Clinical-grade AI that never leaves the patient's jurisdiction.

The patient record has a jurisdiction, and the AI has to stay in it. Iftah keeps diagnostic, clinical, and life-sciences AI inside the hospital, the national cloud, or the bare-metal suite where that record legally lives. One control plane governs every model, prompt, and access decision across the GCC — PHI, genomics, and imaging never transit an unmanaged external model.

Talk to an engineerAll industries

Built for Gulf health-data localization

  • PHI stays in-jurisdiction by configuration
  • Article 13 & PDPL residency evidence
  • Clinical guardrails + human-in-the-loop
  • Bare-metal imaging never leaves the hospital

Designed for the health-data regimes you answer to.

Iftah does not certify compliance — that stays the provider's obligation. In-jurisdiction deployment, clinical guardrails, and a per-inference audit trail give your DPO and regulators concrete evidence.

UAEHealth · Article 13

Federal Law 2/2019

Health-data localization (Article 13) and Cabinet Decision 32/2020 met by in-country deployment.

KSAData · SDAIA

Saudi PDPL

Health data as sensitive personal data, with cross-border transfer controls enforced.

KSADevices · SFDA

SFDA SaMD / MDS-G010

Model-version, change-control, and audit evidence for AI/ML software-as-a-medical-device.

KSACyber · NCA

NCA ECC / CCC

Access, logging, and segmentation aligned to Essential and Cloud Cybersecurity Controls.

UAEHealth authorities

MOHAP · DoH · DHA

Aligned to DHA Health Information Protection & Confidentiality policy and emirate authorities.

GCCData · PDPL

Qatar · Bahrain · Oman

MOPH, NHRA (with mandated DPO), and Oman's health-data permit requirements respected in-region.

Clinical-AI objections, resolved by design.

The trade · Residency

PHI leaves the jurisdiction

SaaS AI routes protected health information to multi-tenant endpoints abroad — violating Article 13 and PDPL sensitive-data rules.

Iftah

Every model and inference endpoint is pinned to a chosen jurisdiction and provider, with enforceable, auditable residency proof.

The trade · Safety

No clinical guardrails

Generic chatbots offer no PHI redaction, no provenance, and no audit trail acceptable to SFDA, MOH, or an NHRA DPO.

Iftah

Clinical-safety guardrails — PHI redaction, hallucination controls, retrieval grounding, mandatory human-in-the-loop — apply across every deployment.

The trade · SaMD

Unprovable model lineage

Hospitals can't prove which model version or prompt produced a recommendation, undermining SFDA SaMD change control.

Iftah

An immutable, per-inference record of model version, policy, data lineage, and approver aligns with SaMD and DPO obligations.

The trade · IP

Exposed life-sciences IP

Trial data, molecule libraries, and manufacturing parameters are exposed the moment they transit an unmanaged external model.

Iftah

Training and fine-tuning stay private to the institution; proprietary data never feeds a shared model.

The trade · Governance

Six divergent platforms

A multi-country health group ends up with fragmented, ungovernable AI per entity.

Iftah

One control plane standardizes governance across Saudi, UAE, Qatar, Kuwait, Bahrain, and Oman entities.

Where the patient record lives — that's where AI runs.

From the national health cloud to a bare-metal cluster in the radiology suite — one governance standard across all of it.

Sovereign cloud

National health cloud

Patient-facing and administrative AI on an approved in-country health cloud.

Multi-cloud & hybrid

In-region hybrid

EMR-adjacent workloads across in-region hyperscaler and private infrastructure.

On-prem

Bare metal in the hospital

Real-time imaging triage and OR decision support on GPUs where imaging never leaves the building.

Disconnected

Air-gapped research

Genomic pipelines and pharma R&D on isolated clusters with no external path.

Clinical and operational AI, in-jurisdiction.

  • Radiology & pathology triage

    Critical-finding flags in-region while imaging stays on the hospital's bare-metal cluster.

  • Ambient clinical documentation

    Arabic-English scribing inside the EMR boundary with PHI redaction and clinician sign-off.

  • Grounded clinical decision support

    Retrieval over national formularies, SFDA labels, and protocols with cited, governed sources.

  • Patient & provider assistants

    Integrated with national health records, answering only from authorized, in-jurisdiction data.

  • Life-sciences acceleration

    Trial-document review, adverse-event coding, and dossier drafting without external exposure.

  • Population & operational analytics

    Capacity, no-show prediction, and revenue cycle under one residency and access policy.

Next step

Review Iftah AI against your environment before choosing the first workload.

Talk to an engineer