PDPA Notice
Draft version — 7 July 2026
Draft only — legal review required before launch.
This page is a working placeholder for the Theo & Thea build. It is not final legal or regulatory advice and must not be relied on until reviewed and approved by Malaysian legal counsel.
Purpose
This notice will explain, under the Personal Data Protection Act 2010, what personal and health data is processed when you create an account, complete an assessment, or use a consultation or protocol pathway on Theo & Thea.
Consent
Consent to this notice will be captured as a versioned record — every account links to the specific version and locale of this notice you agreed to, and consent can be withdrawn subject to any legally required retention.
Marketing use
Health data will never be used for marketing without a separate, explicit opt-in, kept apart from consent to receive care.