Privacy Policy · GDPR
How we handle your data.
Last updated · 23 June 2026
This Privacy Policy explains how Sanador SRL (in formation), based in Milan, Italy (“Sanador”, “we”, “us”, “our”) processes personal data when you use the Sanador mobile application and web platform (the “Service”). We comply with the EU General Data Protection Regulation (GDPR) and the Italian Data Protection Code (D.Lgs. 196/2003, as amended). Sanador is an AI-powered patient routing platform. It helps you describe your symptoms and find relevant medical specialties and healthcare providers. It does not provide diagnoses or treatment and does not replace medical consultations. This Policy is provided pursuant to Articles 12–14 GDPR and related Italian provisions and is designed to be clear and accessible, including on mobile devices, in line with EDPB and Italian Garante guidance on health apps and mobile information design.
01Introduction
This Policy describes the personal data we collect, why we process it, the legal bases we rely on, who we share it with, and the rights you have. It applies to all users of the Service across our operational hubs in Italy and Türkiye.
02Data Controller and Contacts
- Data Controller: Sanador SRL (in formation), Milan, Italy
- Email: info@sanadr.com
- Data Protection Officer (DPO): to be appointed; DPO contact details will be published here once available.
03Layered Information and Mobile Access
To comply with transparency and fairness principles under GDPR and to reflect specific recommendations for medical apps:
- you see a short, first-layer notice in the app before account creation and before entering symptoms, summarising: key data uses, legal bases, your main rights, and a link to this full Policy;
- this full Privacy Policy is always accessible from the app menu and website, in a readable, mobile-friendly format.
04Categories of Personal Data
We process:
I. Account Data
- Name, email, phone, date of birth, gender, country/city of residence, preferred language.
- These are typical “contact data” processed as independent controllers, in line with GDPR and Italian case-law.
2. Health-Related Data (special categories — Art. 9 GDPR)
- Symptom descriptions and health context you choose to provide (e.g. chronic conditions, allergies).
- Information embedded in routing interactions and appointment history.
- These are “dati relativi alla salute”, which require specific safeguards and explicit consent under Art. 9 GDPR and Art. 2-septies of the Italian Data Protection Code.
3. Technical and Usage Data
- Device type, OS, app version, crash logs, error logs, basic usage patterns.
- IP address and related network identifiers, treated in a minimised way (e.g. truncation/anonymisation) where used for analytics or security.
- Technical tracking via cookies / SDKs is subject to e-Privacy rules and Garante cookie guidelines.
4. Location Data
- Approximate location (e.g., city) to suggest nearby providers.
- Precise location only where you actively consent via app settings.
We do not intentionally collect data of children under 16; if we become aware of such data, we will delete it unless a lawful basis and parental authorisation are established.
05Purposes and Legal Bases
We respect the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation and storage limitation under Art. 5 GDPR. For each purpose:
1. Account Creation and Management
- Purpose: create and manage your account, authenticate you, maintain your profile.
- Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
- Data: Account Data.
- Retention: duration of the contract + a short period for closure and dispute handling.
2. AI-Powered Symptom Routing
- Purpose: analyse your symptom descriptions and suggest medical specialties.
- Legal bases: Art. 9(2)(a) GDPR — explicit consent for processing health data; Art. 6(1)(b) GDPR — performance of a contract (to provide the routing Service).
- Data: health-related data and relevant account attributes (e.g. age, gender).
- Retention: normally 24 months from last active use, then anonymisation or deletion, consistent with minimisation and storage limitation.
We obtain explicit consent through unticked checkboxes or equivalent clear affirmative actions, separate from other consents (e.g. marketing), in line with EDPB Guidelines 5/2020 on consent and Italian teachings on mobile health apps.
3. Appointment Booking with Healthcare Providers
- Purpose: arrange appointments with providers you select and communicate essential information (e.g. symptom summary).
- Legal bases: Art. 6(1)(b) GDPR (performance of a contract) and Art. 9(2)(a) GDPR (explicit consent for health data).
- Data: identity and contact data, symptom summary, appointment details.
- Retention: in principle, 10 years where national medical retention rules apply (as a benchmark for health-related records), otherwise aligned with limitation periods and minimisation.
4. Service Improvement and Analytics
- Purpose: improve AI routing performance, monitor bugs and optimise UX.
- Legal basis: legitimate interest (Art. 6(1)(f) GDPR) for improvement and quality, provided data are anonymised or appropriately pseudonymised and used in line with expectations.
- Data: anonymised or aggregated data sets (no directly identifiable data); we strive to apply recognised anonymisation techniques endorsed by EU bodies.
