Privacy Policy
Last updated: July 18, 2026
Who we are
MemoSnap EMR (“the Service”) is practice-management and electronic medical record software provided to licensed physicians and their clinics in the Philippines. The Service is operated by MemoSnap (“we”, “us”). We are a software provider — we are not a healthcare provider and we do not practice medicine.
Our role under the Data Privacy Act
Under the Data Privacy Act of 2012 (Republic Act No. 10173), the physician or clinic using this Service is the personal information controller of the patient records they keep. MemoSnap acts as a personal information processor: we store and process patient data only on the instructions of, and for the purposes of, the treating physician’s practice.
If you are a patient and wish to access, correct, or request deletion of your medical records, please contact your doctor or clinic directly — they control your records, and we will assist them in fulfilling your request.
What we collect
Account data— the doctor’s and staff members’ name, email address, professional license number, specialty, and login credentials (passwords are stored only as one-way cryptographic hashes).
Patient records — information the clinic enters in the course of care: patient identity and contact details, medical history, consultation notes, diagnoses, appointments, and uploaded documents such as laboratory results. This is sensitive personal information under RA 10173 and is treated with the highest level of protection.
Audit logs — a record of who viewed, created, or changed clinical records and when, kept for security and accountability.
We use a single session cookie to keep you signed in. We do not use advertising trackers or third-party analytics on the clinical application.
How data is stored and protected
Data is hosted on established cloud infrastructure: the database on Supabase (servers located in Australia), uploaded documents on Cloudflare R2 in a private bucket that is never publicly accessible, and the application on Vercel. All connections use HTTPS encryption in transit.
Access is controlled by role: staff accounts see only what their role permits (for example, a doctor’s private consultation notes are never shown to secretarial staff), platform administrators are technically blocked from browsing clinical records, and document downloads use short-lived signed links. Sensitive actions are recorded in audit logs.
Retention and deletion
Clinical records are retained for as long as the clinic’s use of the Service continues, and thereafter per the physician’s instructions and any applicable requirements on the retention of medical records. On termination of service, the clinic may request a full export of its data and its deletion from our systems.
Breach notification
In the event of a personal data breach that is likely to give rise to a real risk of serious harm, we will notify the affected clinic without undue delay so that the controller can comply with its notification obligations to the National Privacy Commission and affected data subjects within the periods required by law.
Your rights
Data subjects have the rights granted by RA 10173, including the rights to be informed, to access, to correct, to object, to erasure or blocking, to damages, and to data portability. Patients should exercise these rights through their doctor or clinic; account holders may contact us directly. Complaints may also be raised with the National Privacy Commission (privacy.gov.ph).
Contact
For privacy questions or requests, email hello@memosnap.cc.