Privacy Policy

1. Introduction

Lumira Health (“Lumira”, “we”, “us”, or “our”) is a SaaS clinic-management software platform developed by PT Lumira Solusi Digital, based in Bali, Indonesia. Lumira provides digital tools for healthcare facilities (“Clinics”), including appointment scheduling, patient record management, billing, inventory management, and electronic medical records (EMR).

This Privacy Policy explains how we collect, use, store, protect, and share personal data — including specific personal data — when you use the Lumira platform, whether as a Clinic operator, healthcare professional, clinic staff, or indirectly as a patient whose data is managed by a Clinic using Lumira.

Lumira acts as a data processor on behalf of Clinics. The Clinic, as data controller, is fully responsible for obtaining explicit consent from its patients before processing health data through the Lumira platform. The relationship between Lumira and the Clinic is governed by a Data Processing Agreement (DPA). Formalisation of the DPA with every Clinic is being implemented in phases; current status is described in Section 12.2. Clinic operators and staff who register and use the platform agree to Lumira Health’s Terms of Use and Data Processing Agreement. If you do not agree with these terms, please discontinue use of the platform.

2. Legal Basis and Regulatory Framework

This Privacy Policy is prepared in accordance with the following Indonesian laws and regulations:

• Law No. 27 of 2022 on Personal Data Protection (the “PDP Law”)
• Minister of Health Regulation No. 24 of 2022 on Medical Records
• Law No. 17 of 2023 on Health (partially replacing Law No. 36 of 2009)
• Law No. 29 of 2004 on Medical Practice
• Minister of Communications and Informatics Regulation No. 20 of 2016 on Personal Data Protection in Electronic Systems (now under the Ministry of Communications and Digital Affairs / Komdigi)

Lumira is designed as an Electronic Medical Records (EMR) system intended to meet the requirements of Permenkes No. 24/2022. Regulatory compliance is being achieved progressively, including the SatuSehat integration with the Ministry of Health which is in phased implementation (see Section 6.3).

3. Personal Data We Collect

We collect different categories of personal data depending on who you are and how you interact with Lumira.

3.1 Clinic Operators and Staff

• Full name, job title, and role within the clinic
• Email address and phone number
• Professional credentials (SIP, STR) for healthcare professionals
• Login credentials (securely hashed passwords)
• Activity logs and audit trails within the platform

3.2 Patient Data (Processed on Behalf of Clinics)

Patient data is entered by Clinic operators and staff. Lumira processes this data as a data processor on behalf of the Clinic (the data controller). The Clinic is fully responsible for the lawful basis of patient-data processing, including obtaining any necessary consent. Patient data may include:

• Full name, date of birth, sex, and nationality
• National Identity Number (NIK), stored in encrypted form
• Contact information: phone, email, home address
• Health and medical information: diagnoses (ICD-10 codes), SOAP notes, vital signs (blood pressure, heart rate, temperature, SpO2, respiratory rate, weight), pain scores, clinical assessments, discharge summaries, treatment plans, and prescribed medications
• Appointment history and visit notes
• Billing and payment records
• Documents and files uploaded by the Clinic (e.g. referrals, scan results)
• Internal patient notes and annotations

3.3 Pharmacy and Medical Device Inventory Data

For Clinics using the inventory feature, we may process data related to stock of medicines, medical devices, and other healthcare products managed by the Clinic. This data is not patient personal data but is subject to the same security and retention provisions.

3.4 Technical and Usage Data

• IP address and device information
• Browser type and operating system
• Session data, feature-usage logs, and error logs
• Timestamps of actions performed in the platform

4. How We Use Personal Data

We use personal data for the purposes below. Each processing activity is conducted on a lawful basis under the PDP Law No. 27/2022:

4.1 Providing the Lumira Platform

Legal basis: performance of a contract (Article 20(2)(b) PDP Law).

• Create and manage user accounts for Clinic operators and staff
• Enable appointment scheduling, patient record management, billing, inventory, and clinical documentation
• Authenticate users and maintain session security
• Display and process medical records, vitals, diagnoses, and treatment plans

4.2 Regulatory Compliance

Legal basis: legal obligation (Article 20(2)(c) PDP Law).

• Ensure electronic medical records are managed under Permenkes No. 24/2022
• Retain electronic medical records for at least five (5) years from the patient’s last visit, as required for clinics and independent practice
• Support data interoperability with the Ministry of Health’s SatuSehat platform — this integration is in phased implementation (see Section 6.3)
• Maintain pharmacy and medical device inventory records as required

4.3 Communications

Legal basis: performance of a contract and legitimate interest.

• Send transactional messages relating to platform activity (e.g. invitations, password resets)
• Provide support and respond to inquiries
• Send product updates, compliance notices, and service announcements

4.4 Platform Improvement

Legal basis: legitimate interest — data is aggregated and anonymised.

• Analyse aggregated, anonymised usage data to improve features and the user experience
• Monitor platform performance, service availability, and security

5. Specific Personal Data

Health and medical information, NIK, and medical records are classified as Specific Personal Data under the PDP Law No. 27/2022. We apply the following additional safeguards:

• Field-level AES-256-GCM encryption for stored NIK values
• Access controls so that only authorised Clinic staff can view patient records according to their assigned roles
• All data encrypted in transit using TLS 1.2 or higher
• Medical record data is never used for advertising or sold to third parties

6. Sharing and Disclosure

We do not sell personal data. We may share data in the following limited circumstances:

6.1 With Service Providers

We engage third-party service providers under strict data-processing agreements:

• Cloud infrastructure and production database hosting — hosted in the Southeast Asia region
• Database hosting for the staging environment — hosted in the United States (see Section 6.4)
• Document and file storage — with data residency in the Asia-Pacific region
• Payment processing for Clinic billing features — operating in Indonesia
• Transactional email delivery — see Section 6.4 regarding international transfers
• Queue and asynchronous task-processing services — see Section 6.4 regarding international transfers

6.2 With Law Enforcement or Regulators

We may disclose personal data where required by applicable law, court order, or government authority, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Lumira, its users, or others.

6.3 SatuSehat Platform Integration (Ministry of Health)

Permenkes No. 24/2022 requires EMR systems to support data interoperability with the Ministry of Health’s SatuSehat platform. Lumira is implementing this integration in phases.

Once SatuSehat integration is active, the data that will be transmitted includes:

• Medical record data in HL7 FHIR R4 format as required by regulation
• ICD-10 diagnosis codes mapped from the ICD-11 codes displayed to clinicians
• Relevant patient identity data (including NIK) for verification and national integration

Disclosure to SatuSehat will be made solely on the basis of legal obligation. Until the integration is live, no patient data is transmitted to SatuSehat through Lumira. Clinics using Lumira must inform their patients of this reporting obligation once integration is active.

6.4 International Data Transfers

Some of our service providers may process data outside Indonesia. Specifically:

• Transactional email delivery provider — infrastructure based in the United States. Data transmitted is limited to email addresses, user names, and the content of transactional emails; it does not include medical record data.
• Asynchronous task-processing provider — infrastructure based in the United States. Data processed is limited to task metadata and does not directly include patient medical record data.
• Staging database hosting — infrastructure based in the United States. The staging environment uses synthetic test data exclusively and never processes production or real patient data; production medical record data is stored exclusively in Southeast Asia cloud infrastructure.

For any data transfer outside Indonesia, we ensure the service provider is bound by contractual provisions that provide a level of protection equivalent to PDP Law No. 27/2022, as set out in Article 56 of the PDP Law. Patient health data (medical records, NIK, clinical data) is never transferred outside Indonesia except where required by law.

6.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users and ensure continued protection under this Privacy Policy.

7. Data Retention

We retain personal data for as long as necessary to provide the Lumira platform and fulfil the purposes described in this Privacy Policy, with the following minimums:

• Electronic medical records (EMR): at least five (5) years from the patient’s last visit, in accordance with Indonesian healthcare regulations applicable to clinics and independent practice
• Financial and billing records: at least five (5) years, per Indonesian tax and accounting rules
• Clinic operator and staff account data: retained for the duration of the Clinic’s active subscription, and deleted within 90 calendar days following successful verification. Verification is performed by confirming the requester’s identity via the registered email.

After the retention period expires, data is securely deleted or anonymised.

8. Your Rights Under the PDP Law

Under the Indonesian Personal Data Protection Law (PDP Law No. 27/2022), individuals have the following rights over their personal data:

• Right to be informed: to know what personal data we hold about you and how it is processed
• Right of access: to request a copy of your personal data
• Right of rectification: to request correction of inaccurate or incomplete personal data
• Right of erasure: to request deletion of personal data, subject to legal retention obligations
• Right to restrict processing: to request restriction of processing in certain circumstances
• Right to withdraw consent: where processing is based on consent, the right to withdraw it at any time without affecting the lawfulness of processing prior to withdrawal
• Right to object: to object to certain processing activities, including processing based on legitimate interest
• Right to data portability: to receive your personal data in a structured, machine-readable format
• Rights related to automated decisions: not to be subject to decisions made solely by automated processing that produce legal or similarly significant effects. Lumira does not currently use automated processing to make decisions with legal effect for individuals.

To exercise these rights, please contact us using the details in Section 13. We will respond within 14 working days. Some rights may be subject to legal limitations, in particular where data retention is required by Indonesian healthcare regulations.

9. Cookies and Tracking Technologies

Lumira uses session cookies and local storage to maintain your authentication session and remember your preferences within the platform. We do not display advertisements on the Lumira platform, and we do not permit advertisers to promote products or services to users through Lumira.

We also use third-party analytics and user-experience monitoring services to understand platform usage and improve our product. These services collect aggregated navigation-behaviour data and anonymised session recordings. Data is sent to provider servers located outside Indonesia (see Section 6.4). We enable masking features in session-recording services to ensure sensitive content and form inputs are not recorded.

Third-party analytics services are used solely for internal analytics and product improvement, not for advertising. Their use is based on legitimate interest under the PDP Law. You may object to this processing by contacting us using the details in Section 13.

You can disable cookies via your browser settings, but doing so may cause some platform features to stop working correctly.

10. Data Security

We implement appropriate technical and organisational measures to protect personal data from unauthorised access, disclosure, alteration, and destruction, including:

• TLS 1.2+ encryption for all data in transit
• Field-level AES-256-GCM encryption for sensitive stored data (NIK)
• Role-based access controls — staff can only access data relevant to their role
• Audit logging of every sensitive data-access event
• Multi-tenant architecture with strict entity-ID isolation — each Clinic’s data is isolated from others
• Secure credential management — passwords are never stored in plain text
• Cloud hosting infrastructure with regional data residency in Southeast Asia

No system is fully secure. In the event of a data breach likely to cause significant harm to individuals, we will notify affected parties.

11. Patients Under Age

Lumira is a B2B platform used by healthcare facilities. Clinics may record data relating to underage patients (individuals under 18). Such data is handled with the same security and confidentiality standards as adult patient data. The Clinic is responsible for ensuring it has the appropriate legal basis (e.g. consent from a parent or legal guardian) to process underage patient health data in accordance with Law No. 17 of 2023 on Health.

12. Regulatory Compliance Roadmap

PT Lumira Solusi Digital is committed to meeting all applicable regulatory obligations progressively and responsibly. The status of key obligations as of this Policy’s effective date is below:

12.1 Fulfilled

• Data encryption (TLS 1.2+, AES-256-GCM for NIK) — active
• Role-based access controls and audit logging — active
• Third-party payment-gateway integration — active
• Data storage in Southeast Asia cloud region — active
• Registration as an Electronic System Provider (PSE) with Komdigi

12.2 In Progress

• Formal appointment of a Data Protection Officer (DPO) — in progress
• Formal DPA execution with each onboarded Clinic — being drafted
• Data Protection Impact Assessment (DPIA) for high-risk processing — scheduled
• SatuSehat (HL7 FHIR R4) integration under Permenkes No. 24/2022 — targeted post-MVP

12.3 Update Commitment

Lumira Health commits to updating this Privacy Policy and notifying users whenever a material change occurs in the compliance status above, including when SatuSehat integration becomes active and when a formal DPO is appointed.

13. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact:

PT Lumira Solusi Digital
Bali, Indonesia
Email: support@lumirahealth.co
Website: www.lumirahealth.co.id

For complaints that cannot be resolved through direct contact, you may submit a complaint to the Ministry of Communications and Digital Affairs of the Republic of Indonesia (Komdigi) or the relevant supervisory authority under the PDP Law No. 27/2022.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, platform features, or applicable law. When we make material changes — including when SatuSehat integration becomes active or a formal DPO is appointed — we will notify Clinic operators by email and/or in-platform notice at least 14 days before the changes take effect.

The latest version of this Privacy Policy is always available inside the Lumira platform under Settings and on our website. Version history is available upon request.