Privacy Policy & UAE PDPL Compliance Notice

Be Smart Global, LLC ("DocReport UAE", "we", "our", or "us") operates the DocReport UAE platform. This Privacy Policy is specifically tailored to clinical practices operating in the United Arab Emirates (UAE) and details our strict compliance with the UAE **Personal Data Protection Law (Federal Decree-Law No. 45 of 2021)**, executive regulations, **Health ICT Law (Federal Law No. 2 of 2019 Concerning the Use of Information and Communication Technology in Healthcare)**, Dubai Health Authority (DHA) guidelines, and Abu Dhabi Department of Health (DoH) directives.

DocReport UAE is operated by Be Smart Global, LLC, a Delaware Limited Liability Company (Delaware File No. 10620833). Our registered agent is Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, USA.

For any legal or compliance inquiries regarding data protection in the UAE or wider GCC, please contact us at: info@be-smart-business.de

To strictly satisfy UAE geographic data sovereignty laws (specifically Article 13 of Federal Law No. 2 of 2019, which requires patient health and medical information to remain inside UAE geographic borders), DocReport UAE operates a **Zero-Trust, Zero-Knowledge client-side compliance suite**:

• Local Browser Redaction: All Protected Health Information (PHI) and patient-identifiable details (such as names, Emirates IDs, phone numbers, and dates of birth) are automatically redacted in the doctor's local web browser *before* any text leaves the device. Placeholders (e.g. `[UAE_PATIENT_NAME_1]`) are sent to remote processing systems.
• Local Re-identification: Anonymized tokens are re-identified back into readable clinical summaries strictly inside the doctor's browser memory locally. The raw cleartext is never sent to or stored in remote cloud servers.
• Zero-Knowledge Client-Side Encryption: Stored clinical data is encrypted in the browser using an AES-GCM practice cryptokey stored only in the clinic's local device. Our cloud database only sees indecipherable ciphertext blobs (`UAE_SECURE_CIPHER:...`), ensuring no legible health records exit the UAE.

We process two categories of information:

• Account & Billing Info: Doctor's name, professional credentials, clinic details, and payment data (processed securely via Stripe).
• Anonymized Clinical Logs: Anonymized procedural CPT codes, ICD-10-CM diagnoses, and redacted clinic dictations to compile structured summaries and Nabidh/Malaffi HL7/FHIR claims payloads.

All local encryption credentials and re-identification tokens remain strictly on your physical machine. Accounts can be terminated at any time by emailing us. Stored encrypted records will be deleted from our database within 30 days of verification.