Home Capabilities Hospitals Government Welfare Apps Contact
FAAREN
Privacy Policy

Privacy Policy

Last updated: June 2026 · privacy@sarop.health

About Sarop

Sarop is a digital health platform for managing the relationship between patients, physicians and healthcare facilities — covering treatment follow-up, emergency access, insurance, patient experience evaluation and digital health services.

We regard user privacy as a foundational principle of product design and are committed to processing user information in line with GDPR, data-protection laws across the MENA region, healthcare security requirements, and the policies of app distribution platforms including the Apple App Store and Google Play.

Information We May Collect

Depending on how the service is used, the following information may be collected and processed:

  • First and last name
  • Mobile number
  • Email
  • Country and language
  • Identity or professional details of physicians and medical staff
  • General health information entered by the user
  • Treatment follow-up record information
  • Emergency information such as blood type, underlying conditions, allergies and medications
  • Records of appointments, visits, discharge, follow-up and surveys
  • Insurance and financial information related to settlement of medical services, where this service is enabled
  • Device technical information, app version, error logs and security data

Purpose of Data Processing

User information is used only for the following specific and lawful purposes:

  • Providing digital health services
  • Managing user accounts
  • Authentication and prevention of misuse
  • Following up on patient status after a visit or discharge
  • Displaying emergency information in critical situations
  • Facilitating communication between patient, physician and healthcare facility
  • Processing insurance, financial and medical settlement services where enabled
  • Improving service quality, system security and user experience
  • Responding to legal, regulatory and security requirements

Health Data

Health data is considered sensitive data. Sarop processes this data only for the provision of medical services, follow-up, patient safety, emergency access or permitted legal purposes. This information is not made available to unauthorized parties without the user's consent or a valid legal basis.

Information Sharing

User information may only be shared with authorized persons or entities in the following cases:

  • The physician or healthcare facility associated with the user
  • An insurance company or payment entity, solely to process services activated by the user
  • Technical infrastructure providers, under data confidentiality and security commitments
  • Legal, judicial, medical or security authorities, only within a valid legal framework
  • The Sarop support team, strictly to the extent operationally necessary

Sarop does not transfer user information to third parties for advertising, data sale or commercial tracking.

Data Retention

Data is retained for as long as necessary to provide services, meet legal requirements, fulfill contractual obligations, maintain system security or preserve medical records. Users may request deletion, correction or restriction of processing of their data, except where retention is required by law or medical requirements.

User Rights

Depending on the laws of the country of use, users may have the following rights:

  • Access to their information
  • Correction of inaccurate information
  • Requesting account or data deletion
  • Restriction of processing
  • Receiving a copy of their data
  • Withdrawing non-essential consents
  • Filing a complaint or requesting a review

Requests can be submitted through the official email below:

Encryption & Security

Data transmitted between users and Sarop services is protected using industry-standard encryption protocols including HTTPS/TLS. Additional technical and organizational safeguards are implemented to protect personal, medical and emergency information against unauthorized access, alteration, disclosure or destruction.

International Data Transfers

Depending on infrastructure availability, service delivery requirements, and legal obligations, certain information may be processed in different jurisdictions while maintaining applicable privacy and security protections.