In one paragraph
We collect the name, email, country, and medical summary you submit so a vascular surgeon can review your case. Data is transmitted over TLS 1.3 and stored AES-256 encrypted. We do not sell your data, we do not use it for advertising, and we do not deploy tracking pixels (e.g. Meta Pixel) on patient-facing forms. You may request export or deletion at any time.
1. What we collect
- Identity: full name, country of residence
- Contact: email address (and phone, if you provide one)
- Health information (ePHI): the condition summary you submit, plus any imaging or reports you attach
2. How it's protected
- All transport secured via TLS 1.3.
- At rest: AES-256 encryption.
- Logical separation between identity columns and clinical content; clinical reviewers see pseudonymized records by default.
- Tamper-evident audit logs for every read, write, and export of patient data.
- All third-party processors that touch US patient data are bound by signed Business Associate Agreements (BAA).
3. Right to Erasure (GDPR Art. 17)
EU/UK patients may request complete deletion of their submitted record. Email privacy@sinoheal-global.com from the address you registered with. Confirmed deletions are completed within 30 days.
4. Your other rights
- Right of access — receive a copy of your record
- Right of rectification — correct inaccurate data
- Right to data portability — export in machine-readable form
- Right to withdraw consent at any time, without affecting prior lawful processing
5. What we never do
- Sell or rent your data.
- Use health information for advertising or audience targeting.
- Deploy advertising pixels (Meta, TikTok, etc.) on intake pages.
6. Contact
Data Protection Officer — privacy@sinoheal-global.com