Privacy Policy

Last updated: 1 April 2026

ClaimHub Services ("we", "us", "our") operates ClaimHub. This Privacy Policy explains how we collect, use, and protect your information in compliance with the Malaysian Personal Data Protection Act 2010 (PDPA 2010).

1. Information We Collect

Data Type	Purpose	Retention
Clinic name, address, Borang B ID	Account registration and verification	Duration of account
Admin name, email, phone	Account management and communication	Duration of account
Uploaded billing/TPA files	Reconciliation processing	90 days after processing
Patient names, visit dates, bill amounts	Reconciliation matching	90 days after processing
Payment transaction records	Credit purchase and billing	7 years (tax compliance)
IP address, browser info	Security and audit logging	30 days

2. How We Use Your Data

To provide the reconciliation service you requested
To process credit purchases and payments
To send service-related communications (account verification, license keys)
To maintain security and audit logs
To improve the Service based on usage patterns (aggregated, non-personal)

3. Data Processing (Patient Information)

ClaimHub processes patient names and billing data solely for the purpose of reconciliation matching. We act as a data processor on your behalf. Patient data is:

Used only for matching clinic records against TPA payment records
Never shared with third parties
Never used for marketing or profiling
Transmitted over encrypted HTTPS connections
Stored in tenant-isolated database partitions (your data is invisible to other clinics)

4. Data Storage and Security

Website (SaaS): Data is stored on secured servers in Malaysia with firewall protection, encrypted connections (TLS/HTTPS), and role-based access control.
LocalInstall (Desktop): Data is stored locally on your Windows PC. License keys are encrypted using Windows DPAPI. No data leaves your machine unless you use the online features.
We implement audit logging for all data access and administrative actions.
Database access is restricted to the application layer only (no direct external access).

5. Multi-Tenancy Isolation

Each clinic operates in an isolated tenant environment. Database queries are automatically scoped to your tenant. No clinic can access another clinic's data, records, or reconciliation results.

6. Third-Party Services

Fiuu / BillPlz: Payment processing. We share only the minimum information required (email, amount). Their privacy policies apply to payment data they process.
Email service: For account verification and license delivery. We share only your email address.

We do not sell, rent, or share your data with any other third parties.

7. Your Rights (PDPA 2010)

Under the Malaysian PDPA 2010, you have the right to:

Access: Request a copy of your personal data we hold
Correction: Request correction of inaccurate data
Withdrawal: Withdraw consent for data processing (this may affect your ability to use the Service)
Data export: Request export of your data in a standard format

To exercise these rights, email contact@claimhub.cc.

8. Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by PDPA 2010, within a reasonable timeframe.

9. Cookies

ClaimHub uses essential cookies for authentication and session management only. We do not use tracking cookies, analytics cookies, or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

11. Contact

For privacy-related inquiries or to exercise your data rights, contact:
ClaimHub Services
Email: contact@claimhub.cc
Address: Shah Alam, Selangor, Malaysia