We treat your data like a medical file: confidential, purpose-bound, and never for sale.
NutriVital Malaysia operates under Malaysian law and medical ethics standards. Your consultation notes, meal preferences, and health markers are stored to serve you—and only you. We do not monetize personal information. We do not share identity data with advertisers. We do not hide data usage in vague language.
This page explains exactly what we collect, why we collect it, how it's protected, and how you can control it.
What We Collect & Why
We collect only what is necessary to provide safe, evidence-based nutrition guidance. Every data point has a clear clinical or operational purpose.
- Identification & Contact: Name, email, phone. Used for account access, appointment reminders, and secure messaging. Never for marketing lists.
- Health & Nutrition Markers: Weight, height, allergies, blood glucose, medication. Used to prevent interactions and tailor meal plans. Example: Nasi lemak kcal adjustment for Type 2 diabetic.
- Consultation Notes: Session summaries, uploaded food photos, goal tracking. Used to maintain continuity across visits and update plans based on progress.
- Technical Data: IP address, device type. Used for security monitoring and login protection. Not used for profiling or ad targeting.
Storage & Security Protocols
Encryption & Access Control
All health data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access is restricted to assigned nutritionists and system admins under two-factor authentication. No open ports, no raw exports.
Retention Schedule
Consultation records are kept for 7 years per Malaysian medical record guidelines. Marketing opt-in records are kept until you unsubscribe (max 24 months). You can request deletion anytime via email, subject to legal retention limits.
Data Residency
Servers are physically located in Malaysia. We do not transfer personal data outside the country unless you explicitly request international coordination (e.g., travel consultation), in which case we use standard contractual clauses.
What Would Change Our Mind
Evidence-Based Triggers
- Assumption: Current security posture meets clinical standards.
- Constraint: Malaysian data protection acts and medical board guidelines.
- Change Condition: New breach risk (e.g., zero-day vulnerability), regulatory update, or partnership requiring data sharing would trigger a policy revision, user notification, and re-consent request.
Scenario Vignette: If a government directive requires anonymized nutrition trend reporting, we would publish the methodology, strip identifiers, and offer opt-out for the aggregated dataset.
Visual: Data handling protocol documentation.
Questions Stakeholders Should Ask
1. Is health data sold to third parties?
No. We do not sell, rent, or trade personal data. Revenue comes from consultation fees and corporate wellness programs, not data brokerage.
2. Who can access my consultation notes?
Only your assigned nutritionist and our technical security team. No unauthorized internal access, no cross-client viewing, no external analytics tools.
3. How do you handle cookies?
Essential session cookies only for login and form security. No advertising trackers. Our global consent banner (outside this page) lets you review and accept cookie categories.
4. Can I export or delete my data?
Yes. Email [email protected] for export (JSON/PDF) or deletion requests. We verify identity, then process within 30 days, subject to legal retention rules.
5. What if there's a breach?
We notify affected users within 72 hours, publish a transparent incident report, and provide free credit monitoring if identity data is involved. You'll receive steps to secure your account.
6. Do you share data with employers?
Only with your explicit consent in corporate wellness programs. Data is aggregated and anonymized; individual health markers are never shared with managers or HR.
Your Data Officer
For questions, requests, or complaints about how we handle your data, contact our designated Data Protection Officer. We respond within two business days.
Email: [email protected]
Phone: +60 3-2331 8888
Hours: Mon–Fri, 9:00–18:00
Address: Level 10, Menara 3, Petronas Twin Towers, Kuala Lumpur City Centre, 50088
How to reach us
- Request an export of your data
- Request deletion (subject to retention)
- Report a security concern