Privacy Policy

Last updated: May 2026 · Governing law: Singapore (PDPA 2012)

What we collect

We collect your full name, email address, and the biomarker values extracted from your blood reports. We also store your sex and age if you provide them, as these are used to contextualise your results. We do not store your original uploaded files; they are deleted from our servers immediately after extraction is complete, typically within seconds.

How we use it

Your data is used solely to generate and display your personal health dashboard. If you opted in to communications, we may occasionally send health and longevity insights to your email address. You can unsubscribe at any time.

When you upload a report, the biomarker names (not your values) are used to improve our recognition system for new lab formats. For example, if your report uses an unfamiliar abbreviation for a common marker, it is added to a shared vocabulary table so future uploads from any user recognise it automatically. No personal health values, names, or contact details are part of this system. Only the names of the tests themselves.

Cross-border data transfers

Your uploaded files are processed by AI services based in the United States (Anthropic Claude and OpenAI GPT-4o) for biomarker extraction. This means your data is transferred outside Singapore for the duration of that processing step. Both providers process data solely for the request and do not use API-submitted data for AI model training. No files are retained by these providers beyond the API call.

Your extracted biomarker values are stored in a PostgreSQL database hosted by Railway on servers located in Singapore. No extracted data leaves Singapore except as described above.

Third-party processors

• Anthropic & OpenAI: biomarker extraction from uploaded files. US-based. Data processed per-request only, not retained, not used for model training.
• Railway: database hosting in the Singapore region. Extracted values are stored encrypted at rest and accessible only to this application.
• Email provider: your name and email address are used to send transactional emails such as your dashboard link. Not used for marketing without your explicit opt-in.

Data retention

Raw uploaded files: deleted immediately after extraction, never written to long-term storage. Extracted biomarker values, name, and email: retained for up to 2 years from your last upload, after which records are automatically deleted. You may also request deletion at any time. See Your Rights below.

Your rights

Under Singapore's Personal Data Protection Act 2012, you have the right to access, correct, or delete your personal data at any time. You can delete your data directly from your dashboard using the "Delete my data" link at the bottom of the page. For access or correction requests, email privacy@tauhealth.sg and we will respond within 14 days.

If you believe we have not handled your data in accordance with the PDPA, you may lodge a complaint with the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.

No advertising

We do not serve advertisements. We do not sell your data to any third party under any circumstances.

Cookies

We do not use tracking cookies or analytics. Your dashboard is accessed via a unique URL token. No login or session cookie is required.

Contact

For privacy enquiries: privacy@tauhealth.sg