Retention and Deletion Policy
This Retention and Deletion Policy ('Policy') governs the retention, archival, and deletion of personal and medical data handled by Refora Pte. Ltd. (UEN: 202555125N) ("Refora" , "we", "us", or "our") on our online referral platform at refora.app (the "Platform").
1. Purpose
This Policy establishes the principles and procedures governing the retention and deletion of personal data processed by Refora, ensuring compliance with the Personal Data Protection Act 2012 (PDPA), Ministry of Health (MOH) guidelines, and other applicable regulatory obligations.
It balances Refora's operational requirements for continuity of care with individuals' rights to data protection and privacy.
2. Scope
This Policy applies to all personal data (including health and referral data) collected, stored, processed, or transmitted through the Platform, whether held electronically or in physical form, and covers all user categories (clinics, healthcare providers, patients, and authorised staff).
3. Roles and Responsibilities
Refora acts as a data intermediary for clinic-users when processing patient information via the Platform.
Clinic-users remain the data controllers responsible for determining the purpose and duration of retention of medical data under applicable healthcare regulations.
Refora is responsible for implementing secure storage, retention, and deletion processes consistent with this Policy.
4. Retention Period
Referral and clinical data shall be retained for at least 15 years following the last date of treatment or referral activity, in line with MOH recommendations.
| Data Type | Minimum Retention Period | Basis / Justification |
|---|---|---|
| Clinical and Referral Records (including diagnostic images, notes, attachments, treatment plans, and inbound email content) | 15 years from the date of last treatment or referral activity | MOH Guidelines on Retention of Medical Records |
| Patient Personal Data (e.g. name, email, date of birth) | While the patient's account remains active, and for 2–3 years after last clinical/referral activity or completion of clinical purpose, unless required for audit or legal purposes | PDPA Retention Limitation Principle; Operational and audit requirements |
| Clinic and Doctor Account Information | While account remains active and up to 5 years thereafter | Contractual and business audit requirements |
| Billing and Financial Records | 7 years | Statutory accounting and tax retention rules |
| System Logs and Audit Trails | 2 years from creation | Security and incident tracking |
| Backups | Rolling retention; older backups purged within 90 days of deletion events | Operational continuity and security |
| Incomplete Website Widget Upload Sessions (abandoned before referral submission) | 7 days from creation, then permanently deleted | No clinical relationship established; minimal operational need |
| AI Extraction Metadata (model version, confidence scores, extraction logs) | Same period as the associated referral record | Audit and quality-assurance purposes |
Note: 15 years under MOH guidance is a minimum period, not a cap. Refora may retain data longer where legally required or where ongoing clinical, legal, or compliance needs justify continued retention.
5. Deletion Procedure
Users may request account deletion by contacting dpo@refora.app. Upon confirmation of deletion:
- All user access credentials will be revoked;
- Associated referral and communication data will be flagged for archival according to the applicable retention rules; and
- Refora will have no further obligation to provide services once the deletion process completes. Refora reserves the right, subject to law, to retain or destroy records in accordance with its internal retention and content-destruction policies.
Upon expiry of the retention period, all identifiable data will be permanently deleted or anonymised. Backups will be purged within 90 days of deletion.
6. Deletion and Anonymisation Procedures
Upon expiry of the applicable retention period, Refora will:
- Permanently delete electronic records using secure erasure tools that render data irretrievable;
- Anonymise datasets where continued retention is necessary for statistical or research purposes; and
- Purge backups containing the same data within 90 days of primary deletion.
Deletion activities are logged and periodically reviewed by Refora's Data Protection Officer.
7. Inbound Email and AI Processing Data
Raw inbound email content (subject, body, and extracted attachment text) received through the email intake feature is treated as part of the referral record to which it relates and is subject to the same 15-year minimum retention period as other clinical and referral records. The email content is encrypted at rest and accessible only to authorised users of the receiving clinic.
AI extraction metadata (including the model identifier, confidence score, and timestamp of extraction) is stored alongside the referral record and retained for the life of that record for audit and quality-assurance purposes.
Incomplete website widget upload sessions that are never converted to a referral record (e.g. because the user abandoned the form) are retained for 7 days and then permanently deleted.
8. Exceptions
Data may be retained longer where required by law, or if subject to ongoing disputes, investigations, or compliance checks.
9. Data Breach Response
In the event of a data breach, Refora Pte. Ltd. will preserve relevant logs and evidence until investigations are concluded. Please refer to our Privacy Policy for more details.
10. Review and Updates
This Policy will be reviewed at least annually or upon significant regulatory or operational changes to ensure continued compliance and adequacy.
11. Contact
For questions regarding this Policy, please contact: dpo@refora.app
Last updated: 7 April 2026
Effective date: 7 April 2026