InstaHealth

Legal

PRIVACY POLICY

Last Updated: 25 March 2026

Thank you for using InstaHealth. We are committed to protecting your privacy and handling your personal data in a transparent, secure, and commercially responsible manner.

This Privacy Policy ("Policy") explains how InstaHealth, its related entities, affiliates, contractors, service providers, and technology partners (collectively referred to in this Policy as "InstaHealth", "we", "our", or "us") collect, use, disclose, store, transfer, and otherwise process your information when you access or use our website, marketplace, mobile-compatible interfaces, vendor tools, dashboards, integrations, communications, customer support systems, and related services (collectively, the "Services").

This Policy applies whether you access InstaHealth through a browser, mobile device, embedded application, vendor dashboard, checkout flow, partner integration, or any other supported access point.

By accessing or using InstaHealth, creating an account, submitting information to us, placing an order, applying as a vendor, connecting a third-party platform, or otherwise interacting with the Services, you acknowledge that your information may be collected and processed as described in this Policy.

1. WHO THIS POLICY APPLIES TO

This Policy applies to:

  • customers and users browsing or purchasing through InstaHealth;
  • users creating customer accounts;
  • vendors, merchants, clinics, service providers, suppliers, practitioners, and business applicants using or applying to use InstaHealth;
  • vendor staff and authorized representatives;
  • individuals contacting us for support, sales, onboarding, compliance, legal, or operational purposes;
  • visitors to our website and marketplace;
  • users who interact with our content, advertising, forms, or integrations.

This Policy does not apply to third-party websites, third-party platforms, or third-party services that may be linked from our Services or used by vendors independently of InstaHealth.

2. INFORMATION WE COLLECT

We collect information in several ways depending on how you use InstaHealth.

2.1 Information You Provide to Us

You may provide us with information directly when you:

  • create an account;
  • place an order;
  • browse or save products/services;
  • submit checkout details;
  • contact customer support;
  • submit a vendor application;
  • onboard as a vendor;
  • connect a third-party integration;
  • communicate with us by email, forms, chat, or phone;
  • submit forms, uploads, business documents, or verification information.

Depending on your use of the Services, this information may include:

Customer / User Information

  • full name;
  • email address;
  • mobile number or phone number;
  • delivery address or service location;
  • account login credentials;
  • order history;
  • shopping preferences;
  • saved items or browsing interactions;
  • support communications;
  • booking-related information;
  • account settings and profile information.

Vendor / Merchant / Applicant Information

  • business name;
  • contact person name;
  • vendor representative information;
  • email address and phone number;
  • business address;
  • service areas or delivery areas;
  • onboarding details;
  • business verification information;
  • vendor profile content;
  • bank, payout, invoicing, or settlement-related business details;
  • connected store or integration information;
  • uploaded product, inventory, pricing, service, and fulfillment data;
  • communications with InstaHealth support or admin teams.

Transaction / Checkout Information

When you place an order or make a payment through the Services, we may collect or receive information relating to:

  • items purchased;
  • order totals;
  • timestamps;
  • billing and shipping details;
  • payment status;
  • refund status;
  • fulfillment status;
  • booking or service scheduling details;
  • vendor allocation and order routing details.

Important: Payment card information is generally processed by third-party payment processors and not stored directly by InstaHealth except where technically necessary for transaction confirmation, tokenization, fraud prevention, or compliance workflows.

3. INFORMATION WE RECEIVE FROM THIRD PARTIES

We may receive information about you from third parties where relevant to the operation of the Services.

This may include information from:

  • payment providers;
  • authentication providers;
  • social login providers;
  • Shopify or connected e-commerce systems;
  • search and analytics providers;
  • mapping and location providers;
  • fraud prevention or security vendors;
  • marketing and communications providers;
  • vendors or merchants where relevant to your order or booking;
  • publicly available business records or verification sources.

If you choose to sign in using a third-party login or identity provider, we may receive limited account information from that provider, such as your name, email address, profile image, or authentication identifier, depending on the permissions granted.

4. TECHNICAL INFORMATION WE COLLECT AUTOMATICALLY

When you use InstaHealth, we automatically collect certain technical and usage information relating to your device, browser, connection, and interaction with the Services.

This may include:

  • IP address;
  • browser type and version;
  • operating system;
  • device type;
  • language preferences;
  • referral URLs;
  • approximate geographic location;
  • pages viewed;
  • products or categories viewed;
  • clicks, taps, searches, and navigation patterns;
  • session duration;
  • login timestamps;
  • vendor dashboard activity;
  • checkout activity;
  • error logs and diagnostic data;
  • identifiers used for security, fraud prevention, and performance monitoring.

Where you are logged into the Services, this information may be associated with your account.

5. COOKIES AND TRACKING TECHNOLOGIES

We and our service providers may use cookies, pixels, tags, scripts, SDKs, local storage, and similar tracking technologies to collect and store information when you use the Services.

These technologies may be used to:

  • keep you logged in;
  • remember preferences and session state;
  • improve site performance;
  • support search and filtering;
  • understand how users interact with the platform;
  • analyze traffic and conversion behavior;
  • personalize content or recommendations;
  • assist with fraud detection and abuse prevention;
  • support advertising or retargeting where applicable.

Cookies may include:

  • session cookies (expire when you close your browser);
  • persistent cookies (remain until expiry or deletion);
  • functional cookies;
  • analytics cookies;
  • security-related cookies.

You can usually control cookies through your browser settings. However, disabling some cookies may affect the functionality of InstaHealth.

6. LOG DATA AND SECURITY EVENTS

We maintain logs and records relating to access, usage, system events, and security events for operational, security, fraud prevention, and compliance purposes.

These records may include:

  • account access logs;
  • vendor dashboard actions;
  • admin actions;
  • failed login attempts;
  • order lifecycle events;
  • webhook and integration events;
  • fraud or abuse signals;
  • API and system request metadata;
  • infrastructure and performance logs.

We use these records to:

  • monitor the integrity of the Services;
  • investigate incidents;
  • detect misuse, fraud, unauthorized access, or abuse;
  • maintain audit trails;
  • support dispute resolution and internal controls.

7. LOCATION DATA

We may collect or infer location-related information where relevant to the operation of the marketplace and user experience.

This may include:

  • delivery address or service address;
  • location selected by a customer;
  • suburb, city, region, or postcode;
  • approximate device location (where permitted);
  • vendor service radius or delivery zone;
  • geographic filtering and availability logic.

We may use location data to:

  • show relevant vendors or listings;
  • determine service availability;
  • calculate delivery or fulfillment eligibility;
  • localize the marketplace experience;
  • improve search relevance;
  • support operational logistics.

Where device-based location permissions are requested, you may be able to manage these through your browser or device settings.

8. SENSITIVE OR HEALTH-RELATED INFORMATION

InstaHealth operates in health-adjacent product and service categories. Depending on how the Services are used, certain purchases, bookings, search behavior, or vendor interactions may imply interests relating to wellness, supplements, diagnostics, skincare, hormones, peptides, consultations, or similar categories.

We do not position InstaHealth as a medical records platform unless expressly stated otherwise.

However, because certain marketplace activity may be considered sensitive in nature depending on jurisdiction, we aim to handle such information with an elevated level of care, access restriction, and security.

You should not submit unnecessary medical records, diagnosis notes, prescriptions, or highly sensitive clinical information through general forms or support channels unless specifically requested through an approved and secure process.

