← Back to Docseek

Privacy Policy

Docseek.ai Privacy Policy (Singapore)

Version: 1.1

Last updated: 15 Aug 2025

1 Introduction

Docseek.ai ("Docseek", "we", "our" or "us") operates an AI‑powered healthcare concierge platform that allows users to obtain health‑related information and to communicate with healthcare providers. We are incorporated and headquartered in Singapore. This Privacy Policy explains how we collect, use, disclose and protect your personal data when you use our website, mobile applications and related services (collectively, the Services). In developing this policy we have taken the Personal Data Protection Act 2012 of Singapore (PDPA) into account.

If you are a healthcare provider or a business partner engaging with Docseek, please refer to our Healthcare Providers & Partners Privacy Notice for details on how we handle your personal data.

Consent

By accessing or using our Services, you consent to the collection, use, disclosure and processing of your personal data in the manner described in this Policy. If you do not agree with this Policy, please do not use our Services. You may withdraw your consent at any time (see Section 9). Consent may be expressed through account setup, continued use of services, or direct acknowledgement via consent forms or checkboxes.

2 Anonymous Usage vs. Member Account

We offer two ways to use the Services:

  • Anonymous usage. You may ask our AI engine questions anonymously without creating a user account. In this mode we do not link your interactions to your identity; we only collect minimal technical information (e.g., IP address, browser type) needed to deliver the session. We do not store these interactions after the session ends.

  • Member account. If you choose to create a Docseek account, we will ask for contact information (such as name, address, email address, telephone number) and may collect health‑related information that you voluntarily provide. Account users can view and update their health history and access additional features. The rights described in Sections 8 – 10 primarily apply to registered users, because anonymous sessions do not involve stored personal data.

3 What Personal Data We Collect

The types of personal data we collect depend on how you use our Services:

CategoryExamples(non‑exhaustive)Purpose
Account InformationName, email, phone, addressTo create/manage your account, authenticate you, and communicate with you
Health Information (Text / Images)Symptoms, medical history, medicationsTo provide services, benefits and/or to perform a contract. Such as facilitation of medical provider communication
Technical DataIP address, device/browser info, time stampsTo run analytics, secure the site, and understand usage trends
CookiesSession, preference cookiesTo personalise your experience and store your settings
CommunicationsEmails, messages sent to usTo provide support and improve service quality, to facilitate booking appointments. To contact you through SMS and/or push notifications for service-related information (non-marketing) such as appointment confirmations and others.
Online IdentifiersDevice ID, browser fingerprint, location estimateTo display nearby clinics according to GPS location data and only enable relevant features. To enhance technical performance and troubleshooting.
Payment or transaction dataBilling address, payment method information, and other details of transactionsFacilitate payment for appointment bookings
Submitted Data About OthersHealth data submitted by caregiver or guardianTo assist dependents (with required authorisation and consent)

We do not knowingly collect personal data from children under 13 without parental consent. If you believe such data has been submitted, please contact us and we will take steps to delete it.

4 How We Use Your Personal Data

We use personal data only for purposes that a reasonable person would consider appropriate and for which you have given consent, as required by the PDPA. Such purposes include:

  1. Providing and improving our Services. We use personal data to operate and improve our AI and platform, personalise your experience, debug and resolve technical issues and develop new features. When you interact with your healthcare provider, we use your health information to summarise your symptoms and facilitate clinical workflow processes.

  2. Communicating with you. We use your contact information to send transactional messages, respond to your enquiries, and (with your consent) send marketing communications. You can opt out of marketing at any time.

  3. Compliance with law and protection of rights. We may process personal data to comply with applicable laws, regulations or legal processes, and to protect the rights, property or safety of Docseek, our users or others.

  4. Research and analytics. We may use aggregated or anonymised data for research, analytics and statistical purposes, such as evaluating the effectiveness of our AI engine and to improve clinical workflows. Aggregated data does not identify you.

  5. Security & anti-fraud. To detect misuse, enforce terms and ensure platform integrity.

5 Disclosure of Personal Data

Docseek does not sell your personal data. We disclose your personal data only in the following circumstances:

  • With your healthcare provider. When you ask us to facilitate communication with a healthcare provider, we share your health information with that provider. For account members, we use your health information to help you communicate more effectively with your healthcare provider. For example, by formatting it in a way that is helpful for discussing with your doctor.

  • With service providers and data intermediaries. We contact authorised external parties or companies that provide products and services to us such as information technology security and support and benefits and rewards administration. We may also partner with third parties in the provision of our services to you including that via our mobile apps and may share your Personal Data with them, in order for you to receive the benefits of our services. This includes the use of cloud infrastructure, AI gateway services, and large language model providers that process user inputs on our behalf in order to generate AI-assisted responses. Such providers act as data intermediaries and are contractually bound to process personal data only on our instructions, maintain confidentiality, and implement appropriate security safeguards.

  • Cross‑border transfers. If we transfer personal data outside Singapore, we will ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection that is comparable to that under the PDPA. This may involve data transfer agreements or reliance on certifications. We will also comply with the laws of the receiving country.

  • Legal and public interest. We may disclose personal data in limited circumstances when required by law or government authorities; to respond to legal requests or court orders; or when it is necessary to protect your vital interests, such as during a medical emergency or where there is a serious and imminent threat to health or safety. Additionally, in accordance with the Personal Data Protection Act 2012 (PDPA), we may use or disclose personal data for public interest purposes such as statistical or research activities, provided appropriate safeguards are in place to protect your privacy.

6 Third party services

Our service may contain references to third party services – we strongly advise you to review the data protection/privacy Policy/policy of such referenced third parties to understand their data protection/privacy policy/practices, which may be different from this Notice and our practices. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

7 Retention and Accuracy

We retain personal data only as long as it is reasonably necessary for business, operational, or legal purposes. This includes using personal data to improve your experience, enhance our services, and contact you when necessary. For example, we may analyse health information to develop better ways of helping users communicate with healthcare providers.

Once data is no longer needed for these purposes, we will cease to retain it or will anonymise it, in accordance with the retention limitation obligation under the Personal Data Protection Act (PDPA). Health information you provide through anonymous sessions is not retained after the session ends. For registered users, we retain your personal data while your account remains active and for a reasonable period thereafter to comply with legal obligations or continue service improvements, where applicable.

Promptly after the applicable retention period has ended, your personal data will be appropriately:

  • disposed of securely;
  • de-identified (through removal of identifiable components, obfuscation, pseudonymisation, anonymisation, or other means); and/or
  • transferred to an archive (unless this is prohibited by applicable data protection laws).

We make reasonable efforts to ensure that personal data collected is accurate and complete, especially if it will be used to make a decision affecting you or disclosed to another organisation. If you believe that any information we hold about you is inaccurate or incomplete, please contact us (see Section 12) so we can correct or update it.

8 Your Rights under the PDPA

The PDPA gives individuals certain rights with respect to their personal data. As a Docseek user you have the following rights:

  1. Right to access. You may request access to the personal data that we hold about you and information about how we have used or disclosed it within the past year. Section 21 of the PDPA obligates organisations to provide individuals with their personal data and information about uses and disclosures upon request. We may charge a reasonable administrative fee for processing your request and will inform you of the fee before fulfilling your request. We may refuse access in limited circumstances (e.g., where access would reveal another person's data or would be frivolous).

  2. Right to correction. You may request correction of any error or omission in your personal data. Upon receiving a valid request, we will correct the data as soon as practicable and send the corrected data to organisations to which the data was disclosed within the past year, unless it is impracticable or the other organisation does not need the correction.

  3. Right to withdraw consent. You may withdraw consent for our collection, use or disclosure of your personal data at any time by giving reasonable notice. Section 16 of the PDPA provides that individuals may withdraw consent, and organisations must inform individuals of the likely consequences and cease handling the data unless an exception applies. We will endeavour process your withdrawal request as soon as reasonably practicable, and in any case within 31 calendar days from the date we receive it. Certain requests may take longer if they involve multiple service providers or legal obligations, but we will keep you informed if more time is needed. Withdrawing consent may mean that we can no longer provide certain services to you.

