Privacy Statement Table of Contents

๐Ÿ”’ Your Privacy Matters: At UMR Holdings International Corp, we are committed to protecting your privacy and maintaining the highest standards of data security. This comprehensive Privacy Statement explains how we collect, use, protect, and share your personal information when you use our innovative healthcare services and patient portal platforms.

A reference in this Privacy Statement to "UMR Holdings International Corp," "we," "us," or "our" refers to UMR Holdings International Corp., and all its affiliates, subsidiaries, successors and/or assigns, hereinafter referred to as ("UNIVERSAL MEDICAL RECORDยฎ").

By accessing our services, you acknowledge that you have read, understood, and agree to the practices and policies outlined in this Privacy Statement. Our services include websites, mobile applications, customer support, training programs, and other related healthcare technology solutions (collectively, the "Services").

Terms of Use Integration: This Privacy Statement is incorporated into and governed by our Terms of Use. Any capitalized terms not defined herein shall have the meanings given to them in our Terms of Use. We recommend reading both documents to fully understand your rights and our obligations.

โš ๏ธ Important Notice: We continuously enhance our Services to provide you with the best healthcare technology experience. This may require updates to our Privacy Statement from time to time.

How we notify you: When material changes are made to this Privacy Statement, we will:

  • ๐Ÿ“ง Send you an email notification (if you have an account with us)
  • ๐ŸŒ Place a prominent notice on our website
  • ๐Ÿ“ฑ Display in-app notifications for mobile users
  • ๐Ÿ“‹ Update the effective date at the top of this document

Your continued use of our Services after any changes to this Privacy Statement constitutes your acceptance of those changes.

What this Privacy Statement Covers

Scope of Coverage: This Privacy Statement comprehensively covers how we handle Personal Data that we collect when you access or use our healthcare services and digital platforms.

Definition of Personal Data: "Personal Data" means any information that identifies or relates to a particular individual, including but not limited to:

  • ๐Ÿ†” Identity information (name, date of birth, government ID numbers)
  • ๐Ÿ“ž Contact details (email, phone, address)
  • ๐Ÿฅ Health and medical information
  • ๐Ÿ’ณ Financial and payment information
  • ๐Ÿ“ฑ Device and usage data
  • ๐Ÿ“ Location information

This term also encompasses what some jurisdictions refer to as "personally identifiable information" or "personal information" under applicable data privacy laws, rules, or regulations including GDPR, CCPA, HIPAA, and India's IT Act 2000.

What's Not Covered: This Privacy Statement does not apply to the practices of third-party companies we don't own or control, or individuals we don't manage or employ.

๐ŸŽฏ Job Applicants: If you're applying for a position with us, please refer to our dedicated Job Applicant Privacy Notice for specific information about how we handle your personal data during the recruitment process.

India's Healthcare Compliance for SCOHNโ„ข Patient Portal

Regulatory Commitment: SCOHNโ„ข is committed to aligning with Indiaโ€™s key healthcare data protection regulations. While we are not yet formally certified under frameworks such as the IT Act, the Personal Data Protection Act, or the Clinical Establishments Act, we are actively working toward achieving alignment and certification as we scale.

๐Ÿ›๏ธ Our Legal Framework Adherence:

  • Information Technology (IT) Act, 2000 & Rules 2011: Comprehensive governance of privacy and security for patient health information (PHI), including sensitive personal data protection
  • Personal Data Protection (PDP) Bill 2023: Strict implementation of guidelines for handling sensitive personal data, with special focus on health records and biometric information
  • Clinical Establishments (Registration and Regulation) Act, 2010: Ensuring standardization and security of electronic medical records (EMR) systems
  • Digital Information Security in Healthcare Act (DISHA): Compliance with healthcare-specific cybersecurity requirements
  • Ayushman Bharat Digital Mission (ABDM) Guidelines: Integration with national health infrastructure while maintaining data sovereignty

๐Ÿ”— Secure Third-Party Integrations

Integration Philosophy: All third-party integrations are designed with privacy-by-design principles and user consent at the core.

1. ๐Ÿ“ง Email Integration (Gmail & Others)

  • Explicit Consent Required: Users can securely link their email accounts to SCOHNโ„ข only with clear, informed consent
  • Read-Only Access: SCOHNโ„ข maintains strictly read-only access and never alters, modifies, or deletes your emails
  • Purpose Limitation: Email access is used solely for organizing appointments, lab reports, prescriptions, and medical communications
  • User Control: Complete ability to de-link email accounts or request immediate data deletion at any time
  • Security Measures: All email data is encrypted in transit and at rest, with no sharing without explicit authorization

2. ๐Ÿ’ฌ WhatsApp Integration

  • Document Upload Capability: Secure upload of medical documents (prescriptions, reports, insurance cards) via WhatsApp
  • Smart Notifications: Receive appointment reminders, medication alerts, and health tips (opt-in only)
  • End-to-End Encryption: All data transmitted through WhatsApp integration is encrypted and stored securely in SCOHNโ„ข systems
  • Revocable Access: Integration can be instantly revoked through account settings with immediate effect
  • HIPAA Compliance: WhatsApp integration follows HIPAA-equivalent security standards for healthcare communications

3. ๐Ÿฅ PHR API Integration (Personal Health Records)

  • Centralized Health Records: Secure fetching of lab reports, vaccination records, imaging results, and medical history with explicit user consent
  • ABDM Compatibility: In progres integration with Ayushman Bharat Digital Mission for seamless health record portability
  • Granular Permissions: Users can grant specific permissions for individual data types and providers
  • Real-Time Revocation: API access can be revoked instantly with immediate cessation of data access
  • Audit Trail: Complete logging of all API access attempts and data synchronization activities
  • Multi-Layer Encryption: Data encrypted during transfer using TLS 1.3 and stored with AES-256 encryption
  • We do not sell or share your data with advertisers, insurance companies, or pharma companies. Any third-party sharing occurs only with trusted healthcare partners for services like diagnostics, telemedicine, or care coordinationโ€”and only with your consent.

๐Ÿ›ก๏ธ Security & Compliance Statement and Future Commitment of Certifications

UMR is currently in the process of understanding and aligning with national and global healthcare data regulations. While we are not yet certified under such as:
  • India's NDHM / Ayushman Bharat Digital Mission
  • United States HIPAA
  • Europe's GDPR
  • ISO 27001 for information security
  • HIPAA Compliance - Healthcare Information Portability and Accountability
  • GDPR Compliant - European Union General Data Protection Regulation
We take user data security very seriously. All patient data is securely hosted on UMR-managed servers in the USA, protected with encryption, access control, and regular security monitoring. As we expand our platform, we intend to migrate to certified infrastructure such as government-approved or healthโ€‘compliant cloud platforms. We are consulting with experts and engaging with relevant bodies to ensure our compliance roadmap is on track. We remain committed to transparency and protecting patient privacy at every stage of this journey.

๐Ÿšจ User Rights & Control:

  • โœ… All data is used strictly for legitimate healthcare services and never shared without explicit consent
  • ๐ŸŽ›๏ธ Users maintain complete control over their data, including granular permissions and instant deletion requests
  • ๐Ÿ” Platform complies with HIPAA, GDPR, and Indian IT regulations with regular third-party security audits
  • ๐Ÿ“ž 24/7 privacy support available for immediate assistance with data concerns

Personal Data Categories We Collect

This chart details the categories of Personal Data that we collect and have collected over the past 12 months:

Category of Personal Data Examples of Personal Data We Collect Categories of Third Parties
Profile or Contact Data
  • First and last name
  • Username
  • Email
  • Phone number
  • Unique identifiers such as passwords
  • Service Providers
  • Advertising Partners
  • Analytics Partners
  • Business Partners
Payment Data
  • Payment card type
  • Last 4 digits of payment card
  • Billing address
  • Service Providers (Stripe, Inc.)
Device/IP Data
  • IP address
  • Device ID
  • Browser information
  • Operating system
  • Service Providers
  • Analytics Partners

Categories of Sources of Personal Data

We collect Personal Data about you from the following categories of sources:

You

  • When you provide such information directly to us
  • When you create an account or use our interactive tools and Services
  • When you voluntarily provide information in free-form text boxes
  • When you send us an email or otherwise contact us
  • When you use the Services and such information is collected automatically

Third Parties

Vendors

  • Analytics providers to analyze how you interact with the Services
  • Third parties that help us provide customer support
  • Vendors to obtain information to generate leads and create user profiles

Advertising Partners

  • Vendors who assist us with marketing or promotional services

Our Commercial or Business Purposes for Collecting Personal Data

Providing, Customizing and Improving the Services

  • Creating and managing your account or other user profiles
  • Processing orders or other transactions; billing
  • Providing you with the products, services or information you request
  • Providing support and assistance for the Services
  • Improving the Services, including testing, research, internal analytics
  • Personalizing the Services, website content and communications
  • Doing fraud protection, security and debugging

Marketing the Services

  • Marketing and selling the Services
  • Showing you advertisements, including interest-based advertising

Corresponding with You

  • Responding to correspondence that we receive from you
  • Sending emails and other communications according to your preferences

Meeting Legal Requirements and Enforcing Legal Terms

  • Fulfilling our legal obligations under applicable law
  • Protecting the rights, property or safety of you or UNIVERSAL MEDICAL RECORDยฎ
  • Enforcing any agreements with you
  • Resolving disputes

๐Ÿ”’ Data Security & Technical Safeguards

๐Ÿ“ก Advanced Encryption Standards: All your personal health information (PHI) and biometric data are protected using industry-leading AES-256 encryption both in transit and at rest. Our security infrastructure meets and exceeds international standards including:

  • ๐Ÿ” End-to-end encryption for all data transmissions
  • ๐Ÿ›ก๏ธ Multi-layered firewall protection with intrusion detection
  • ๐Ÿ”‘ Zero-knowledge architecture ensuring only you can access your decrypted data
  • โšก Regular security audits and penetration testing by certified cybersecurity firms
  • ๐Ÿ”„ Automated backup systems with 99.9% uptime guarantee

๐ŸŒ International Data Transfer Compliance

๐Ÿš€ Cross-Border Data Protection: When your data needs to be processed across international borders for enhanced AI analysis or cloud computing, we ensure full compliance with:

  • ๐Ÿ“‹ Standard Contractual Clauses (SCCs) approved by the European Commission
  • EU GDPR adequacy decisions for data transfers to approved countries
  • US Privacy Shield successor frameworks and US data protection regulations
  • IN Digital Personal Data Protection Act (DPDPA) 2023 compliance for Indian residents
  • ๐ŸŒ Asia-Pacific data localization requirements where applicable

๐Ÿ’พ Data Retention & User Control Policies

๐Ÿ—ƒ๏ธ Smart Retention Framework: We retain Personal Data for as long as necessary to provide our Services, comply with legal obligations, or fulfill business purposes. Our retention policies are designed with user safety and data protection in mind:

  • ๐Ÿฅ Medical Record Protection: To safeguard users, especially elderly, dependent, minor, or vulnerable individuals maintaining their medical records, critical health files cannot be permanently deleted directly. Instead, users can mark files as "archival," "duplicate," or "no longer required" for organized data management.
  • โฐ Automated Cleanup: Non-essential data is automatically purged after predetermined periods based on data sensitivity and legal requirements
  • ๐ŸŽ›๏ธ Granular Control: Users maintain detailed control over data retention preferences for different data types
  • ๐Ÿ”’ Secure Deletion: When data is deleted, we use cryptographic erasure methods ensuring complete data destruction

๐Ÿ“‹ Cancellation and Refund Policy

  • ๐Ÿ’ฐ Refund Terms: Full refunds available within 72 hours of enrollment. Partial refunds may be considered for extenuating circumstances within three weeks of enrollment.
  • ๐Ÿ“ฅ Data Portability Upon Cancellation: Upon cancellation, users receive complete copies of their stored data in machine-readable formats (PDF, JSON, HL7 FHIR) within 48 hours
  • โœ… Cancellation Confirmation: Users receive detailed acknowledgment of cancellation including data retention choices and timeline for account closure
  • ๐Ÿ›ก๏ธ Continued Protection: Even after cancellation, any retained data continues to receive the same security protections until final deletion

๐Ÿ” Security Disclaimer: Although we employ state-of-the-art security measures including encryption, multi-factor authentication, and continuous monitoring, no method of electronic storage or transmission is completely infallible. Users are strongly advised to protect their access credentials and report any suspicious account activity immediately.

๐Ÿ” Advanced Facial Data Collection and Processing

Cutting-Edge Health Monitoring: Our facial analysis technology represents the future of non-invasive health monitoring, providing real-time vital sign analysis through advanced AI and computer vision.

1. ๐Ÿ“ท Collection of Face Data

Technology Overview: We collect facial biometric data exclusively through your device's camera to provide revolutionary health monitoring services including heart rate, blood pressure estimation, oxygen saturation, and stress level analysis. This proprietary technology processes facial micro-expressions and subtle color variations to derive health insights.

Privacy by Design: All facial data is processed in real-time on your local device and is never stored on our servers unless you explicitly choose to save specific health results for your medical record.

