Privacy Policy

1. Commitment to Privacy

At AiFasl, we recognize that your health information is among your most sensitive personal data. We are committed to maintaining the highest standards of data protection and transparency. This Privacy Policy outlines our practices regarding the collection, use, processing, and protection of your information.

This policy has been drafted to align with the Data Protection Bill of Pakistan, while also incorporating best practices from international standards such as the GDPR and HIPAA where applicable to our digital service model.

2. Data Categories We Collect

3. The Lifecycle of an Uploaded Report

We utilize a unique **Ephemeral Data Architecture** to ensure your physical documents are not stored longer than necessary:

1. Ingestion: The PDF or image is uploaded to a temporary, encrypted buffer.
2. OCR and Extraction: Our system converts the image/document into structured text data.
3. Permanent Erasure: Within milliseconds of successful extraction, the **original file is permanently deleted** from our storage servers. We do not keep "shadow copies."
4. PII Scrubbing: Before the text is processed by our AI models, we use a proprietary scrubbing algorithm to remove any mention of your name, address, or phone number found within the report body.

4. Artificial Intelligence and Third-Party Sub-Processors

To provide our sophisticated analysis, we share **Anonymized Data** with our secure AI processing partners.

• No Model Training: Our contractual agreements with our AI partners ensure that any data sent via our secure API is NOT used to train their global models.
• Zero-Retention Policy: Data sent to our analytical sub-processors is handled in real-time and is not stored by those providers beyond the operational session required to generate your analysis.

5. Legal Basis for Processing

We process your data based on the following legal foundations:

• Contractual Necessity: To provide the report analysis service you have requested.
• Explicit Consent: By uploading a report, you provide explicit consent for us to process your sensitive health data.
• Legitimate Interests: To improve our AI accuracy and prevent fraudulent use of our platform.

6. Data Security Measures

We employ enterprise-grade security protocols to protect your information:

• Encryption: All data is encrypted using AES-256 at rest and TLS 1.3 in transit.
• Region Isolation: Our databases are hosted in secure, ISO 27001-certified data centers managed by Supabase.
• Access Control: Strict "least-privilege" access policies mean that no AiFasl employee can view your decrypted health data unless specifically authorized for a support request initiated by you.

7. Your Global Privacy Rights

Regardless of your jurisdiction, AiFasl provides the following rights to all users:

• The Right to Access: You can download a complete export of your data at any time.
• The Right to Rectification: You can correct any inaccurate profile information.
• The Right to Erasure: Deleting a report or your account triggers a permanent, non-recoverable purge of that data from our production systems.
• The Right to Object: You can opt-out of all non-essential telemetry and analytics.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for two primary purposes:

• Essential: Necessary for session management and security.
• Analytics: Using PostHog to understand user flows. These are anonymized and do not track you across other websites.

9. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided us with personal information, we will take immediate steps to delete such information and terminate the child's account.

10. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date." For significant changes, we will provide a prominent notice via email or within the application.