- Retention: anonymised datasets may be retained without fixed limit, as they are no longer personal data.
5. Marketing Communications (Opt-In)
- Purpose: newsletters, feature updates, promotions.
- Legal basis: consent (Art. 6(1)(a) GDPR); withdrawal is as easy as giving consent, in line with EDPB guidelines.
- Data: contact data, preferences.
- Retention: until you withdraw consent.
06Security, Fraud Prevention and Legal Compliance
- Purpose: secure the Service, prevent abuse, comply with legal obligations, respond to authorities.
- Legal bases: legal obligation (Art. 6(1)(c) GDPR) and legitimate interest (Art. 6(1)(f)) to protect systems and users.
07Automated Processing, Profiling and Art. 22 GDPR
Sanador's AI processes health data to offer non-diagnostic routing suggestions. This is a form of “profiling” under GDPR (evaluation of health-related aspects), even if it does not normally produce decisions with legal or similarly significant effects within the meaning of Art. 22(1) GDPR.
We therefore:
- inform you clearly about the existence of AI-based processing and its main logic (pattern-based analysis of text inputs using models trained on medical knowledge);
- emphasise that you remain free to ignore or contest AI suggestions and to seek human medical judgement;
- avoid basing any legal entitlements or denial of services solely on algorithmic outputs;
- provide human contact points to address questions or concerns.
Where, in future, automated outputs could significantly affect you (e.g. in a premium diagnostic module), we will ensure full compliance with Art. 22 GDPR (right to human intervention, to express your view, to contest the decision) and will update this Policy accordingly.
08Recipients and Data Sharing
I. Healthcare Providers
- Independent professionals or facilities with whom you book appointments. They act as separate controllers for their patient records and clinical decisions and must comply with healthcare and data protection laws in their own right.
2. Service Providers (Processors)
- Hosting and cloud infrastructure (EU-based).
- AI infrastructure providers (transition to EU-hosted open-source models).
- Payment processors, email platforms, analytics providers.
- Contracts with processors meet Art. 28 GDPR requirements (instructions, security, sub-processing controls, etc.).
3. Authorities and Third Parties
- Courts, regulators (including the Italian Garante), law enforcement, where lawfully required.
- Only where strictly necessary and proportionate, in line with case-law on sensitive data and public-law transparency.
We do not sell health data. Any use of data for commercial profiling or advertising follows separate consent and fairness safeguards and must respect the prohibition of unfair practices under consumer and competition rules.
09International Transfers and Transfer Impact Assessment
Where data are processed outside the EEA (e.g., by a non-EU AI provider):
- we rely on appropriate transfer mechanisms (e.g. Standard Contractual Clauses);
- we perform a Transfer Impact Assessment (TIA) evaluating the third country legal framework and adopt supplementary measures (encryption, minimisation, access controls) as required by European guidance;
- we prefer EU-based infrastructures and are actively migrating to them to reduce reliance on extra-EU transfers.
10Cookies and Tracking Technologies
Our web and mobile interfaces use cookies and similar technologies:
- technical/necessary tools for core functions and security;
- analytics tools, preferably configured to minimise identifiability;
- marketing/profiling tools only with prior consent, in line with Italian Garante “cookie and tracking” guidelines, including clear banners, granular choices and easy withdrawal.
A separate Cookie/Tracking Notice describes purposes, providers and lifetimes for each tool.
11Security, Privacy by Design and DPIA
We implement technical and organisational measures under Art. 32 GDPR (e.g. encryption, access controls, logging, incident management) and privacy by design/by default under Art. 25 GDPR, as interpreted by the Italian Supreme Court and academic commentary.
This means:
- processing only data necessary for each purpose by default;
- ensuring, as far as possible, that personal data are not accessible to an indefinite number of persons without your intervention;
- designing the system from the outset to integrate safeguards suitable for the risks (e.g. health data, big data, AI).
Given the nature of our processing (health data, vulnerable data subjects, AI and potentially large-scale operations), we carry out a Data Protection Impact Assessment (DPIA) under Art. 35 GDPR, reflecting EDPB and Italian Garante criteria and recent case-law on DPIA for health and profiling systems.
12Your Rights
You can exercise the following rights:
- access, rectification, erasure, restriction, portability, objection, and rights relating to automated decision-making and profiling;
- withdrawal of consent at any time, without affecting processing already carried out;
- complaint to the Italian Data Protection Authority (Garante).
To exercise these rights, contact us at info@sanadr.com. For disputes, you may also opt for judicial remedies alongside or instead of complaints, in line with Arts. 77–82 GDPR and corresponding Italian provisions.