Privacy Policy

Last updated: February 2026

Introduction

Valiance Health (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

As a healthcare analytics company, we maintain the highest standards of data protection in compliance with applicable laws, including the Malaysia Personal Data Protection Act 2010 (PDPA), the United States Health Insurance Portability and Accountability Act (HIPAA), and other relevant regulations.

Important: Our Data Handling Approach

Valiance Health does not collect, store, or retain any Protected Health Information (PHI) or Personally Identifiable Information (PII) in our databases.

Our analytics platform is designed to process data within our clients' secure environments. We provide tools and insights without requiring the transfer or storage of sensitive patient or personal data to our systems. All healthcare data remains under our clients' control and within their infrastructure.

This architecture ensures maximum privacy protection and compliance with data protection regulations across all jurisdictions we operate in.

Information We Collect

Business Contact Information

We collect limited business contact information for service delivery purposes:

  • Contact information (name, business email address, phone number, company name)
  • Account credentials when you create an account with us
  • Communications you send to us (emails, form submissions, support requests)
  • Professional information (job title, organization, role)

Information Collected Automatically

  • Device information (browser type, operating system)
  • Log data (IP address, access times, pages viewed)
  • Cookies and similar tracking technologies (with your consent where required)
  • Usage patterns and preferences

What We Do NOT Collect

Data Sovereignty and Regional Processing

We respect data sovereignty requirements and maintain regional infrastructure to ensure compliance:

Malaysia

For Malaysian clients, all data processing and storage is performed within the AWS Asia Pacific (Malaysia) region (ap-southeast-5). This ensures full compliance with Malaysian data residency requirements under the PDPA and maintains data sovereignty within Malaysian borders.

Other Regions

We work with clients to ensure data processing occurs in compliance with local regulations and can accommodate specific regional requirements upon request.

PDPA Malaysia Compliance

In compliance with the Personal Data Protection Act 2010 (PDPA) of Malaysia, we adhere to the following principles:

  • General Principle: Personal data is processed lawfully and only for purposes directly related to our business activities
  • Notice and Choice Principle: We inform data subjects of the purposes for which their data is collected and provide choices regarding its use
  • Disclosure Principle: Personal data is not disclosed without consent except as permitted by law
  • Security Principle: We implement appropriate security measures to protect personal data from unauthorized access, processing, or disclosure
  • Retention Principle: Personal data is not kept longer than necessary for the fulfillment of its purpose
  • Data Integrity Principle: We take reasonable steps to ensure personal data is accurate, complete, and up to date
  • Access Principle: Data subjects may request access to and correction of their personal data

Malaysian data subjects may contact us to exercise their rights under the PDPA, including rights of access and correction.

HIPAA Compliance

For healthcare organizations and covered entities in the United States:

  • Valiance Health operates as a Business Associate under HIPAA where applicable
  • We enter into Business Associate Agreements (BAAs) with covered entities as required
  • Our platform architecture is designed to avoid the need for PHI transmission to our systems
  • Where any incidental exposure to PHI may occur, we maintain comprehensive policies and procedures to ensure compliance with HIPAA Privacy and Security Rules
  • We implement administrative, physical, and technical safeguards as required by HIPAA

Note: Because Valiance Health does not store PHI in our databases, our role under HIPAA is limited. Our analytics tools process data within client environments, minimizing HIPAA compliance obligations while maximizing data protection.

How We Use Your Information

We use the business contact information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Respond to your comments, questions, and requests
  • Send technical notices, updates, and administrative messages
  • Communicate about products, services, and events (with consent where required)
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent security incidents
  • Comply with legal obligations

Data Sharing and Disclosure

We may share your information in the following limited circumstances:

  • Service Providers: With vendors and service providers who need access to perform services on our behalf, under appropriate contractual protections
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice
  • Legal Requirements: When required by law or to respond to valid legal process
  • Protection of Rights: To protect the rights, privacy, safety, or property of Valiance Health, our clients, or others
  • With Your Consent: When you have given us explicit permission to share your information

We do not sell your personal information to third parties.

Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and multi-factor authentication
  • Regular security assessments and penetration testing
  • Employee training on data protection and security awareness
  • Incident response and breach notification procedures
  • SOC 2 Type II compliance
  • Regular third-party security audits

Data Retention

We retain your business contact information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. For Malaysian data subjects, we comply with the PDPA retention principle. Upon termination of services or upon your request, we will delete or anonymize your personal data within a reasonable timeframe, unless retention is required by law.

Your Rights and Choices

Depending on your location, you may have the following rights:

Under PDPA Malaysia:

  • Right of Access: Request access to your personal data held by us
  • Right of Correction: Request correction of personal data that is inaccurate, incomplete, or outdated
  • Right to Withdraw Consent: Withdraw consent for processing where consent was the basis
  • Right to Prevent Processing: Request that we cease processing your personal data in certain circumstances

Additional Rights (where applicable):

  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Opt-out: Opt out of marketing communications at any time

To exercise these rights, please contact us at admin@valiancehealth.ai. We will respond to your request within the timeframes required by applicable law.

Cookies and Tracking

We use cookies and similar technologies to collect information about your browsing activities. Where required by law, we obtain your consent before placing non-essential cookies.

You can manage your cookie preferences through your browser settings. Note that disabling cookies may affect the functionality of our website.

Cross-Border Data Transfers

We minimize cross-border data transfers by maintaining regional infrastructure. Where transfers are necessary:

  • For Malaysian data: We comply with Section 129 of the PDPA regarding transfers outside Malaysia
  • We implement appropriate safeguards including contractual protections
  • We ensure receiving parties provide comparable levels of data protection

Children's Privacy

Our services are business-to-business services not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we may provide additional notice such as email notification. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your data protection rights, please contact us:

Valiance Health

Data Protection Officer

Email: admin@valiancehealth.ai

For Malaysian data subjects, you may also lodge a complaint with the Personal Data Protection Department (JPDP) if you believe your rights under the PDPA have been violated.