Privacy Policy

Effective Date: January 1, 2026

Introduction

MedMap respects the privacy of our clients and partners. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our BioMedical Data Protection services.

Information We Collect

We collect information that identifies, relates to, or could reasonably be linked to you ("Personal Information"):

  • Contact Data: Name, business email, phone number, and job title.
  • Professional Data: Company name and specific MedTech R&D interests.
  • Technical Data: IP address, browser type, and usage patterns collected via cookies.
  • Sensitive Research Data: For clients using our Cloud Data Hosting, we may process pseudonymized medical images or clinical data as a Data Processor.

How We Use Your Information

We process your information for the following purposes:

  • Service Delivery: To facilitate R&D acceleration and AI integration.
  • Security: To monitor and protect our Biomedical Cloud Data Hosting environment.
  • Communication: To provide updates on project milestones or respond to inquiries.
  • Compliance: To fulfill legal obligations related to medical data auditing.

Data Protection & Security (The "MedMap Standard")

Given our focus on BioMedical Data Protection, we employ advanced security measures:

  • Encryption: Data is encrypted both at rest and in transit using AES-256 or higher.
  • Access Control: We utilize strict Role-Based Access Control (RBAC) for all cloud hosting environments.
  • Anonymization: When performing Medical Image AI Integration, we apply de-identification protocols to ensure compliance with privacy laws.

International Data Transfers

MedMap operates globally. Information collected may be stored and processed in any country where we engage service providers. We ensure that such transfers are protected by Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

Data Retention

We retain Personal Information only as long as necessary to fulfill the purposes outlined in this policy or to comply with statutory retention periods required for medical research and commercial records.

Your Privacy Rights

Depending on your jurisdiction (e.g., GDPR, CCPA), you may have the following rights:

  • Access/Portability: Request a copy of the data we hold.
  • Correction: Request that we fix inaccurate information.
  • Deletion: Request the erasure of your personal data under certain conditions.
  • Object to Processing: Especially regarding direct marketing.

Contact Our Data Protection Officer

If you have questions about this policy or our treatment of sensitive biomedical data, please contact:

MedMap Privacy Team

✉️Email: don@medmap.sg

📍Address: 16 Ayer Rajah Crescent, Singapore

HIPAA Compliance Statement (United States)

For our clients operating within the United States healthcare system, MedMap acknowledges its role and responsibilities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

  • Business Associate Agreement (BAA): When MedMap provides Cloud Data Hosting or AI Integration services involving Protected Health Information (PHI), we act as a "Business Associate." We are committed to signing BAAs with our "Covered Entity" clients to ensure appropriate safeguards are in place.
  • Technical Safeguards: We implement rigorous access controls, audit logs, and integrity controls to prevent unauthorized access to PHI.
  • Administrative Safeguards: Our staff undergoes regular training on the handling of sensitive health data and breach notification protocols.
  • Physical Safeguards: All biomedical data is hosted in Tier 3 or 4 data centers with 24/7 physical security and biometric access monitoring.

GDPR Compliance & International Data Transfers (European Economic Area)

For users and data subjects located in the European Economic Area (EEA), MedMap complies with the General Data Protection Regulation (GDPR) regarding the collection, use, and retention of personal data.

  • Legal Basis for Processing: We process data based on (a) the necessity of performing a contract, (b) compliance with legal obligations, or (c) our legitimate interest in providing MedTech innovation services.
  • Data Minimization: We strictly adhere to the principle of data minimization, ensuring that only the specific data required for AI integration or R&D acceleration is processed.
  • Data Subject Rights: EEA residents have the right to lodge a complaint with a supervisory authority and the right to "data portability."
  • International Transfers: For data transferred outside the EEA, we utilize Standard Contractual Clauses (SCCs) approved by the European Commission to ensure a level of protection equivalent to that within the EU.

Specific Provisions for Medical Image AI Integration

As part of our Medical Image AI Integration solutions, MedMap often processes imaging data (DICOM/NIfTI).

  • De-identification: We utilize automated and manual de-identification processes to remove "Patient Identifiers" (Names, IDs, Birthdates) before data is used for AI training or research.
  • Standard Compliance: Our de-identification protocols are designed to meet the HIPAA Safe Harbor method and GDPR Anonymization standards to ensure that data can no longer be attributed to a specific individual.

Security Breach Notification

In the event of a suspected or confirmed data breach involving sensitive biomedical data, MedMap maintains a Data Breach Response Plan. We will notify affected clients and relevant regulatory bodies within the timeframes required by applicable law (e.g., within 72 hours for GDPR or as soon as possible for HIPAA).