PDPA Notice

Draft version — 7 July 2026

Draft only — legal review required before launch.

This page is a working placeholder for the Theo & Thea build. It is not final legal or regulatory advice and must not be relied on until reviewed and approved by Malaysian legal counsel.

Purpose

This notice will explain, under the Personal Data Protection Act 2010, what personal and health data is processed when you create an account, complete an assessment, or use a consultation or protocol pathway on Theo & Thea.

Consent

Consent to this notice will be captured as a versioned record — every account links to the specific version and locale of this notice you agreed to, and consent can be withdrawn subject to any legally required retention.

Marketing use

Health data will never be used for marketing without a separate, explicit opt-in, kept apart from consent to receive care.