Privacy Policy

How we collect, use, and protect your information.

Effective Date: January 2026 · Last Updated: January 2026

1. Introduction

The Expat Chiro PTE LTD ("we", "us", "our") is committed to safeguarding your personal data. This Privacy Policy outlines how we collect, use, disclose, and store your personal data in compliance with the Singapore Personal Data Protection Act 2012 (PDPA).

Important Regulatory Disclosure: Chiropractic services are not currently regulated in Singapore and are not governed by the Ministry of Health's Healthcare Services Act 2020 licensing framework. We voluntarily adhere to international data protection standards and healthcare best practices.

By visiting our website, booking an appointment, or seeking care at our clinic, you acknowledge and agree to the practices described in this policy.

2. Important Notice: Digital-First Practice

We operate as a fully digital, paperless practice. We use Jane App, a secure cloud-based practice management system, to manage all patient records, scheduling, and billing.

Data Storage Location

Your personal and health data is stored on Jane App's servers located in Australia. This constitutes a cross-border data transfer under Singapore's Personal Data Protection Act (PDPA).

Data Protection Safeguards

To ensure your data receives adequate protection when transferred to and stored in Australia, we have implemented the following safeguards:

  • Data Processing Agreement: We have executed a Data Processing Agreement with Jane App that includes PDPA-equivalent data protection commitments, data breach notification requirements, and data subject rights (access, correction, deletion).
  • Security Standards: Jane App maintains security standards comparable to ISO 27001 and uses encryption for data in transit (TLS) and at rest (AES-256).
  • Privacy Compliance: Jane App adheres to international privacy frameworks and provides PDPA-equivalent protection for your data.

Your Consent

By engaging our services, you consent to the cross-border transfer of your data to Australia under these safeguards. Jane App is essential to our operations. If you do not consent to cross-border data transfer, we will be unable to provide services.

Your Rights

Despite your data being stored in Australia, you retain all rights under Singapore's PDPA, including rights to access, correction, and deletion of your personal data.

Further Information: For details about Jane App's data protection practices, visit: jane.app/privacy

3. Collection of Personal Data

We collect personal data that is necessary to provide you with safe and effective healthcare. This includes:

  • Personal Particulars: Name, NRIC/FIN/Passport number, date of birth, gender, and contact details (email, address, mobile number).
  • Health Information: Medical history, symptoms, clinical notes, X-rays/imaging, diagnosis, and care plans.
  • Financial Information: Credit card details (processed via secure third-party gateways) and billing history.
  • Technical Data: IP address, browser type, and appointment booking timestamps when you use our online booking portal.

4. How We Use Your Data

A. Primary Purposes (With Your Consent)

We collect and use your personal data for the following primary purposes. By engaging our services, you provide consent for these uses:

  • Clinical Care: Assessing and working with your condition through chiropractic services.
  • Care Coordination: Referrals to specialists, imaging centers (X-ray/MRI), or other healthcare providers.
  • Operations: Scheduling appointments, processing payments, and sending appointment reminders (via SMS/Email/WhatsApp).
  • Record-Keeping: Maintaining clinical records as per healthcare best practices.

B. AI-Assisted Documentation

We may use Jane App's AI Scribe technology to assist with clinical note-taking.

How It Works:

  • With your explicit consent (requested via Jane App), your session may be audio-recorded.
  • The recording is processed by Jane App's AI to generate a draft clinical note.
  • The practitioner reviews, edits, and finalizes the note.
  • Audio recording is permanently deleted within 24 hours after transcription.

Your Consent:

  • Audio recording is OPTIONAL. You may decline via Jane App without affecting your care.
  • Consent is requested before each session where AI Scribe may be used.
  • You may withdraw consent at any time via Jane App settings.

Data Protection:

  • Audio is transmitted via encrypted connection.
  • Jane App has committed that audio data will NOT be used to train AI models.
  • Audio processing occurs on Jane App's secure servers (Australia).
  • Cross-border data transfer protections (detailed in Section 2) apply.

Opting Out: You may decline AI-assisted documentation via Jane App. The practitioner will take manual notes instead. Declining does not affect the quality or availability of care.

C. Optional Purposes (Requires Consent)

  • Marketing: Sending you newsletters, wellness tips, or clinic promotions. You may opt out of this at any time.

5. Disclosure of Personal Data

We do not sell your personal data. We may disclose your data to:

  • Healthcare Partners: Specialists, GPs, or imaging centers involved in your care.
  • Service Providers: Third-party vendors who support our operations (e.g., Jane App for records, Stripe for payments, accounting firms). These vendors are bound by strict confidentiality agreements.
  • Legal & Regulatory Bodies: The Ministry of Health (MOH), insurers (if you file a claim), or law enforcement agencies if required by law.

6. Data Retention

Retention Period

As healthcare best practice, we voluntarily retain clinical records for:

  • Adults: 6 years from the date of your last visit.
  • Minors: Until age 21 OR 6 years from the last visit, whichever is later.

Why We Retain Records

While chiropractic services are not regulated in Singapore and we are not legally bound by Ministry of Health retention requirements, we adopt these retention periods based on:

  • International healthcare standards.
  • Singapore's statute of limitations for legal claims (6 years).
  • Your long-term care continuity.
  • Professional liability insurance requirements (if applicable).

Your Right to Deletion

Under PDPA, you may request deletion of your personal data. However, we may be unable to delete clinical records during the retention period if:

  • Records are needed for potential legal claims (statute of limitations protection).
  • Records are necessary for defending against liability claims.
  • Deletion would breach professional insurance requirements.

If you request deletion:

  • Marketing data will be deleted immediately.
  • Clinical records may be retained per the policy above.
  • We will provide written explanation if we cannot fully comply.

After Retention Period: Records are securely destroyed after the retention period expires, unless ongoing legal claims require extended retention.

7. Cookies & Tracking

Our website uses cookies to improve your browsing experience and facilitate online booking.

  • Essential Cookies: Required for the website and booking portal to function.
  • Analytics Cookies: We use Google Analytics (GA4) to understand how visitors use our site. This service collects anonymized usage data including pages visited, time on site, and referral source. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

You can disable cookies in your browser settings, but this may prevent you from using our online booking system.

8. Your Rights

Under the PDPA, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Withdraw Consent: Withdraw consent for optional uses (e.g., marketing) at any time.

Please note that withdrawing consent for Primary Purposes (e.g., refusing the use of Jane App) may result in us being unable to continue providing you with care.

9. Contact Us

If you have any questions about your privacy or wish to exercise your rights, please contact our Data Protection Officer (DPO):

We respond to all data requests within 30 days, as required under the PDPA.

Effective Date: January 2026 · Last Updated: January 2026

Ready to book an appointment?

Book Your First Visit

Not Sure Yet?

Let's talk about it.

Grab a Coffee