StethoLink
StethoLink

Privacy Policy

Privacy Policy

Last updated: June 2026

This is a working draft for the pilot phase. The final version will be reviewed by Saudi counsel before public launch.

1. Our Approach to Privacy

StethoLink is built by physicians, for physicians. We treat patient and clinician data with the same rigor you treat clinical information. This policy explains what we collect, how we use it, and your rights under the Personal Data Protection Law (PDPL) of Saudi Arabia.

2. What We Collect

Account data: email, name, specialty, and institution (for personalization and access control).

Usage data: timestamps, feature usage, and error logs (to improve the service).

Clinical content: SOAP notes, ECG uploads, and chat messages. This is processed to generate output and is stored encrypted.

We do not sell your data to third parties. We do not use your clinical content to train general-purpose AI models.

3. How We Use Data

  • To provide the core service (transcription, note generation, ECG interpretation, chat).
  • To maintain security, prevent abuse, and troubleshoot issues.
  • To communicate product updates and billing information.
  • To improve StethoLink using anonymized, aggregated usage patterns — never identifiable patient data.

4. Security & Storage

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Our backend is hosted in the Kingdom of Saudi Arabia. Access is role-based and logged. We undergo regular security reviews.

5. Your Rights

Under the PDPL and other applicable laws, you have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Export your data in a portable format.
  • Object to certain types of processing.
  • Withdraw consent where processing is consent-based.

To exercise these rights, contact us at privacy@sina.sa.

6. Data Retention

We retain your clinical data for as long as your account is active. If you delete your account, we will purge your data within 30 days, except where we are legally required to retain it (e.g., audit or regulatory obligations).

7. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party tracking cookies for advertising. Analytics are anonymized.

8. Changes to This Policy

We will notify you of material changes via email or in-app notice. Continued use after changes constitutes acceptance.

9. Contact

For privacy questions or to exercise your rights, email privacy@sina.sa or write to: StethoLink, King Abdulaziz University, Jeddah, Saudi Arabia.

Back to home