Privacy Policy

2. Scope

This Policy applies to:

• All participants enrolled in AMILI Optimise programs
• Health coaches using the Platform

We are not responsible for the content and privacy practices of third-party services linked to the Platform.

3. Personal Data We Collect

We collect only personal data that is necessary for the purposes described in this Policy. The categories of personal data we collect include, but are not limited to, the following:

3.1 Account & Identity Data

We may collect personal data during registration and onboarding in order to create and manage your account. The information that we collected includes but is not limited to name, email address, date of birth, gender, and contact information that you provide to us voluntarily.

3.2 Health & Biometric Data

Health-related information you provide or that is synced from connected devices to support your wellness program. This includes but is not limited to health markers, body measurements, activity and lifestyle data. Health data is treated as highly sensitive information.

3.3 Nutrition & Meal Data

Information related to your dietary habits, including but not limited to meal descriptions, photographs, and timing data that you submit through the Platform.

3.4 Laboratory Reports

Test results and documents associated with your wellness program, including but not limited to microbiome analysis results, uploaded lab reports, and test kit identifiers.

3.5 Coaching & Communication Data

Records of your interactions with health coaches through the Platform, including but not limited to messages, consultation sessions, wellness plans, goals, and related metadata.

3.6 Device & Usage Data

Technical and usage information collected automatically when you use the Platform, including but not limited to login activity, device type, IP address, and platform activity logs.

4. Purposes of Collection, Use and Disclosure

We collect and use your personal data for the following purposes:

4.1 Core Platform Purposes

• Authenticating your identity via one-time password (OTP)
• Delivering personalised wellness coaching and metabolic health programs
• Enabling health coaches to review your health data and provide guidance
• Processing and displaying your meal logs and health metrics
• Generating personalised health reports and wellness plans
• Facilitating communication between you and your health coach
• Processing laboratory test kit results and returning reports to you

4.2 Operational Purposes

• Maintaining the security and integrity of the Platform
• Providing technical support and resolving disputes
• Ensuring platform performance and reliability

4.3 Regulatory & Legal Purposes

• Responding to lawful requests from government or regulatory authorities
• Enforcing our Terms of Service

4.4 Service Improvement

• Analysing aggregated usage patterns to improve the Platform
• Quality assurance, product enhancement, research, analytics, and internal AI-assisted service improvement.
• Data sent to external AI services is de-identified before transmission — personally identifiable information is always removed.
• Personal data will not be used to train third-party AI provider models.

5. Legal Basis for Processing

Under the PDPA, we rely on the following bases:

You may withdraw consent at any time. Withdrawal may affect your ability to use the Platform. See Section 9 for how to withdraw.

6. Disclosure of Personal Data

We share data only in the following circumstances:

6.1 Within AMILI

Your data is accessible to:

• Your assigned health coach(es)
• AMILI administrators responsible for program management and technical operations

6.2 Third-Party Service Providers

We engage third-party service providers who process data on our behalf under contractual data protection obligations.

A current list of sub-processors is available upon request by contacting dpo@amili.asia.

6.3 Legal Disclosures

We may disclose personal data to:

• Law enforcement or government agencies when required by law
• Courts, tribunals, or regulatory bodies (e.g., PDPC) in connection with legal proceedings

7. Retention of Personal Data

We will review your personal data held by us on a regular basis to determine if such personal data is still needed. Your personal data will not be retained longer than needed for the purpose under which it was collected, unless there are business, industry and/or legal requirements for the retention of such. Your personal data will also not be kept for "just in case" it may be needed for other purposes that you have not been notified.

In accordance with PDPA, an organization is considered to have ceased retention of personal data when the data is anonymised and can no longer be associated with any individual.

Data Deletion Requests: You may request deletion of your personal data at any time by emailing dpo@amili.asia. Deletion may be delayed where data is subject to a legal hold, active investigation, or statutory retention obligation — you will be informed of the reason.

8. Protection of Personal Data

We take the security of your personal data very seriously. We use a range of safeguards to keep your information safe, including:

• Encryption: All information you send to us is protected with strong encryption while it's being transmitted.
• Access controls: You can only access your own data. Our staff can only see what they need to do their job.
• Secure login: We use one-time passwords (OTP) and strong password protection to prevent unauthorised access.
• Secure infrastructure: Your data is stored in a protected cloud environment that is not accessible from the public internet.
• File storage: Any files you upload are kept in secure storage and can only be accessed through temporary secure links.
• Session management: Your login sessions automatically expire after a set time for added safety.
• Third-party partners: Any companies that help us process your data are required to follow strict data protection rules through formal agreements.
• Cross-border processing: Any overseas processing including third-party cloud providers are required to have safeguards in place comparable to PDPA protection standards.

In the event of a data breach, we will comply with the PDPA requirement of notifying the PDPC as soon as practicable within the timelines required under PDPA.

9. Your Rights Under the PDPA

As a data subject in Singapore, you have the following rights:

• We will process your request to access your personal data in your possession in accordance with our internal policies and the access requirements of the PDPA. A fee may be charged for processing an access request.
• Upon your request, we will correct your personal data as soon as practicable unless we have reasonable grounds to believe that a correction is not required.
• We are obliged to advise you on the likely consequences to you if you choose to withdraw your consent for the collection, use and disclosure of your personal data in our possession.
• The PDPA does not provide a general right to request deletion of your personal data. However, you may request deletion of your personally identifiable information. We will process your request within a reasonable timeframe, subject to legal retention obligations.

To exercise any of these rights, contact us at:

• Email: dpo@amili.asia
• Identity verification: Your identity will be verified before processing requests

10. Cookies and Tracking

The AMILI Optimise mobile application does not use browser cookies. We use:

• Session tokens (JWT): Stored securely on-device, used for authentication
• No advertising trackers or behavioural profiling tools

If cookies or analytics are introduced in future, this Policy will be updated and you will be notified.

11. Health Data — Special Obligations

Health and biometric data is treated with the highest level of care:

• It is used exclusively for providing your wellness program and coaching services
• It is not used for advertising or marketing purposes
• It is not sold or licensed to third parties for commercial purposes
• Access is restricted to your assigned health coach and AMILI administrators only
• Health data processed by AI services is de-identified before transmission and is not used to train third-party AI models
• This Platform is not a medical service — see Section 7 of the Terms of Service for our full Health and Medical Disclaimer

12. Updates to This Policy

We may update this Privacy Policy from time to time. Changes will be communicated via at least one of the following:

• In-app notification
• Email to your registered address

Continued use of the Platform after notification constitutes acceptance of the updated Policy. We encourage you to review this Policy periodically.

13. Governing Law

This Privacy Policy is governed by the laws of Singapore. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the Singapore courts.

14. Contact Us

For any privacy-related queries, complaints, or requests: