Cookie Policy

    Compliant with Singapore PDPA | US HIPAA | EU GDPR

    Last Updated: November 6, 2025

    This Cookie Policy explains how Elderwise uses cookies. We believe in transparency and minimal data collection for your privacy and security.

    Privacy-First Approach: Essential Cookies Only

    Elderwise uses only 2 essential cookies. We do not use any tracking, analytics, or advertising cookies. This means:

    • No consent required (essential cookies are exempt under GDPR/PDPA)
    • No third-party tracking or data sharing
    • Maximum privacy protection for your health data
    • Simple, transparent cookie usage

    Singapore-Based Company

    Elderwise is operated by AJENTIK AI PTE. LTD. (UEN: 202446293K), a Singapore-registered company. We comply with Singapore's Personal Data Protection Act (PDPA) 2012 as our primary framework, plus US HIPAA and EU GDPR for international users.

    Important: Protected Health Information (PHI)

    We do NOT store Protected Health Information (PHI) in cookies. All healthcare data is stored in encrypted databases only. Cookies contain only session identifiers—never health information.

    What Are Cookies?

    Cookies are small text files stored on your device when you visit a website. They help websites remember your actions so you don't have to re-enter information. Elderwise uses only essential cookies—the minimum needed for the site to function securely.

    Essential Cookies We Use

    Elderwise uses exactly 2 essential cookies. These are necessary for the website to function and cannot be disabled. Under PDPA and GDPR Article 6(1)(f), essential cookies do not require your consent.

    1. sb-auth-token

    Purpose: Keeps you securely logged in to your account

    Provider: Supabase (authentication service)

    Expiry: 7 days

    Type: First-party (set on elderwise.ai domain)

    Contains: Secure authentication token—does NOT contain health information

    Security: Encrypted, HTTP-only, secure flag enabled

    2. i18next

    Purpose: Stores your language preference (English, Chinese, Malay)

    Provider: Elderwise (first-party)

    Expiry: 30 days

    Type: First-party

    Contains: Language code only (e.g., "en", "zh", "ms")—no personal data

    That's it! We don't use any analytics cookies, marketing cookies, or third-party tracking. Your privacy is protected by design.

    Why These Cookies Are Necessary

    Our 2 essential cookies enable core functionality that you expect from Elderwise:

    • Secure authentication: The sb-auth-token cookie keeps you logged in without requiring re-authentication on every page, while maintaining security.
    • Personalized experience: The i18next cookie remembers your language preference so the site displays in your chosen language on every visit.
    • Session security: These cookies protect against security threats like cross-site request forgery (CSRF) and session hijacking.

    Without these cookies: You wouldn't be able to stay logged in, and the site wouldn't function properly. That's why they're classified as "essential" under privacy regulations.

    What We Don't Use

    Unlike most websites, Elderwise has made a commitment to minimal data collection. We do NOT use:

    • Analytics cookies (Google Analytics, Facebook Pixel, etc.) — We don't track your behavior across pages or sessions
    • Marketing cookies (advertising, remarketing) — We don't show personalized ads or share data with advertisers
    • Functional cookies (preferences, themes) — We keep these server-side instead of in cookies
    • Third-party tracking — No data is shared with social media platforms, ad networks, or analytics companies

    Healthcare Privacy: By Design

    Because Elderwise handles sensitive health information, we've chosen the most privacy-protective approach possible. We only use the bare minimum cookies required for the site to work—nothing more.

    Your Cookie Rights

    While you cannot disable essential cookies (as they're required for the site to function), you have important rights regarding your data:

    Browser Controls

    You can view and delete cookies through your browser settings:

    Note: Deleting cookies will log you out and you'll need to sign in again.

    Privacy Rights Under PDPA/HIPAA/GDPR

    Even though our cookies are essential, you have broader privacy rights:

    • Right to access your data
    • Right to correct inaccurate data
    • Right to delete your account and data
    • Right to data portability (export your data)
    • Right to object to data processing
    • Right to file complaints with regulatory authorities

    To exercise these rights, contact us at privacy@elderwise.ai

    Third-Party Services

    We use Supabase for authentication and database services. Supabase:

    • Is HIPAA-compliant through a Business Associate Agreement (BAA)
    • Sets first-party cookies on the elderwise.ai domain
    • Does NOT share your data with other third parties
    • Encrypts all data in transit and at rest
    • Follows SOC 2 Type II security standards

    Learn more about Supabase's security practices at supabase.com/security

    Legal Basis for Cookie Processing

    Our legal basis for using essential cookies under various privacy regulations:

    • PDPA (Singapore - Primary): As a Singapore company (AJENTIK AI PTE. LTD., UEN: 202446293K), we process essential cookies under legitimate business interests, consistent with PDPA 2012 requirements.
    • HIPAA (US Healthcare): Our cookies do NOT contain Protected Health Information (PHI) and are used solely for authentication and security.
    • GDPR (EU/EEA): Article 6(1)(f) - Legitimate Interest. Essential cookies are necessary for providing the services you've requested and do not require consent.

    Updates to This Policy

    We may update this Cookie Policy from time to time. When we do:

    • We'll update the "Last Updated" date at the top
    • We'll inform you through our cookie notice if changes affect your rights
    • We'll maintain our commitment to using only essential cookies

    Related Policies

    Data Controller

    The data controller responsible for your personal data and cookie management is:

    AJENTIK AI PTE. LTD.

    UEN: 202446293K

    Jurisdiction: Singapore

    Primary Regulation: Personal Data Protection Act (PDPA) 2012

    Email: privacy@elderwise.ai

    Questions or Complaints?

    If you have questions about how we use cookies or this Cookie Policy, please contact us at privacy@elderwise.ai

    File a Complaint with Regulatory Authorities:

    • Singapore (PDPA - Primary Authority):Personal Data Protection Commission (PDPC)
      www.pdpc.gov.sg
    • United States (HIPAA):HHS Office for Civil Rights
      www.hhs.gov/ocr
    • European Union (GDPR):Your local supervisory authority in your EU/EEA country