Medivault is a personal health record service operated by Novus Digital Initiative(“we”, “us”, “our”). We are committed to protecting your personal data in accordance with applicable data protection laws, including Singapore’s Personal Data Protection Act 2012 (“PDPA”), India’s Digital Personal Data Protection Act 2023 (“DPDP”), and other internationally recognised data protection principles.
Data Protection Contact:
Email: hello@novusdigi.com
We will acknowledge requests within 24 hours and respond within 10 business days.
We collect the minimum data necessary to operate the service.
| Category | Examples | Purpose | Basis |
|---|---|---|---|
| Account data | Email address, hashed password | Authentication and account management | Consent |
| Health records | Documents, lab results, medications, vitals | Providing the personal health record service | Consent |
| Profile data | Name, date of birth, gender, height, weight | Personalising the experience | Consent |
| AI interaction data | Document text sent for analysis, chat messages | AI-powered extraction and health Q&A | Explicit consent (separate AI toggle) |
| Push notification tokens | Browser push endpoint | Medication reminders | Consent (browser permission) |
| Technical Data | IP address, device type, browser version, usage logs | Security monitoring, bug fixing, and platform optimisation | Legitimate Interests |
Medivault is built on a zero-knowledge architecture. All health records, documents, medications, lab results, and vitals are encrypted on your device before being transmitted, using:
Encrypted data is stored on infrastructure hosted in Singapore (ap-southeast-1), operated by Supabase, Inc. We maintain security through regular internal reviews, adherence to industry best practices, and the fundamental principle of data minimisation.
We engage the following sub-processors to deliver the service.
Supabase, Inc.
Role: Cloud database and file storage. Processes encrypted ciphertext only — Supabase cannot read your plaintext health data.
Location: Singapore (ap-southeast-1)
Privacy Policy →OpenAI, L.L.C. — only when AI features are enabled
Role: AI-powered document analysis and health Q&A. When you enable AI features and analyse a document, the plaintext content of that document is transmitted to OpenAI’s servers for processing. When you use the AI chat or health summary features, structured health data (age, conditions, medications, lab values, vitals) is transmitted — your name and date of birth are not included in chat requests.
Data retention: Zero data retention is enforced at both the API call level (store=false on every request) and the organisation level (OpenAI Zero Data Retention agreement). OpenAI does not store, log, or use your data for any purpose after each request completes.
Location: United States
OpenAI API Data Usage Policy →We do not sell your data. We do not use your health records for advertising. We do not share your data with any party beyond the sub-processors listed above.
AI features are entirely optional and off by default. You must explicitly enable them. When enabled, data is processed as follows depending on the feature used.
Document analysis (Analyse with AI)
What is sent: The full plaintext content of the document you choose to analyse — this includes all text visible in the document, such as clinical findings, medication names, lab values, doctor details, and any patient-identifying information printed on the document (name, date of birth, address).
Why: Extracting structured medical data (medications, diagnoses, lab results) from an unstructured document requires the AI model to read the full document. It is not possible to remove identifying information before this step, as the document has not yet been read or structured.
What happens next: The AI returns structured data (medication names, dosages, lab values, diagnoses). That structured data is returned to your device, encrypted with your master key, and saved. The AI provider does not store the original document or the result.
AI chat and health summaries (Ask AI)
What is sent: Structured health context derived from your already-stored records — your age (not date of birth), gender, height, weight, chronic conditions, active medications with dosages, vital readings, lab results, and visit dates. Your full name and date of birth are not transmitted for these requests. Document filenames are not transmitted.
Why: The AI requires health context to answer questions about your records. Only the minimum structured data needed to answer the query is included.
Retention: Zero data retention is enforced on every AI API call. OpenAI is contractually prohibited from storing, logging, or using your data for any purpose after each request completes. This applies to both document analysis and chat requests.
Basis: Your explicit consent, given via the AI toggle during onboarding or in Settings.
Withdrawing consent: Turn AI off in Settings at any time. No further data will be sent to OpenAI. Previously extracted and stored records remain in your vault, encrypted as always.
Your encrypted data is stored in Singapore. AI processing occurs in the United States. When we transfer data across borders, we ensure adequate safeguards are in place, including Standard Contractual Clauses and strict vendor obligations. We apply the principle of data minimisation — only the minimum necessary data is transferred for each operation.
Regardless of where you are located, you have the following rights over your personal data:
Access: You can view all your health records within the app at any time. Your data is decrypted locally on your device.
Correction: You can edit any record, medication, vital, or profile field directly in the app.
Erasure / Right to be Forgotten: You can delete your entire account and all associated data from Settings → Delete Account. Deletion is permanent and cascading — all database records and stored files are removed.
Withdraw consent: You can withdraw AI consent at any time via Settings. You can delete your account at any time.
Complaints: Contact us at hello@novusdigi.com. You may also lodge a complaint with your local data protection authority.
In the event of a personal data breach that is likely to result in significant harm, we will notify affected users and relevant authorities within 72 hours of becoming aware. Because all health data is encrypted with keys only you hold, a breach of our servers would expose metadata and encrypted ciphertext only; your actual health records remain inaccessible to any unauthorised party.
Medivault is not intended for use by persons under 18. We require age confirmation during signup and do not knowingly collect personal data from minors. If you believe a minor’s data has been submitted, contact hello@novusdigi.com and we will delete it promptly.
We will notify you of material changes by email or in-app notification at least 30 days before they take effect. Continued use after the effective date constitutes acceptance of the updated policy.
This policy is governed by the laws of Singapore. Where you are located in a jurisdiction with its own data protection requirements, such as India, we comply with those requirements (including the DPDP Act 2023) to the extent they apply to our service.
In accordance with the India Digital Personal Data Protection Act (DPDP) 2023, users in India have specific rights including the right to correction, completion, and erasure. For any grievances or to exercise your rights, please contact our Grievance Officer:
Grievance Officer:
Email: hello@novusdigi.com
Address: Novus Digital Initiative, Singapore
Data Protection contact / complaints:
hello@novusdigi.com
We acknowledge within 24 hours and respond within 10 business days.