Data Privacy & Security

01 — Our Commitment

🤝

Our Commitment to Privacy

At SABABAT, privacy is not a checkbox — it is a core engineering and ethical principle. All user data is collected only with direct, explicit consent. We do not gather any personal information indirectly, passively, or without your full knowledge.

We believe you deserve complete transparency about what we collect, why we collect it, how it is used, and who can access it.

02 — Data We Collect

📋

Data Collected & Usage

Registration Data

Username, Email, Password (hashed)
Date of Birth — optional, used only for analytics
Google Sign-In: Name & Email only

Survey & Consent Data

In-app surveys — opt-in only
Explicit form submissions
No passive tracking or third-party cookies

03 — How We Protect Data

🛡️

How We Protect Your Data

Our security architecture is designed to institutional standards and reviewed regularly:

End-to-end encryption in transit via HTTPS / TLS 1.2+
Encryption at rest — all stored data is encrypted server-side
Regular security audits and penetration testing cycles
Strict role-based access controls and least-privilege policies
Automatic session timeout on inactivity
Unique user identifiers — no shared or generic credentials permitted

⚠ Any unauthorized third party attempting illegal access to SABABAT systems will face stringent legal action under applicable cybersecurity and data protection law.

04 — Your Rights

⚖️

User Rights & Controls

You retain full control over your personal data at all times:

Right	What It Means for You
Access	View or export your personal data at any time upon written request.
Correction	Update or correct any inaccurate information held in your account.
Deletion	Request permanent removal of your account and all associated data.
Consent Withdrawal	Revoke any previously granted consent at any time without penalty.
Portability	Receive your data in a structured, machine-readable format on request.

05 — Third Parties

🔗

Third Parties & Data Sharing

We do not sell, rent, or trade your personal data. Ever.

Any service integrations operate under strict confidentiality agreements. No personal data is disclosed to any third party without your explicit, informed, written consent.

No advertising networks receive your data
No data brokers, aggregators, or resellers involved
Third-party processors are contractually bound by data protection clauses
Analytics — where used — are anonymised before processing

06 — HIPAA & BAA

⚕️

HIPAA Compliance & Business Associate Agreement

SABABAT formally operates as a Business Associate for Covered Entity clients — physicians, clinics, and hospitals — as defined under 45 C.F.R. § 160.103. All handling of Protected Health Information (PHI) is governed by the HIPAA Privacy Rule, Security Rule, and our separately executed, legally binding BAA.

PHI Is Used Only For

Advanced clinical data analysis requested by the user
Data cleaning and normalization services
Anonymized statistical / population research
Core platform functionality to deliver the above services

PHI Is Never Used For

Marketing, advertising, or promotions of any kind
Sale to any third party under any circumstances
Fund-raising without explicit written consent
Any purpose incompatible with the list above

HIPAA Security Rule — Technical Safeguards

🔐

Encryption at Rest

AES-256

🌐

Encryption in Transit

TLS 1.2+

🪪

Unique User IDs

Per-account

⏱️

Auto Session Logout

On inactivity

💬 Healthcare providers requiring a countersigned BAA may contact us at research@abbadhlabs.com. SABABAT maintains a register of all subcontractors with access to PHI, available for Covered Entity inspection upon reasonable written request.

Ready to get started?

Join researchers and clinicians who trust SABABAT with their data.

Create Your SABABAT Account →