Privacy Policy

This Privacy Policy explains how Enigma Health Pte Ltd, a private limited company incorporated in Singapore ("Enigma Health", "we", "our", or "us"), collects, uses, discloses, stores, and protects information when you use the Enigma Health platform ("Platform").

This Policy is designed to be transparent about our data handling practices and to assure users that Enigma Health is committed to user privacy, security, and data sovereignty.

1. Introduction

At Enigma Health, we respect the privacy of our users. Our services are built around the principle of data minimalism, and we intentionally do not collect, store, or process any personally identifiable information (PII) in the course of providing our core services.

We believe that your data—whether inputs, prompts, or generative AI outputs—should remain yours and under your exclusive control.

2. Scope and Application

This Privacy Policy applies to:

• All users and account holders of the Enigma Health Platform;
• All sessions and interactions you have with the Platform;
• All AI-generated content or responses processed through our system;
• All integrations or optional connections you may establish with third-party services.

This Policy does not govern data handling practices by third-party providers such as cloud infrastructure platforms, which are subject to their own independent privacy policies and terms of service.

3. Data We Collect

3.1 General Account Metadata

To enable user access, monitor system health, and prevent abuse, Enigma Health may collect and temporarily retain minimal metadata, which may include:

• Pseudonymous or system-generated user ID;
• Encrypted session token;
• General usage preferences or selected settings (e.g., language);
• Timestamps for session initiation and expiration.

This metadata is non-personal, non-identifying, and never used to link behavior to real-world identities.

4. AI Input and Output Data

• The data you submit to the Platform (e.g., prompts, queries, instructions) and the outputs you receive (e.g., text responses, code completions) are ephemeral
• Enigma Health does not retain, index, or log this data beyond the scope of the active session
• We do not reuse your inputs or outputs for model training, evaluation, analytics, or internal development

Once your session ends, all input/output data is automatically and irreversibly discarded from our systems.

5. No Collection of PII

We do not collect or request any of the following:

• National IDs, NRICs, or passport information;
• Financial information, billing data, or credit card numbers;
• Medical, biometric, or sensitive personal data.

If you voluntarily input any PII into a prompt or message, it is processed temporarily and automatically discarded. We strongly advise against submitting PII.

6. Use of Information

We use the minimal data we collect solely to:

• Authenticate users and manage session access;
• Maintain and improve platform reliability (e.g., uptime tracking, error detection);
• Prevent abuse, unauthorized use, or excessive resource consumption;
• Meet legal or compliance obligations, if and only if required by applicable law.

We do not use your data for advertising, profiling, third-party data enrichment, or commercial resale.

7. Use of Third-Party Cloud Providers

7.1 Infrastructure Providers

Enigma Health may be hosted on secure and industry-standard cloud service providers such as:

• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Microsoft Azure

When you use the Platform, certain data may transit through or be processed temporarily on these third-party infrastructures.

8. No Control or Responsibility for Cloud Storage

You acknowledge and agree that:

• Enigma Health has no ownership or operational control over these external providers;
• These cloud services are subject to their own data protection policies;
• Enigma Health shall not be held liable for any loss, breach, or unauthorized access of data attributable to the cloud provider or your own configuration.

9. Security and Data Protection

Enigma Health implements appropriate technical and organizational measures to protect system integrity and prevent unauthorized access, including:

• TLS encryption for all data in transit;
• Session-based authentication with token expiration;
• Access controls and audit logging for internal system administrators;
• Regular patching and system hardening.

However, no online platform is fully immune to security threats. We recommend users exercise due caution and implement independent data safeguards where needed.

10. International Data Transfers

Enigma Health operates from Singapore, and does not knowingly transfer any data across jurisdictions. Since we do not store your content, any international data movement that occurs is incidental to routing via infrastructure providers and is not logged, saved, or retained.

11. Data Subject Rights

Although we do not collect personal data, if you believe that your rights under Singapore's Personal Data Protection Act (PDPA) or other applicable data protection laws are affected, you may:

• Request confirmation that no personal data has been collected;
• Request removal or deletion of any accidentally submitted data (if it has not already been discarded automatically);
• Contact our Data Protection Officer for any inquiries related to privacy.

We will respond to valid requests within a reasonable timeframe in accordance with applicable laws.

12. Policy Updates

This Privacy Policy may be updated periodically to reflect:

• Changes to our data practices;
• New features or integrations;
• Amendments to regulatory requirements.

When material changes are made, we will provide notice via the Platform for a reasonable duration. You are responsible for reviewing the latest version each time you use the Platform. Continued use indicates your agreement to the updated Policy.

13. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact: