Your Privacy is Protected

Introduction

This Privacy Policy describes how Casemix Solutions Sdn Bhd ("we", "us", or "our") collects, uses, processes, and protects your personal information when you use Relify, our AI-powered clinic management software. This policy applies to all users of our platform, including healthcare providers, clinic staff, and patients.

Information We Collect

Personal Information

We collect the following types of personal information:

• Account Information: Name, email address, phone number, professional credentials, and clinic details
• Patient Data: Medical records, appointment history, billing information, and health-related data (processed under healthcare provider authority)
• Usage Data: How you interact with our platform, feature usage patterns, and system performance metrics
• Technical Information: IP address, browser type, device information, and system logs for security and performance
• Communication Records: Support tickets, feedback, and correspondence with our team

Sensitive Personal Data

As a healthcare platform, we process sensitive personal data including:

• Medical history and clinical notes
• Diagnostic information and test results
• Treatment plans and medication records
• Insurance and billing information

How We Use Your Information

Primary Purposes

• Service Delivery: Providing clinic management functionality, AI assistance, and platform features
• Healthcare Operations: Supporting medical record management, appointment scheduling, and billing processes
• Account Management: Creating and maintaining user accounts, authentication, and access control
• Customer Support: Responding to inquiries, technical support, and user assistance
• Platform Improvement: Analyzing usage patterns to enhance features and user experience
• Security and Compliance: Detecting fraud, preventing unauthorized access, and maintaining regulatory compliance

AI and Analytics

Our AI features process data to provide:

• Clinical decision support and diagnostic assistance
• Automated medical coding suggestions
• Predictive analytics for clinic operations
• Performance insights and reporting
• Patient's personal demographics are kept intact

Legal Basis for Processing

Under Malaysian PDPA and international standards, we process personal data based on:

• Consent: When you explicitly agree to data processing
• Contract Performance: To provide our clinic management services
• Legal Obligation: To comply with healthcare regulations and legal requirements
• Legitimate Interests: For platform security, fraud prevention, and service improvement
• Vital Interests: When necessary to protect life and health in medical emergencies

Data Sharing and Disclosure

We Share Information With:

• Healthcare Providers: Patient data is accessible to authorized medical professionals within your clinic
• Service Providers: Trusted third-party vendors who assist in platform operations under strict data processing agreements
• Government Authorities: When required by Malaysian law, LHDN for e-invoicing, or in response to legal requests
• Business Partners: Authorized integrations with other healthcare systems (with your consent)

We Never Sell Your Data

We do not sell, rent, or trade personal information to third parties for commercial purposes.

Data Security and Protection

Security Measures Include:

• Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Access Controls: Role-based permissions, multi-factor authentication, and regular access reviews
• Data Centers: SOC 2 certified facilities located in Malaysia with physical security measures
• Monitoring: 24/7 security monitoring, intrusion detection, and automated threat response
• Backups: Regular encrypted backups with disaster recovery procedures
• Staff Training: Regular security awareness training for all personnel

Data Retention

We retain your information for different periods based on data type and legal requirements:

• Account Information: While your account is active plus 2 years after closure
• Medical Records: As required by Malaysian healthcare regulations (typically 7+ years)
• Billing Data: 7 years as required by LHDN and tax regulations
• Support Records: 3 years for service improvement and legal compliance
• Usage Analytics: Aggregated and anonymized data may be retained indefinitely

Your Rights Under PDPA

As a Malaysian resident, you have the following rights regarding your personal data:

• Right to Information: Know what personal data we hold about you
• Right of Access: Request copies of your personal data
• Right to Correction: Update or correct inaccurate information
• Right to Withdraw Consent: Withdraw consent for processing (where applicable)
• Right to Restrict Processing: Limit how we use your data in certain circumstances
• Right to Data Portability: Receive your data in a portable format

Cookies and Tracking

We use cookies and similar technologies to:

• Maintain your login session and preferences
• Analyze platform usage and performance
• Provide personalized features and AI recommendations
• Ensure security and prevent fraud

You can control cookie settings through your browser preferences. Essential cookies required for platform functionality cannot be disabled.

International Data Transfers

Your data is primarily stored and processed in Malaysian data centers. If international transfers are necessary for service delivery, we ensure:

• Adequate data protection measures are in place
• Recipients meet international privacy standards
• Appropriate safeguards protect your information
• You are notified of any significant changes

Data Breach Notification

In the unlikely event of a data breach that poses risks to your rights and freedoms, we will:

• Notify the relevant Malaysian authorities within 72 hours
• Inform affected users without undue delay
• Provide clear information about the breach and our response
• Implement measures to prevent future incidents

Children's Privacy

Relify is designed for healthcare providers and is not intended for children under 18. We do not knowingly collect personal information from minors except as medical data processed by healthcare providers under parental/guardian consent.

Changes to This Policy

We may update this Privacy Policy to reflect:

• Changes in Malaysian or international privacy laws
• New features or services we offer
• Improvements in our security practices
• User feedback and regulatory guidance

We will notify you of material changes through:

• Email notification to registered users
• Prominent notice on our platform
• Updated "Last Modified" date on this policy

Contact Information