2. ๐Ÿง  Use of Face Data

Health Applications: Your facial data powers our AI algorithms to provide:

  • ๐Ÿ’“ Real-time heart rate and rhythm analysis
  • ๐Ÿฉธ Blood pressure estimation and trends
  • ๐Ÿซ Oxygen saturation levels
  • ๐Ÿ˜Œ Stress and mental wellness indicators
  • ๐Ÿ˜ด Sleep quality assessment
  • ๐Ÿƒโ€โ™€๏ธ Fitness and activity recommendations

Local Processing: All computational analysis occurs locally on your device using edge computing technology, ensuring maximum privacy and minimal data exposure.

3. ๐Ÿค Disclosure and Sharing of Face Data

Zero Third-Party Sharing: We never share raw facial data with third parties. Our commitment to your privacy is absolute.

Trusted Technology Partners: When necessary for core functionality, we work only with certified healthcare technology providers who meet our strict privacy and security standards, including:

  • ๐Ÿฅ HIPAA compliance certification
  • ๐Ÿ”’ SOC 2 Type II compliance
  • ๐ŸŒ GDPR compliance for EU users
  • ๐Ÿ“œ Signed Business Associate Agreements (BAAs)

4. โฑ๏ธ Retention of Face Data

Immediate Deletion: Raw facial biometric data is processed in real-time and immediately discarded after analysis. No facial images or biometric templates are stored.

Health Insights Storage: If you choose to save health measurement results, only the derived health metrics (not the source facial data) are securely encrypted and stored in your personal health record. You maintain complete control to delete this data at any time.

5. ๐Ÿ›ก๏ธ Security of Face Data

Protection: We implement state-of-the-art security measures:

  • ๐Ÿ” AES-256 encryption for any stored data
  • ๐Ÿš€ TLS 1.3 for data transmission
  • ๐Ÿ–ฅ๏ธ On-device processing with no cloud dependency
  • ๐Ÿ›ก๏ธ Multi-factor authentication for account access
  • ๐Ÿ“Š Real-time security monitoring and threat detection

6. โš–๏ธ Your Rights and Control

Complete User Autonomy: You have absolute control over facial data processing:

  • ๐Ÿšซ Opt-out of facial analysis features at any time
  • ๐Ÿ—‘๏ธ Request immediate deletion of any saved health results
  • โš™๏ธ Granular control over which health metrics to analyze
  • ๐Ÿ“ฑ Device-level permissions management
  • ๐Ÿ“‹ Access to complete activity logs and data usage reports
  • ๐Ÿ”„ Data portability in standard healthcare formats (HL7 FHIR)

๐Ÿ”ฌ Scientific Validation: Our facial analysis technology is based on peer-reviewed research and has been validated in clinical studies. All health insights should be considered supplementary to professional medical care and not as a replacement for traditional medical diagnostics.

๐Ÿ—‘๏ธ How to Request Deletion

To request deletion of your data, please email privacy@universalmedicalrecord.com with the subject "Data Deletion Request", including your name and registered email/phone.

We will verify and complete the request within 7 days, except where retention is legally required.

๐Ÿ—‘๏ธ

Personal Data of Children

As noted in the Terms of Use, we do not knowingly collect or solicit Personal Data about children under 16 years of age. If you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data.

If a parent or guardian creates an account on behalf of a minor, they are responsible for managing and authorizing access to that child's health records. We do not knowingly collect health data directly from minors without verified parental consent.

โš•๏ธ Important Medical Disclaimer: Our AI-driven health data analysis and symptom suggestion features are designed to supplement, not replace, professional medical care. All health insights, measurements, and recommendations provided by our platform are intended for informational and educational purposes only.

๐Ÿฉบ Professional Medical Consultation Required: Always consult with a qualified, licensed healthcare provider for:

  • Medical diagnosis and treatment decisions
  • Medication management and prescription needs
  • Interpretation of health data and vital signs
  • Management of chronic conditions
  • Any concerning health symptoms or changes

๐Ÿšจ Emergency Medical Situations: SCOHN Health Portal and our facial analysis technology are NOT intended for use in medical emergencies, life-threatening conditions, or acute health situations.

โ›‘๏ธ EMERGENCY PROTOCOL: If you believe you are experiencing a medical emergency, immediately:

  • ๐Ÿš‘ Call your local emergency services (911 in US, 102/108 in India)
  • ๐Ÿฅ Go to the nearest emergency room or urgent care facility
  • ๐Ÿ“ž Contact your primary healthcare provider
  • โš ๏ธ Do NOT rely on our app or platform for emergency medical guidance