Privacy Policy

Last updated: 29 April 2026

1. Introduction

ApexTruss Pte. Ltd. (UEN: 202616461M) ("ApexTruss", "we", "us", or "our") is committed to protecting the personal data and health information of individuals in accordance with the Singapore Personal Data Protection Act 2012 ("PDPA") and the Health Information Act 2024 ("HIA"). This Privacy Policy describes how we collect, use, disclose, and protect your personal data when you interact with our healthcare platforms and services.

2. Our Role

ApexTruss operates as a technology provider to healthcare clinics in Singapore. We process personal data and health information on behalf of clinic operators (the data controllers) under contractual arrangements. We do not independently determine the purposes of processing health information — this is determined by the clinic you visit.

3. Personal Data We Collect

Depending on how you interact with our platforms, the following categories of personal data may be collected on behalf of your clinic:

4. Purposes for Collection, Use, and Disclosure

Personal data processed through our platforms is used for the following purposes, as directed by your clinic:

We do not sell personal data or health information to third parties. We do not use health information for insurance underwriting, employment decisions, or any non-care purpose.

5. Health Information

Health information processed through our platforms is handled in accordance with the HIA. Our AI systems operate on a facts-only basis — they extract and assemble clinical data but never interpret, diagnose, or generate medical opinions. All clinical decisions remain with your attending doctor.

We do not contribute to the National Electronic Health Record (NEHR). NEHR obligations are handled by your clinic's clinic management system provider.

6. Consent

Your clinic obtains your consent for the collection and use of personal data as part of its patient registration process. By engaging with our platforms (e.g. responding to WhatsApp messages, using the patient portal), you acknowledge that your data is being processed in accordance with this Privacy Policy and your clinic's own privacy notice.

You may withdraw your consent for non-essential processing (e.g. follow-up messages, satisfaction surveys) at any time by informing your clinic or contacting our Data Protection Officer.

7. Data Retention

We retain personal data and health information in accordance with regulatory requirements and our contractual obligations to clinic operators. Audit logs are retained for seven years. When data is no longer required, it is securely deleted or anonymised.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data and health information, including encryption at rest and in transit, role-based access controls, multi-tenant data isolation at the database level, and regular security assessments.

9. Your Rights

Under the PDPA, you have the right to:

To exercise these rights, please contact your clinic directly or reach out to our Data Protection Officer.

10. Incident Response

In the event of a data breach involving health information, we will notify the affected clinic within one hour of confirming the incident, in accordance with our contractual obligations and HIA requirements.

11. Cookies

Our platforms use strictly necessary cookies (session management, authentication) and optional analytics cookies. You may configure your browser to refuse optional cookies without affecting core platform functionality.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page.

13. Contact Us

If you have questions about this Privacy Policy, or wish to exercise your data protection rights, please contact:

Data Protection Officer
ApexTruss Pte. Ltd.
600 North Bridge Road, #11-06 Parkview Square, Singapore 188778
Email: dpo@synaptruss.com