Privacy Policy
mSignal360 — Professional Documentation & Traceability Application
1. Introduction
MOHE BioTech (Mauritius) Ltd. (“MOHE”, “mSignal360”, “we”, “us”, or “our”) operates the mSignal360 mobile application and related services.
mSignal360 is a professional documentation and traceability application used in screening-related workflows. The app records and manages documentation data, which may include timestamp information, GPS/location metadata where permission is granted, user or session references, device or test-reference information where applicable, and related screening-event records.
mSignal360 does not perform medical analysis, laboratory analysis, diagnosis, disease detection, treatment recommendation, prescription, or automated clinical decision-making.
This Privacy Policy explains what data we collect, why we collect it, how we use it, how we protect it, and what rights may apply to users.
2. Who This Policy Applies To
This Privacy Policy applies to:
- users of the mSignal360 mobile application;
- authorized professional users;
- client organizations using mSignal360;
- individuals whose information is documented through mSignal360;
- users of related mSignal360 services, where applicable.
mSignal360 is not a consumer fitness or wellness application.
3. Data Controller
The data controller for mSignal360 is:
The Dot, Avenue de Telfair, Moka, Mauritius
Email: privacy@mohebiotech.com
In some cases, MOHE may process data on behalf of a client organization, healthcare provider, laboratory, employer, institution, public-health body, or other professional organization. In those cases, that organization may also act as an independent controller or joint controller under applicable law.
4. Data We Collect
Depending on how mSignal360 is used, we may collect the following categories of data.
4.1 Account and User Data
We may collect:
- name;
- email address;
- phone number;
- organization name;
- professional role;
- user ID;
- login credentials;
- account settings;
- access permissions.
4.2 Screening-Event Documentation Data
We may collect documentation related to screening workflows, including:
- event record;
- timestamp;
- GPS/location metadata where permission is granted;
- user or operator reference;
- session reference;
- device reference where applicable;
- test-reference information where applicable;
- uploaded or transmitted documentation;
- record status;
- audit history.
The app does not independently analyze or interpret this information.
4.3 Location Data
mSignal360 may collect GPS/location metadata where permission is granted by the user.
Location data is used for documentation, traceability, audit integrity, point-of-care verification, field-screening records, and client-specific professional workflows.
mSignal360 does not use GPS/location data for advertising.
Users can disable location access through device settings. Some professional documentation functions may be incomplete if location access is disabled.
4.4 Device and Technical Data
We may collect:
- device type;
- operating system version;
- app version;
- IP address;
- connection logs;
- crash reports;
- diagnostic logs;
- security logs;
- usage events;
- API logs.
This data is used to operate, secure, maintain, and improve the app and related services.
4.5 Support and Communication Data
If you contact us, we may collect:
- your name;
- email address;
- organization;
- support request;
- communication history;
- attachments or screenshots you provide.
5. How We Use Data
We use data to:
- provide the mSignal360 app and related services;
- create and manage documentation records;
- record timestamp and location metadata where authorized;
- support screening-event traceability;
- authenticate users;
- manage user permissions;
- provide secure storage, transmission, and export;
- maintain audit logs;
- provide technical support;
- protect the security of the app and platform;
- detect misuse or unauthorized access;
- comply with legal, regulatory, contractual, or professional obligations;
- improve app reliability, performance, and usability;
- generate anonymized or aggregated operational statistics where legally permitted.
6. Sensitive Data
Depending on the workflow, some data processed through mSignal360 may relate to health, screening events, location, or professional medical documentation.
We treat such data with additional care and apply technical and organizational safeguards designed to protect confidentiality, integrity, and security.
mSignal360 does not sell identifiable health data or screening-event data to advertising networks.
7. Legal Basis for Processing
Depending on the jurisdiction and use case, we may process data based on:
- user consent;
- performance of a contract;
- legitimate business interests;
- compliance with legal obligations;
- professional, institutional, occupational-health, public-health, or medical documentation requirements;
- explicit consent where required for sensitive data;
- instructions from a client organization where MOHE acts as a processor.
Where a client organization uses mSignal360, that client is responsible for ensuring that it has the required legal basis, consent, notice, authorization, or professional obligation to collect and process data through the platform.
8. Data Sharing
We may share data only where necessary, lawful, and appropriate, including with:
- authorized client organizations;
- authorized professional users;
- healthcare providers, laboratories, institutions, employers, or public-health bodies where applicable to the workflow;
- cloud hosting and infrastructure providers;
- technical service providers;
- cybersecurity and monitoring providers;
- payment or subscription providers, where applicable;
- legal, regulatory, or public authorities where required by law;
- professional advisers, auditors, insurers, or legal representatives;
- successors or assignees in connection with a merger, acquisition, restructuring, or sale of assets.
We do not sell identifiable personal data, health data, or screening-event records to advertising networks.
9. Third-Party Services
mSignal360 may use third-party service providers to support cloud hosting, infrastructure, authentication, analytics, crash reporting, communications, security, or technical support.
These providers may process data only as necessary to provide their services to MOHE or as otherwise permitted by law and contract.
Where analytics or crash reporting tools are used, we aim to limit the data collected and avoid including identifiable health or screening-event content in analytics events.
10. International Data Transfers
mSignal360 may process or store data in Mauritius, Switzerland, the European Union, the United States, Brazil, Africa, or other jurisdictions where MOHE, its clients, affiliates, cloud providers, or service providers operate.
Where required by applicable law, we use appropriate safeguards for international transfers, which may include contractual protections, data-processing agreements, encryption, access controls, and other lawful transfer mechanisms.
11. Data Security
We use technical and organizational measures designed to protect data, including where appropriate:
- encryption in transit;
- encryption at rest;
- access controls;
- authentication;
- role-based permissions;
- audit logs;
- security monitoring;
- backup and recovery measures;
- infrastructure protection;
- incident response procedures.
No digital system can be guaranteed to be completely secure. Users and client organizations are responsible for protecting their own credentials, devices, networks, and internal access rights.
12. Data Retention
We retain data for as long as necessary to:
- provide the app and services;
- maintain professional documentation records;
- comply with legal, regulatory, contractual, medical, audit, tax, accounting, or evidentiary obligations;
- resolve disputes;
- enforce agreements;
- protect MOHE, users, clients, and the platform.
Retention periods may vary depending on the type of data, client configuration, jurisdiction, and applicable law.
Where legally permitted, anonymized or aggregated data may be retained for longer periods.
13. User Rights
Depending on applicable law, users may have the right to:
- access their personal data;
- correct inaccurate data;
- request deletion;
- restrict processing;
- object to processing;
- withdraw consent where processing is based on consent;
- request data portability;
- lodge a complaint with a data-protection authority.
Requests may be sent to privacy@mohebiotech.com.
Where MOHE processes data on behalf of a client organization, we may direct the request to that client organization or cooperate with the client in responding to the request.
We may need to verify identity before responding.
14. Children
mSignal360 is intended for professional and authorized use. It is not directed to children as consumer users.
Where data relating to minors is processed through a professional or institutional workflow, the responsible client organization, healthcare provider, institution, employer, guardian, or public authority must ensure that the required legal basis, consent, authorization, or professional obligation exists.
15. App Permissions
mSignal360 may request device permissions, including:
- location access;
- camera access, if required for documentation;
- Bluetooth access, if required for device connection;
- notifications;
- storage or document access;
- network access.
Permissions are requested only where needed for app functions. Users may control permissions through device settings. Some functions may not work correctly if required permissions are disabled.
16. No Advertising Use of Health or Location Data
mSignal360 does not use identifiable health data, screening-event documentation, or GPS/location data for third-party advertising.
mSignal360 does not share identifiable health data, screening-event records, or GPS/location data with advertising networks.
17. Aggregated and Anonymized Data
MOHE may use aggregated, anonymized, or de-identified data to operate, improve, secure, and evaluate the mSignal360 platform.
Such data may be used for operational statistics, platform performance, quality improvement, product development, institutional reporting, and legally permitted analytics.
MOHE does not intentionally use anonymized or aggregated data in a way that directly identifies an individual.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
If we make material changes, we may notify users through the app, by email, or by posting an updated version on our website.
The latest version will be available at https://mohebiotech.com/privacy-policy.
19. Contact
For privacy questions, requests, or complaints, please contact:
The Dot, Avenue de Telfair, Moka, Mauritius
Email: privacy@mohebiotech.com
Website: https://mohebiotech.com