Privacy Policy
Salma (“we”, “us”) is an AI healthcare operation manager — a multi-tenant SaaS platform that clinics (“Customers”, “the controller”) use to communicate with patients and manage appointments. This policy explains what data we process, why, and the choices you have.
1. Who is the controller and who is the processor
The clinic Customer is the data controller for patient data it sends into Salma. Salma acts as a data processor on behalf of the clinic. For any platform analytics or direct emails to us, Salma is the controller. Clinics are responsible for having a lawful basis and the necessary patient consents to send patient information through Salma.
2. What data we process
- Patient messaging data: message content, media, voice notes, and metadata received through WhatsApp, Telegram, Instagram, Facebook Messenger, Voice/VoIP and the web widget.
- Patient identity: phone numbers, channel identifiers (e.g. WhatsApp/Telegram IDs), names, language, and structured key facts the clinic/agent records.
- Clinic operational data: bookings, services, schedules, staff, providers, roles and clinic configuration.
- Channel credentials: per-clinic API tokens and secrets (e.g. WhatsApp system-user token, app secret, verify token) — encrypted at rest, never returned in plain text.
- Usage & security logs: request ids, timestamps, error and audit events, LLM usage and cost metadata, and webhook delivery metadata.
3. How we use data
- To receive, route, triage and respond to patient messages on behalf of the clinic.
- To book, reschedule and manage appointments and to send proactive recall/feedback messages.
- To operate, secure, audit and monitor the platform and prevent abuse.
- To attribute LLM usage and costs to the correct clinic for billing.
- With the clinic’s consent, to improve and train Salma’s models on de-identified and aggregated data only — never identifiable patient health data without separate explicit consent, and never WhatsApp data (excluded per Meta’s terms). See section 9.
4. WhatsApp data handling (Meta)
Salma connects to a clinic’s own WhatsApp Business Account via Meta’s WhatsApp Embedded Signup. The clinic authorises Salma to manage its own WhatsApp Business number. We process WhatsApp message content and metadata solely to deliver the clinic’s service. The long-lived system-user access token is captured server-side, stored encrypted, and never sent to the browser. We comply with Meta’s Messaging Platform Terms and the WhatsApp Business data deletion obligations.
5. Lawful basis & consent
Where GDPR/UK GDPR applies, our lawful bases are contract (to deliver the service to the clinic), legitimate interests (security and platform integrity), and legal obligation. Patient consent is obtained by the clinic as controller where required. Message content is processed on the clinic’s instructions under article 28 (processor) terms.
Salma is built for the UAE healthcare market. We process personal and health data in line with applicable UAE law, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and the UAE health-data regulations that apply to the clinic and its authority (e.g. MOHAP, DoH, DHA). Clinics remain responsible for their own regulatory obligations as the data controller; Salma supports them as processor. This is a statement of our approach, not a certification.
6. Data retention
Conversation and booking data is retained for the lifetime of the clinic’s account and for a defined period after termination to support audit, legal hold and clinic-requested history, after which it is deleted. LLM trace/observability data is retained on a self-hosted observability store with configurable retention. Clinics may request earlier deletion (see Data Deletion).
7. Security
- Per-tenant isolation: each clinic’s credentials and data are strictly separated; no shared account or global fallback.
- Encryption: tenant-config secrets are encrypted at rest (Fernet) and masked in API responses; TLS in transit.
- Access control: role-based access (owner/manager/staff/provider) with tenant-scoped authorization checks on every endpoint.
- Fail-closed security gates: access decisions deny on lookup failure rather than silently granting access.
- Audit logging: sensitive actions are recorded for accountability and review.
- Self-hosted observability: tracing and logs are kept on infrastructure we control, not shipped to third-party SaaS by default.
8. Sub-processors & infrastructure
We use infrastructure and API providers to deliver the service, including: cloud hosting; LLM providers chosen per clinic (e.g. OpenAI, Anthropic, Google, DeepSeek); Meta (WhatsApp/Instagram/Facebook); Telegram; Twilio (voice, per-clinic BYO); Redis (cache/locking) and Postgres (primary store). A current sub-processor list is available on request.
9. Product improvement & AI training
With the clinic’s consent, we may use de-identified and aggregated data to improve, develop, and train Salma’s models and products. De-identified data can no longer reasonably be used to identify a patient or clinic. We will not use identifiable patient health data to train AI models without the clinic’s separate, explicit consent and a lawful basis. WhatsApp data received through the Meta WhatsApp Business API is excluded from any training use, as required by Meta’s terms. A clinic may opt out at any time by emailing privacy@salma.fit; opt-out does not affect lawfully completed processing.
10. International transfers
Data may be processed outside your country of residence. Where required, transfers are governed by appropriate safeguards (e.g. Standard Contractual Clauses) and minimisation.
11. Your rights
Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, port and object to processing, and to withdraw consent. Patient requests: contact the clinic that collected your data. Clinic requests: contact us at privacy@salma.fit.
12. Children
Salma is not directed at children. Clinics are responsible for complying with applicable age-of-consent rules for the patients they serve.
13. Changes to this policy
We may update this policy. Material changes will be posted on this page with an updated date.
14. Contact
Salma · privacy@salma.fit
← Back to Salma