Terms, privacy, and data protection.

Company details

Company

SAROVI Sp. z o.o.

NIP

5253053532

Registered address

Mazowiecka 9, 00-052 Warsaw, Poland

Contact

hello@sarovi.pl

Scope of this notice

This page applies to the public Sarovi website, product interfaces, partner communications, research collaboration workflows, and early-access services unless a separate written agreement, clinical protocol, data-processing agreement, or institutional contract applies.

For hospital, laboratory, research, or enterprise deployments, the applicable agreement may define additional obligations around data processing, retention, audit rights, support, security review, and clinical responsibility.

Controller and processor roles

Depending on the context, Sarovi may act as an independent controller, joint controller, or processor. For example, Sarovi may be a controller for website, recruitment, partner, and direct customer communications, while acting as a processor when operating software or infrastructure on behalf of a clinical or research institution.

Where Sarovi acts as a processor, processing is governed by documented instructions, contractual safeguards, confidentiality obligations, access limitation, and applicable data-processing terms.

Terms of service

These terms govern access to and use of Sarovi websites, applications, research workflows, and services. By using the services, users confirm that they have read and understood these terms.

Sarovi provides AI-powered healthcare infrastructure, including clinical workflow tools, medical data analysis systems, digital twin technology, healthcare automation, and related research and development services.

Sarovi tools are designed to assist qualified healthcare professionals. They do not replace professional medical judgment, diagnosis, or treatment. AI-generated outputs should be verified by appropriately qualified professionals before being applied to patient care.

Eligibility and professional use

Users must be at least 18 years old. Features involving medical AI tools may be restricted to licensed healthcare professionals, authorized medical institutions, researchers, or approved partners.

Users are responsible for maintaining account security and for ensuring that any use of Sarovi systems complies with applicable healthcare, privacy, research, and institutional requirements.

Accounts and access security

Where account access is provided, users are responsible for keeping credentials confidential, using appropriate authentication practices, and notifying Sarovi promptly about suspected unauthorized access or security incidents.

Sarovi may suspend or restrict access when required to protect systems, users, patient data, research data, or partner environments.

Prohibited activity

Users may not use Sarovi systems for unlawful purposes, unauthorized medical practice, credential sharing, model abuse, reverse engineering, scraping, intrusion attempts, malware distribution, or any activity that disrupts system integrity or violates applicable healthcare, privacy, research, or security laws.

Medical and research tools must not be used to provide diagnosis, treatment, or patient-facing recommendations without appropriate professional qualification, oversight, and verification.

Privacy and GDPR

Sarovi processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679, Polish data-protection law, and other applicable data-protection requirements.

Depending on the service, Sarovi may process identification data, contact data, professional credentials, technical and usage data, and special-category health data such as medical history, biological data, genetic information, imaging, laboratory results, and clinical measurements.

Legal bases may include consent, contractual necessity, legal obligation, legitimate interests, vital interests, and explicit consent or other applicable Article 9 GDPR grounds for health data where required.

Cookies and analytics

Sarovi may use strictly necessary cookies or local storage for security, session continuity, routing, and site functionality. With appropriate consent where required, Sarovi may use analytics to understand site performance, product interest, and reliability.

Users can usually control cookies through browser settings. Disabling essential storage may affect authentication, security, or product functionality.

Purposes of processing

Personal data may be processed to provide and maintain services, operate accounts, support medical research protocols, process intake and consent, analyze biological or clinical data, communicate with users, improve system reliability, prevent fraud, meet legal obligations, and protect system security.

Where Sarovi processes clinical, genomic, imaging, or other health data, processing is limited to the applicable service purpose, research protocol, institutional agreement, consent, or legal basis.

Health and genetic data

Health, biological, and genetic information may be special-category data under GDPR. Sarovi treats this data with heightened safeguards, including access limitation, purpose limitation, auditability, and separation of identifiable clinical data from research or compute workflows where appropriate.

Genomic and transcriptomic analysis, blood markers, medical imaging, digital-twin models, and molecular research outputs may require additional consent, institutional review, professional oversight, or contractual terms depending on the deployment context.

Data sharing and processors

Sarovi may use carefully selected processors, infrastructure providers, laboratories, clinical partners, or research collaborators where necessary to provide services. Processor access is governed by contractual safeguards, confidentiality, security expectations, and data-processing terms where required.

