Privacy Policy

PINQ is operated by HealthOS Sdn Bhd, a company incorporated in Malaysia. We are the data controller for information collected through the PINQ mobile application and website (pinq.health).

If you have any questions about this policy, contact us through our contact form.

We collect information in three ways:

Information you provide directly — Your name, email address, phone number, date of birth, pregnancy details (LMP, EDD, gestational age), medical history, lab results, medication records and any other health information you choose to enter into the app.

Information from your care team — With your explicit consent, your clinic or hospital may add visit notes, test results, prescriptions and clinical observations to your record.

Technical information — Device type, operating system, app version, anonymised usage analytics and crash reports to help us improve the app. We do not use advertising identifiers or sell data to advertisers.

We use your information solely to provide and improve the PINQ service:

To maintain your digital pregnancy record, generate your emergency QR card, send appointment reminders, surface personalised health alerts, and share your record with care providers you have explicitly authorised.

We may use anonymised and aggregated data — with all personally identifying information removed — for public health research and product improvement. This data cannot be traced back to you.

We will never sell your personal or health data to third parties.

Your health record is shared only with parties you explicitly authorise through the app's consent controls. This includes:

Clinics and hospitals — you control which facilities have access, for how long, and which sections of your record they can see. Access can be revoked at any time.

Family members — you choose exactly what your partner or family caregiver can view.

Emergency access — your emergency QR card shares a read-only summary (blood type, allergies, EDD, key risks) with any medical provider who scans it. You can disable this feature at any time.

We use trusted third-party cloud infrastructure providers (data hosted in Malaysia or Singapore). These providers are contractually bound to our data protection standards and cannot use your data for their own purposes.

All health data is encrypted at rest and in transit using industry-standard AES-256 encryption. Access to production systems is restricted to authorised personnel only, and every access event is logged.

The app supports offline-first operation — your record is stored securely on your device and synced when connected. Device-level encryption protects your data if your phone is lost or stolen.

Under Malaysian law (PDPA 2010) and applicable regulations, you have the right to:

Access — request a copy of all personal data we hold about you.
Correction — ask us to correct inaccurate data.
Deletion — request deletion of your account and data.
Portability — export your complete record in a machine-readable format.
Withdrawal of consent — revoke clinic or family access at any time in the app's sharing settings.

To exercise any of these rights, contact us through our contact form. We will respond within 30 days.

We retain your data for as long as your account is active. If you delete your account, your personal data is permanently deleted within 30 days. Anonymised aggregate data may be retained for research purposes.

Clinics retain their own copies of visit notes in accordance with Malaysian medical record regulations (minimum 7 years). Deleting your PINQ account does not delete records held by your healthcare providers.

The PINQ family app is designed for use by adults (18+). Newborn and infant records are created and managed exclusively by the mother or legal guardian. We do not knowingly collect personal data directly from children.

We may update this policy from time to time. We will notify you of material changes via in-app notification and email at least 14 days before changes take effect. Continued use of the app after that date constitutes acceptance of the updated policy.