Book a meeting
Try AI Persona
Menu
Home » Privacy Policy

Privacy Policy

Introduction

Zechion AI is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Artificial Intelligence (AI) services.

We operate in compliance with the US Health Insurance Portability and Accountability Act (HIPAA) where applicable, the UAE Federal Decree-Law No. 45 of 2021 (UAE PDPL) , and the regulatory guidelines of the Dubai Health Authority (DHA) .

Scope of Compliance

Based on our operations in the USA and UAE, this policy covers the following compliance areas:

  • HIPAA (USA): Adherence to the Privacy, Security, and Breach Notification Rules for Protected Health Information (PHI).
  • Dubai Health Authority (DHA): Compliance with healthcare data regulations specific to the Emirate of Dubai.
  • UAE PDPL: Adherence to the Federal data protection law.
  • CCPA/CPRA (California): Rights for residents of California (if applicable).
  • GDPR (EU): Rights for residents of the European Union (if applicable).

Information We Collect

We may collect the following types of information:

A. Personal Data (Non-Health)

  • Identity Data: Name, username, or similar identifier.
  • Contact Data: Email address, phone number, and business address.
  • Technical Data: Internet Protocol (IP) address, browser type, time zone setting, and operating system.
  • Usage Data: Information about how you use our website and AI services.

B. Special Categories of Data (Health Information)

In accordance with HIPAA and DHA regulations, if you utilize our services for healthcare operations, we may collect Protected Health Information (PHI) . This includes:

  • Medical records, treatment histories, and health insurance information.
  • This data is only collected with your explicit Business Associate Agreement (BAA) or direct consent as required by law.

C. AI Training Data

We may collect input data (“Prompts”) and output data (“Results”) to improve our AI models. If this data contains PHI, it will be de-identified in compliance with the HIPAA Expert Determination or Safe Harbor methods prior to use.

Legal Basis for Processing (GDPR & UAE PDPL)

We process your data under the following legal bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract you have with us.
  • Legal Obligation: The processing is necessary for us to comply with the law (e.g., HIPAA or DHA reporting requirements).
  • Vital Interests: The processing is necessary to protect someone’s life (e.g., emergency medical data).

How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our AI services.
  • Comply with HIPAA Administrative Simplification rules.
  • Comply with DHA requirements for health data handling in Dubai.
  • Improve, personalize, and expand our AI models.
  • Communicate with you, either directly or through one of our partners, including for customer service.
  • Prevent fraudulent activity and ensure the security of our systems.

Data Sharing and Disclosure (Sub-Processors)

We may share your information with the following types of third parties. All third parties are vetted and sign agreements to protect your data (including Business Associate Agreements for health data):

  • Cloud Infrastructure Providers: (e.g., AWS, Google Cloud, Microsoft Azure) who host data in secure regions (USA and UAE).
  • AI Development Partners: Third-party developers who assist in training our models under strict confidentiality.
  • Healthcare Providers: If you are a patient, we may share data with your physician or hospital as directed by you.
  • Regulatory Authorities: If required by law, we may disclose data to the Dubai Health Authority (DHA) , US Department of Health and Human Services (HHS) , or other law enforcement bodies.

International Data Transfers

As a global company with operations in the USA and the UAE, your information may be transferred to, stored, and processed in either country.

  • Transfer Mechanism: When we transfer data from the UAE to the USA, or vice versa, we ensure it is protected by appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by relevant authorities or Adequacy Decisions.
  • Data Localization: For health data specifically required to remain in the UAE by DHA regulation, we maintain local servers and processing facilities within the Emirate of Dubai.

Security Measures

We implement robust security measures to protect your data, aligning with the HIPAA Security Rule and UAE IA (National Electronic Security Authority) standards:

  • Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Access Controls: Strict role-based access controls and multi-factor authentication.
  • Audit Logs: Detailed logs tracking who accessed what data and when, as required for HIPAA audits.
  • Business Continuity: Regular backups and disaster recovery testing.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

  • HIPAA Records: Medical records are retained for a minimum of 6 years (or longer as required by state law or DHA regulations).
  • AI Training Data: Anonymized data used for AI training may be retained indefinitely to improve model accuracy.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your data:
RightDescriptionJurisdiction
Right to AccessRequest copies of your data.UAE PDPL, CCPA, GDPR
Right to RectificationRequest correction of inaccurate data.UAE PDPL, HIPAA
Right to ErasureRequest deletion of data (subject to legal holds).CCPA, GDPR
Right to Restrict ProcessingRequest we suspend processing.GDPR
Right to Data PortabilityRequest transfer of data to another service.GDPR
Right to Opt-OutOpt-out of the sale of personal information.CCPA (if applicable)
Accounting of DisclosuresRequest a list of who we disclosed PHI to (HIPAA).HIPAA

To exercise these rights, please contact us at info@zechionai.com.

Children's Privacy

Our Service does not address anyone under the age of 13 (COPPA) or under the age of 18 in the UAE without parental consent. We do not knowingly collect personally identifiable information from children. If we discover that a child has provided us with personal data, we will delete it immediately.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. For material changes (such as changes to our HIPAA or DHA compliance stance), we will notify you via email or a prominent notice on our website.

Contact Us

If you have any questions about this Privacy Policy, our compliance with HIPAA, DHA, or UAE PDPL, please contact our Data Protection Officer (DPO):