Privacy Policy

Effective date: 21 April 2026  |  Last updated: 21 April 2026  |  Version 2.0

Applies to: MigrantCare mobile application (Android), website, and related services operated by Simple Motion Sdn. Bhd., a company incorporated in Malaysia. This policy applies to users in Malaysia and Bangladesh and is written to comply with Malaysia's Personal Data Protection Act 2010 (PDPA), Bangladesh's Digital Security Act 2018 and ICT Act 2006, and Google Play Store policies for Health & Medical applications.
Contents
  1. Who we are
  2. Data we collect
  3. How we use your data
  4. AI assistant (MIRA) and health data
  5. Third-party data processors
  6. Data sharing and disclosure
  7. Data retention
  8. Your rights
  9. Data security
  10. Children's privacy
  11. Cross-border data transfers
  12. Cookies and tracking
  13. Changes to this policy
  14. Contact and complaints

1. Who We Are

MigrantCare is a digital telehealth platform that connects users with licensed healthcare professionals for remote consultations. The platform is developed and operated by Simple Motion Sdn. Bhd. ("we", "us", "our").

MigrantCare is not a medical device and does not diagnose, treat, cure, or prevent any medical condition. Healthcare professionals (HCPs) listed on the platform are independently licensed and solely responsible for the clinical care they provide.

Data Controller: Simple Motion Sdn. Bhd., Malaysia.
Contact: support@migrantcare.com.my

2. Data We Collect

A. Account and identity data

B. Health and medical data Sensitive

C. Financial data

D. Location data

E. Device and usage data

F. Communications data

G. Healthcare professional (HCP) data

3. How We Use Your Data

PurposeLawful basis (Malaysia PDPA)
Creating and managing your accountContractual necessity
Booking and conducting video/audio consultationsContractual necessity
Processing payments, wallet top-ups, and subscriptionsContractual necessity
Generating and storing e-prescriptionsContractual necessity; legal obligation
Facilitating pharmacy and lab orders from e-prescriptionsContractual necessity
Operating the MIRA AI symptom intake assistantConsent (given at first use of MIRA)
Sending appointment reminders, service notifications, refund status updates, and policy change alerts via email or phone (SMS/call) to your registered contact detailsContractual necessity; consent
Improving app performance and fixing bugsLegitimate interests
Complying with Malaysian and Bangladeshi legal obligationsLegal obligation
Fraud prevention and platform securityLegitimate interests

We do not use your health data for advertising, sell it to third parties, or use it to train AI models beyond what is described in Section 4.

4. AI Assistant (MIRA) and Health Data

Important — MIRA is an AI tool, not a doctor. MIRA is an automated symptom intake assistant powered by Google Gemini. It is not a licensed medical professional, does not provide medical advice, diagnosis, or treatment recommendations, and is not a substitute for consultation with a qualified healthcare professional.

How MIRA processes your data

When you interact with MIRA, the following occurs:

Your consent for MIRA

You are presented with a specific consent notice before your first MIRA interaction. You may decline to use MIRA and proceed directly to booking a consultation. Withdrawing MIRA consent does not affect your ability to use other app features.

5. Third-Party Data Processors

We engage the following third-party processors. Each is bound by a data processing agreement and processes your data only on our instructions.

ProcessorPurposeData transferredLocation
Google LLC (Firebase) Authentication, push notifications, crash reporting, file storage Account data, device identifiers, crash logs, profile photos, medical documents United States (adequacy safeguards apply)
Google LLC (Gemini API) AI-powered symptom intake (MIRA) Symptom descriptions, MIRA chat content United States
Google LLC (Maps SDK) Pharmacy and clinic location finder Approximate device location United States
ADN Archive Sdn. Bhd. (adnarchive.com) In-app messaging infrastructure (Mattermost) and self-hosted video/audio call server infrastructure (LiveKit, self-hosted — data does not leave ADN Archive servers) In-app chat messages, video/audio call streams, consultation session metadata Malaysia / Singapore
Fiuu (formerly Razer Merchant Services) Payment processing for: (a) wallet top-ups, (b) direct subscription purchases, and (c) prescription/pharmacy payments via wallet Payment method details, transaction amounts, email address and/or phone number for payment verification and receipts Malaysia

6. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

7. Data Retention

Data categoryRetention periodBasis
Account identity data (name, phone, email)Deleted within 30 days of account deletion requestUser request
Medical and clinical records (consultations, prescriptions, lab results)Minimum 7 yearsPrivate Healthcare Facilities and Services Act 1998 (Malaysia)
Wallet transaction records (top-ups, deductions, credits)7 yearsIncome Tax Act 1967 (Malaysia) / LHDN audit requirements
Direct subscription payment records7 yearsIncome Tax Act 1967 (Malaysia) / LHDN audit requirements
Refund records (wallet credits and bank transfers)7 yearsIncome Tax Act 1967 (Malaysia) / LHDN audit requirements
MIRA conversation history2 years, or until account deletion (whichever comes first)Service improvement; capped by consent period
Crash logs and diagnostic data90 daysLegitimate interests (bug fixing)
HCP licensing documentsDuration of registration on platform + 3 yearsRegulatory compliance

Upon account deletion, all data outside mandatory legal retention periods is permanently purged. Retained clinical and financial records are anonymised where legally permissible.

8. Your Rights

Malaysia (PDPA 2010)

Under Malaysia's Personal Data Protection Act 2010, you have the right to:

Bangladesh (Digital Security Act 2018 / ICT Act 2006)

Users in Bangladesh have rights consistent with Bangladesh's applicable digital and consumer protection laws, including the right to know how their data is used and to request correction or deletion of personal data that is not subject to a legal retention requirement.

Payment data rights

You may request a full statement of your transaction history (wallet top-ups, deductions, subscription payments, and refunds) at any time via Profile → Transaction History in the app. For records beyond what is shown in-app, submit a data access request using the methods below.

How to exercise your rights

We will respond to all rights requests within 21 days. Complex requests may take up to 30 days; we will notify you if an extension is needed.

9. Data Security

No system is 100% secure. If you believe your account has been compromised, contact us immediately at support@migrantcare.com.my.

10. Children's Privacy

MigrantCare is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors. If a parent or guardian believes their child has created an account, please contact us immediately and we will delete the account and associated data without delay.

11. Cross-Border Data Transfers

Some of our processors (specifically Google LLC for Firebase, Gemini API, and Maps SDK) are located in the United States. Fiuu and ADN Archive are based in Malaysia. Where we transfer personal data outside Malaysia or Bangladesh, we ensure adequate protections are in place through:

Health data is not transferred to any country without an adequate level of data protection unless covered by one of the above safeguards.

12. Cookies and Analytics

The MigrantCare mobile app does not use browser cookies. The app uses Firebase Analytics to collect anonymised, aggregated usage statistics (e.g., feature usage rates, session lengths). You can opt out of analytics data collection in Profile → Settings → Privacy.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or phone (SMS) to your registered contact details at least 14 days before the change takes effect. Continued use of the app after the effective date constitutes acceptance of the updated policy. Previous versions are available on request.

14. Contact and Complaints

Simple Motion Sdn. Bhd.

Email: support@migrantcare.com.my

Data rights / deletion requests: https://request.migrantcare.com.my

Privacy Policy URL: https://privacy-policy.migrantcare.com.my

If you are unsatisfied with our response, you may escalate to the Personal Data Protection Commissioner of Malaysia at www.pdp.gov.my or the relevant authority in Bangladesh.