  4. Right to data portability (coming soon). Once the Data Portability provisions take effect, you may request that we transmit your data in a commonly used, machine‑readable format to another organisation. We will update this Policy when the regulations are issued.

To exercise your rights, please contact us using the information provided at the end of this notice. We may request identity verification. We will respond within a reasonable time, typically within 30 days.

9 Consent and Choices

By using our Services, you consent to the collection, use and disclosure of your personal data as described in this Policy. Consent must be informed; therefore, we endeavour to notify you of the purposes of collection and obtain your agreement before collecting personal data. You may give consent through our user interface, through verbal communication with our staff, or by continuing to use the Services after being notified.

  • Marketing communications. We will send you marketing messages only with your explicit consent. You may opt out at any time by using the unsubscribe link in our emails or by contacting us.

  • Optional vs. necessary purposes. Some data is necessary for us to provide our Services (for example, your name and email to create an account). Other uses (such as receiving newsletters) are optional. You may withdraw consent for optional purposes without affecting necessary purposes.

We Do Not Disclose Your Data for These Uses Without Explicit Consent

Under Singapore's PDPA, we will not disclose your personal health information for the following purposes unless you have given us clear, written consent:

  • Selling your personal or health data to third parties
  • Disclosing health information for third-party marketing purposes

We do not engage in these practices by default, and if consent is ever requested, it will be clearly communicated and strictly optional.

10 Cookies and Analytics

We use cookies and similar technologies to improve the performance of our website and to understand how visitors use it. Cookies store small pieces of data on your device and help us remember your preferences and tailor content. You can manage cookie preferences through your browser settings. We also use analytics services that collect anonymised information about site usage (such as pages visited and time spent). These analytics tools do not identify individual users.

11 Data Security

We implement reasonable security arrangements to protect personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. This includes using encryption at rest and in transit, access controls, regular security assessments, and staff training. Under the PDPA's Protection Obligation, organisations must make reasonable security arrangements to prevent unauthorised access or similar risks. While we strive to protect your data, no method of transmission over the Internet or method of electronic storage is completely secure; therefore, we cannot guarantee absolute security.

12 Data Breach Notification

If a data breach occurs that results in, or is likely to result in, significant harm to affected individuals or that is of a significant scale, we will notify the Personal Data Protection Commission (PDPC) and affected individuals as soon as practicable, as required by sections 26A–26E of the PDPA. We will also take steps to contain the breach, assess its impact and prevent a recurrence. Our data intermediaries are contractually required to notify us of any breaches without undue delay.

13 Accountability and Governance

Docseek takes an accountability‑based approach to data protection. We have developed and implemented internal policies and processes to ensure compliance with the PDPA. We provide regular training to our staff and foster a culture of responsibility. We have appointed a Data Protection Officer (DPO) whose contact details are provided below; the DPO oversees compliance and handles queries or complaints.

We review our data protection policies and procedures regularly and will make them available upon request. As required under the PDPA, we are answerable to regulatory authorities and individuals for our data practices.

14 Use of Artificial Intelligence (AI)

Docseek.ai uses AI-powered algorithms to:

  • Provide health-related insights based on symptoms
  • Assist with triage and improve communication with doctors
  • Help summarise health history for better understanding

These AI tools do not make clinical decisions and are not a substitute for professional medical advice. They are designed to support, not replace, human judgment.

15 Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws or for other operational reasons. We will post the updated Policy on our website and indicate the date of revision. Where required by law, we will notify you and obtain your consent to material changes.

16 Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about our data practices, please contact our Data Protection Officer:

Data Protection Officer Docseek Pte. Ltd. Email: support@docseek.ai

Docseek.AI is not a medical device and does not provide diagnosis, medical advice, or treatment. It supports your understanding and decision-making so you can communicate more effectively with your doctor.