Last updated: 1 January 2026
This Privacy Policy is issued by MOVO-X Sdn Bhd (operating as MOVO-X Malaysia), the Data User as defined under Malaysia's Personal Data Protection Act 2010 (PDPA 2010).
Contact: privacy@movo-x.com
This policy is governed by the Personal Data Protection Act 2010 (PDPA 2010) of Malaysia. MOVO-X Sdn Bhd is registered as a Data User with the Department of Personal Data Protection (JPDP) Malaysia. All personal data processing is conducted in compliance with the seven Personal Data Protection Principles under PDPA 2010.
We collect and process the following categories of personal data:
| Category | Details |
|---|---|
| Clinic administrator | Name, email address, role, phone number |
| Patient NRIC | SHA-256 hash only — raw IC number is NEVER stored |
| Queue / appointment data | Arrival time, department selected, wait time, call time |
| Kiosk usage logs | Device ID, timestamp, action type — for audit and analytics |
| PDPA consent records | Consent timestamp, version, kiosk device ID |
| Clinical records | NOT collected or stored — queue metadata only |
All patient and operational data is stored in ASEAN-resident infrastructure:
No patient personal data is transferred outside ASEAN except to Anthropic (AI triage, zero data retention mode — data not persisted by Anthropic after processing).
As a data subject under PDPA 2010, you have the right to:
To exercise your rights: privacy@movo-x.com
We use the following third-party subprocessors to deliver our services:
In the event of a confirmed personal data breach involving Malaysian residents' data: PDPC Malaysia will be notified within 72 hours. Affected data subjects will be notified within 7 days. Enterprise customers will receive a full incident report within 14 days.
Privacy enquiries: privacy@movo-x.com
Data Protection Officer: dpo@movo-x.com
MOVO-X Sdn Bhd, Kuala Lumpur, Malaysia