Legal
Privacy Policy
Effective date: 15 June 2025 · CHIL Femtech Inc.
Keti AI handles sensitive health data on behalf of patients and healthcare providers. We take that responsibility seriously. This policy explains what we collect, why, and how we protect it.
Who we are
Keti AI is a clinical operating platform developed by CHIL Femtech Inc., registered in Uganda. We provide telehealth, laboratory, pharmacy, and payment services to healthcare facilities across East Africa. This policy governs how we collect and handle data across all Keti AI products.
Data we collect
We collect information in two categories.
Identity and contact data — your name, phone number, email address, and role within a facility. This is collected at registration and used to authenticate your account via one-time passwords (OTP).
Clinical and health data — patient records, consultation notes, diagnostic requests, prescriptions, and audit logs generated during use of the platform. This data is created and owned by the healthcare facility and their patients. Keti AI processes it solely to deliver the service.
How we use your data
We use your data to:
- Authenticate users and prevent unauthorised access to patient records - Facilitate telehealth consultations between clinicians and patients - Route laboratory requests and pharmacy fulfillment orders - Process payments via Paystack and record revenue distribution - Generate audit logs for compliance and transparency - Send system notifications such as OTP codes and consultation alerts
We do not use health data for advertising, profiling, or any purpose outside the direct delivery of clinical services.
Patient consent
Patient records are only accessible to a clinician after the patient has verified their identity via SMS or email OTP. This two-factor consent gate is enforced at the system level — no clinician can open a patient record without the patient's active participation in that session.
Patients may request a full export or deletion of their records by contacting their facility administrator. Keti AI will action deletion requests within 30 days.
Third parties
We share data with a limited set of processors, strictly to deliver the service:
- Paystack — payment processing and settlement. Governed by Paystack's own privacy policy. - Daily.co — WebRTC video infrastructure for telehealth sessions. Video calls are not recorded by Keti AI. - Google Cloud (Africa region) — cloud infrastructure, database hosting, and audit log storage. - Africa's Talking — SMS delivery for OTP codes.
We do not sell data to any third party.
Data retention
Clinical records are retained for a minimum of five years in accordance with Ugandan health data regulations. Identity and authentication data is retained for as long as an account is active, plus 12 months after closure.
Audit logs are immutable and retained indefinitely for compliance purposes. Payment records are retained for seven years as required by Ugandan tax law.
Security
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Database access requires multi-factor authentication. All record access events are logged with user identity, timestamp, and IP address.
We conduct regular security reviews. If a breach occurs that affects your data, we will notify the relevant facility administrator within 72 hours.
Your rights
Under applicable data protection law, you have the right to:
- Access the personal data we hold about you - Correct inaccurate information - Request deletion of your data where no legal retention obligation applies - Object to processing in certain circumstances - Lodge a complaint with the relevant data protection authority
To exercise these rights, contact us at the address below.
Changes to this policy
We may update this policy from time to time. When we do, we will update the effective date at the top of this page and, where changes are material, notify facility administrators by email.
Contact
CHIL Femtech Inc. Kampala, Uganda privacy@keti.ai
© 2026 CHIL Femtech Inc. All rights reserved.
Return to Keti AI