MyMedVault Privacy Policy


Effective Date: 1 September 2025

1. Introduction

At MyMedVault (MMV), we are committed to protecting your personal data in accordance with international best practices and applicable laws, including the Singapore Personal Data Protection Act (PDPA), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) in the U.S., and other relevant laws depending on your jurisdiction.

This Privacy Policy explains how MMV collects, uses, shares, stores, and protects your personal data when you use our services. By using MMV, you acknowledge and agree to the terms of this policy.

We may update this Privacy Policy periodically to reflect changes in legal requirements or our services. We will notify you of any significant changes, and encourage you to review this policy regularly.

2. Roles and Definitions

  • User (Patient): Any individual who creates an MMV account to manage and store their personal health information.
  • Dependant: A user profile managed by a parent or legal guardian. Control remains with the guardian until the dependent turns 18.
  • Carer: A family member, friend, or authorised individual granted access to assist in managing a user's health information.
  • Care Provider: A healthcare professional or institution authorised by the user to view or access their shared health information.

3. Personal Data We Collect

Personal data refers to any information that can directly or indirectly identify you. Depending on your use of MMV, we may collect the following:

  • Identification & Contact Information: Name, gender, date of birth, email, phone number, and address.
  • Health & Medical Data: Medical records, lab results, prescriptions, wearable device data, appointment history, vaccination records, and voice-to-text health notes.
  • Dependant Information: Health data and activity records of dependants, including medication logs and vitals tracking.
  • Account & Profile Details: Login credentials, preferences, subscriptions, payment info, and interaction history.
  • Technical Data: IP address, device details, geolocation, cookies, session durations, and language settings.
  • Anonymised Data: De-identified or aggregated data used for research, insights, and platform improvement.

4. How We Collect Personal Data

We collect personal data:

  • Directly from you – during account registration, uploading health records, responding to surveys, or contacting support.
  • Automatically – via cookies, app usage logs, and device analytics.
  • From third parties – such as authorised healthcare providers, wearable devices, or your connected carers.

If you submit personal data on behalf of others (e.g., dependents or spouses), you confirm you have obtained their consent or legal authority to do so.

5. How We Use Your Personal Data

Your personal data is used for the following purposes:

  1. Core Service Delivery – Secure storage, organisation, and controlled sharing of medical and wellness records.
  2. AI-Powered Health Insights – Generating recommendations from MMV's AI systems, trusted third-party AI tools, or linked clinical data. These insights are not medical advice. Please consult a doctor if you feel unwell or uncertain.
  3. User Experience Improvement – Personalising your dashboard and notifications.
  4. Compliance and Security – Meeting our legal, regulatory, and technical obligations.
  5. Research & Development – Using anonymised data to improve our AI models and develop new services.
  6. Marketing (with Consent) – Sending you updates, offers, or health-related content you've opted into.

6. Legal Bases for Processing

MMV processes your data under legal bases such as your consent, contractual necessity, or compliance with legal obligations, depending on the context and jurisdiction.

7. Sharing Your Personal Data

We do not sell your personal data.

We may share your data only with your explicit consent and where necessary:

  • Care Providers – To support your consultations or care coordination.
  • Authorised Carers or Family Members – As per your long-term or short-term consent settings.
  • Partners & Researchers – For medical innovation or service delivery where you've opted in.
  • Regulatory Bodies – If legally required, e.g., during an investigation or audit.

All third parties are contractually bound to provide a high standard of data protection.

8. Cross-Border Data Transfers

Your data is stored in Singapore, where we comply with all applicable data protection regulations. These standards may be higher or lower than those in your local jurisdiction. By using MMV, you acknowledge and accept this transfer risk.

9. Data Retention

We retain personal data only for as long as necessary to:

  • Provide you with services,
  • Meet legal and regulatory requirements, or
  • Resolve disputes and enforce agreements.

Upon account deletion, your data will be anonymised or securely erased. Anonymised data may be retained for research or service improvement.

10. Your Rights

Depending on your jurisdiction, you may:

  • Access the personal data we hold about you,
  • Correct or update inaccurate data,
  • Withdraw consent at any time,
  • Request deletion or restriction of processing,

You can exercise these rights by:

  • Email: privacy@mymedvault.health
  • In-App Settings: Navigate to "Account & Privacy" under your profile.

11. Data Breach Notifications

In the unlikely event of a data breach that affects your personal information, we will notify impacted users as required by law and explain steps taken to mitigate the risk.

12. Data Security

We apply industry-standard physical, technical, and organisational measures to protect your data from loss, misuse, unauthorised access, or modification. These include:

  • End-to-end encryption of sensitive data,
  • Role-based access controls,
  • Activity logging and anomaly monitoring,
  • Regular audits and system updates.

13. Appendices

Appendix 1: Types of Personal Data We Collect

  1. Identification: Name, gender, birth date, contact details, language preferences, etc.
  2. Health and Medical: Uploaded lab results, diagnosis notes, prescriptions, vaccination records, biometric data from wearables, and medication tracking via voice/text inputs.
  3. Dependant Profiles: All of the above for dependants, with control retained by guardian until age 18.
  4. Technical: IP address, device and browser type, session logs, cookies, app version, etc.
  5. Anonymised: Aggregated and de-identified data for research, platform improvement, or analytical use.

Appendix 2: Purposes for Processing

  1. Service Delivery: Secure record storage, access, and sharing. Personal health management tools including reminders, logs, and educational content.
  2. AI-Powered Recommendations: Custom wellness guidance on nutrition, lifestyle, and prevention.
  3. Research & Innovation: Anonymised data usage for improving healthcare solutions.
  4. Legal Compliance: Fulfilling regulatory obligations and protecting our users and systems.
  5. Marketing & Communication: With consent, sending updates, offers, or engagement opportunities.
  6. Experience Optimisation: Improving app usability, personalisation, and responsiveness based on user activity.

14. Contact Us

For questions, data access requests, or complaints, please contact:

We aim to respond to all valid requests within 30 days.

15. Children's Privacy

We do not knowingly allow users under 18 to control an account. All dependant profiles must be created and managed by a parent or legal guardian until the dependant reaches legal age.

16. Changes to This Policy

We may update this Policy periodically. In the event of significant changes, we will notify you through the MMV app or via email.