Skip to main content

Legal & Compliance

Data Retention Policy

Operational retention principles for DemyHealth records.

Last updated: June 19, 2026 Β· Policy version 2026-06-19

Patient records

Patient records are retained for clinical, legal, regulatory and audit needs.

Lab request data

Lab request, sample and result data may be retained to support traceability and quality management.

DNA records

DNA records require heightened confidentiality and retention periods should be configured after legal review.

Payment records

Payment records are retained for accounting, tax, audit and dispute purposes.

Website enquiries

Website enquiries are retained only as long as needed for response, CRM follow-up and compliance.

CRM leads

CRM leads should be reviewed and deleted or anonymised when no longer required.

B2B/partner records

Partner records are retained according to contract, consent, patient safety and regulatory needs.

Backups

Backups may retain data for a limited technical period before rotation or secure deletion.

Deletion/anonymisation process

DemyHealth should delete, anonymise or restrict data where applicable and lawful.

Legal/regulatory exceptions

Deletion may be delayed where retention is required for legal claims, regulatory duties, audits, patient safety or fraud prevention. Exact periods are configurable placeholders requiring counsel confirmation.

WhatsApp
Book Now Enterprise Inquiry