1. Introduction

Eldercare.asia ("we," "our," "us") is a caregiver productivity application operated from Malaysia. We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our web application at eldercare.asia.

This policy is designed to comply with Malaysia's Personal Data Protection Act 2010 (PDPA) and applicable data protection standards.

2. Data We Collect

When you use Eldercare.asia, we may collect and process the following categories of personal data:

Account Information: Email address, display name, and authentication credentials (via Google Sign-In or email/password).
Health Data: Medication names, dosages, schedules, vital signs recordings, health notes, and medical appointment details that you choose to enter.
Financial Data: Caregiving expense records including amounts, descriptions, and categories that you choose to enter.
Device Data: Browser type, device type, and push notification tokens for medication reminders.
Usage Data: Anonymous analytics data via Google Analytics (page views, session duration) to improve our service.

3. How We Use Your Data

We use your personal data exclusively for:

Providing and operating the Eldercare.asia caregiving tools
Sending medication reminders and appointment notifications
Synchronizing your data across devices securely
Improving and optimizing the application performance
Responding to your support requests

4. Data Storage & Security

Your data is stored using Firebase (Google Cloud Platform) infrastructure. Data is encrypted in transit using TLS and at rest using AES-256 encryption. Firebase servers are located in secure data centers with SOC 1, SOC 2, and ISO 27001 certifications.

Local data on your device is stored using browser storage (localStorage and IndexedDB) for offline access. This data stays on your device and is not accessible to other websites or applications.

5. Data Sharing

We do NOT:

Sell your personal data to any third party
Share your health or financial data with advertisers
Use your health data for marketing purposes
Provide your data to insurance companies or employers

We use the following third-party services that may process limited data on our behalf:

Firebase Authentication: For account management (Google)
Firebase Firestore: For data storage and sync (Google)
Google Analytics: For anonymous usage statistics

6. Your Rights

Under PDPA and applicable data protection laws, you have the right to:

Access: Request a copy of all personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data and account.
Withdraw Consent: Withdraw consent for data processing at any time.
Data Portability: Request your data in a structured, machine-readable format.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete all your personal data within 30 days. Anonymous, aggregated analytics data may be retained indefinitely as it cannot be linked back to you.

8. Children's Privacy

Eldercare.asia is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

10. Contact Us

For privacy-related inquiries, data access requests, or deletion requests, please contact us at:

Email: privacy@eldercare.asia

Website: eldercare.asia

We aim to respond to all privacy inquiries within 3 business days.