Privacy Policy

Last updated: March 26, 2026

Introduction

Sheryaan ("we," "our," or "us") is a service provided by ESPARSITY LTD, a company registered in England and Wales (Company Number: 16989086) with its registered office at 128 City Road, London, EC1V 2NX, United Kingdom.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered WhatsApp booking assistant service for medical clinics.

This policy also covers the المجيب شريان (Sheryaan Auto-Reply) Android companion app, which enables clinic staff to automate responses to patient messages and missed calls.

Please read this privacy policy carefully. By using Sheryaan, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Information You Provide

  • Contact Information: Name, phone number, WhatsApp number
  • Appointment Information: Preferred dates, times, and reasons for visit
  • Communication Data: Messages exchanged through WhatsApp for booking purposes

Information Collected Automatically

  • Usage Data: How you interact with our service, booking patterns, and preferences
  • Device Information: Type of device, operating system, and browser type (when using our web dashboard)

Information Collected via the Companion App

When using the المجيب شريان Android companion app, the following additional information may be collected:

  • Notification Content: When enabled by the clinic administrator, the app reads incoming WhatsApp notification content (message text and sender information) to facilitate automated appointment booking responses. This data is transmitted securely to our servers for processing.
  • Call Information: When the missed call auto-reply feature is enabled, the app detects incoming calls that go unanswered. Only the caller's phone number is accessed; call audio is never recorded or accessed.
  • SMS Data: The app may send SMS messages on behalf of the clinic when a call is missed, using a message configured by the clinic administrator.
  • Device Information: A unique device identifier, device model, and operating system version are collected for authentication, security, and troubleshooting purposes.
  • Authentication Credentials: Login credentials are stored locally on the device using AES-256 encryption and are never transmitted except during the initial authentication process.

Information from Clinics

  • Clinic Details: Clinic name, address, operating hours, available appointment slots
  • Staff Information: Names of healthcare providers for appointment matching

How We Use Your Information

We use the information we collect to:

  • Facilitate Appointments: Process and manage your booking requests
  • Provide Customer Support: Respond to your inquiries and assist with booking issues
  • Improve Our Service: Analyze usage patterns to enhance our AI assistant's accuracy and helpfulness
  • Communicate with You: Send appointment confirmations, reminders, and updates
  • AI-Powered Responses: Message content received through the companion app may be processed using artificial intelligence (including third-party AI services such as OpenAI) to generate contextually appropriate booking responses in Arabic. Messages are processed in real-time and are not used to train third-party AI models.
  • Ensure Security: Protect against unauthorized access and maintain service integrity

Information Sharing

We do not sell your personal information. We may share your information only in the following circumstances:

With Healthcare Providers

We share your booking information with the clinic you are scheduling an appointment with. This is necessary to fulfill your appointment request.

Service Providers

We may share information with third-party service providers who assist us in operating our service, including:

  • Cloud hosting providers
  • Communication platforms (WhatsApp/Meta)
  • Analytics services
  • AI processing services (OpenAI) — for generating automated booking responses

Legal Requirements

We may disclose your information if required by law or in response to valid legal requests from public authorities.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit and at rest
  • Secure access controls and authentication
  • Regular security assessments
  • Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Android App Permissions

The المجيب شريان companion app requires the following device permissions, each of which must be explicitly granted by the clinic administrator:

  • Notification Access (NotificationListenerService): Required to read incoming WhatsApp messages and provide automated booking responses. This permission must be manually enabled in your device's Settings. The app only reads notifications from WhatsApp and WhatsApp Business; all other notifications are ignored.
  • SMS (SEND_SMS): Used solely to send auto-reply messages when a phone call is missed. The clinic administrator configures the message content. SMS is never sent without the feature being explicitly enabled.
  • Phone State and Call Log (READ_PHONE_STATE, READ_CALL_LOG): Used only to detect missed calls and trigger the auto-reply feature. Call audio is never accessed or recorded.
  • Background Operation (FOREGROUND_SERVICE): Required to keep the auto-reply service running continuously so that patient messages receive timely responses.
  • Boot Completion (RECEIVE_BOOT_COMPLETED): Allows the service to restart automatically after the device is rebooted, ensuring uninterrupted service for the clinic.

You may revoke any of these permissions at any time through your device's Settings. Revoking permissions will disable the corresponding features but will not affect other functionality.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

  • Appointment Data: Retained for the duration of your relationship with the clinic, plus any legally required period
  • Communication Logs: Retained for up to 12 months for service improvement and support purposes
  • Account Information: Retained until you request deletion or the clinic terminates their service
  • Android App Data: Device authentication tokens and locally cached data are retained until the user logs out or the device is revoked by an administrator. Message processing data (conversation sessions) is retained on our servers for up to 24 hours and then automatically deleted.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information. Visit our account deletion page for step-by-step instructions
  • Objection: Object to certain processing of your information

To exercise any of these rights, please contact us at privacy@sheryaan.com.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United Kingdom, where our servers are located. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

Children's Privacy

Sheryaan is not intended for use by individuals under the age of 18 without parental or guardian involvement. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of Sheryaan after any modifications indicates your acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

ESPARSITY LTD

128 City Road

London, EC1V 2NX

United Kingdom

Email: privacy@sheryaan.com

Supervisory Authority

If you are located in the European Economic Area or the United Kingdom and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

For UK residents, this is the Information Commissioner's Office (ICO): https://ico.org.uk