Privacy Policy

1. Personal Data We Collect

For the purposes of this Policy:

• “User” means an individual who (a) has contacted us through any means to find out more about the services we provide, (b) has signed up to our waitlist, or (c) has registered for or is using our platform.
• “Personal data” means data, whether true or not, about a user who can be identified from that data, or from that data combined with other information to which we have or are likely to have access.

Depending on how you interact with Pattern, the personal data we may collect from you includes:

• Identity and contact information: name, email address, telephone number, date of birth, gender.
• Account information: account credentials, preferences, and communication settings.
• Health and wellness information you provide to us: self-reported symptoms, symptom history, habit and lifestyle tracking data (including information relating to nutrition, sleep, stress, and movement), responses to our Pattern Profile assessment, and health goals.
• Lab and functional testing data: lab test results that you self-upload to the platform, and where applicable, lab results from functional testing bundles provided as part of your membership.
• Care and practitioner information: notes, recommendations, and care plan updates submitted to Pattern by independent third-party care practitioners you have chosen to work with following an introduction facilitated by Pattern, which we display on your care profile as part of your roadmap.
• Payment and billing information: processed through our third-party payment providers; we do not store full payment card details on our systems.
• Technical and usage information: device information, IP address, browser type, pages visited, and interactions with the platform, collected through cookies and similar technologies.

Health data is treated with heightened care. We collect only the health data necessary to deliver the services you have signed up for, and we apply additional safeguards to protect it, as described in this Policy.

2. How We Collect, Use, and Disclose Personal Data

We generally do not collect your personal data unless (a) it is provided to us voluntarily by you, directly or through a third party you have authorised to disclose your personal data to us, after you have been notified of the purposes of collection and have given consent, or (b) collection and use without consent is permitted or required by the PDPA or other applicable laws.

We will seek your consent before collecting additional personal data or using your personal data for a purpose that has not been notified to you, except where permitted or authorised by law.

We may collect and use your personal data for any or all of the following purposes:

• To provide, operate, and maintain the Pattern platform and the services you have requested, including generating your Pattern Profile, building your personalised care roadmap, and integrating your symptoms, habits, and lab results into your care plan.
• To facilitate functional testing, where this is part of your membership, including coordinating with lab testing partners and integrating results back into your roadmap.
• To facilitate introductions to independent third-party care practitioners (where this is part of your membership tier) and to receive and display notes submitted by those practitioners on your care profile.
• To respond to your queries, requests, applications, complaints, and feedback.
• To manage your account and your relationship with us.
• To process payment and billing transactions.
• To send you service-related communications (such as account notices, security alerts, and updates to this Policy).
• With your consent, to send you marketing communications, health insights, and product updates (you can withdraw this consent at any time; see Section 5).
• To comply with applicable laws, regulations, and lawful requests from government or regulatory authorities.
• To detect, prevent, and address fraud, misuse of the services, and security issues.
• To conduct internal analysis, research, and product development to improve the Pattern platform. Where feasible, we use aggregated or anonymised data for these purposes.

We may disclose your personal data to the following categories of recipients, where necessary for the purposes described above:

• Third-party service providers we engage to operate the Pattern platform, including cloud hosting, data storage, email delivery, analytics, customer support, and payment processing providers.
• Lab testing partners who process functional lab tests included as part of your membership.
• Independent care practitioners with whom you choose to work following an introduction facilitated by Pattern. Care practitioners are independent third parties who contract directly with you; the services they provide to you, and their own handling of your personal data, are governed by their own terms and privacy practices. Pattern's role is limited to facilitating the introduction and receiving any notes the practitioner submits to Pattern for inclusion on your care profile.
• Professional advisors, such as our legal, accounting, and audit advisors, where necessary.
• Governmental, regulatory, or law enforcement authorities where required or permitted by law.
• Third parties in connection with a corporate transaction, such as a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.

We do not sell your personal data.

3. Reliance on the Legitimate Interests Exception

In compliance with the PDPA, we may in limited circumstances collect, use, or disclose your personal data without your consent, in reliance on the legitimate interests exception. Before relying on this exception, we will assess the likely adverse effects on you and determine that our legitimate interests, or those of another person, outweigh any such adverse effects.

We rely on the legitimate interests exception for the following purposes:

• Fraud detection and prevention.
• Detection and prevention of misuse of our services.
• Protection of our platform, systems, and data from unauthorised access and security threats.

These purposes may continue to apply even after your relationship with us (for example, pursuant to a contract) has ended, for a reasonable period thereafter.

4. Marketing Communications

Where you have opted in to receive marketing communications, health insights, or product updates from Pattern, we will send them to you by email or other channels you have consented to. You can withdraw your consent at any time by clicking the “unsubscribe” link in any of our marketing emails, or by contacting our Data Protection Officer using the details in Section 11. Withdrawing consent to marketing communications will not affect our ability to send you necessary service-related communications.

5. Withdrawing Your Consent

The consent you provide for the collection, use, and disclosure of your personal data will remain valid until it is withdrawn by you in writing. You may withdraw consent and request that we stop collecting, using, and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details in Section 11.

Upon receipt of your written request to withdraw consent, we may require a reasonable period of time (depending on the complexity of the request and its impact on our relationship with you) to process your request and notify you of any consequences. We will generally seek to process your request within ten (10) business days of receiving it.

Please note that withdrawing your consent may mean we are no longer able to provide some or all of our services to you. We will notify you if this is the case before completing the processing of your request. Withdrawing consent does not affect our right to continue to collect, use, and disclose personal data where such collection, use, or disclosure without consent is permitted or required under applicable laws.

6. Access to and Correction of Personal Data

You have the right to:

• Request access to a copy of the personal data we hold about you, and information about the ways in which we use or disclose your personal data.
• Request that we correct or update any inaccurate or incomplete personal data we hold about you.

You may submit such requests in writing or via email to our Data Protection Officer at the contact details in Section 11.

A reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

We will respond to your request as soon as reasonably possible, and generally within thirty (30) business days. If we are unable to respond within this period, we will inform you in writing of the time by which we will respond. If we are unable to provide the personal data or make the correction you have requested, we will generally inform you of the reasons, except where we are not required to do so under the PDPA.

7. Protection of Personal Data

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks, we have implemented appropriate administrative, physical, and technical measures. These include:

• Minimisation of the personal data we collect to what is necessary for the purposes described in this Policy.
• Authentication and access controls, including role-based access and “need-to-know” principles for staff and service providers.
• Encryption of personal data in transit and at rest, where appropriate.
• Regular review of our security practices and the security practices of our service providers.
• Confidentiality obligations imposed on our employees, contractors, and service providers.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we continuously review and improve our information security measures.

8. Accuracy of Personal Data

We rely on the personal data you provide (or data provided by someone you have authorised). To ensure that your personal data is current, complete, and accurate, please update us if there are changes by informing our Data Protection Officer in writing or via email at the contact details in Section 11. Where practical, you can also update your information directly within your Pattern account.

9. Retention of Personal Data

We will retain your personal data for as long as it is necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws. This includes:

• Retention of your health and care data for as long as you remain a Pattern user, so that your roadmap can evolve over time.
• Retention of transactional and financial records for the periods required by tax, accounting, and other applicable laws.
• Retention of limited records after account closure where necessary for legal, regulatory, dispute-resolution, or fraud-prevention purposes.

We will cease to retain your personal data, or remove the means by which it can be associated with you, as soon as it is reasonable to assume that retention no longer serves the purpose for which it was collected and is no longer necessary for legal or business purposes.

10. Transfers of Personal Data Outside of Singapore

Pattern is operated from Singapore. In the course of delivering our services, your personal data may be transferred to, stored in, or processed in countries outside of Singapore, for example where our cloud hosting providers, lab testing partners, or other service providers operate internationally.

Where we transfer personal data outside of Singapore, we will take reasonable steps to ensure that the recipient is bound by legally enforceable obligations to provide a standard of protection at least comparable to that under the PDPA. This may include contractual safeguards such as data processing agreements with our service providers.

11. Data Protection Officer

You may contact our Data Protection Officer for any enquiries or feedback about our personal data protection policies and procedures, or to submit any request described in this Policy:

Email: hellopatternhealth@gmail.com

12. Children and Minors

The Pattern platform is intended for users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you believe we have inadvertently collected personal data from someone under 18, please contact our Data Protection Officer and we will take steps to delete the information.

13. Effect of Policy and Changes to This Policy

This Policy applies in conjunction with any other notices, contractual clauses, and consent clauses that apply to the collection, use, and disclosure of your personal data by us.

We may revise this Policy from time to time. You can determine if any revision has taken place by referring to the “Last updated” date at the top of this Policy. We will take reasonable steps to notify you of material changes (for example, by email or through a notice on the platform) before they take effect. Your continued use of our services after changes take effect constitutes your acknowledgement and acceptance of the revised Policy.