Privacy Policy

HealthDolphin.ai ("we," "our," or "us") is committed to protecting the privacy and security of your data. This Privacy Policy describes how we collect, use, and disclose personal data when you use our clinical operating system and SaaS platform.

1. Information We Collect

We collect information to provide better services to all our users. The types of personal data we may collect include:

• Administrative Data: Contact information for clinic staff, billing details, and account credentials.
• Patient Data: Medical records, identification numbers, and health history processed on behalf of clinics.
• Technical Data: IP addresses, browser types, and usage patterns collected via cookies and similar technologies.
• Communication Data: Records of your interactions with our support and sales teams.

2. PDPA Compliance (Malaysia)

As a service provider operating in Malaysia, HealthDolphin.ai complies with the Personal Data Protection Act 2010 (PDPA). We act as a "data processor" for patient information provided by healthcare providers (the "data users").

• We only process personal data based on written instructions from our clients.
• We implement stringent security measures to prevent unauthorized access or disclosure.
• We maintain accurate records of all processing activities.

3. How We Use Your Data

We use the collected data for the following purposes:

• To provide and maintain our SaaS platform functionality.
• To facilitate LHDN e-Invoicing and local regulatory compliance.
• To provide customer support and troubleshoot technical issues.
• To improve our AI-driven clinical tools and user experience.
• To send administrative notifications regarding account changes or service updates.

4. Data Security

Security is central to our platform. We employ industry-standard security protocols to safeguard your data, including:

• AES-256 encryption for data at rest.
• SSL/TLS encryption for data in transit.
• Regular security audits and penetration testing.
• Role-based access controls for clinic staff.

5. User Rights

Under applicable laws, including the PDPA, you and your patients have the following rights:

• Right to Access: Request a copy of the personal data we hold.
• Right to Correction: Request the rectification of inaccurate or incomplete data.
• Right to Withdrawal: Withdraw consent for data processing (subject to legal or contractual restrictions).
• Right to Erasure: Request the deletion of data when it is no longer necessary for the purpose it was collected.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by Malaysian law (e.g., medical record retention requirements for clinics).

7. Third-Party Sharing

We do not sell your data. We may share information with trusted third-party service providers (such as AWS for cloud hosting or payment gateways) only to the extent necessary to provide our services. These partners are contractually obligated to protect your data.

8. Updates to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Effective Date." We encourage you to review this policy periodically.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection Officer at: