Privacy Policy

BOSOM Pte. Ltd.


Last updated: 30 May 2026

Jurisdiction: Singapore

1. Introduction

BOSOM Pte. Ltd. (“BOSOM”, “we”, “us”, or “our”) is committed to protecting your personal data in accordance with the Personal Data Protection Act 2012 of Singapore (“PDPA”) and related regulations.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you access or use our website (https://www.bosom.sg), platform, mobile applications, or services (collectively, the “Platform”).

If you do not agree to this Privacy Policy and our Terms and Conditions, please do not use any of the platforms on BOSOM. Your continued use of the Platform and our services constitutes your acknowledgement and acceptance of this Privacy Policy.

2. Scope

This Policy applies to:

  • users of the Platform (“Users”); and
  • healthcare professionals and advisors providing services via the Platform (“Providers”).

3. Personal Data We Collect

As used in this policy “personal data” means data, whether true or not, about a customer who can be identified:

  • from that data; or
  • from that data and other information to which we have or are likely to have access.

3.1 From Users

We may collect the following categories of personal data from Users, including data provided directly on the Platform:

Personal Information

  • name, gender, email address, and phone number;
  • NRIC/FIN or other government-issued identification information only where required by law or reasonably necessary for identity verification purposes;
  • nationality, country of birth, country of residence;
  • residential address;
  • date of birth (where required);
  • child’s name and date of birth;
  • booking and appointment details;
  • payment and transaction records;
  • communications with Providers or BOSOM support; and
  • any other information voluntarily shared.

Health and Sensitive Information

  • pregnancy and postpartum data;
  • lactation and feeding information;
  • parent and child’s medical history (where voluntarily provided);
  • mental health information (e.g. mood tracking, assessments); and
  • notes from consultations with providers.

Where personal data is provided on behalf of another individual (including a child), the person providing the data represents that they are authorised to do so and have obtained any necessary consents.

3.2 From Providers

We may collect:

  • identification details (NRIC / FIN / passport), where required by law or for identity verification purposes;
  • professional qualifications and licences;
  • insurance details;
  • bank account details for payment; and
  • service history and performance data.

3.3 Automatically Collected Data

When you use the Platform, we may collect:

  • IP address;
  • device type and operating system;
  • usage logs and analytics; and
  • cookies and similar technologies.

4. Purpose of Collection, Use & Disclosure

We collect, use, and disclose personal data for the following purposes:

  • providing, operating and improving the Platform;
  • facilitating bookings, scheduling, and payments;
  • verifying identities, credentials, and insurance;
  • communicating with Users and Providers;
  • handling complaints, safety issues, and escalations;
  • complying with legal and regulatory obligations;
  • send service-related communications;
  • marketing communications;
  • educational content; and
  • improving Platform functionality and user experience.

We do not sell personal data to third parties.

5. Healthcare & Sensitive Data

BOSOM is a technology platform and does not provide medical services.

  • Any health-related information shared on the Platform is processed solely to facilitate services between Users and Providers, and to support platform safety and quality assurance, in accordance with this Policy.
  • Providers are independently responsible for complying with professional confidentiality obligations.

6. Disclosure of Personal Data

BOSOM may engage third-party service providers to support the operation of the Platform, including cloud hosting providers, analytics providers, payment processors, communication tools, customer support software, and other vendors necessary to provide the Services.

We may disclose personal data to:

  • Providers (to facilitate booked services);
  • payment processors and service vendors;
  • regulators or authorities where required by law; and
  • professional advisers (such as lawyers, auditors) who are subject to confidentiality obligations.

We do not disclose personal data to NTU or other institutions except where:

  • required by law; or
  • expressly authorised by the data subject.

7. Consent

By using the Platform or providing personal data, you consent, or are deemed to have consented under the Personal Data Protection Act 2012 of Singapore (PDPA), to the collection, use, and disclosure of your personal data in accordance with this Privacy Policy.

You may withdraw your consent or request to amend or correct your personal data at any time by contacting us, subject to legal, regulatory, or contractual restrictions, and reasonable notice.

Please note that withdrawing consent may affect your ability to use certain features of the Platform.

8. Access to Provider Communications and Sessions

Who can see my interactions with my Provider?

  • You and your Provider are able to see the messages and communications exchanged between you on the Platform.
  • A licensed Provider who is part of the BOSOM Clinical Operations Team may review correspondence and case notes solely for quality assurance and safety purposes, for example:
    • where you raise a concern or complaint about your Provider; or
    • where BOSOM has reasonable concerns regarding a Provider’s professional or clinical conduct.
  • Members of BOSOM’S Trust & Safety or Legal teams may review specific communications on a limited, need-to-know basis where there is reason to believe that a security, legal, safety, or fraud issue may be occurring in relation to an account.
  • Messages with your Provider are not shared with any third party, and live sessions are not recorded, unless you expressly consent or disclosure is required by law.
  • BOSOM does not disclose to third parties whether you have sent a message or participated in a session with your Provider.

9. Safety Exceptions to Confidentiality

BOSOM or Providers may disclose information without consent where required by law or where reasonably necessary to: prevent serious harm to an individual or the public; respond to safeguarding concerns involving a child or vulnerable person; or comply with legal, regulatory, or professional obligations.

10. Emergency Situations

BOSOM is not an emergency service.

If a User is experiencing a medical or mental health emergency, they should contact emergency services or seek immediate medical assistance.

11. Accuracy of Data

You are responsible for ensuring that personal data provided to BOSOM is accurate, complete, and up to date.

You may update your information via the Platform or by contacting us.

Failure to provide accurate or complete information may affect your ability to use certain Platform features.

12. Protection & Security

12.1 Security Safeguards

BOSOM implements reasonable administrative, technical, and physical safeguards to protect personal data against:

  • unauthorised access;
  • collection, use, or disclosure; and
  • loss or misuse.

12.2 Access Controls

Access to personal data is restricted to authorised personnel only.

12.3 Security Disclaimer

Please note, however, that no method of transmission over the Internet or method of electronic storage is completely secure.

While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

12.4 User Responsibilities

Users are responsible for maintaining the confidentiality of their account credentials and for all activities conducted through their account.

13. Retention of Personal Data

Personal data is retained only as long as necessary to:

  • fulfil the purposes for which it was collected; or
  • comply with legal and regulatory obligations.

When no longer required, data is securely deleted or anonymised.

14. Access, Correction & Deletion Requests

14.1 Requests You May Make

You may request:

  • access to your personal data;
  • correction of inaccurate data; or
  • deletion of personal data where such deletion is permitted by applicable law and does not conflict with BOSOM'S legal, regulatory, professional, insurance, or record-keeping obligations.

Requests may be submitted by contacting us at support@bosom.sg / Megan@bosom.sg.

14.2 Response Time

BOSOM will respond within a reasonable time in accordance with the PDPA.

14.3 Administrative Fees

BOSOM reserves the right to charge a reasonable administrative fee for responding to access requests where permitted by applicable law.

15. Withdrawing Your Consent

15.1 Withdrawal Process

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing.

You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to our Data Protection Officer at the contact details provided below.

15.2 Processing Time

Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us.

In general, we shall seek to process your request within ten (10) business days of receiving it.

15.3 Impact of Withdrawal

Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods and/or services to you.

In such circumstances, we shall notify you before completing the processing of your request.

Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described above.

15.4 Continuing Collection, Use and Disclosure

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable laws.

16. Data Breach Notification

Where BOSOM becomes aware of a data breach involving personal data and such breach is notifiable under applicable law, BOSOM will assess the breach and notify affected individuals and/or the Personal Data Protection Commission where required.

17. Cross-Border Data Transfers

Where personal data is transferred outside Singapore, BOSOM will ensure that:

  • the receiving party provides a comparable standard of data protection; and
  • such transfer complies with PDPA requirements.

18. Cookies & Analytics

BOSOM may use cookies and analytics tools to:

  • understand usage patterns;
  • improve Platform performance.

You may disable cookies via your browser settings, but this may affect Platform functionality.

19. Changes to this Privacy Policy

BOSOM may update this Privacy Policy from time to time.

Updated versions will be published on the Platform, and we will use reasonable efforts to notify you of any material changes.

Your continued use of the Platform after such updates constitutes acceptance of the updated Privacy Policy.

20. Contact & Data Protection Officer

If you have questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact:

Data Protection Officer
BOSOM Pte. Ltd.
Email: Support@bosom.sg / Megan@bosom.sg (or designated contact)