This statement describes how Logara AI (“Logara”, “we”) handles personal data provided by Singapore clinics under the Personal Data Protection Act 2012 (“PDPA”). It is a summary. A complete Data Processing Agreement (DPA) is signed before engagement.
1. Who we are
Logara AI is the operating brand of a Singapore-operated healthcare SEO and AEO practice serving dental, aesthetic, veterinary, and Traditional Chinese Medicine clinics. Our Singapore Unique Entity Number (UEN) and registered address are provided on the signed DPA.
2. Personal data we do NOT collect
- Patient names, NRIC numbers, or FIN numbers
- Medical records, diagnoses, or treatment history
- Appointment times or slot availability tied to a named patient
- Payment details for individual patients
- Any data classified as health information under PDPA
Our SEO and AEO workflow does not require access to the clinic's patient management system, booking calendar, or medical records. If a clinic shares such data by accident (e.g. a screenshot containing a patient name), we delete it immediately and notify the clinic.
3. Personal data we DO process
- Clinic owner / operator name, email, and phone number. Used for communication about the engagement
- Clinic business details (practice name, address, phone, services offered, hours of operation). Used to build and maintain Google Business Profile listings and schema markup
- Google Search Console, Google Analytics, and Google Business Profile API tokens (encrypted at rest). Used for read-only access to keyword, traffic, and review data
- Aggregated, anonymised keyword ranking and AI-citation data. Used for reporting and performance tracking
4. Purpose of collection
Personal data is collected and used for one purpose: delivering the SEO and AEO services the clinic has contracted us for. It is not used for marketing to third parties, sold to data brokers, or used to train third-party AI models.
5. Consent
Consent is obtained at two points:
- On signing the DPA, the clinic consents to the specific data flows described in that document.
- On connecting Google services, the clinic operator completes Google's own OAuth consent flow, which is independent of our systems.
Consent may be withdrawn at any time by emailing privacy@logara-ai.com. On withdrawal we cease processing within 30 days.
6. Data protection officer
Our Data Protection Officer can be contacted via the Logara Team. DPO queries should be directed to privacy@logara-ai.com with subject line “PDPA Enquiry”. We respond within 3 working days.
7. Data storage and transfers
- Primary database: Supabase (PostgreSQL) with row-level security and multi-tenant isolation.
- Data residency: Clinic-identifiable data is stored in Singapore or regions with equivalent PDPA-compatible data-protection standards.
- Sub-processors: Twilio (telephony), Stripe (payments), OpenAI (content generation), DataForSEO (keyword data). Each is bound by a data-processing agreement and publicly publishes a privacy policy.
- Cross-border transfers: When data is processed outside Singapore, we rely on contractual safeguards recognised under the PDPA Transfer Limitation Obligation.
8. Your rights under the PDPA
- Access: Request a copy of your personal data.
- Correction: Request correction of inaccurate personal data.
- Withdrawal of consent: Withdraw consent at any time. Processing ceases within 30 days.
- Complaint: Lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore.
9. Breach notification
In the event of a data breach affecting clinic or clinic-operator personal data, we notify the affected clinic within 72 hours and, where required by the PDPA, notify the Personal Data Protection Commission within the statutory window.
10. Related policies
This statement is read alongside our global Privacy Policy and the Data Processing Agreement shared before engagement.
11. Contact
Logara AI: Data Protection Officer
Email: privacy@logara-ai.com
Subject: PDPA Enquiry