Data Deletion Policy
This policy explains how patients and clinics can request deletion of data held by Salma, and how Salma handles Meta (WhatsApp / Instagram / Messenger) data deletion requests.
1. For patients — how to request deletion
Salma processes patient data on behalf of the clinic you contacted. To request deletion of your data:
Option A — via Meta: If you messaged through WhatsApp, Instagram or Messenger, you can remove Salma’s access from your Meta account at Meta → Settings → Apps and Websites. This triggers Meta’s data deletion request to us.
Option B — via the clinic: Contact the clinic that collected your data and ask them to delete your records. The clinic is your data controller.
Option C — direct: Email privacy@salma.fit with the phone number or channel handle you used. We will route the request to the clinic and confirm.
2. For clinics — how to delete data
Clinic admins can delete patients, conversations and bookings from the Salma dashboard, or disconnect a channel to stop further processing. To request full clinic account and data deletion, email privacy@salma.fit from an owner email. We will delete clinic data and channel credentials within 30 days, except where retention is legally required.
3. Meta data deletion callback
Salma receives Meta’s data deletion requests via the configured data deletion callback. When Meta sends a request containing user_id / person_id entries in people_ids_to_remove, Salma:
- identifies the affected patient records linked to that Meta identity across the clinics that received them;
- deletes or irreversibly de-identifies the corresponding message content, media and patient-identifying fields; and
- responds to Meta with a confirmation.
Implementation note: the callback endpoint URL is set in the Meta App Dashboard (Data Deletion Callback). If a callback endpoint is not yet wired for your deployment, Salma handles deletion via the manual email/dashboard routes above until it is.
4. What we delete vs. retain
We delete patient-identifying message content, media, and identity fields. We may retain de-identified operational records (aggregated counts, billing totals, security/audit metadata) where required for legal, accounting or security obligations, with no ability to re-identify the patient.
5. Timing
We action verified deletion requests within 30 days, and typically sooner. Meta-triggered callbacks are processed automatically.
6. Contact
Salma · privacy@salma.fit