Privacy Policy

Last updated: April 2026

Sa7ti is built on the principle that your health data belongs to you. We collect only what we need to make the app work, we never sell your data, and you can delete everything at any time. This policy explains exactly what we collect and why.

1. Who we are

Sa7ti is a healthcare navigation platform that helps residents in the UAE find and book healthcare providers based on their insurance coverage. It is operated by [Company Name], a company registered in the United Arab Emirates.

When we say “Sa7ti”, “we”, “us”, or “our” in this policy, we mean [Company Name].

2. What we collect

We collect only the information needed to provide Sa7ti's services. Here is everything we collect, why, and how long we keep it:

Account information (name, email, phone)

Why: To create your account, identify you, and enable pre-filled booking requests.

Retention: Kept until you delete your account.

Insurance details (insurer, TPA, network tier, plan name)

Why: To match you with healthcare facilities that accept your insurance coverage.

Retention: Kept until you delete your account.

Table of Benefits document

Why: To automatically extract your coverage details, benefit limits, and co-pay information.

Retention: Stored securely. Kept until you delete your account or upload a replacement.

Health information (blood type, allergies, health notes, checkup history)

Why: To provide health reminders, personalise your experience, and pre-fill booking requests with relevant medical context.

Retention: Kept until you delete your account.

Emergency contact details

Why: For display in your Sa7ti Wallet so first responders or family members can access it quickly.

Retention: Kept until you delete your account.

Location data (saved addresses, GPS when permitted)

Why: To show healthcare facilities near you and sort results by distance.

Retention: Saved addresses are kept until you delete them. GPS location is never stored — it is used in real time only.

Usage data (search queries, booking clicks, feature usage)

Why: To understand how people use Sa7ti so we can improve the service.

Retention: Anonymized after 12 months.

Insurance card photos

Why: Stored securely in your Sa7ti Wallet so you can reference your card details at any time.

Retention: Kept until you delete your account.

3. How we use your data

  • To match you with healthcare facilities that accept your insurance
  • To pre-fill booking requests (WhatsApp, email) so you do not have to re-enter your details every time
  • To provide health reminders when checkups are overdue based on your checkup history
  • To improve Sa7ti's facility coverage, insurance matching accuracy, and features, using anonymized aggregated data
  • To authenticate your account and keep it secure

4. What we share

We do not sell your data. We never have and we never will.

When you book an appointment through Sa7ti, your booking message is sent by you directly — via WhatsApp or your email client. Sa7ti generates the pre-filled message, but it is you who presses send. We do not send messages on your behalf or transmit your data to healthcare providers.

If you enable data sharing in your Privacy settings, anonymized usage data may be used to improve Sa7ti. This data cannot identify you.

We may disclose your data if required by UAE law, a court order, or a legitimate legal process. We will notify you where legally permitted to do so.

5. Where your data is stored

Your data is stored on secure cloud servers. We use Supabase for our database and authentication infrastructure, and Vercel for application hosting.

Insurance card photos, Table of Benefits documents, and profile photos are stored in encrypted cloud storage with restricted access.

Note: Sa7ti is committed to aligning with UAE PDPL requirements on data residency as the regulatory framework matures. We will update this section with confirmed server region information.

6. Your rights

Under UAE Federal Decree-Law No. 45/2021 on Personal Data Protection (PDPL), you have the following rights:

AccessRequest a copy of all personal data we hold about you.
CorrectionAsk us to correct inaccurate or incomplete data.
DeletionRequest that we delete your account and all associated data.
Withdraw consentWithdraw your consent for data processing at any time.
ObjectObject to certain types of data processing, such as use for research or analytics.

To exercise these rights, email us at privacy@sa7ti.com or delete your account directly from the Profile tab in the app.

7. Emirates ID

Sa7ti does not store your Emirates ID number.

If you choose to enter your Emirates ID during a booking (to include it in a hospital registration request), it is included only in the booking message that you send. It is never transmitted to our servers or saved to your account.

8. Data security

  • All data is transmitted over HTTPS encryption
  • Our database uses row-level security — users can only read and write their own data
  • Documents are stored in encrypted cloud storage with access controls
  • We follow industry-standard security practices and review them regularly

9. Children

Sa7ti is intended for users aged 18 and above. We do not knowingly collect personal data from children under 18. If you believe a child has created an account, please contact us at privacy@sa7ti.com and we will promptly delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the date at the top of this page. For significant changes, we will notify you via email or an in-app notice. Your continued use of Sa7ti after any change constitutes acceptance of the updated policy.

11. Contact us

For privacy questions, data requests, or concerns, contact us at:

Sa7ti Privacy

privacy@sa7ti.com
© 2026 Sa7ti
Terms of ServiceHome