How the public immunization web handles search, language, and health-service information

1. Scope

This Privacy Policy applies to the public-facing MOH Immunization web pages in this application, including the immunization service directory, the date-of-birth guidance search, the location search, and related public informational content such as schedule images, video content, and FAQ material.

2. Information used on the public website

The public site does not currently require the general public to sign in before using the directory. Based on the current implementation, the public experience may use or receive the following categories of information:

• Date of birth entered by a visitor to calculate routine immunization guidance.
• State, township, ward, and village selections entered to search for immunization service locations.
• Language preference selected by the visitor for the public interface.
• Standard technical request information such as IP address, browser, device, timestamp, and error data that can appear in normal web server or application logs.

3. How the public website uses that information

• To show schedule-related vaccine guidance based on the entered date of birth.
• To return immunization location results and related schedule or map information based on selected locations.
• To remember the chosen language during the active browsing session.
• To monitor performance, investigate errors, and protect the service from misuse or technical problems.

4. Session, cookies, and similar storage

This Laravel application uses session-based web functionality. On the public site, session storage is currently used at least for locale selection so the interface can continue using the selected language while the visitor browses the site. The application may also use essential cookies or session identifiers needed for normal operation, security, and request handling.

5. Public search data

Entered search values are used to generate the requested result. In the current project, the public date-of-birth search calculates age in days and matches relevant immunization guidance. The public location search filters location records using selected administrative areas and returns matching immunization service points, maps, and schedule-related details.

6. Information managed by authorized staff

The broader application also includes protected administration areas used by authorized users to manage child immunization information, immunization records, service locations, staff accounts, and operational activity logs. Those protected functions are not public self-service features, but they form part of the same application and may involve personal and health-related information handled for immunization operations.

7. Security and access control

Based on the current project structure, the system uses role-based access controls and authenticated panels for non-public functions. Administrative access uses protected login flows, and the application includes logging and error-reporting mechanisms intended to support monitoring, incident review, and service maintenance.

8. Sharing and disclosure

This project does not present a public-facing workflow for visitors to publish their own information. Public search inputs are processed by the application to return results. Information may be disclosed where necessary for system hosting, maintenance, security, legal compliance, public-health administration, or other authorized government service operations connected to the platform.

9. Retention

Retention periods can depend on operational, legal, public-health, audit, and technical requirements. In the current codebase, server and application logs may be retained for troubleshooting and monitoring, and protected records managed by authorized users may be retained according to immunization program and administrative needs.

10. Third-party services and embedded content

The public directory currently relies on third-party frontend resources such as map and UI libraries. When maps or externally hosted assets are loaded, those providers may receive standard browser and request metadata as part of serving the content.

11. Children’s information

This application supports immunization operations relating to children. On the public site, visitors may enter a child’s date of birth to receive schedule-related guidance. Protected parts of the platform may also contain child immunization records and related guardian, contact, and location data managed by authorized personnel.

12. Changes to this policy

This policy should be updated when the public website’s data collection behavior, public workflows, or supporting integrations change. The date shown at the top of this page should be revised whenever a meaningful policy change is published.