Privacy Policy

Mon AI (“Mon AI”, “we”, “us”, or “our”) is committed to protecting privacy and handling personal information in a transparent, secure, and lawful manner. Mon AI is headquartered in Singapore through One Health Technologies Pte Ltd and operates in Australia through Neemon Investments Pty Ltd (ABN 36 498 582 441). This Privacy Policy explains how personal information is collected, used, disclosed, stored, and protected when you use our website, app, and related services (collectively, the Services).

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, we will ask for your consent before using non-essential cookies, tracking technologies, or marketing tools.

Definitions

In this Privacy Policy:

App or Application

means the Mon AI software application.

Company

means One Health Technologies Pte Ltd and, for Australian operations, Neemon Investments Pty Ltd (ABN 36 498 582 441). Depending on the context, “Mon AI”, “we”, “us”, and “our” may refer to either or both entities.

Cookies

means small text files stored on your device by your browser to support functionality, preferences, analytics, security, and related purposes.

Customer

means a person, clinic, healthcare provider, organisation, or other entity that registers for or uses the Services.

Device

means any internet-connected device used to access the Services.

End User

means an individual whose information is processed through the Services by or on behalf of a Customer.

Personal Information or Personal Data

means information or an opinion about an identified individual, or an individual who is reasonably identifiable. Where applicable, this includes sensitive information, including health information and other protected health information.

PHI

means protected health information or other sensitive clinical information processed through the Services.

Services

means the Mon AI app, website, APIs, communications, and related features and services we provide.

Third-Party Services

means products, software, infrastructure, or services provided by third parties that support or integrate with the Services.

You

means the person or entity accessing or using the Services.

Information We Collect

We may collect personal information in the following ways.

Information you provide directly

We may collect information you provide when you:

• create an account,
• subscribe to or purchase Services,
• contact support,
• complete forms or surveys,
• upload content,
• communicate with us or through the Services.

This may include:

• name,
• username,
• email address,
• job title or professional role,
• account credentials,
• billing and subscription information,
• support requests and related communications,
• any other information you choose to provide through the Services.

Device permissions

If you choose to grant access, we may collect:

• Camera access to allow you to capture and upload images through the App.
• Photo library or gallery access to allow you to select and upload images or files from your device.

These permissions are optional and can be managed through your device settings.

Information collected automatically

When you use the Services, we may automatically collect limited technical and usage information such as:

• IP address,
• browser type and version,
• device type and operating system,
• session activity,
• pages or screens viewed,
• dates and times of access,
• referring URLs,
• crash logs, diagnostics, and security events.

This information may be collected through cookies, sessions, server logs, local storage, pixels, SDKs, and similar technologies.

Information from third parties

We may receive personal information from third parties where permitted by law, including:

• Customers who provide information about End Users,
• payment providers,
• fraud prevention or identity verification providers,
• analytics or campaign providers,
• professional or social platforms where you choose to interact with us.

How We Use Personal Information

We may use personal information to:

• provide, maintain, and improve the Services,
• create and manage user accounts,
• authenticate users and secure the Services,
• process subscriptions and payments,
• respond to support requests and communicate with you,
• monitor performance, diagnose technical issues, and improve usability,
• comply with legal, regulatory, clinical, and contractual obligations,
• detect, investigate, and prevent fraud, misuse, or unauthorised access,
• send service-related communications,
• send marketing communications where permitted by law or where consent has been given,
• conduct internal analytics, service development, and reporting using aggregated, de-identified, or limited technical data where appropriate.

Where required by law, we rely on an appropriate legal basis for processing, including consent, performance of a contract, compliance with legal obligations, and legitimate interests such as service security, fraud prevention, and product improvement.

Health and Clinical Information

Where the Services are used in connection with healthcare or clinical workflows, we recognise that health information and PHI are highly sensitive. We apply a higher standard of care to such information and handle it subject to applicable privacy, confidentiality, and information security obligations, including applicable Australian privacy requirements.

