Genie Health – Data Deletion Policy

Effective Date: 27 April 2026

Quick Summary

  • This Policy governs both Genie (the consumer service for individual Members) and Genie SmartCare (the platform for Healthcare Partners).
  • Members can delete their account directly within Genie App (Settings → Support) or by emailing support@geniehealth.care. Member data is permanently erased within 90 days, and encrypted backups purged within the same period.
  • Healthcare Partners may export Client Data within 30 days of termination. Genie then permanently deletes Client Data within a further 30 days, and purges encrypted backups within 90 days of the effective termination date.
  • End-User data accessed via Genie SmartCare is segregated per Client and not cross-linked across Clients.
  • Where an End-User is also a Genie Member, the two relationships remain separate; linking only occurs with explicit, informed consent.
  • Aggregated or anonymised data, and contributions already incorporated into trained AI model parameters, are not reversible by deletion.
  • We use industry-standard secure disposal methods, including NIST SP 800-88. Genie's Data Protection Officer oversees compliance.

1. Scope and Definitions

1.1 Scope

This Data Deletion Policy describes how Genie Health Pte. Ltd. and its affiliates retain and dispose of personal data, business data and operational data processed in connection with Genie (consumer service) and Genie SmartCare (platform for healthcare organisations).

1.2 Definitions

  • "Member" means an individual user of the Genie consumer service.
  • "Client" means an organisation using Genie SmartCare under the SmartCare ToS.
  • "End-User" means a patient, customer or individual served by a Client through Genie SmartCare.
  • "Client Data" means data submitted to or generated through Genie SmartCare on behalf of a Client, including End-User data.

2. Roles and Responsibilities

2.1 For Members (Genie)

Genie acts as a Data Controller under the Singapore PDPA. Members may exercise rights of access, correction, withdrawal of consent and deletion.

2.2 For Healthcare Partners (SmartCare)

The Client is the Data Controller and Genie acts as a Data Intermediary (Processor) under the PDPA.

2.3 End-Users who are also Members

Each role is treated separately. Linking of records between the two roles only occurs with the individual's explicit, informed consent.

3. Categories of Data

  • Identification and account data;
  • Health, wellness and lifestyle data;
  • Inputs and Outputs (including AI-generated Materials);
  • Communications and contact details;
  • Usage and technical data;
  • Client business information (for SmartCare); and
  • Encrypted backups, audit logs and other operational records.

4. Retention and Deletion – Members (Genie)

4.1 Active accounts

Member data is retained for as long as the Member's account is active.

4.2 Member-initiated deletion

Members can delete their account directly within Genie App by navigating to Settings → Support, selecting "I want to delete my account" from the dropdown, and hitting submit. Alternatively, members can also submit a deletion request by emailing support@geniehealth.care. Account access is disabled immediately; Member data is permanently erased within 90 days; encrypted backups are purged within the same 90-day period.

4.3 Linked accounts for minors

The parent or legal guardian Member may delete the linked account at any time, with the timelines in Section 4.2 applying.

4.4 Inactive accounts

Where a free Member account has been inactive for more than twelve (12) months, Genie may terminate the account. The timelines in Section 4.2 apply.

4.5 Termination by Genie

The timelines in Section 4.2 apply, subject to any retention required by Section 9.

4.6 Withdrawal of consent

A Member may withdraw consent for specific processing activities without deleting their account.

5. Retention and Deletion – Healthcare Partners (SmartCare)

5.1 Active Client relationships

Client Data is retained for as long as the Client account is active.

5.2 Termination of the Client relationship

From the effective date of termination: the Client has 30 days to export Client Data; Genie permanently erases Client Data within a further 30 days; encrypted backups are purged within 90 days of the effective termination date.

5.3 Client-requested early export or deletion

The Client may request earlier export or deletion in writing to privacy@geniehealth.care. Genie will action verified requests within thirty (30) days.

5.4 End-User data segregation

End-User data is logically segregated per Client and not cross-linked with End-User data of other Clients.

5.5 Dual-role End-Users

The two relationships remain separate by default. Linking requires explicit, informed consent. On termination of the Client relationship, only data held under the SmartCare relationship is subject to Section 5.2.

6. Materials, AI Training and Outputs

6.1 Materials in active systems

Materials tied to a Member account are deleted per Section 4.2; Materials tied to Client Data are deleted per Section 5.2.

6.2 AI training data

Deletion of source Materials does not extract or reverse contributions already made to a trained model. This limitation is consistent with the technical nature of machine learning.

6.3 What deletion does and does not do

A verified deletion request removes accessible Materials from active systems and causes Genie to cease using Materials in subsequent training cycles. It does not reverse completed training cycles or affect aggregated, anonymised datasets.

7. Backups, Logs and Operational Records

7.1 Encrypted backups

Backups containing data subject to a deletion request are purged within the timelines in Sections 4 and 5. Restored data pending backup expiry is not used for production purposes.

7.2 Operational and audit logs

Operational logs may be retained for up to twelve (12) months, then purged or anonymised. Logs are not used to reconstruct deleted user records.

8. Disposal Methods

Genie applies disposal methods consistent with NIST SP 800-88, including cryptographic erasure, secure overwrite, logical deletion followed by purge, and anonymisation where required.

9. Exceptions to Deletion

Genie may retain data to comply with legal obligations, establish or defend legal claims, investigate fraud or security incidents, or maintain aggregated de-identified data. Only the minimum data necessary is retained for the minimum period necessary.

10. How to Request Deletion

10.1 Members

Via in-application account controls or by emailing support@geniehealth.care.

10.2 Healthcare Partners

Via written notice to privacy@geniehealth.care.

10.3 End-Users

End-Users should direct deletion requests to the Client. Genie will refer direct End-User requests to the Client.

10.4 Response timelines

Genie acknowledges deletion requests within seven (7) calendar days and completes deletion within the timelines in Sections 4 and 5.

11. Oversight and Compliance

Genie's Data Protection Officer (DPO) oversees compliance. Disposal practices are reviewed at least annually.

12. Updates to this Policy

Genie may update this Policy from time to time. Material updates will be notified by email or via the Services.

13. Governing Law

This Policy is governed by the laws of Singapore.

14. Contact

📧 privacy@geniehealth.care

📍 Genie Health Pte. Ltd., 60 Paya Lebar Road, Singapore