Privacy Policy

Last updated: March 1, 2026

Conxmed Inc. (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal and medical information. This Privacy Policy describes how we collect, use, disclose, and safeguard data when you use the Conxmed platform (“the Platform”).

1. Information We Collect

1.1 Account Information

When you register, we collect your name, email address, role (patient, doctor, hospital staff, or administrator), preferred language, and phone number.

1.2 Medical Data

Depending on your role and use of the Platform, we may process:

• DICOM images — radiology imaging files uploaded by hospitals for interpretation.
• Clinical information — patient references, body parts, modality types, and clinical history submitted with cases.
• Radiology reports — diagnostic findings and impressions authored by reviewing radiologists.
• Tourism inquiry data — treatment types, preferences, budget ranges, and travel dates.

1.3 Communications

Messages exchanged between users through the Platform’s messaging system are stored to facilitate ongoing care coordination.

1.4 Usage Data

We automatically collect device information, browser type, IP address, and usage patterns to improve Platform performance and security.

2. How We Use Your Information

• Service delivery — processing radiology cases, matching patients with clinics, facilitating communication between providers.
• AI-assisted features — powering triage classification, clinic recommendations, and smart case assignment.
• Platform improvement — analytics, performance monitoring, and feature development.
• Security — detecting and preventing unauthorized access, fraud, and abuse.
• Legal compliance — meeting regulatory obligations for medical data retention and reporting.

3. Data Sharing & Disclosure

We share personal and medical data only as follows:

• Between authorized users — hospitals, radiologists, and patients involved in the same case or inquiry, as necessary for care delivery.
• Service providers — infrastructure providers (cloud hosting, storage) that process data on our behalf under strict data processing agreements.
• Legal requirements — when required by law, court order, or regulatory authority.

We do not sell personal or medical data to third parties. We do not use medical data for advertising purposes.

4. Data Security

We implement industry-standard safeguards to protect your data:

• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Row-Level Security (RLS) policies ensuring users can only access data they are authorized to view.
• Role-based access controls separating patient, doctor, hospital, and admin permissions.
• Regular security audits and vulnerability assessments.
• Rate limiting and input validation on all API endpoints.

5. Data Retention

Medical records (radiology cases, reports, DICOM images) are retained for a minimum of 10 years in accordance with healthcare regulations. Account data is retained for the duration of your account plus 2 years after deletion. You may request data export or deletion subject to legal retention requirements.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — request a copy of your personal data.
• Correction — request correction of inaccurate data.
• Deletion — request deletion of your data (subject to legal retention obligations).
• Portability — receive your data in a structured, machine-readable format.
• Restriction — request limitation of processing in certain circumstances.

To exercise these rights, contact us at [email protected].

7. International Data Transfers

Conxmed operates across South Korea and Southeast Asia (Thailand, Vietnam). Your data may be transferred between these jurisdictions as necessary to provide our services. We ensure appropriate safeguards are in place for all cross-border data transfers, including standard contractual clauses and compliance with local data protection laws (Korea’s PIPA, Thailand’s PDPA, Vietnam’s PDP Decree).

8. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising trackers. Analytics cookies (if enabled) are used solely for Platform improvement and can be opted out of via your browser settings.

9. Children’s Privacy

The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect data from minors. If we become aware that a minor has provided personal data, we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-platform notification at least 30 days before taking effect. The “Last updated” date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or to exercise your data rights:

• Email: [email protected]
• Data Protection Officer: [email protected]