Oribit Health

Privacy Policy

Orbit Health — eHealth IT Services PLC

Last updated: June 29, 2026

Contents

  1. 1. Introduction
  2. 2. Information We Collect
  3. 3. Health & Sensitive Data
  4. 4. How We Use Information
  5. 5. Legal Basis for Processing
  6. 6. How We Share Information
  7. 7. App Permissions (Mobile)
  8. 8. Data Retention
  9. 9. Data Security
  10. 10. Your Rights & Choices
  11. 11. Children’s Privacy
  12. 12. International Data Transfers
  13. 13. Third-Party Links & Services
  14. 14. Changes to This Policy
  15. 15. Contact Us

1. Introduction

Orbit Health is operated by eHealth IT Services PLC (“Orbit Health”, “we”, “us”, or “our”), located at Goro IT Park BPO Building, 4th Floor, Addis Ababa, Ethiopia. We provide digital health solutions including Electronic Health Record (EHR) and practice management systems, the Personal Health Record (PHR) mobile application, financial/health-wallet solutions, and public health data analytics tools (collectively, the “Services”).

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website (orbithealth.co), our mobile applications, or any related Services. It applies to patients, healthcare providers, partners, and visitors.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Services.

2. Information We Collect

2.1 Information you provide directly

  • Account information: full name, email address, phone number, date of birth, username/password
  • Profile and identity details: national ID, gender, address, emergency contact
  • Career/partnership form data: resume/CV, organization name, phone number (submitted via our “Work with Us” forms)
  • Communications: messages, support tickets, and feedback you send to us
  • Payment and billing details when using financial or health-wallet features

2.2 Information collected automatically

  • Device information: device model, operating system, unique device identifiers, mobile network information
  • Log data: IP address, browser type, pages visited, time/date of visits, app crash logs
  • Usage data: features used, appointment activity, in-app interactions
  • Cookies and similar tracking technologies on our website (see Section 13)

2.3 Information from third parties

  • Information shared by healthcare providers, hospitals, or clinics using our EHR systems on your behalf
  • Information from partners providing insurance, payment, or financing services

3. Health & Sensitive Data

Because Orbit Health provides EHR and Personal Health Record services, we may collect and process sensitive health information, including:

  • Medical history, diagnoses, and treatment records
  • Medications, prescriptions, and dispensation records
  • Vital signs, lab results, and clinical notes
  • Appointment and visit history
  • Insurance and health-financing information

We treat health information as highly sensitive. It is collected and processed only to deliver the Services (e.g., enabling care coordination between you and your healthcare provider), and access is restricted to authorized personnel, your treating provider(s), and systems strictly necessary to operate the Services.

4. How We Use Information

  • To provide, operate, and maintain the EHR, PHR, financial, and analytics Services
  • To facilitate appointment scheduling, medication management, and care coordination between patients and providers
  • To process payments and health-wallet transactions
  • To generate aggregated, de-identified public health insights and analytics
  • To communicate with you, including service updates, newsletters (if subscribed), and support responses
  • To process career and partnership applications submitted through our website
  • To detect, investigate, and prevent fraud, abuse, or security incidents
  • To comply with legal and regulatory obligations applicable in Ethiopia and other jurisdictions where we operate
  • To improve and develop new features of the Services

5. Legal Basis for Processing

Depending on your location, we process personal data on one or more of the following bases: your consent, performance of a contract with you (or your healthcare provider), compliance with legal obligations (e.g., health record-keeping laws), and our legitimate interests in operating and improving the Services, provided those interests do not override your fundamental rights.

6. How We Share Information

We do not sell your personal or health information. We may share information in the following circumstances:

RecipientPurpose
Healthcare providers / facilitiesTo deliver care coordinated through our EHR/PHR platforms
Service providers & sub-processorsHosting, cloud storage, payment processing, analytics, customer support (under confidentiality and data-protection obligations)
Insurance & financing partnersOnly where you use Health Wallet or insurance-related features
Legal & regulatory authoritiesWhere required by law, court order, or to protect rights, safety, or property
Business transfersIn connection with a merger, acquisition, or sale of assets, subject to confidentiality protections

7. App Permissions (Mobile)

Our mobile application(s) may request the following device permissions, used only for the stated purpose:

PermissionPurpose
Camera / PhotosUpload profile photo, scan documents or prescriptions
StorageSave and upload medical records, attachments, or CV files
NotificationsAppointment reminders, medication alerts
Location (optional)Find nearby health facilities (only with your permission)
Contacts (optional)Add emergency contact details, with your explicit consent

You can manage or revoke these permissions at any time through your device settings.

8. Data Retention

We retain personal and health information for as long as necessary to provide the Services, comply with legal and medical record-keeping requirements, resolve disputes, and enforce our agreements. Health records may be subject to longer statutory retention periods required by applicable healthcare regulations. When no longer needed, data is securely deleted or anonymized.

9. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal and health information, including encryption in transit and at rest, access controls, role-based permissions, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Your Rights & Choices

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or update your personal information
  • Request deletion of your personal data, subject to legal/medical retention requirements
  • Withdraw consent for optional data processing (e.g., marketing, location access)
  • Request a copy of your data in a portable format
  • Object to certain processing activities
  • Unsubscribe from our newsletter at any time via the link in our emails

To exercise these rights, contact us using the details in Section 15.

11. Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children without parental/guardian consent. Where our Services are used to manage a minor’s health records, this is done by or with the consent of the minor’s parent, guardian, or authorized healthcare provider.

12. International Data Transfers

Your information may be stored and processed in Ethiopia or other countries where our service providers operate. We take steps to ensure appropriate safeguards are in place when data is transferred across borders, consistent with applicable data protection laws.

13. Third-Party Links, Cookies & Analytics

Our website may use cookies and similar technologies to improve functionality and analyze usage. Our website and Services may also contain links to third-party sites (e.g., social media, Google Forms for demo requests) which have their own privacy policies; we are not responsible for their practices. You can control cookies through your browser settings.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The “Last updated” date at the top of this page indicates when changes were last made. Continued use of the Services after changes take effect constitutes acceptance of the revised policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

↑ Back to top © 2026 Orbit Health (eHealth IT Services PLC). All rights reserved.

Scroll to Top