1. Who we are
Curely AI (“Curely AI”, “we”, “us”) develops intelligent healthcare systems. We are based in Kampala, Uganda, and we are the data controller for personal data processed through this website, curelyai.com.
For anything related to your personal data, including exercising the rights described below, contact us at info@curelyai.com.
Where the EU or UK General Data Protection Regulation (GDPR) applies to you, this policy describes the information required under Articles 13 and 14 of the GDPR, including the legal bases we rely on and the rights you can exercise.
2. What we collect, and why
We only collect personal data that you actively give us, plus a minimal amount of technical data needed to run and protect the site. We do not run advertising, profiling, or cross-site tracking of any kind.
Contact form
When you contact us we collect your name, email address, and message, and optionally your organization, role, country, and area of interest. We use this to respond to your enquiry. Legal basis: our legitimate interest in responding to enquiries you initiate, and, where your enquiry concerns a contract, steps taken at your request prior to entering a contract (GDPR Art. 6(1)(f) and 6(1)(b)).
Newsletter
If you subscribe to updates we store your email address and where on the site you signed up. We use it only to send you the updates you asked for. Every email includes an unsubscribe link, and unsubscribing permanently deletes your record. Legal basis: your consent (GDPR Art. 6(1)(a)), which you can withdraw at any time.
Job applications
When you apply for a role we collect your name, email, and cover letter, and optionally your phone number, location, current title, LinkedIn or portfolio links, and your CV. CV files are stored in a private storage bucket and are only accessible to our hiring team through short-lived, authenticated links. We use this data solely to evaluate your application. Legal basis: steps taken at your request prior to entering a contract (GDPR Art. 6(1)(b)) and our legitimate interest in running a recruitment process.
Event RSVPs
When you RSVP to an event we collect your name, email, and party size, and optionally your organization and notes, to manage attendance for that event. Legal basis: steps taken at your request (GDPR Art. 6(1)(b)) and legitimate interest.
Ask Curely AI assistant
Our website chat assistant answers questions about Curely AI. When you use it:
- The text you type is sent to OpenAI (our AI processing provider) to generate a reply. OpenAI processes it on our behalf as a data processor and, under our API terms, does not use it to train its models.
- Conversations (your messages and the assistant’s replies) are stored on our servers, together with your browser’s user-agent string and the page you were on, so we can review quality and improve answers.
- Please do not enter sensitive personal information into the assistant, in particular health information about yourself or others. It is a product Q&A tool, not a medical service.
Legal basis: our legitimate interest in operating and improving the assistant (GDPR Art. 6(1)(f)). Conversations are not linked to your name or account unless you include such details in your messages.
Blog view counts
To count article views without tracking you, we derive a one-way salted hash of your IP address that lets us de-duplicate views within a single day. Your actual IP address is never stored, the hash cannot be reversed to identify you, and hashes are anonymized entirely after 30 days. Legal basis: our legitimate interest in basic, privacy-preserving content statistics.
3. Cookies
The public website sets no cookies: no analytics cookies, no advertising cookies, no third-party cookies, and nothing stored in your browser’s local storage. Because we use no non-essential cookies, no cookie consent banner is required.
The only cookies we use are two strictly-necessary authentication cookies (curely_session and curely_2fa_pending) set only when a Curely AI staff member signs in to our internal admin area. They are never set for ordinary visitors and are exempt from consent requirements as strictly necessary for a service explicitly requested.
4. Who we share data with
We never sell personal data, and we never share it for advertising. We use a small number of infrastructure providers (data processors) to run the site:
- DigitalOcean — hosts our servers, database, and file storage (including CV files, kept in a private bucket).
- OpenAI — processes chat assistant messages to generate replies, as described above.
These providers process data only on our instructions. We may also disclose data where required by law.
5. International transfers
Our infrastructure providers may process data in the United States or other countries outside your own. Where the GDPR applies, such transfers rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework certifications of our providers.
6. How long we keep data
- Contact form submissions — up to 24 months, then deleted.
- Newsletter subscriptions — until you unsubscribe; your record is deleted immediately when you do.
- Job applications, including CVs — up to 12 months after submission, then deleted (including the CV file).
- Event RSVPs — up to 12 months after submission, then deleted.
- Chat assistant conversations — up to 12 months after your last message, then deleted.
- Blog view hashes — anonymized after 30 days.
7. Your rights
Where the GDPR or similar laws apply to you, you have the right to:
- Access a copy of the personal data we hold about you.
- Have inaccurate data corrected.
- Have your data erased (“right to be forgotten”).
- Restrict or object to our processing of your data.
- Receive your data in a portable, machine-readable format.
- Withdraw consent at any time where processing is based on consent (for example, the newsletter), without affecting processing before withdrawal.
To exercise any of these rights, email info@curelyai.com. We respond within one month. You also have the right to lodge a complaint with your local data protection supervisory authority.
8. Security
All traffic to the site is encrypted with TLS. Personal data is stored in access-controlled databases; CV files live in a private bucket accessible only through short-lived signed links; admin access is protected by strong password hashing and two-factor authentication; and our servers use firewalls, intrusion-prevention, and key-only access.
9. Children
This website is intended for professional audiences and is not directed at children under 16. We do not knowingly collect personal data from children; if you believe a child has provided us data, contact us and we will delete it.
10. Changes to this policy
We will update this page when our data practices change and revise the “Last updated” date above. Significant changes will be highlighted on the site.
11. Contact
Curely AI, Kampala, Uganda · info@curelyai.com · Contact form

