SECURITY & PDPA
Patient data stays in Singapore. PDPA-clean by design.
Three facts your PDPA officer will want. DPO replies in 24 hours.
PDPA POSITION
Where your patient data lives, and where it does not.
Clinic-identifiable data — patient records, call transcripts, bookings — stays on Singapore infrastructure. Cross-border transfers only carry non-identifying data (analytics, error tracking) and are anonymised before they leave.
PDPA Section 26 does not mandate Singapore residency. It requires comparable standard of protection for overseas transfers. We chose residency for clinic-identifiable data as a trust commitment + latency win, not because regulation forced it. Full sub-processor register and DTIA available from dpo@connectify.ai.
DATA HANDLING
Your patient data stays in Singapore.
Singapore-resident for the data that matters
Patient information, clinic records, and call transcripts stay on Singapore infrastructure. Voice and SMS run through Singapore phone routes. The data that identifies your patients does not leave the country.
30-day notice before any change
We do not add a vendor or change a region without telling you. Notice goes to your PDPA officer 30 days ahead, with a refreshed Data Transfer Impact Assessment attached.
Auditors get the full register on request
If your PDPA officer or compliance team needs the full vendor list — names, regions, DPA links, DTIA filings — they email our DPO and get it within 24 hours.
🇸🇬PDPA-clean. PSG-eligible. Singapore-built.
- 8 sub-processors
- dpo@connectify.ai
- Read our DTIA