CareGrid Privacy Policy

Last updated: June 6, 2025

CareGrid products are provided by Databook Limited (hereinafter referred to as "we", "us" or "our company"). CareGrid products ( the term " CareGrid products " may also be referred to as " CareGrid software", " CareGrid services", this product, this software or this service, and may refer to each other in this CareGrid Privacy Policy) . We attach great importance to protecting the personal information and privacy of users (hereinafter referred to as "you"). When you register, log in and use CareGrid , we will collect, use, store and share your relevant personal information. In order to present how we handle your personal information, we have specially formulated the CareGrid Privacy Policy (hereinafter referred to as the "Privacy Policy"), and we promise to strictly handle your personal information in accordance with this Privacy Policy.

Please take the time to carefully read this Privacy Policy before using CareGrid products, especially the terms in bold. If you do not agree to this Privacy Policy and our terms and conditions, please do not use any platform. Your continued use of the platform and our services will constitute your confirmation and acceptance of this Privacy Policy.

This Privacy Policy will help you understand the following:

1. Personal Information

1. Terms used in this Privacy Policy:

“Customer” means an individual who (a) contacts us by any means (for example, through any Platform) in relation to goods or services offered on the Platform, or (b) may or has entered into a contract with us for the supply of any goods or services by us.

“Personal Data” means data about an individual, whether true or not, who can be identified: (a) from that data; or (b) from that data and other information in our possession or likely to come into our possession.

2. Depending on the nature of your interaction with us, we may collect some of your personal information including:

a. Name, email address, gender and date of birth;

b. Personally identifiable medical and health-related information you provide to us (including information or records related to your medical or health history, health conditions, laboratory test results, diagnostic images, photographs);

c. Abnormal indicators, disease information and health assessment results generated by CareGrid after analyzing the report;

d. Information about the computer or mobile device you are using;

e. Other information you may enter into the App or related services.

 

II. Collection, Use and Disclosure of Personal Data

1. We generally do not collect your personal information unless (a) you voluntarily provide it to us directly; or (b) the law permits or requires the collection and use of personal information without consent. We will seek your consent before collecting any other personal information and before using your personal information for purposes not notified to you (except where permitted or authorized by law).

2. Processing of personal data of children and family members

a. CareGrid's products and services are primarily intended for adult users. We will not intentionally collect personal information from children under the age of 14 without the consent of their parents or guardians. If we discover that we have collected personal data from children without verifiable guardian consent, we will try to delete the relevant data as soon as possible.

b. Although the definition of "children" varies in different regions, we regard individuals under the age of 14 as children and exercise special caution when processing such data.

c. CareGrid allows you to centrally manage the health information of your entire family (including children) in the app. Where applicable, you agree and confirm that you have obtained the necessary authorization to effectively represent your family members, guardians, or other relevant individuals you have added to your account (including but not limited to children) to agree that we collect, use, disclose and process their personal data , including but not limited to their name, gender, date of birth, health report and medical history information, etc.

d. If the information of a child user is provided with explicit authorization from his or her parents or legal guardians, we will only use or disclose such information to the extent permitted by law, necessary to perform health service functions, or necessary to protect the child’s major interests.

e. The above-mentioned family member information collected by CareGrid will be managed together with your main account. We will process it according to the purposes and methods set out in this Privacy Policy and take reasonable technical and organizational measures to ensure its data security.

3. We may collect and use your personal information for any or all of the following purposes:

a. Fulfill our obligations in providing the goods and/or services you request (such as analyzing medical reports, generating health assessments and management plans, managing medical records and family member data, etc.);

b. Verify your identity;

c. respond to, process and handle your inquiries, requests, applications, complaints and feedback;

d. Manage your relationship with us;

e. Notify you when there are updates to the Platform;

f. comply with any applicable laws, regulations, codes of practice, guidelines or rules, or assist any government and/or regulatory authorities with enforcement and investigations;

g. We may use the personal information collected in our business for statistical analysis and operational improvement, and use the de-identified information that cannot identify you and cannot be restored for technical transformation, network maintenance, and troubleshooting to improve our systems;

h. Any other purpose for which you provide the information.

If we contact you for any of the purposes listed above, you agree that we may contact you by email or via the email address you or your authorized representative provide to us.

4. Please be aware that we do not need your authorization or consent to collect and use personal information in the following circumstances:

a. Related to the personal information controller’s performance of obligations prescribed by laws and regulations;

b. related to national security and national defense security;

c. Related to public safety, public health, and major public interests;

d. Related to criminal investigation, prosecution, trial and execution of judgment;

e. For the purpose of protecting the life, property and other major legitimate rights and interests of the personal information subject or other individuals, but it is difficult to obtain the consent of the individual;

f. The personal information involved is disclosed to the public by the subject of personal information on his/her own accord;

g. Necessary for maintaining the safe and stable operation of the products and/or services provided, such as discovering and handling product and/or service failures.

Please note that information that cannot identify you or be directly linked to you, either alone or in combination with other information, is not considered Personal Information. If we combine information that cannot be linked to any specific individual with other information to identify a natural person, or use it in combination with Personal Information, such information will be treated as Personal Information during the period of the combination.

 

3. Withdraw your consent

1. Your consent to our collection, use and disclosure of your personal information will remain valid unless you withdraw it through the designated channels. If you wish to withdraw all or part of your consent, you can submit your request through the CareGrid app "Personal Center → Contact Us → Feedback" or send an email to service@caregrid.ai to contact us.

2. After receiving your written request to withdraw your consent, we may need a reasonable amount of time (depending on the complexity of the request and its impact on our relationship with you) to process your request and inform you of the consequences of our consent to the request, including any legal consequences that may affect your rights and responsibilities to us. Generally, we will process your request within fifteen (15) business days after receiving your request.

3. Although we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be able to continue to provide you with our products or services. In this case, we will notify you before completing the processing of your request. If you decide to cancel the withdrawal of consent, please notify us in writing in the manner described in Section 1 above.

 

IV. Access and Correction of Personal Data

1. If you wish to (a) make an access request to obtain a copy of the personal data we hold about you or information about how we use or disclose your personal data, or (b) make a correction request to correct or update any personal data we hold about you, you can submit your request through the "Personal Center → Contact Us → Feedback" in the CareGrid application , or send an email to service@caregrid.ai to contact us. The request should include the details of the requester, a description of the personal data requested, and the date and time range when the personal data is believed to have been collected.

2. Please note that reasonable fees may be charged for access requests. If fees are required, we will inform you before processing your request.

3. We will respond to your request as soon as reasonably practicable. Generally, we will respond within fifteen (15) business days. If we are unable to respond to your request within thirty (30) days of receiving your request, we will inform you in writing within thirty (30) days of the date we are able to respond to your request. If we are unable to provide you with any personal data or make corrections as requested by you, we will usually inform you of the reasons why we are unable to do so (unless we are not required to do so under the Personal Data Protection Act).

 

V. Personal Data Protection

1. We will take all reasonable measures to ensure that your private information will not be leaked or lost. We will use encryption technology to improve the security of user information; we will use trusted protection mechanisms to prevent user information from being maliciously attacked; we will deploy access control mechanisms to ensure that only authorized personnel can access user information; and we will hold security and privacy protection training courses to enhance employees' awareness of the importance of protecting user information, and at the same time adopt strict management systems for employees or outsourced personnel who may have access to your private information.

2. However, you should be aware that no Internet transmission method or electronic storage method is absolutely secure. Although absolute security cannot be guaranteed, we are committed to protecting the security of your information and continuously reviewing and strengthening our information security measures.

3. In the unfortunate event of a user information security incident (leakage, loss, etc.), we will promptly inform you in accordance with the requirements of laws and regulations: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions for you to prevent and reduce risks on your own, and remedial measures for you. We will promptly inform you of the relevant situation of the incident by email. When it is difficult to inform the user information subject one by one, we will take reasonable and effective means to issue an announcement.

 

VI. Accuracy of Personal Data

1.  We usually rely on the personal data provided by you (or your authorized representative). To ensure that your personal data is up-to-date, complete and accurate, if there is any change in your personal data, please modify it in time through the CareGrid application or submit your request through "Personal Center → Contact Us → Feedback" in the CareGrid application for us to assist in the modification.

 

VII. Retention of Personal Data

1. We may retain your personal information for the period necessary to fulfill the purpose for which the information was collected, or as required or permitted by applicable law.

2. Once we have reason to believe that retaining your personal data no longer serves the purpose of collecting the personal data and is no longer necessary for legal or business purposes, we will stop retaining your personal data or delete the means by which the data can be associated with you.

3. If the operation is terminated, we will notify you at least 30 days in advance and delete or anonymize your personal information after the termination of operation.

 

8. Risks and Disclaimer

If your personal information and privacy are leaked due to the following events, we will do our best to remedy or provide you with assistance, but you agree that we do not bear any responsibility:

1. Information leakage caused by viruses, Trojans, and hacker attacks;

2. Any leakage of personal information caused by you informing others of your account , causing others to know your account, or sharing your registered account with others;

3. Any other personal information leakage caused by reasons not attributable to us;

 

IX. Effectiveness of the Privacy Policy and Changes to the Privacy Policy

1. This Privacy Policy applies together with any other notices, contractual clauses and consent clauses relating to our collection, use and disclosure of your personal data.

2. We may revise this Privacy Policy from time to time without prior notice. You can determine whether any such revisions have been made by checking the last updated date of this Privacy Policy. Your continued use of our products will constitute your confirmation and acceptance of such changes.