Privacy Policy

Sabil Health SAS (“Sabil Health,” “we,” “us”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our platform and services.

1. Data We Collect

2. Data Storage and Security

All personal data is stored securely on Supabase infrastructure with encryption at rest and in transit. We employ industry-standard security measures including:

• AES-256 encryption for stored data
• TLS 1.3 for all data in transit
• Row-level security policies on all database tables
• Regular security audits and penetration testing

Documents uploaded to our platform are stored in encrypted object storage with access controls that restrict visibility to authorized parties only.

3. Who Has Access to Your Data

Your data is accessible only to the Sabil Health team on a need-to-know basis for the purpose of operating the platform, qualifying applicants, and facilitating introductions.

We never share your personal data with third parties without your explicit consent. When we facilitate an introduction between a startup and an allocator, both parties are informed of what information will be shared, and sharing only proceeds with mutual agreement.

4. Your Rights

Under the EU General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights:

• Right of access: Request a copy of all personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data (subject to legal retention obligations)
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interest

To exercise any of these rights, contact our Data Protection Officer at privacy@sabilhealth.com. We will respond within 30 days.

5. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Specifically:

• Account and application data is retained while your account is active and for a reasonable period thereafter
• Uploaded documents are deleted upon your request or upon account closure
• Usage logs are retained for up to 12 months for security and improvement purposes
• Contact form submissions are retained for 24 months unless you request earlier deletion

6. International Data Transfers

Sabil Health operates at the intersection of Europe and the Gulf Cooperation Council (GCC) region. Your data may be transferred between France and GCC countries as necessary to facilitate our matchmaking services.

For transfers outside the European Economic Area, we implement appropriate safeguards including standard contractual clauses approved by the European Commission and ensure that receiving jurisdictions provide adequate levels of data protection.

7. Legal Compliance

Sabil Health is committed to compliance with applicable data protection regulations, including:

• EU General Data Protection Regulation (GDPR): As a France-based entity, we are fully subject to GDPR requirements for the processing of personal data of individuals in the European Union
• UAE Personal Data Protection Law (PDPL): We comply with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data for our operations and users in the United Arab Emirates and broader GCC region

8. Data Protection Officer

For any questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer:

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or through a prominent notice on our platform. Your continued use of the platform after such changes constitutes acceptance of the updated policy.