9. HOW WE USE YOUR INFORMATION

We may use your information for one or more of the following purposes:

  1. To provide and operate the Services
    Including marketplace browsing, account creation, checkout, order processing, booking workflows, vendor onboarding, and vendor operations.
  2. To facilitate transactions and fulfillment
    Including routing orders to vendors, managing order status, enabling service bookings, and supporting customer-vendor interactions where necessary.
  3. To support vendor and merchant functionality
    Including product sync, inventory sync, order sync, booking configuration, vendor dashboards, onboarding, and operational tooling.
  4. To process payments, refunds, settlements, and transaction workflows
    Including fraud checks, charge management, payment confirmations, and reconciliation support.
  5. To communicate with you
    Including account notices, order confirmations, vendor notices, service updates, support responses, operational alerts, and important platform communications.
  6. To provide customer support and dispute handling
    Including troubleshooting, issue resolution, transaction investigations, and marketplace support.
  7. To improve, analyze, and develop the Services
    Including product improvement, user experience optimization, analytics, testing, and feature development.
  8. To personalize marketplace experiences
    Including relevant product suggestions, category experiences, location-based availability, and platform optimization.
  9. To maintain safety, trust, and security
    Including fraud prevention, abuse detection, account verification, security monitoring, and internal audit controls.
  10. To comply with legal, tax, regulatory, and compliance obligations
    Including recordkeeping, investigations, legal responses, and operational compliance.
  11. To support marketing and communications
    Including promotional emails, remarketing, campaigns, or business communications where permitted by law or based on your preferences.
  12. To enforce our legal rights and platform rules
    Including the enforcement of our terms, vendor rules, marketplace policies, and dispute handling.

10. WHAT WE SHARE

InstaHealth is a platform that connects customers with vendors, merchants, service providers, and marketplace operators. In order for the Services to function, we may need to share information with relevant parties.

10.1 With Vendors and Service Providers

We may share relevant information with vendors or service providers where necessary to:

  • process or fulfill your order;
  • manage a booking or appointment;
  • respond to an issue with your purchase or booking;
  • verify fulfillment or delivery;
  • provide customer service related to a vendor transaction.

This may include:

  • your name;
  • contact details;
  • order details;
  • delivery or service address;
  • booking information;
  • relevant customer notes;
  • transaction status.

10.2 With Service Providers and Operational Partners

We may share information with trusted third parties who assist us in operating the Services, including providers of:

  • hosting and infrastructure;
  • authentication;
  • payments;
  • analytics;
  • search;
  • customer communications;
  • email delivery;
  • cloud storage;
  • fraud prevention;
  • logging and monitoring;
  • shipping or operational support;
  • integrations and commerce tooling.

These third parties may only process data on our behalf where appropriate and subject to applicable contractual or operational safeguards.

10.3 With Integration and Platform Providers

Where vendors connect external systems or stores, we may process and share relevant data with those systems in order to support:

  • catalog sync;
  • product sync;
  • order sync;
  • inventory sync;
  • vendor connection workflows;
  • marketplace integration logic.

10.4 For Legal, Regulatory, or Security Reasons

We may disclose information where reasonably necessary to:

  • comply with applicable law, regulation, court order, subpoena, or lawful request;
  • investigate fraud, abuse, or security incidents;
  • protect the rights, property, safety, or operations of InstaHealth, our users, vendors, or others;
  • enforce our legal agreements or internal policies.

10.5 In Corporate Transactions

If InstaHealth is involved in a merger, acquisition, restructuring, financing, sale of assets, or similar transaction, your information may be disclosed as part of that process, subject to appropriate confidentiality and legal protections.

10.6 Aggregated or De-Identified Information

We may use and share aggregated, anonymized, or de-identified information for analytics, business intelligence, commercial reporting, operational insights, or platform improvement, provided it does not reasonably identify you.

11. MARKETING AND COMMUNICATIONS

We may send you service-related, operational, account-related, or transactional communications where necessary.

Where permitted, we may also send marketing or promotional communications, including information about:

  • new categories or services;
  • featured vendors;
  • offers or promotions;
  • platform updates;
  • relevant business or marketplace opportunities.

You may opt out of non-essential marketing communications using unsubscribe links, account settings, or by contacting us.

Even if you opt out of marketing, we may still send important non-promotional messages relating to your account, orders, bookings, vendor status, security, or legal notices.

12. INTERNATIONAL DATA TRANSFERS

InstaHealth may process or store your information in the United Arab Emirates and in other countries where we or our service providers operate.

As a result, your information may be transferred to or accessed from jurisdictions outside your country of residence, including jurisdictions that may have different data protection laws.

