Privacy Policy

About This Privacy Policy

RedPulse ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our services, including our marketing platform for medical aesthetic clinics in Southeast Asia.

This policy applies to all users of our platform, including clinic staff, administrators, and content creators. By using RedPulse, you acknowledge that you have read and understood this Privacy Policy.

Regional Notice: This version of our privacy policy is tailored for users in Malaysia and complies with the Personal Data Protection Act 2010 (PDPA).

1. Information We Collect

Personal Information You Provide

We collect personal information that you voluntarily provide when using our platform, including:

• Account Information: Name, email address, phone number, organization name, clinic details, and account credentials
• Profile Data: Job title, role, clinic location, and professional background
• Content Information: Posts, images, captions, hashtags, and other content you create or upload
• Communication Data: Messages, support inquiries, feedback, and correspondence with our team
• Payment Information: Billing address and transaction history (payment processing is handled by third-party payment processors; we do not store credit card details)

Information Collected Automatically

When you use our platform, we automatically collect certain information about your device and usage:

• Device Information: IP address, browser type, device type, operating system, and unique device identifiers
• Usage Data: Pages accessed, time spent, clicks, features used, and interaction patterns
• Cookies and Tracking Technologies: Session identifiers, preferences, and analytics tracking
• Location Data: General geographic location based on IP address (not precise GPS location unless you explicitly grant permission)

Information from Third Parties

We may receive information about you from:

• Your clinic administrator or organization (when they add you to the platform)
• Third-party service providers (analytics, payment processors, content delivery networks)
• Social media platforms when you authorize integration with XHS (Xiaohongshu) or other channels

2. How We Use Your Information

We use the personal information we collect for the following purposes:

Service Delivery

• Creating and maintaining your account
• Providing platform features and functionality
• Processing transactions and sending related information
• Delivering customer support and responding to inquiries
• Troubleshooting and technical support

Compliance and Legal Obligations

• Complying with applicable laws, regulations, and regulatory requests
• Enforcing our Terms of Service and other agreements
• Protecting against fraud, abuse, and security threats
• Maintaining audit trails and records for regulatory purposes
• Specific to medical aesthetics: Supporting compliance with healthcare marketing regulations and codes of conduct

Marketing and Communications

• Sending product updates, announcements, and newsletters (with your consent where required)
• Notifying you about changes to our services
• Conducting surveys and gathering feedback
• Promotional communications (you can opt out at any time)

Analytics and Improvement

• Analyzing platform usage to understand user behavior and preferences
• Improving features, design, and user experience
• Measuring the effectiveness of marketing campaigns
• Developing new features and services

Aggregation and De-identification

• Creating aggregated, anonymized insights about content performance and trends
• Benchmarking clinic performance against industry standards
• Training machine learning models for content recommendations (using de-identified data)

3. Data Sharing and Disclosure

Shared with Service Providers

We share personal information with trusted third-party service providers who assist us in operating the platform and providing services to you. These include:

• Cloud hosting and storage providers
• Payment processors and financial institutions
• Analytics providers
• Customer support and communication platforms
• Email delivery services

All service providers are contractually bound to use your information only as necessary to provide services and to maintain confidentiality and security.

Clinic and Organization Data Sharing

Within your clinic or organization, administrators and authorized staff may have access to:

• Your account information and activity logs
• Content and campaigns you create
• Performance analytics and reporting data

Legal Requirements and Safety

We may disclose your personal information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with applicable laws, regulations, court orders, or governmental requests
• Enforce our Terms of Service and other agreements
• Protect against fraud, security, or technical issues
• Protect the rights, privacy, safety, or property of RedPulse, our users, or the public

Business Transfers

If RedPulse is involved in a merger, acquisition, bankruptcy, dissolution, or asset sale, your personal information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

Aggregated and De-identified Data

We may share aggregated, anonymized data and insights with partners, researchers, and the public without restriction. This data cannot identify you.

Cross-border Data Transfer

4. Data Retention

We retain personal information for as long as necessary to provide our services and comply with legal obligations. The retention period depends on the context of processing and varies by data type:

Retention Periods

• Account Information: Retained while your account is active and for 2 years after account deletion or closure
• Content and Posts: Retained for the duration of your use of our platform. Upon account deletion, content may be retained in backup systems for up to 90 days
• Usage and Analytics Data: Typically retained for 24 months for analysis and platform improvement
• Payment and Transaction Records: Retained for 7 years to meet tax and financial regulation requirements
• Support Communications: Retained for 3 years for customer service continuity and dispute resolution
• Audit Logs: Retained for 2 years for security and compliance purposes

Deletion and Anonymization

When personal information is no longer necessary, we will either delete it or anonymize it so that it cannot be associated with you. However, we may retain anonymized data indefinitely for analytics and business intelligence purposes.

5. Your Rights

Depending on your location, you may have certain rights regarding your personal information. We provide these rights to all users globally:

Universal Rights

• Right to Access: You have the right to request a copy of the personal information we hold about you
• Right to Correction: You can request that we correct inaccurate or incomplete personal information
• Right to Delete: You may request deletion of your personal information, subject to legal obligations to retain certain data
• Right to Withdraw Consent: If we are processing your data based on consent, you may withdraw it at any time
• Right to Data Portability: You can request your data in a machine-readable format to transfer to another service provider
• Right to Opt-out of Marketing: You can unsubscribe from promotional communications at any time

Malaysia (PDPA)

Exercising Your Rights

To exercise any of these rights, please contact us using the information in the Contact Us section. We will respond to requests within 30 days (or as required by applicable law). We may ask for verification of your identity before responding to ensure the security of your personal information.

6. Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit our platform. They allow us to recognize you, remember your preferences, and understand how you use the platform.

Types of Cookies We Use

• Essential Cookies: Required for the platform to function (authentication, security, session management)
• Performance Cookies: Help us understand how users interact with the platform and where we can improve
• Functional Cookies: Remember your preferences and settings (language, theme, clinic selection)
• Marketing Cookies: Used to deliver relevant content and measure marketing effectiveness

Third-Party Tracking

We use third-party analytics services (such as Google Analytics) to analyze platform usage. These services may place their own cookies on your device. You can control third-party cookie tracking through your browser settings or opt-out tools provided by the service providers.

Your Cookie Choices

Most browsers allow you to refuse cookies or alert you when cookies are being sent. Note that refusing cookies may affect your ability to use certain features of the platform. You can also control cookies through your browser settings or use privacy tools.

7. Children's Privacy

RedPulse is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18 without parental consent. If we become aware that a child under 18 has provided us with personal information without appropriate consent, we will delete such information and terminate the child's account.

If you believe we have collected information from a child under 18, please contact us immediately at the address below.

8. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Access controls and user authentication (login credentials, multi-factor authentication options)
• Regular security audits and vulnerability assessments
• Employee training on data protection and confidentiality
• Secure development practices and code reviews

However, no security system is impenetrable. We cannot guarantee absolute security of your information. You are responsible for keeping your account credentials confidential.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by updating the "Effective Date" at the top of this policy and, where required, by sending you an email notification or displaying a notice on the platform.

Your continued use of RedPulse after changes become effective constitutes your acceptance of the updated Privacy Policy. We recommend reviewing this policy periodically to stay informed about how we protect your information.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our handling of your personal information, please contact us:

We will acknowledge receipt of your request within 5 business days and respond fully within 30 days (or as otherwise required by law).