Privacy Policy

Last updated: 30 April 2026

About Sa7ti

Sa7ti is a hospital directory service that helps residents of the UAE find hospitals based on their health insurance network. We connect you to facilities via their published contact channels. We are not a healthcare provider, insurer, or insurance broker.

This Privacy Policy explains what personal information we collect, how we use it, and your rights under UAE law, including the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, “PDPL”).

What we collect

Information you provide:

  • Name (optional — used to personalise your experience and pre-fill booking requests)
  • Email address (required to create an account)
  • Phone number (optional — used to pre-fill booking requests to hospitals)
  • Insurance information: insurer name, TPA, network tier (typed by you — we do not scan or extract card images)
  • Saved addresses (for finding nearby hospitals)
  • Emergency contact: name, phone number, relationship (optional)

Information generated by your use of Sa7ti:

  • Search queries entered into the AI-powered search (if you use it)
  • Booking consent records: timestamp, hospital, and contact channel when you authorise a handoff
  • Consent preferences you set in your account settings

What we do NOT collect

Sa7ti does not collect, store, or process:

  • Medical history, diagnoses, or health conditions
  • Allergies, medications, or blood type
  • Symptoms or descriptions of health concerns
  • Photos of insurance cards, government IDs, or any documents
  • Profile photos
  • Biometric data of any kind
  • Financial or payment information

Sa7ti does not collect or store medical health data. We are designed specifically to avoid handling protected health information.

How we use your data

  • Search for hospitals that match your insurance network and location
  • Display network coverage information based on TPA-published provider lists
  • Pre-fill booking request details when you choose to contact a hospital
  • Record your consent when you authorise a booking handoff (PDPL compliance)
  • Improve the accuracy and relevance of search results (if you have consented to analytics)

Third-party services

We share data with the following processors to operate Sa7ti:

Anthropic (United States)

AI-powered search interpretation. Search queries may be transmitted for processing.

Mapbox (United States)

Address autocomplete and map display.

Google Places (United States)

Facility location data and reviews.

Resend (United States)

Transactional emails (account confirmations, etc.).

Supabase (South Korea)

Data storage and authentication.

Data residency notice: Sa7ti is currently in beta. Our infrastructure providers operate outside the UAE. We do not collect or store medical health data. We are working toward UAE-resident infrastructure for any future features that involve health data.

Consent and data-sharing preferences

You control the following optional data uses through your account settings:

  • Usage analytics — helps us understand how the app is used (anonymised)
  • Healthcare research — contribution to anonymised, aggregated facility data
  • Product updates — occasional emails about Sa7ti features
  • Booking data sharing — whether your booking details are shared with facilities
  • Anonymous aggregation — inclusion in anonymised aggregate statistics
  • Profile sharing — level of identity detail shared with facilities in booking requests

All consent flags default to off. You can change them at any time in Profile → Privacy settings.

Data retention

  • Booking click records: deleted after 90 days
  • Search queries: deleted after 90 days
  • Booking consent records: retained for 7 years (PDPL compliance audit trail)
  • Feedback submissions: deleted after 1 year
  • Account data: deleted immediately when you delete your account

After 90 days, individual records of facility handoffs and search activity are deleted. Before deletion, anonymized monthly statistics are computed (total handoffs per facility, search counts by specialty and insurer category). These aggregates contain no personal identifiers and are retained indefinitely for service improvement, partnership analytics, and reporting purposes. They cannot be linked back to individual users.

Your rights under UAE PDPL

You have the following rights regarding your personal data:

  • Right to access: request a copy of the personal data we hold about you
  • Right to correction: request correction of inaccurate or incomplete data
  • Right to deletion: delete your account and all associated data at any time via Settings → Delete account
  • Right to withdraw consent: update your consent preferences in Settings at any time
  • Right to data portability: request your data in a structured, machine-readable format
  • Right to object: object to processing of your data for specific purposes
  • Right to file a complaint: with the UAE Data Office or other competent authority

Security

We use industry-standard security measures including encrypted connections (TLS), row-level security on our database, and access controls limiting who can read user data. We do not store passwords in plain text.

Children

Sa7ti is not intended for users under 18 years of age. We do not knowingly collect personal data from minors.

Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date above. Continued use of Sa7ti after changes are posted constitutes acceptance of the updated policy.

Contact

For privacy questions, data access requests, or to exercise your rights, contact us at: privacy@sa7ti.ae

Terms of ServiceHome