Privacy Policy

1. Information We Collect

To provide our medical tourism services, we collect the following types of information:

• Personal identification information (name, email, phone number, date of birth, nationality, passport details)
• Health and medical information (medical history, current conditions, medications, allergies, procedure preferences)
• Travel information (preferred destinations, dates, accommodation preferences, visa requirements)
• Financial information (payment card details, billing address, transaction history)
• Technical data (IP address, device information, browsing behavior, cookies)

2. Handling of Medical Data

Your medical information is treated with the highest level of protection. We process health data only with your explicit consent and solely for the purpose of matching you with appropriate medical providers. Medical data is encrypted at rest and in transit, stored in secure servers, and only shared with healthcare providers you choose to connect with. We never sell or share your medical information for marketing purposes.

3. How We Use Your Information

We use your information for the following purposes:

• Matching you with suitable clinics and medical procedures using AI technology
• Facilitating bookings, payments, and communications with healthcare providers
• Coordinating travel arrangements, visa support, and accommodation
• Sending booking confirmations, reminders, and important updates
• Improving our services and personalizing your experience

4. Information Sharing

We share your information only with: (1) Medical clinics and healthcare providers you choose to book with, who receive only the information necessary for your treatment; (2) Travel and accommodation partners when you request travel assistance; (3) Payment processors for secure transaction handling; (4) Legal authorities when required by law. We require all third parties to respect the security of your data and treat it in accordance with applicable laws.

5. International Data Transfers

As a medical tourism platform operating across Mexico, USA, Thailand, South Korea, and Europe, your data may be transferred internationally. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for EU data transfers, compliance with Korea's PIPA, Thailand's PDPA, and adherence to HIPAA principles for US health data.

6. Your Rights

Depending on your location, you have the following rights regarding your personal data:

• Access your personal data and receive a copy
• Request correction of inaccurate or incomplete data
• Request deletion of your data (right to be forgotten)
• Receive your data in a portable format
• Withdraw consent for data processing at any time

7. Data Security

We implement industry-standard security measures including 256-bit SSL encryption, secure data centers with SOC 2 certification, regular security audits, multi-factor authentication, and strict access controls. Your medical records are encrypted and access is logged for compliance purposes.

8. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Medical records are retained for the period required by applicable healthcare regulations in each jurisdiction. You may request deletion of your data, subject to legal retention requirements.

9. Regional Compliance

We comply with applicable privacy laws including: GDPR (European Union), HIPAA principles (USA), LFPDPPP (Mexico), PDPA (Thailand), and PIPA (South Korea). Users in each region may have additional rights under local law, which we honor and respect.

10. Contact Us

For privacy-related inquiries, to exercise your rights, or to file a complaint, contact our Data Protection Officer at privacy@mediluxeai.com or write to us at our registered address.