Sarovi does not sell personal health data. Any research or secondary use must be supported by an applicable legal basis, agreement, consent, ethics framework, anonymization, pseudonymization, or other safeguards as required by law.

International transfers

Sarovi prioritizes European deployment patterns for clinical and biological data. Where personal data is transferred outside the European Economic Area, Sarovi uses legally recognized safeguards where required, such as adequacy decisions, standard contractual clauses, transfer-risk assessment, contractual controls, encryption, or other appropriate measures.

Subprocessors and vendors

Subprocessors may include cloud infrastructure, security tooling, communications, analytics, laboratory operations, support systems, or research infrastructure. Sarovi reviews vendors based on security, confidentiality, reliability, data location, and contractual protections appropriate to the processing context.

For enterprise or clinical deployments, subprocessor lists, audit reports, security questionnaires, and data-flow documentation may be provided under the relevant agreement or security review process.

Retention and deletion

Data is retained only for as long as necessary for service delivery, legal compliance, clinical documentation, research obligations, dispute resolution, security, or legitimate operational needs. Retention periods may differ by data type, legal basis, user category, and partner agreement.

Deletion or restriction requests are handled according to applicable law and may be limited where retention is required for medical, legal, accounting, research integrity, or safety reasons.

Security controls

Sarovi designs systems around encryption, access control, audit logging, environment separation, data minimization, retention controls, vendor review, and incident-response procedures.

SOC 2 and ISO 27001 references on this site describe readiness and alignment unless a formal certification or audit report is separately provided in writing.

Trust center evidence

For hospitals, laboratories, research partners, and enterprise customers, Sarovi can provide security and compliance documentation through an appropriate review process, NDA, security portal, or partner agreement when available and applicable.

Incident response

Sarovi maintains procedures for investigating suspected security events, limiting impact, preserving evidence, communicating with affected partners where required, and meeting applicable regulatory notification obligations.

Security reports can be sent to hello@sarovi.pl. Please include enough detail to reproduce or assess the issue and avoid accessing, copying, or disclosing personal or clinical data without authorization.

AI governance and clinical safety

Sarovi systems may generate summaries, suggestions, segmentations, rankings, alerts, or research outputs. These outputs can be probabilistic and may be incomplete, outdated, or wrong. Clinical users remain responsible for reviewing source data, confirming outputs, and applying professional judgment.

Where appropriate, Sarovi designs workflows to preserve source traceability, surface uncertainty, log material actions, separate draft content from final clinical records, and support human review before downstream use.

User rights

Where GDPR applies, data subjects may have rights to access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Requests can be sent to hello@sarovi.pl.

Sarovi may need to verify identity before responding to a request. Some requests may need to be directed to the relevant healthcare institution, research sponsor, laboratory, or controller when Sarovi acts as a processor.

Medical disclaimer

Sarovi services may support healthcare professionals, researchers, and institutions, but outputs are informational and decision-support in nature unless a separate written agreement states otherwise. Sarovi does not provide emergency medical services through the public website.

Patients should seek care from qualified healthcare professionals and should not delay or disregard medical advice because of information displayed by Sarovi systems.

Emergency use

The public website, contact forms, and general product interfaces are not emergency channels. In urgent or life-threatening situations, users should contact local emergency services or qualified medical professionals immediately.

Intellectual property

Sarovi software, design, models, interfaces, workflows, documents, trademarks, and other materials are owned by Sarovi or its licensors unless otherwise stated. Users may not copy, modify, distribute, reverse engineer, or exploit Sarovi materials except as permitted by written agreement or applicable law.

Limitation of liability

To the maximum extent permitted by applicable law, Sarovi is not liable for indirect, incidental, special, consequential, punitive, or loss-of-data damages arising from use of services, website content, integrations, or AI-generated outputs.

Nothing in this notice limits liability where such limitation is not permitted by applicable law.

Governing law

Unless a separate written agreement states otherwise, this website and these public terms are governed by the laws of Poland and applicable European Union law. Mandatory consumer, patient, employment, research, healthcare, or data-protection rules may apply where required by law.

Changes to this page

Sarovi may update this legal page as products, services, certifications, regulations, and operational controls evolve. Material changes may be communicated through the website, service interfaces, or direct notice where appropriate.

Questions

For questions about terms, privacy practices, security, or legal matters, contact Sarovi at hello@sarovi.pl.