Privacy Policy

 Effective Date: 9 June 2025
Business Name: KureHealth.ai
Email: kureai.healthcare@gmail.com
Website: https://www.kurehealth.ai

1. Introduction

KureHealth AI Indonesia (“KureHealth.ai,” “we,” “our,” or “us”) is a health technology company based in Indonesia that provides AI-powered patient engagement and medical scribing solutions for healthcare providers.

We are committed to protecting the privacy and security of your personal data in compliance with Indonesia’s Personal Data Protection Law (Law No. 27 of 2022), the Health Law (Law No. 17 of 2023), and other applicable healthcare and data protection regulations.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website, applications, and AI healthcare services.

2. Scope

This policy applies to:

  • Healthcare professionals and institutions using our AI solutions.

  • Patients whose data is processed via our system.

  • Visitors to our website and digital platforms.

3. Personal Data We Collect

A. Patient Data

We may collect personal information such as:

  • Full name, gender, date of birth, and contact details.

  • Medical history, consultation notes, prescriptions, and diagnostic information.

  • Appointment schedules, communication records, and patient feedback.

B. Healthcare Provider Data

We may collect:

  • Name, title, professional credentials, contact information, and affiliated healthcare institution.

  • User account details (e.g., email, username, password).

C. Technical Data

When using our website or digital platforms, we may automatically collect:

  • IP address, browser type, and device information.

  • Session logs, cookies, and interaction data.

4. Purpose of Data Processing

We process personal data for the following purposes:

  1. Service Delivery – to enable AI-assisted medical scribing, note generation, and patient communication.

  2. Patient Engagement – to send reminders, notifications, and collect feedback.

  3. Product Improvement – to train and enhance our AI systems using anonymized or aggregated data.

  4. Legal Compliance – to meet regulatory obligations under Indonesian healthcare and data laws.

  5. Security – to prevent misuse, protect integrity, and ensure service reliability.

5. Legal Basis for Processing

KureHealth.ai processes personal data under the following legal grounds:

  • Explicit consent provided by data subjects.

  • Performance of a contract with healthcare providers or institutions.

  • Legal obligations under Indonesian health and data protection laws.

  • Legitimate interests in improving healthcare quality and operational efficiency.

6. Data Storage and Retention

  • All data is stored securely in servers located in Indonesia or in jurisdictions approved by the Indonesian government.

  • Medical records are retained for a minimum of 5 years in compliance with healthcare regulations.

  • Anonymized or aggregated data may be retained for AI research and development.

  • When retention periods expire, data is safely deleted or anonymized.

7. Data Sharing and Disclosure

We may share data only under strict confidentiality and legal conditions with:

  • Healthcare institutions using our services.

  • Technology vendors (e.g., cloud service providers) bound by data processing agreements.

  • Government authorities when required by law or court order.

We do not sell or trade personal data.

If data must be transferred outside Indonesia, KureHealth.ai will ensure compliance with cross-border data transfer rules under the UU PDP, including adequate protection and written consent where applicable.

8. Data Security

We maintain a high level of security using:

  • AES-256 encryption for data at rest and in transit.

  • Role-based access control and identity authentication for users.

  • Regular audits, monitoring, and incident detection systems.

  • Secure cloud environments certified to ISO 27001 and equivalent standards.

9. Your Rights

You have the right to:

  • Access and obtain a copy of your personal data.

  • Request correction or deletion of inaccurate data.

  • Withdraw consent for data processing.

  • Request restriction or objection to processing.

  • File a complaint to the Ministry of Communication and Informatics (Kominfo) if you believe your data rights are violated.

Requests can be submitted via contact@kurehealth.ai.

10. Data Breach Notification

If a personal data breach occurs that may harm your rights, KureHealth.ai will notify affected individuals and Kominfo within 72 hours of discovery, as required by law.

11. Children’s Data

Our services are not directed to individuals under 18 years old unless authorized by a parent, guardian, or licensed healthcare provider.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect regulatory or operational changes. Updates will be published on our website with a new effective date.

13. Contact Information

For questions, requests, or concerns about this Privacy Policy, please contact:


KureHealth AI
Email: kureai.healthcare@gmail.com