Privacy Policy

Last updated: May 25, 2026

Introduction

Valiance Health (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

As a healthcare analytics company, we maintain the highest standards of data protection in compliance with applicable laws, including the Malaysia Personal Data Protection Act 2010 (PDPA), the United States Health Insurance Portability and Accountability Act (HIPAA), and other relevant regulations.

Contracting Entities

Depending on where you are located, you may be contracting with one of the following entities:

Valiance Health Inc. — 1303 West Valencia Drive, #327, Fullerton, California 92833, United States. Serves customers in the United States.

Valiance Health Sdn. Bhd. — 72, Plaza Danau 2, Jalan 2/109F, Taman Danau Desa, 58100 Kuala Lumpur, Malaysia. Serves customers in Malaysia and other APAC regions.

References to “Valiance Health,” “we,” “our,” or “us” in this Policy refer to the applicable contracting entity for your region.

Our Data Handling Model

Valiance Health hosts and processes customer data — including Protected Health Information (PHI) where applicable — within Amazon Web Services (AWS) infrastructure.

  • US customers (HIPAA-covered entities): Data is processed under a Business Associate Agreement (BAA). Data is stored within the AWS US East (Ohio) region (us-east-2).
  • Malaysian and other APAC customers: Data is processed under a Data Processing Addendum (DPA) aligned to the Personal Data Protection Act 2010 (PDPA). Data is stored within the AWS Asia Pacific (Malaysia) region (ap-southeast-5), maintaining data residency within Malaysia.
  • Other regions: Available on request. We work with customers to accommodate specific regional data residency requirements.

In all cases, customers retain ownership and control of their data. Valiance acts as a data processor (or Business Associate under HIPAA) — we process data on your behalf, pursuant to your instructions, and subject to the applicable BAA or DPA.

Information We Collect

Business Contact Information

We collect limited business contact information for service delivery purposes:

  • Contact information (name, business email address, phone number, company name)
  • Account credentials when you create an account with us
  • Communications you send to us (emails, form submissions, support requests)
  • Professional information (job title, organization, role)

Information Collected Automatically

  • Device information (browser type, operating system)
  • Log data (IP address, access times, pages viewed)
  • Cookies and similar tracking technologies (with your consent where required)
  • Usage patterns and preferences

What We Do NOT Collect from Website Visitors and Business Contacts

The following categories of information are not collected through our website or from business contacts:

  • Personal identification numbers (NRIC, passport numbers, etc.)
  • Financial account information

Note on Service Data: Data that our customers submit to Valiance Health's platform as part of their service subscription (“Service Data”), including any PHI, is governed by the applicable BAA or DPA rather than this Privacy Policy. Customers are responsible for the accuracy and lawfulness of Service Data they provide.

Data Sovereignty and Regional Processing

We respect data sovereignty requirements and maintain regional infrastructure to ensure compliance:

Malaysia

For Malaysian clients, all data processing and storage is performed within the AWS Asia Pacific (Malaysia) region (ap-southeast-5). This ensures full compliance with Malaysian data residency requirements under the PDPA and maintains data sovereignty within Malaysian borders.

United States

For US clients, data is processed within the AWS US East (Ohio) region (us-east-2), in accordance with applicable US laws and the terms of the applicable BAA.

Other Regions

We work with clients to ensure data processing occurs in compliance with local regulations and can accommodate specific regional requirements upon request.

PDPA Malaysia Compliance

In compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia, we adhere to the following principles:

  • General Principle: Personal data is processed lawfully and only for purposes directly related to our business activities
  • Notice and Choice Principle: We inform data subjects of the purposes for which their data is collected and provide choices regarding its use
  • Disclosure Principle: Personal data is not disclosed without consent except as permitted by law
  • Security Principle: We implement appropriate security measures to protect personal data from unauthorized access, processing, or disclosure
  • Retention Principle: Personal data is not kept longer than necessary for the fulfillment of its purpose
  • Data Integrity Principle: We take reasonable steps to ensure personal data is accurate, complete, and up to date
  • Access Principle: Data subjects may request access to and correction of their personal data

Malaysian data subjects may contact us to exercise their rights under the PDPA, including rights of access and correction.

HIPAA Compliance

For healthcare organizations and covered entities in the United States:

  • Valiance Health acts as a Business Associate under HIPAA
  • We enter into Business Associate Agreements (BAAs) with covered entities as required by 45 CFR Part 164
  • We implement administrative, physical, and technical safeguards as required by the HIPAA Security Rule
  • We maintain comprehensive privacy and security policies and procedures in compliance with the HIPAA Privacy Rule and Security Rule
  • In the event of a breach of unsecured PHI, we will notify affected covered entities without unreasonable delay and in no case later than 60 calendar days following discovery of the breach, as required under 45 CFR § 164.410

Sub-Processors

We engage third-party service providers (“sub-processors”) to support the delivery of our platform and services. Sub-processors operate under contractual obligations consistent with our privacy and security commitments. Categories of sub-processors include:

  • Cloud infrastructure providers — for hosting, storage, and compute
  • Observability and monitoring tooling — for performance, logging, and security monitoring
  • Customer support tooling — for managing support requests and communications

We do not publish the names of individual sub-processors on our public website. Customers may request the current sub-processor list in writing; it is made available under confidentiality. To receive notifications of material changes to our sub-processor list, please email admin@valiancehealth.ai to be added to the notification list.

How We Use Your Information

We use the business contact information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Respond to your comments, questions, and requests
  • Send technical notices, updates, and administrative messages
  • Communicate about products, services, and events (with consent where required)
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent security incidents
  • Comply with legal obligations

Data Sharing and Disclosure

We may share your information in the following limited circumstances:

  • Service Providers: With vendors and service providers who need access to perform services on our behalf, under appropriate contractual protections
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice
  • Legal Requirements: When required by law or to respond to valid legal process
  • Protection of Rights: To protect the rights, privacy, safety, or property of Valiance Health, our clients, or others
  • With Your Consent: When you have given us explicit permission to share your information

We do not sell your personal information to third parties.

Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and multi-factor authentication
  • Regular security assessments and penetration testing
  • Employee training on data protection and security awareness
  • Incident response and breach notification procedures
  • SOC 2 Type II compliance
  • Regular third-party security audits

Data Retention

We retain your business contact information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Specific retention periods are as follows:

  • Business records (contracts, invoices, correspondence): retained for 7 years from the date of creation or last activity, in accordance with applicable legal and regulatory requirements
  • Account data: deleted or anonymized within 30 days of service termination or upon your request, unless retention is required by law

For Malaysian data subjects, we comply with the PDPA retention principle. Any data not covered by the above periods will be retained only as long as necessary for the stated purpose and then securely deleted or anonymized.

Your Rights and Choices

Depending on your location, you may have the following rights:

Under PDPA Malaysia:

  • Right of Access: Request access to your personal data held by us
  • Right of Correction: Request correction of personal data that is inaccurate, incomplete, or outdated
  • Right to Withdraw Consent: Withdraw consent for processing where consent was the basis
  • Right to Prevent Processing: Request that we cease processing your personal data in certain circumstances

Additional Rights (where applicable):

  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Opt-out: Opt out of marketing communications at any time by contacting support@valiancehealth.com

To exercise your data protection rights or contact our Data Protection Officer, please write to admin@valiancehealth.ai. We will respond within the timeframes required by applicable law.

Cookies and Tracking

We use cookies and similar technologies to collect information about your browsing activities. Where required by law, we obtain your consent before placing non-essential cookies.

You can manage your cookie preferences through your browser settings. Note that disabling cookies may affect the functionality of our website.

Cross-Border Data Transfers

We minimize cross-border data transfers by maintaining regional infrastructure. Where transfers are necessary:

  • For Malaysian data: We comply with Section 129 of the PDPA regarding transfers outside Malaysia
  • For transfers to countries without an adequate level of data protection, we rely on Standard Contractual Clauses (SCCs) as approved by the relevant supervisory authorities, which contractually bind the recipient to provide equivalent protections to those in the originating jurisdiction
  • We implement additional technical safeguards (such as encryption) where appropriate to supplement contractual protections
  • We ensure receiving parties provide comparable levels of data protection and are subject to regular review

Children's Privacy

Our services are business-to-business services not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we may provide additional notice such as email notification. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your data protection rights, please contact us:

Privacy & Data Protection Officer matters

Rights requests, Data Processing Addendum inquiries, BAA questions, complaints

Valiance Health

Dr. Ridhwan Hassan, Co-founder & Data Protection Officer

Email: admin@valiancehealth.ai

Service-related matters

Support requests and promotional email opt-out

Email: support@valiancehealth.com

For Malaysian data subjects, you may also lodge a complaint with the Personal Data Protection Department (JPDP) if you believe your rights under the PDPA have been violated.