Privacy Policy - Global Health

1. Introduction

Global Health ("we," "our," or "us") operates the website ghealthorg.com and related services (collectively, the "Platform"). We are an international health management platform connecting patients with hospitals, health tracking tools, AI-powered analysis, and health content.

This Privacy Policy explains how we collect, use, store, protect, and share your personal data when you use our Platform. It applies to all users worldwide, including those in Japan, China, the United States, the European Union, and other regions.

By using the Platform, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following categories of personal data:

Category	Data Collected	Purpose
Account Information	Email address, full name, phone number	Account creation, authentication, communication
Profile Data	Basic profile information, preferences, language settings	Personalization and user experience
Health Report Data	Uploaded PDF documents, images of medical reports, extracted health metrics	AI-powered health analysis, report generation
Health Metrics	Blood glucose, blood pressure, heart rate, weight, SpO2, and other tracked metrics	Health tracking dashboard and trend analysis
Booking Information	Appointment details, hospital preferences, treatment selections, booking deposits	Medical booking and referral services
Authentication Data	LINE OAuth tokens, email OTP verification codes	Secure login and identity verification
Payment Data	PayPal payment tokens, WeChat Pay transaction references	Deposit collection for bookings (we do NOT store full credit card numbers)
Communication Data	Chat messages with AI chatbot, customer support inquiries	AI assistance, customer support, quality improvement
Anonymous Analytics	Page views, referrer, browser type (aggregated, non-identifying)	Platform usage analysis via GoatCounter

What We Do NOT Collect

We do NOT collect credit card numbers or full financial account details (payments are processed by PayPal and WeChat Pay directly)
We do NOT collect sensitive genetic data or biometric data beyond what you voluntarily upload in health reports
We do NOT collect precise geolocation data without your explicit consent

3. How We Use Your Data

We use your personal data for the following purposes:

Platform Operation: To create and manage your account, authenticate your identity (email OTP / LINE OAuth), and provide Platform services.
Health Analysis: To send health report data (PDFs, images) to the DeepSeek AI API for automated analysis and metric extraction. You can read DeepSeek’s privacy practices at deepseek.com/privacy.
Hospital Matching: To match you with appropriate hospitals and healthcare providers based on your condition, budget, and preferences.
Booking and Payments: To process booking deposits through PayPal and WeChat Pay, and facilitate hospital appointment scheduling.
Communication: To send account-related notifications, health alerts, and respond to your inquiries.
Analytics: To analyze Platform usage patterns via GoatCounter (anonymous, no cookies required) for improving our services.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Data Storage and Security

Storage Location

Your data is stored in PostgreSQL databases hosted on Render in the Singapore (asia-southeast1) region. Render is a cloud infrastructure provider with SOC 2 compliance. For more information, see render.com/security.

Security Measures

All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS).
Passwords are hashed using industry-standard algorithms (bcrypt).
API access is secured via API keys and Bearer token authentication.
Database access is restricted to authorized services only.
Health report data is processed in-memory during AI analysis and not permanently stored by third-party AI services.

Data Breach Notification

In the event of a data breach that affects your personal data, we will notify you via email within 72 hours of becoming aware of the breach, as required by applicable law.

5. Third-Party Services

We use the following third-party services to operate our Platform. Each service has its own privacy practices:

Service	Purpose	Data Shared	Privacy Policy
DeepSeek AI	AI health report analysis (metric extraction from PDFs/images)	Health report files (PDF, images) temporarily for analysis	deepseek.com/privacy
LINE	OAuth login and authentication	LINE profile info (email, display name)	line.me/en/privacy
PayPal	Payment processing for booking deposits	Transaction amount, booking reference (no card details stored by us)	paypal.com/privacy
WeChat Pay	Payment processing for booking deposits	Transaction amount, booking reference (no card details stored by us)	pay.weixin.qq.com
GoatCounter	Anonymous website analytics	Aggregated, non-personal data (page views, browser type)	goatcounter.com/privacy
QQ Email (SMTP)	Sending email OTP verification codes and notifications	Your email address	service.mail.qq.com
Render	Cloud hosting (PostgreSQL database, web services)	All stored user data	render.com/privacy

Important Notes About Third-Party Data Processing

DeepSeek AI: Health report data is sent temporarily for analysis only. We do not authorize DeepSeek to use your health data for model training or any purpose beyond providing the analysis service to us.
Payments: All payment processing happens on PayPal and WeChat Pay secure servers. We only receive payment confirmation and transaction references.
Analytics: GoatCounter is privacy-focused and does not use cookies or collect personally identifiable information.

6. Data Retention

We retain your personal data only as long as necessary to provide the Platform services and fulfill the purposes described in this policy:

Data Type	Retention Period
Account Information	Until account deletion + 90 days for backup rotation
Health Report Data	Until account deletion or your request to remove
Health Metrics	Until account deletion or your request to remove
Booking Records	3 years after last booking (legal/regulatory requirements)
Payment Records	5 years after transaction (tax and financial regulations)
Communication (Chat)	2 years after last message
Analytics Data	Indefinitely (aggregated, non-personal data)

When data is no longer needed, it is securely deleted or anonymized.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access

You have the right to request a copy of the personal data we hold about you.

Correction

You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly through your account settings.

Deletion ("Right to Be Forgotten")

You have the right to request deletion of your personal data. To request data deletion, please email us at hikaru0701@qq.com with the subject line "Data Deletion Request." We will process your request within 30 days.

Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format.

Object to Processing

You have the right to object to the processing of your personal data for direct marketing or legitimate interests.

Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

To exercise any of these rights, contact us at hikaru0701@qq.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8. Cookie Policy

Global Health uses minimal cookies and similar tracking technologies:

Type	Purpose	Duration
Session Cookies	Essential for user authentication and maintaining login state	Session (deleted when browser is closed)
CSRF Tokens	Security protection against cross-site request forgery	Session
Language Preference	Remembers your language selection (EN/ZH/JA)	1 year

No tracking cookies: We do not use Google Analytics, Facebook Pixel, or any advertising/tracking cookies. Our analytics are powered by GoatCounter, which is privacy-focused and does not use cookies or collect personal data.

If you are in a jurisdiction requiring cookie consent (e.g., EU/EEA), a cookie consent banner will be displayed upon your first visit, allowing you to manage your preferences.

9. International Data Transfers

As a global platform operating in Japan, China, and the USA, your personal data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

Singapore (Primary): Your data is primarily stored in Render’s Singapore data center (asia-southeast1).
Japan: Some Platform operations involve Japanese hospitals and healthcare providers.
USA: DeepSeek AI and PayPal are US-based services. Data transfers to the US are protected by Standard Contractual Clauses (SCCs) or equivalent safeguards.
China: WeChat Pay operates under Chinese data protection laws including the Personal Information Protection Law (PIPL).

For users in the European Economic Area (EEA), we ensure adequate data protection measures, including Standard Contractual Clauses where required.

10. GDPR Compliance (EU/EEA Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Lawful Basis: We process your data based on: (a) your consent, (b) performance of a contract, (c) legitimate interests (improving our Platform), and (d) legal obligations.
Data Protection Officer (DPO): For GDPR-related inquiries, contact hikaru0701@qq.com.
Complaint to Authority: You have the right to lodge a complaint with your local data protection supervisory authority.
Automated Decision-Making: We use AI for health report analysis and hospital matching. You have the right to request human intervention in significant decisions based on automated processing.
Data Processing Agreement (DPA): Available upon request for our enterprise users.

11. Japan & China Privacy Compliance

Japan (APPI)

For users in Japan, we comply with the Act on the Protection of Personal Information (APPI). Key points:

We handle personal information ("kojin joho") with appropriate security measures.
We will notify you of the purpose of data collection at the time of collection.
You have the right to request disclosure, correction, or cessation of use of your personal information.
Contact for APPI-related inquiries: hikaru0701@qq.com.

China (PIPL)

For users in China, we comply with the Personal Information Protection Law (PIPL):

We obtain separate consent for sensitive personal information (health data).
Health report data is considered "sensitive personal information" under PIPL.
You have the right to know about and consent to data transfers to third parties.
You can withdraw consent and request deletion at any time.

12. Data Sharing and Disclosure

We Do NOT Sell Your Data

NO DATA SOLD Global Health does not sell, rent, or trade your personal data to third parties for their marketing or advertising purposes.

When We May Disclose Data

We may share your personal data in the following limited circumstances:

With Your Consent: When you explicitly authorize us to share data with a hospital or healthcare provider for booking purposes.
Service Providers: With third-party services listed in Section 5 above, who are contractually bound to protect your data.
Legal Requirements: When required by law, court order, or governmental regulation.
Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to you.

13. Children’s Privacy

Global Health is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hikaru0701@qq.com so we can delete the information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on this page with a new "Last Updated" date
Sending an email notification to your registered email address for significant changes

We encourage you to review this policy periodically. Your continued use of the Platform after changes constitutes acceptance of the updated policy.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: hikaru0701@qq.com

Data Deletion Requests: Send to hikaru0701@qq.com with subject "Data Deletion Request"

GDPR / APPI / PIPL Inquiries: hikaru0701@qq.com

AI Agent & Business Inquiries: hikaru0701@qq.com

We will acknowledge receipt of your request within 5 business days and respond within 30 days.

16. Governing Law

This Privacy Policy is governed by the laws of Japan, without regard to its conflict of law provisions. For users in the European Union, this policy also respects rights granted under the GDPR. For users in China, this policy also respects rights granted under the PIPL.