Where such transfers occur, we take commercially reasonable and appropriate steps to ensure that your information remains protected through one or more of the following:

  • contractual safeguards;
  • access controls;
  • organizational security measures;
  • vendor diligence and data protection controls;
  • technical security protections.

By using the Services and providing your information, you acknowledge that your information may be transferred, stored, or processed internationally in accordance with this Policy.

13. HOW WE PROTECT YOUR INFORMATION

We take data security seriously and implement commercially reasonable technical, administrative, and organizational measures designed to protect your information from unauthorized access, misuse, disclosure, alteration, or destruction.

These measures may include:

  • secure hosting environments;
  • access controls;
  • authentication protections;
  • role-based permissions;
  • encrypted transmission where applicable;
  • audit logging;
  • internal operational restrictions;
  • vendor and system access controls.

However, no system, website, transmission, or storage environment can be guaranteed to be 100% secure. You use the Services at your own risk, and you should also take reasonable steps to protect your own account credentials and devices.

14. DATA RETENTION

We retain your information for as long as reasonably necessary to:

  • provide the Services;
  • maintain your account;
  • support orders, bookings, or vendor operations;
  • comply with legal, tax, accounting, or regulatory obligations;
  • resolve disputes;
  • enforce our rights;
  • prevent fraud or misuse;
  • maintain internal business and security records.

Retention periods may vary depending on:

  • the type of information;
  • the purpose for which it was collected;
  • operational necessity;
  • legal or regulatory requirements;
  • risk, fraud, or dispute considerations.

When information is no longer required, we may delete, anonymize, archive, or securely restrict it, subject to applicable obligations.

15. YOUR RIGHTS

Depending on your location and applicable law, you may have rights in relation to your personal data, including the right to request:

  • access to your data;
  • correction of inaccurate information;
  • deletion of certain information;
  • restriction of certain processing;
  • objection to certain processing;
  • portability of certain data;
  • withdrawal of consent where processing is based on consent;
  • review of certain automated decision-making where applicable.

We may need to verify your identity before responding to a request, and certain rights may be limited where we are legally entitled or required to retain or continue processing certain information.

To make a privacy-related request, contact us using the details below.

16. AUTOMATED PROCESSING AND PLATFORM DECISIONS

Some aspects of InstaHealth may involve automated or semi-automated processing, including systems used for:

  • search relevance;
  • location-based matching;
  • category relevance;
  • fraud or abuse screening;
  • operational routing;
  • order handling logic;
  • vendor visibility or marketplace optimization;
  • analytics and product recommendations.

Where such systems are used, we aim to apply reasonable oversight and commercially appropriate controls.

Unless expressly stated otherwise, InstaHealth does not intend for automated processing alone to make legally binding decisions about you without appropriate operational context or review.

17. CHILDREN'S PRIVACY

InstaHealth is not intended for children who are not legally permitted to use the Services under applicable law.

We do not knowingly collect personal data from children in violation of applicable legal requirements. If you believe a child has provided personal data to us improperly, please contact us and we will review the matter.

19. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our business, platform functionality, legal requirements, integrations, operational practices, or risk controls.

When we make changes, we will update the "Last Updated" date at the top of this page. Whereappropriate, we may also provide additional notice through the website, dashboard, account notifications, or other communications.

Your continued use of the Services after changes are posted may constitute acknowledgment of the updated Policy, to the extent permitted by law.

20. CONTACT US

If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of personal data, you can contact us at:

Email: info@instahealth.ae

Support: support@instahealth.ae

Legal: legal@instahealth.ae

If you do not yet have all of these addresses set up, create them or temporarily route them to your main support inbox.

21. IMPORTANT NOTICE

InstaHealth is a marketplace and technology platform. Unless expressly stated otherwise, InstaHealth does not provide medical advice, diagnosis, treatment, or emergency services.

Any health-related products, services, consultations, diagnostics, or vendor offerings made available through the platform are subject to the relevant vendor, provider, practitioner, merchant, or third-party operator.

Users should exercise appropriate judgment and obtain independent professional advice where necessary.