Data Protection & Compliance
KiddoCare is an AI-powered paediatric health guidance app built for parents worldwide. We take the protection of children's health data with the highest seriousness. This document explains how we protect your data, what rights you have, and how we comply with privacy laws across all jurisdictions we operate in.
1. What Data We Collect
Data you provide
- Account information: Email address, display name, profile photo
- Child profiles: Name, date of birth, gender, weight, blood type, allergies, existing conditions, disabilities
- Health observations: Symptom descriptions, triage conversations with our AI assistant, photos of symptoms
- Health diary entries: Temperature, weight, height, medication doses, feeding logs, diaper logs, vaccine records
- Medication records: Medication name, dosage, frequency, duration, pharmacy label scans
- School planner events: Event titles, dates, times, locations, costs, school document scans
- Appointments: Doctor name, clinic, date, time, notes
Data we do NOT collect
- National identity (IC/HKID) numbers
- Financial or banking information (payments processed by Apple/Google)
- Location data (clinic search uses device GPS only during active search, never stored)
- Advertising identifiers (we do not display ads)
2. How We Use Your Data
| Purpose | Legal Basis | Data Used |
|---|---|---|
| Provide AI health guidance | Parental consent | Symptoms, child age/weight/allergies (pseudonymised) |
| Track health diary | Parental consent | Health entries, medications, vaccines |
| Send medication reminders | Parental consent | Medication schedule, push tokens |
| Detect emergencies | Legitimate interest (child safety) | Symptom keywords, triage outcomes |
3. AI Data Processing & Pseudonymisation
Your child's real name is never sent to the AI.
We replace it with a generic placeholder before the data reaches the AI provider. The AI only receives: age (in months or years), weight (if recorded), known allergies, existing medical conditions, and the symptoms you describe.
AI Providers
Anthropic (Claude) — United States
Primary AI health guidance. Commercial Terms with EU Standard Contractual Clauses.
Zero data retention — queries are not stored or used for training.
OpenAI (Whisper) — United States
Voice-to-text processing. Services Agreement with EU SCCs.
Zero data retention — audio processed in real-time, not stored.
AI Transparency
Every AI-generated response in KiddoCare is clearly labelled: "AI-generated. Not reviewed by a healthcare professional."
4. Data Storage & Security
Where your data is stored
| Data Type | Location | Provider |
|---|---|---|
| Account & health records | PostgreSQL database | Railway (US) |
| Photos & documents | Firebase Storage | Google Cloud (Singapore — asia-southeast1) |
| Authentication | Firebase Auth | Google Cloud (US) |
Security measures
- Encryption in transit: TLS 1.2+ on all API communications
- Encryption at rest: AES-256-GCM for all uploaded photos and documents
- Access control: Firebase Authentication with per-user data isolation
- Key management: Per-child encryption keys derived from secure key service
- Storage rules: Firebase Security Rules enforce per-user write access and file size limits
5. Cross-Border Data Transfers
KiddoCare transfers personal data across borders. We have conducted Transfer Impact Assessments (TIAs) as required by Malaysia's Cross-Border Personal Data Transfer Guidelines (effective April 2025):
| Transfer | Destination | Safeguard |
|---|---|---|
| Firebase Storage | Singapore | Google Cloud DPA with EU SCCs |
| AI health guidance (Anthropic) | United States | Explicit consent + zero retention + EU SCCs |
| Voice processing (OpenAI) | United States | Explicit consent + zero retention + EU SCCs |
| Database (Railway) | United States | Railway DPA with contractual safeguards |
6. Your Rights
Under Malaysia PDPA
- Access: Request a copy of all personal data we hold about you and your children
- Correction: Correct any inaccurate personal data
- Withdrawal of consent: Withdraw consent for data processing at any time
- Data portability: Export all your data in machine-readable JSON format
- Deletion: Delete your account and all associated data
Under Hong Kong PDPO
- Access your personal data (we respond within 40 days)
- Request correction of inaccurate data
- Opt out of direct marketing (we do not engage in direct marketing)
Under GDPR (EU/EEA residents)
- Right to erasure (right to be forgotten)
- Right to data portability
- Right to restrict processing
- Right to object to processing
- Right to withdraw consent
- 72-hour breach notification
Under COPPA (US — children's data)
- Verifiable parental consent before collecting children's data
- Parents can review, delete, and refuse further collection of their child's data
- No advertising identifiers for children
How to exercise your rights
- In the app: Profile > Export Data (JSON download) or Profile > Delete Account
- By email: privacy@kiddocareapp.com
- Response time: Within 30 days (40 days for PDPO access requests)
7. Children's Data Protection
KiddoCare is designed with children's privacy as the highest priority:
- Parent-owns-the-account: Only parents/guardians create accounts. Children's data is entered and managed by the parent.
- No direct child interaction: Children do not directly use or interact with the app.
- Pseudonymisation: Children's real names are never sent to AI providers.
- Data minimisation: We collect only what's needed for the guidance features used.
- One-tap deletion: Parents can delete a child's entire profile and all health data at any time.
- No advertising: We do not display ads or use children's data for marketing.
- No third-party sharing: Children's health data is never shared except with the AI providers listed above, solely for generating responses.
8. Medical Disclaimer
KiddoCare is not a medical device and does not provide medical diagnosis, treatment, or monitoring.
- AI-generated guidance is informational only and does not replace professional medical advice
- No licensed healthcare professional has reviewed the AI's responses to your specific queries
- In any medical emergency, call 999 (Malaysia), 999 (Hong Kong), 112 (EU), 911 (US), or your local emergency number
- Always consult a qualified healthcare professional before making medical decisions for your child
9. Data Breach Response
In the event of a data breach affecting personal data:
- Detection & containment: Affected systems isolated within 24 hours
- Notification: Malaysia PDPC notified within 72 hours; affected users notified by email and in-app notification within 72 hours
- Remediation: Root cause analysis, security patches, preventive measures
- Documentation: Full incident report maintained for regulatory review
10. Data Retention & Erasure
| Data Category | Retention Period |
|---|---|
| Account data | Until account deletion |
| Child health records | Until child profile deletion |
| AI conversations | Until observation deletion |
| Medication scans | 90 days after processing |
| Analytics (anonymised) | 12 months |
When you delete your account or a child profile, all associated data is permanently purged from our systems within 30 days, including photos and documents in Firebase Storage.
11. Regulatory Compliance
| Regulation | Jurisdiction | Status |
|---|---|---|
| PDPA (Personal Data Protection Act) | Malaysia | Compliant |
| PDPO (Personal Data Privacy Ordinance) | Hong Kong | Compliant |
| GDPR (General Data Protection Regulation) | EU / EEA | Compliant |
| COPPA (Children's Online Privacy Protection Act) | United States | Compliant |
| APPI (Act on Protection of Personal Information) | Japan | Compliant |
| Apple App Store Guidelines 5.1 | Global | Compliant |
| Google Play Health App Policies | Global | Compliant |
12. Contact Us
Data Protection Officer: Jose Airosa
Email: privacy@kiddocareapp.com
Company: Hanamori Labs, LLC (Delaware, US)
For data erasure requests, please email privacy@kiddocareapp.com or use the "Delete Account" option in the app under Profile. We will process your request within 30 days.