1. INTRODUCTION

Welcome to SADI Inc. ("SADI", "we", "our", or "us"). We are committed to protecting the privacy, security, and integrity of the personal information we collect from users, partners, customers, and institutional clients. This Privacy Policy outlines how we collect, use, disclose, retain, secure, and manage personal data and sensitive health-related data across our digital platforms, deployed AI solutions (including SADI-M and SADI-GPTM), and associated services.

By using our websites, software, demos, cloud services, or partner tools, you agree to the practices described in this Privacy Policy.

This policy is crafted in alignment with:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Health Insurance Portability and Accountability Act (HIPAA, USA)
  • ISO/IEC 27001:2022 and ISO/IEC 27701:2019 Privacy Management Frameworks
  • Other jurisdiction-specific data governance standards

2. WHO WE ARE

SADI Inc. is a U.S.-based medical technology and artificial intelligence company delivering advanced diagnostic and decision support platforms for healthcare environments worldwide. Our services may be accessed through web portals, hospital integrations, mobile apps, and laptop-deployed offline systems.

We maintain regional infrastructure in the United States, Europe, India, and selected partner locations.

If you have any privacy-specific inquiries, please contact our Data Protection Officer at:
privacy@sadi.ai

3. WHAT DATA WE COLLECT

We collect data in multiple categories, depending on how you interact with us:

A. Website Users

  • IP address, browser type, device information
  • Pages visited, session timestamps
  • Consent status for cookies and tracking preferences
  • Optional form submissions (e.g., contact forms, demo requests)

B. Registered Clients and Institutions

  • Name, title, institution name
  • Work email, contact number
  • Billing and license data (if applicable)
  • Activity logs on dashboards, model use patterns

C. Patients (via Institutional Use Only)

In pilot settings or hospital deployments, our platform may process:

  • Pseudonymized clinical imaging (e.g., X-rays, MRIs)
  • Structured health records (ICD-10 codes, lab results, vitals)
  • Demographics (age range, gender, anonymized location)
  • Free-text physician notes (if integrated via hospital EHR)

Note: SADI never accesses or stores any real patient identifiers such as names, addresses, or insurance numbers unless explicitly authorized and contractually governed by the institution.

4. HOW WE COLLECT DATA

We collect data through:

  • Direct form submissions (demo requests, newsletter signup)
  • Analytics and cookies (with user consent)
  • Enterprise API and integration activity
  • Uploaded datasets by institutional clients
  • Feedback from demo usage (with redaction tools)
  • Voluntary communications or support tickets

5. WHY WE COLLECT DATA

We collect data to:

  • Provide, personalize, and improve our AI services
  • Fulfill legal and clinical obligations
  • Ensure platform reliability and performance
  • Support customer service and bug resolution
  • Detect misuse, fraud, or security threats
  • Analyze product effectiveness and clinical utility
  • Support audit trails, certifications, and regulatory reviews

6. HOW WE USE YOUR DATA

We use your data in the following ways:

  • To deliver requested services or demos
  • To personalize dashboard features and interface elements
  • To train and fine-tune AI systems (only on anonymized datasets)
  • To ensure safety and traceability in clinical usage
  • To comply with medical safety reporting requirements
  • To provide relevant updates, if subscribed

We do not sell, rent, or trade your personal or institutional data to third parties.

7. DATA SHARING AND THIRD PARTIES

We only share data under these conditions:

A. With Your Consent

E.g., when you request a partner demo or cross-integration.

B. With Service Providers

We may use third-party infrastructure (e.g., AWS, Azure, Google Cloud) for compute and storage. All such vendors sign binding Data Protection Agreements (DPAs) and undergo annual security audits.

C. With Regulators

Upon lawful request by regulatory authorities (e.g., FDA, EMA) or in compliance with mandatory reporting frameworks.

D. In M&A Transactions

In case of merger, acquisition, or asset sale, relevant anonymized and contractual data may be transferred under confidentiality and legal review.

8. INTERNATIONAL TRANSFERS

As a U.S.-based company serving a global client base, we may transfer and process your data outside your country. We use Standard Contractual Clauses (SCCs) and other legal safeguards for data transfers involving:

  • Europe → U.S.
  • MENA/Asia → U.S./EU
  • Public health authorities across jurisdictions

9. YOUR RIGHTS

Depending on your jurisdiction, you have rights that may include:

  • Right to Access: Know what data we hold about you
  • Right to Rectification: Correct incomplete or inaccurate data
  • Right to Erasure: Request deletion of your data (with exceptions for legal compliance)
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object to Processing
  • Right to Lodge a Complaint (with data protection authorities)

You may exercise these rights by contacting privacy@sadi.ai.

10. DATA RETENTION POLICY

  • Website analytics: retained for 12 months
  • Customer support logs: 2 years
  • Institutional logs (non-patient): retained for contract duration + 5 years
  • Patient-linked data (where applicable): retained per hospital/institution’s policies and purged via secure deletion pipelines

11. SECURITY MEASURES

We implement the following controls:

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • MFA-secured dashboards and admin access
  • Routine vulnerability scanning and penetration testing
  • Role-based access control (RBAC)
  • Physical security for data centers (SOC 2, ISO-certified)
  • Full audit logs and anomaly detection tools

In the event of a breach, we will notify affected parties and regulators as required by applicable law.

12. CHILDREN'S PRIVACY

Our services are not intended for children under the age of 16 unless deployed under institutional pediatric settings with strict compliance controls. We do not knowingly collect information from minors outside contractual and clinical research contexts.

13. COOKIES AND TRACKING

Our Cookies Policy governs the use of tracking tools on our web assets. Users may opt in or out of analytics, marketing, and functionality cookies through our consent management system.

Please refer to our Cookies Policy for full details.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy to reflect changes in law, technology, or our services. Updates will be posted to this page, with the effective date clearly marked. In significant cases, we may also notify you via email or service banner.

15. CONTACT INFORMATION

SADI Inc.
Office of Data Protection
Washington, D.C., United States

privacy@sadi.ai

16. GOVERNING LAW

This Privacy Policy shall be governed by the laws of the United States. Disputes relating to this Policy shall be handled according to the jurisdiction defined in our Terms of Use.

Last Updated: [Enter Current Date Here, e.g., October 26, 2023]