
Data minimisation
What we store — and what we deliberately don't.
The most common DHA concern is: "Will client records end up in your system?" The answer is no — by design, not by policy.
Client name, phone & email
The minimum needed to identify a client and send them reminders. Nothing more.
Appointment history
Dates, times, assigned staff member, location. Nothing clinical.
Consent record
Timestamp and version of the consent text the client agreed to.
Preferred language
So the bot communicates in the client's language.
Clinical data is explicitly out of scope. The bot is instructed to refuse and redirect if a client shares a diagnosis, medication, or medical result. Your EMR or clinical system remains the authoritative record for all health data.
Client phone numbers are never written to Google Calendar. Only an opaque appointment ID appears in calendar events — even your calendar integration carries no PII.
Data residency
Where your data lives — and stays.
UAE health data regulations require that client data remain within the country. Here is how Rendevy enforces this at the infrastructure level:
Primary database — CosmosDB
Deployed exclusively in Azure UAE North (Dubai). An Azure Policy assignment blocks any attempt to replicate data outside UAE North.
AI processing — Azure OpenAI
Inference runs within Azure's infrastructure. Conversation data is not used for model training — confirmed by Microsoft's standard data processing terms.
WhatsApp and voice — Twilio
Message routing passes through Twilio's US infrastructure as required by WhatsApp's platform. A Data Processing Agreement with Twilio covers this transfer, including EU Standard Contractual Clauses.
Google Calendar
Used only for staff scheduling slots. No client name or phone number is stored in calendar events — only an opaque appointment ID.
For clinics whose clients constitute a high-risk population under NABIDH or ADHICS, we recommend a pre-go-live data flow review. Contact us at privacy@curiousstack.co.
Third-party services
Every sub-processor has a signed DPA.
We do not share your data with any third party that has not signed a Data Processing Agreement with us. Here is the full list:
| Service |
Purpose |
Data location |
DPA status |
| Microsoft AzureCosmosDB + Azure OpenAI + Monitor |
Database storage, AI inference, application monitoring |
UAE North / Dubai (primary); Microsoft DPA covers cross-border AI inference |
✓ Signed |
| TwilioWhatsApp Business API + Voice |
Delivering WhatsApp messages and outbound voice call reminders |
United States; DPA with EU SCCs covers transfer |
✓ Signed |
| GoogleCalendar API |
Staff scheduling slots only — no client PII in calendar events |
United States / Global; DPA accepted via Google Cloud Console |
✓ Signed |
| SendGrid (Twilio)Email delivery |
Sending appointment confirmation and reminder emails |
Covered by Twilio DPA |
✓ Signed |
We do not sell data. We do not use client data for advertising. We do not share data with any service not listed above.
Technical security
Security measures you can show your IT team.
Encryption in transit
All data transmitted over HTTPS / TLS 1.2+. No unencrypted connections permitted.
Encryption at rest
All CosmosDB storage is encrypted by Microsoft Azure using AES-256.
Azure Key Vault
API keys, database credentials, and service account tokens are stored in Azure Key Vault — never in application code or environment files.
Role-based access control
System admins, clinic managers, operators, and staff each see only the data their role requires. Staff can see masked contact details only.
IP allowlisting
Admin panel access can be restricted to your clinic's fixed IP address(es).
Session limits
Admin sessions expire automatically after 8 hours of inactivity.
Rate limiting
API and webhook endpoints are rate-limited to prevent abuse or data scraping.
Immutable audit log
Every login, data read, record change, and export is logged with timestamp and actor identity. Logs cannot be modified or deleted.
Breach notification
In the event of a data breach, we notify the UAE Data Office and affected clinics within 72 hours — as required by law.
Your clients' rights
Rights your clients can exercise — today, not on request.
Under UAE PDPL, your clients have legally enforceable rights. Rendevy makes these operable, not just documented:
Right to access
Clients can request a full export of their data. Clinic managers can trigger this from the admin panel. We deliver a structured JSON file within 30 days.
Right to erasure
One-click deletion from the admin panel cascades across all records — appointments, conversation logs, checkpoints, and the client record itself. Legally required retention periods are respected.
Right to withdraw consent
Clients reply STOP at any time. The bot stops immediately. No further messages or calls are sent.
Right to rectification
Client details can be corrected via the admin panel or through the bot at any time.
Data retention limits
Conversation logs are automatically deleted after 24 months. Inactive client records are anonymised after 3 years. Appointment records follow UAE Health Data Law retention periods (up to 10 years for medical clinics).
Your role as data controller
What Rendevy handles — and what stays with you.
Rendevy is a data processor acting on your instructions. You remain the data controller — responsible for the lawful basis under which you introduce your clients' data into the platform.
Before going live, two things are required:
Sign a Data Processing Agreement
Inform your clients
That Rendevy processes appointment data on your behalf. The simplest way is a line in your existing client consent forms: "Appointment scheduling is managed by Rendevy (rendevy.app). See rendevy.app/privacy for details."
Rendevy handles the technical compliance infrastructure. Consent capture, audit logging, data retention, breach detection, and sub-processor DPAs are all managed for you. Your obligations are limited to ensuring your clients are informed and that your own use of the platform is lawful.
Ready to move forward? Let's make it simple.
Review the DPA template, share this page with your legal or IT team, or reach out directly — we're happy to answer specific compliance questions for your clinic.