← DocReport UAE

Privacy Policy & UAE PDPL Compliance Notice

Effective date: May 31, 2026

1. Overview & Regulatory Scope

Be Smart Global, LLC ("DocReport UAE", "we", "our", or "us") operates the DocReport UAE platform. This Privacy Policy is a legally binding B2B agreement specifically designed for healthcare practices, private clinics, and medical centers operating in the United Arab Emirates (UAE).

This policy outlines our strict compliance with **UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL)**, the UAE **Health ICT Law (Federal Law No. 2 of 2019 Concerning the Use of Information and Communication Technology in Healthcare)**, and specific electronic health guidelines mandated by the **Ministry of Health and Prevention (MOHAP)**, the **Dubai Health Authority (DHA)**, and the **Abu Dhabi Department of Health (DoH)**.

2. Be Smart Global, LLC & Corporate Structure

DocReport UAE is operated by Be Smart Global, LLC, a Delaware Limited Liability Company (Delaware File No. 10620833). Our registered office is located at:

Be Smart Global, LLC
c/o Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713, USA

For any legal, compliance, or DPO (Data Protection Officer) inquiries regarding data protection in the UAE, please contact us at: info@be-smart-business.de

3. UAE Health Data Sovereignty & Zero-Trust Architecture

To strictly satisfy UAE geographic data sovereignty laws—specifically **Article 13 of UAE Federal Law No. 2 of 2019 (Health ICT Law)**, which prohibits patient health and medical information from being processed or transferred outside UAE geographic borders in cleartext form—DocReport UAE utilizes an advanced **Zero-Trust, Zero-Knowledge client-side compliance suite**:

  • Local Browser Redaction: All Protected Health Information (PHI) and patient-identifiable details (such as names, Emirates IDs, phone numbers, and dates of birth) are automatically redacted in the doctor's local web browser *before* any text leaves the device. Placeholders (e.g. `[UAE_PATIENT_NAME_1]`) are sent to remote processing systems.
  • Local Re-identification: Anonymized tokens are re-identified back into readable clinical summaries strictly inside the doctor's browser memory locally. The raw cleartext is never sent to or stored in remote cloud servers.
  • Zero-Knowledge Client-Side Encryption: Stored clinical data is encrypted in the browser using an AES-GCM practice cryptokey stored only in the clinic's local device. Our cloud database only sees indecipherable ciphertext blobs (`UAE_SECURE_CIPHER:...`), ensuring no legible health records exit the UAE.

4. Categories of Data We Process

We process two categories of information:

  • Account & Billing Info: Doctor's name, professional credentials, clinic details, and payment data (processed securely via Stripe).
  • Anonymized Clinical Logs: Anonymized procedural CPT codes, ICD-10-CM diagnoses, and redacted clinic dictations to compile structured summaries and Nabidh/Malaffi HL7/FHIR claims payloads.

5. Clinical Data Retention & UAE MOHAP Overrides

Under UAE PDPL (Federal Decree-Law No. 45 of 2021), data subjects typically have the right to request erasure. However, **licensed medical practices in the UAE are subject to strict MOHAP, DHA, and DoH health informatics regulations which require electronic medical records, clinical notes, and patient files to be preserved for a minimum of 5 to 6 years, and in many cases up to 25 years (for pediatric or surgical files).**

Accordingly, clinical record retention mandates under UAE Health ICT laws **supersede** standard data subject deletion requests. Subscribers are fully responsible for managing these retention cycles. Stored encrypted records will be deleted from our database within 30 days of subscription termination, and the practice's local cryptographic key remains solely on the practice's physical machine.

6. Rights of Data Subjects under UAE PDPL

Subscribing practitioners and their clinical coordinators have the following rights regarding their administrative profile data:

  • Right to Restrict Processing: Request restrictions on administrative profile use.
  • Right to Rectification: Rectify or update incorrect clinic or billing coordinates.
  • Right to Erasure: Purge administrative profile details upon closing the subscription.
  • Right of Access: Request a full export of administrative metadata associated with the clinic.

© 2026 Be Smart Global, LLC. All rights reserved.