Privacy Policy

• Identity: full name (English + optional Arabic), date of birth, gender, nationality.
• Contact: email, Bahrain mobile number.
• Medical: blood group, last donation date, donation history you voluntarily log.
• Location: area of residence (city, not GPS).
• Identity verification (optional): CPR number — stored AES-256-GCM encrypted; only the first four digits are visible to admins; images are deleted after verification.
• Account security: bcrypt-hashed password (we never see your plaintext).
• Operational metadata: timestamps, session tokens, notification preferences.

• Match you with nearby patients who need your blood type in an emergency, urgent, or scheduled scenario.
• Notify you via your preferred channels (WhatsApp, SMS, email) when such a match exists.
• Show hospitals your contact details only after you’ve consented and been matched to an active request.
• Maintain aggregate statistics (donor counts, fulfillment rates) for public-facing transparency.

We do not sell your data, run advertising, or share it with third parties outside the active-request matching workflow.

• Access: request a copy of all personal data we hold about you.
• Correction: edit your profile anytime from your account dashboard.
• Deletion: delete your account — removes all PII immediately.
• Portability: export your donation history as JSON/CSV.
• Objection: opt out of any notification channel individually.

Exercise any right by emailing contact@bahrainblood.com.