We do not disclose PHI, clinical records, or app content to advertising platforms, analytics platforms, or general marketing providers. PHI and app-related personal information are used only for providing the Services, supporting Customers, maintaining security, meeting legal obligations, and other limited purposes permitted by law and contract.

Access to PHI and other sensitive personal information is restricted to authorised personnel and authorised service providers who require that access to operate, secure, or support the Services, and who are subject to confidentiality and data protection obligations.

Australian Data Hosting

Mon AI is headquartered in Singapore and also operates in Australia through Neemon Investments Pty Ltd (ABN 36 498 582 441). The Mon AI production application and the related production personal information it processes are hosted and retained in Australia.

For Australian customers, and particularly for clinical, health-related, and app-related data, personal information is stored in Australia and is not routinely transferred offshore. This approach supports confidentiality, customer requirements, and compliance with applicable Australian privacy obligations, including obligations relevant to health information and cross-border disclosure.

Limited access from outside Australia may occur only where strictly necessary for administrative, legal, security, or technical support purposes, and only subject to appropriate access restrictions, confidentiality obligations, and safeguards.

Service Providers and Limited Disclosure

We use selected third-party service providers to support the operation of the Services. These providers do not receive general access to customer records, clinical records, or PHI merely because they provide infrastructure, billing, analytics, or marketing tools.

General rule

Except where strictly necessary for a provider to perform its limited role, we do not provide third-party analytics, advertising, or marketing platforms with customer records, app content, or PHI. Where technical identifiers are processed by those providers, that processing is limited to website analytics, campaign measurement, security, billing, or infrastructure support as applicable.

We take reasonable steps to ensure that service providers handling personal information on our behalf are subject to contractual and operational safeguards appropriate to the sensitivity of the information.

Cross-Border Disclosure

Because Mon AI has headquarters in Singapore, certain corporate, legal, or administrative functions may involve personnel or advisers outside Australia. However, the production app and the primary stores of personal information and PHI remain hosted in Australia, and offshore disclosure is not part of our routine operating model for customer or clinical data.

Some website analytics, advertising, or campaign tools such as Google Analytics or Meta Pixel may process limited online identifiers, device information, or usage data outside Australia, including in the United States or other jurisdictions, depending on how those providers operate. This does not involve intentional disclosure of PHI, clinical records, or substantive app content for advertising or marketing purposes.

If we disclose personal information to an overseas recipient, we will take reasonable steps to ensure the recipient handles the information consistently with applicable privacy and confidentiality obligations. Where Australian law applies, this includes taking reasonable steps consistent with APP 8 before any cross-border disclosure occurs.

Cookies and Similar Technologies

We use cookies and similar technologies such as local storage, sessions, pixels, tags, and SDKs to operate, secure, improve, and analyse the Services.

These technologies may be used for:

• Strictly necessary purposes, such as authentication, security, fraud prevention, and core site functionality.
• Functional purposes, such as remembering preferences and settings.
• Analytics and performance purposes, such as understanding how visitors use our website or product surfaces and improving performance.
• Advertising or targeting purposes, such as measuring campaign effectiveness and supporting remarketing, where permitted by law and where consent has been obtained if required.

We use tools such as Google Analytics and Meta Pixel to collect limited website and marketing performance information, such as which pages are visited, how users arrive at our site, and whether marketing campaigns are effective. These tools are used for product improvement and advertising measurement, not for sharing PHI, clinical records, or substantive app data with advertising platforms.

Where required by law, we obtain consent before placing non-essential cookies or activating non-essential analytics or advertising technologies. You can manage your preferences through any cookie banner or settings tool we make available, and through your browser settings. Blocking some cookies may affect functionality.

We do not use cookies to store PHI or sensitive clinical information directly.

Tracking Technologies

In addition to cookies, we may use:

• Local storage to remember settings or store limited app state,
• Sessions to maintain secure login sessions and app continuity,
• Pixels, tags, and SDKs to measure use of our website, communications, and campaigns, subject to consent where required.

Google Analytics and Meta Pixel may set their own identifiers or similar technologies and may process limited technical data in accordance with their own privacy terms. We use these services for analytics, campaign attribution, and product improvement only, and not as a means of providing them with PHI, customer records, or app content.

Marketing Communications

If you provide your email address or other contact details, we may send you service-related communications such as account notices, billing notices, support responses, product updates, or security alerts.

Where permitted by law or where consent has been given, we may also send marketing or promotional communications. You can unsubscribe from marketing communications at any time by using the unsubscribe link in the message or by contacting us directly.

Where permitted and consented to, we may use limited identifiers such as hashed email addresses for custom audience or remarketing purposes. We do not use PHI, clinical records, or substantive app data for these purposes.

Data Retention

We retain personal information only for as long as reasonably necessary to provide the Services, fulfil the purposes described in this Privacy Policy, comply with legal, clinical, contractual, accounting, and regulatory obligations, resolve disputes, and enforce our agreements.

Retention periods vary depending on the nature and sensitivity of the information and the context in which it was collected. When personal information is no longer required, we take reasonable steps to destroy or de-identify it unless retention is required or permitted by law.

Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps may include encryption in transit and at rest where appropriate, access controls, monitoring, authentication controls, backups, staff training, and contractual controls with service providers.

No method of storage or transmission is completely secure, and absolute security cannot be guaranteed. However, we continually review and improve our information security practices having regard to the sensitivity of the information we handle, including PHI and other clinical information.

Your Rights and Choices

Depending on the laws that apply to you, you may have rights to:

• access personal information we hold about you,
• request correction of inaccurate or incomplete personal information,
• request deletion of personal information in certain circumstances,
• object to or restrict certain processing,
• withdraw consent where processing is based on consent,
• request a copy of certain information in a portable format where applicable,
• opt out of certain marketing and targeted advertising activities.

If we process personal information on behalf of a Customer, we may direct your request to that Customer where they are the primary controller or responsible entity for that information.

To exercise your rights, please contact us using the details below. We may need to verify your identity before acting on your request.

Regional Privacy Rights

Australia Privacy Rights

If Australian privacy law applies to your information, you may request access to and correction of your personal information, and you may make a complaint if you believe we have breached the Privacy Act 1988 (Cth) or the Australian Privacy Principles. We will consider complaints in accordance with our legal obligations and respond within a reasonable time.

If you are not satisfied with our response, you may be able to contact the Office of the Australian Information Commissioner.

Singapore Privacy Rights

If Singapore law applies, personal data is handled in accordance with the Personal Data Protection Act 2012 (Singapore). Subject to applicable exceptions, you may request access to and correction of your personal data, and you may withdraw consent for certain uses of your personal data.

EEA and UK Privacy Rights

If the GDPR or UK GDPR applies to your personal data, you may have rights of access, correction, erasure, restriction, portability, objection, and the right to withdraw consent where consent is the legal basis for processing. You may also have the right to lodge a complaint with your local supervisory authority.

California and Other US State Privacy Rights

If you are a California resident or resident of another US state with applicable privacy rights, you may have rights including the right to know, access, correct, delete, and opt out of the sale or sharing of personal information for targeted advertising, subject to applicable exceptions. Where required, we will provide an appropriate opt-out mechanism.

We do not sell personal information for money in the ordinary sense. If the use of certain advertising technologies constitutes “sharing” under applicable US law, we will provide the disclosures and rights required by that law. We do not use PHI or clinical records for such advertising purposes.

Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information directly from children under 13 without appropriate authorisation where required by law. If we become aware that we have collected such information in a manner inconsistent with applicable law, we will take reasonable steps to delete it.

If you believe a child has provided personal information to us inappropriately, please contact us.

Third-Party Links and Services

The Services may contain links to third-party websites, integrations, or services that are not operated by Mon AI. We are not responsible for the privacy, content, or security practices of those third parties. Your use of third-party services is subject to their own terms and privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, operations, legal requirements, or privacy practices. When we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice through the Services or by other reasonable means.

Your continued use of the Services after an updated Privacy Policy takes effect means you acknowledge the updated policy.

Contact Us

If you have any questions, requests, or complaints about this Privacy Policy or our handling of personal information, you can contact us at: