We protect your healthcare data with privacy-first design. Your health data stays on your device, not in the cloud. We're PDPA, HIPAA, and GDPR compliant, and you have complete control over your data.

What We Collect

We only collect data necessary to help coordinate your care.

Health Information: Assessment responses, medical history, medications, vital signs

Personal Details: Name, email, phone, relationship to care recipient

Technical Data: Device type, app usage (anonymized), error logs

We NEVER collect: Precise GPS location, your contacts or messages, audio/video without consent, or data we don't need for care coordination.

How We Use Your Data

Your data helps coordinate care between you, family, and healthcare providers.

Primary Uses (Required for Service):

Care Coordination: Connect caregivers with healthcare teams
AI Assessments: Generate clinical insights from your responses
Medication Reminders: Track and remind about medications
Health Monitoring: Visualize trends in health metrics

Service Improvement (Optional): With your explicit consent only:

Improve AI model accuracy
Develop new features
Anonymized research (you can opt-out anytime)

What We NEVER Do: Sell your data, use it for advertising, share with insurers without consent, or train AI models without your opt-in.

How We Protect Your Data

Healthcare-grade security that meets international standards.

Encryption: AES-256 at rest, TLS 1.3 in transit

Local Storage: Data stays on your device

Access Control: Only authorized users can access

Monitoring: 24/7 security monitoring

If There's a Breach: We'll notify you within 72 hours and guide you on protective measures.

Who We Share Data With

We only share when you authorize it or when legally required.

With Your Consent:

Healthcare Providers: Doctors, hospitals, clinics you authorize
Care Team: Family caregivers you designate
EMR Systems: Epic, Cerner, Singapore NEHR (when you approve)

Service Providers (Secure): These companies process data on our behalf with signed agreements:

AWS (Singapore) - Cloud hosting
SendGrid - Email delivery
Zendesk - Customer support
Stripe - Payment processing

All have HIPAA Business Associate Agreements and GDPR Data Processing Agreements.

Without Consent (Legal Only): We may share without consent only when:

Medical emergency threatens life
Required by court order
Mandated by regulatory authorities
Serious public safety threat

Your Rights

You have complete control over your data.

Access: Get a copy of all your data

Correct: Fix inaccurate information

Delete: Remove your account and data

Export: Download in portable format

Opt-Out: Withdraw consent anytime

Restrict: Limit how we use your data

How Long We Keep Data

We only keep data as long as needed or required by law.

Active Accounts: Health data retained while account is active for care coordination and longitudinal tracking.

After Deletion:

Personal data: Deleted within 30 days
Healthcare records: May be retained by providers per law (7+ years)
Backups: Fully cleared within 90 days
De-identified data: May be kept for research (cannot be re-identified)

Inactive Accounts:

After 24 months: Email reminder
After 36 months: Deletion notice (90 days advance)

International Transfers & B2B

Data primarily stays in Singapore with appropriate safeguards for transfers.

Where Data Is Stored:

Primary: AWS Singapore region
Backup: AWS Sydney (encrypted)
Disaster Recovery: AWS US (encrypted, restricted access)

All transfers use Standard Contractual Clauses (SCCs) and meet GDPR requirements.

Who Controls Your Data:

If you're a patient through a healthcare organization using Elderwise:

Your healthcare provider is the Data Controller
AJENTIK AI PTE. LTD. is the Data Processor
Contact your provider first for privacy requests

If you're an individual user:

AJENTIK AI PTE. LTD. is your Data Controller
Contact us directly at privacy@elderwise.ai

Legal Compliance

We comply with Singapore PDPA (primary), HIPAA, and GDPR standards.

Singapore PDPA: As a Singapore company, we follow the Personal Data Protection Act:

Consent for data collection and use
Purpose limitation
Data accuracy and protection
Retention and disposal obligations
Breach notification (within 72 hours)

Filing Complaints: You can file complaints with Singapore's Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg

HIPAA (US Healthcare Data): For US healthcare organizations, we maintain HIPAA-aligned practices:

Business Associate Agreements with all partners
Technical, administrative, and physical safeguards
Patient rights to access and amendment
Breach notification procedures

GDPR (EU Users): For users in the European Economic Area:

Lawful basis for processing (consent, contract, legitimate interest)
Data subject rights (access, erasure, portability, etc.)
Standard Contractual Clauses for transfers
Right to lodge complaint with supervisory authority

Cookies and Tracking

Privacy-First Approach: Elderwise uses only essential cookies. We do not use any tracking, analytics, or advertising cookies.

What We Use:

Authentication Cookie (sb-auth-token): Keeps you securely logged in to your account. This cookie is essential for the service to work and expires after 7 days.
Language Preference Cookie (i18next): Remembers your language preference (English, Chinese, Malay) so the site displays in your chosen language. Expires after 30 days.

What We Don't Use:

No analytics or tracking cookies (Google Analytics, etc.)
No advertising or marketing cookies
No social media tracking pixels
No third-party cookies
No behavioral tracking

Legal Basis: Essential cookies are necessary for contract performance under GDPR Article 6(1)(b) and do not require consent under PDPA, HIPAA, and GDPR regulations.

For detailed information, see our Cookie Policy.

Related Policies

Questions? Contact Us

If you have any questions about this privacy policy, please contact us.

Email: privacy@elderwise.ai

Privacy Policy