HomePrivacy Policy
Legal

Privacy Policy

Last updated: 1 January 2026 · Effective immediately

HIPAA Compliant Singapore PDPA GDPR Aligned AES-256 Encrypted

1. Introduction

MediCore Health Pte. Ltd. ("MediCore", "we", "us") is committed to protecting your personal and health information. This Privacy Policy explains how we collect, use, store, and protect your data in accordance with the Singapore Personal Data Protection Act 2012 (PDPA), US Health Insurance Portability and Accountability Act (HIPAA), and GDPR principles.

2. Data we collect

  • Account information: name, email address, date of birth
  • Health data: symptoms, assessment results, consultation records, medications, conditions
  • Device information: IP address, browser type, device type (for security purposes only)
  • Usage data: pages visited, features used (anonymised analytics)

3. How we protect your data

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Data stored exclusively on AWS Singapore (ap-southeast-1) — no cross-border transfers without explicit consent
  • SOC 2 Type II and ISO 27001 certified infrastructure
  • Access controls: only your treating physicians and authorised staff can access your health records
  • Full audit log of every access to your records

4. We will NEVER

  • Sell your personal or health data to any third party
  • Share your data with advertisers
  • Use your health data for AI training without explicit opt-in consent
  • Transfer data outside Singapore without your consent

5. Your rights

  • Access: Request a copy of all data we hold about you
  • Correction: Update inaccurate personal information at any time via your profile
  • Erasure: Delete your account and all associated data permanently
  • Portability: Export your health data in JSON format via your profile
  • Withdrawal of consent: Withdraw consent for data processing at any time

6. Data retention

We retain your health records for 7 years from the date of creation in compliance with MOH Singapore guidelines, unless you request earlier deletion. Account data is deleted within 30 days of account deletion request. Anonymised, non-identifiable analytics data may be retained indefinitely.

7. Contact us

Data Protection Officer: dpo@medicore.health
MediCore Health Pte. Ltd., 1 Raffles Quay, Singapore 048583
For data requests or complaints, email us or write to the above address.