Legal

Privacy Policy

Draft notice: This page summarizes our privacy practices and is provided for product-planning purposes. The full policy, reviewed by legal counsel, will be published here before public launch.

1. Introduction

China Medical and Tourism connects international patients with hospitals in China and coordinates related travel services. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. Because we process health-related information, a sensitive category of data, we apply heightened safeguards throughout.

2. Information We Collect

Account information (name, email, phone), identity documents (passport details), health information (medical history, diagnostic reports, treatment records), payment billing details, in-platform communications, and travel details such as flight information and emergency contacts.

3. How We Use Your Information

To create and manage your account, match you with hospitals, prepare visa documentation, arrange hotel and transfer bookings, process payments, and communicate about your case. We never use health information for advertising or sell it to third parties.

4. Who We Share Information With

Your treating hospital/doctor, your assigned case manager, hotel and transport partners you book with, our payment processor, and immigration authorities as required for visa support. Partners are contractually bound to protect your data — we do not sell personal information.

5. International Data Transfers

Because our services connect patients across borders with hospitals in China, personal data may be transferred to and processed in China and other jurisdictions. Where required by applicable law, we use approved transfer mechanisms and only transfer the minimum data necessary.

6. Data Retention

Account and case data is retained for the duration of your relationship with the platform plus a defined period for legal and financial record-keeping. Identity and medical documents are retained only as long as necessary, then securely deleted.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal information, and to withdraw consent at any time. Contact us to exercise these rights.

8. Security

We apply encryption in transit and at rest, role-based access control, and audit logging of document access. No system is completely secure; we will notify affected users of a data breach as required by law.