Last updated: 9 April 2026

1. Introduction

Life Care Systems (operated by Genesis Flex Sdn Bhd, “we”, “our”, or “us”) is committed to protecting the privacy of all users of the Life Care Systems AI+ mobile application and web platform (“the App”). This Privacy Policy explains how we collect, use, store, share, and delete personal data when you use our services.

By using the App, you agree to the practices described in this policy. If you do not agree, please do not use the App.

2. Data We Collect

We collect the following categories of information:

• Account & Identity Data: Full name, email address, phone number, employee designation, and login credentials.
• Resident Health Data: Vital signs (blood pressure, pulse, temperature, SpO2, blood glucose, respiratory rate), medication records (MAR), care plans, clinical notes, discharge summaries, and doctor review records.
• Staff & Operational Data: Roster schedules, attendance records, leave applications, payslip information, and shift history.
• Facility & Administrative Data: Billing records, invoices, inventory movements, enquiry data, and audit logs.
• Device & Usage Data: Device type, operating system version, app version, session activity, and crash reports collected for diagnostic purposes.

3. How We Use Your Data

We use collected data to:

• Operate and deliver the core features of the App (resident management, drug charts, billing, rostering, vitals monitoring, etc.).
• Authenticate users and maintain account security.
• Generate reports, invoices, and analytics for care home operators.
• Send important in-app notifications and push alerts (e.g. vital sign alerts, medication reminders).
• Improve the App through crash analytics and usage diagnostics.
• Comply with applicable legal and regulatory obligations.

4. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes described in this policy, or as required by law:

• Active account data (user profiles, staff records, resident records): Retained for the duration of your organisation’s active subscription plus 12 months after termination.
• Resident health records (vitals, drug charts, clinical notes): Retained for 7 years from the date of the resident’s discharge or death, in compliance with Malaysian healthcare record-keeping requirements under the Private Healthcare Facilities and Services Act 1998.
• Financial & billing records (invoices, payments): Retained for 7 years in accordance with Malaysian tax and accounting regulations.
• Audit logs: Retained for 3 years.
• Crash and diagnostic data: Retained for 90 days.
• Deleted/inactive user accounts: Account data is anonymised or permanently deleted within 30 days of a verified deletion request (see Section 6).

After the applicable retention period, data is either permanently deleted from our systems or anonymised so it can no longer be linked to any individual.

5. Data Sharing

We do not sell your personal data. We may share data with:

• Supabase (PostgreSQL database hosting): Our infrastructure provider stores all app data in secure, encrypted databases hosted in Singapore.
• Vercel (Web hosting): Our web platform is hosted on Vercel’s global CDN infrastructure.
• Resend (Transactional email): Used to deliver password reset and account notification emails.
• Authorised care home administrators: Within your facility, authorised personnel with appropriate role-based access can view data relevant to their function.
• Legal authorities: Where required by applicable law, court order, or governmental authority.

6. Your Rights & Data Deletion

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request that we permanently delete your personal data from our systems.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Request a machine-readable export of your personal data.

How to request data deletion: To request deletion of your personal data, please contact us at privacy@lifecaresystems.com.my with the subject line “Data Deletion Request”, including your full name, email address, and the name of your facility. We will verify your identity and process your request within 30 days. Please note that certain data may be retained beyond this period where required by law (e.g. financial records and health records subject to statutory retention requirements as described in Section 4).

Organisation administrators may also submit deletion requests on behalf of their facility by contacting their account manager or emailing privacy@lifecaresystems.com.my.

7. Data Security

We implement enterprise-grade security measures to protect your data, including:

• AES-256 encryption at rest and TLS 1.2+ encryption in transit.
• Role-based access control (RBAC) limiting data access to authorised personnel only.
• Row-level security (RLS) enforced at the database level.
• Comprehensive audit logging of all data access and modifications.
• Regular security reviews and penetration testing.

8. Children’s Privacy

The App is intended for use by healthcare professionals and care home operators. It is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without parental consent, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users of material changes via in-app notification or email at least 14 days before the changes take effect. Your continued use of the App after the effective date constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact: