Kalibra

Kalibra
Menu

Data Protection

Kalibra Data Protection Policy

Last updated: June 2026

1. Purpose

This Data Protection Policy explains how Kalibra Pte Ltd protects personal data that we collect, use, disclose, store, transfer, retain, or otherwise process in connection with our websites, mobile applications, web applications, Kalibra Pro, Kalibra Elite, integrations, practitioner services, enterprise services, and related operations.

This Policy supports our Privacy Policy and sets out the internal principles, controls, and responsibilities we use to protect personal data throughout its lifecycle.

2. Scope

This Policy applies to personal data relating to prospects, users, customers, patients or clients using Kalibra through a practitioner or organisation, health practitioners, coaches, clinical teams, partners, employees, contractors, job applicants, suppliers, and other individuals whose personal data is in Kalibra’s possession or control.

It applies to personal data processed by Kalibra directly and to personal data processed by service providers, affiliates, partners, or other processors acting on our behalf.

3. Legal and Regulatory Framework

Kalibra is based in Singapore and is committed to complying with Singapore’s Personal Data Protection Act 2012 (PDPA), including applicable advisory guidelines and requirements issued by the Personal Data Protection Commission (PDPC).

Where applicable, Kalibra also takes into account other privacy and data protection laws that may apply to our services or users, including the EU General Data Protection Regulation (GDPR), UK GDPR, UK Data Protection Act 2018, Swiss data protection law, and other relevant regional privacy frameworks.

4. Key Definitions

Personal data means data, whether true or not, about an individual who can be identified from that data or from that data together with other information to which Kalibra has or is likely to have access.

Processing includes collecting, recording, organising, storing, adapting, retrieving, using, disclosing, transferring, combining, restricting, deleting, or destroying personal data.

Sensitive personal data includes health, biometric, genetic, laboratory, medical, lifestyle, wearable, nutrition, sleep, activity, symptom, and other information that may require additional protection because of its nature or context.

Data subject means the individual to whom personal data relates.

Service provider means a third party that processes personal data for Kalibra or helps us provide our services.

5. Data Protection Principles

Kalibra applies the following principles when handling personal data:

  • Purpose limitation: personal data is collected, used, and disclosed only for appropriate and notified purposes.
  • Consent and lawful basis: where consent or another lawful basis is required, we will rely on an appropriate basis before processing personal data.
  • Data minimisation: we collect and use personal data that is reasonably necessary for the relevant purpose.
  • Accuracy: we take reasonable steps to keep personal data accurate and complete where it is likely to be used to make decisions about an individual or disclosed to another organisation.
  • Protection: we apply reasonable security arrangements to protect personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, transfer, loss, or similar risks.
  • Retention limitation: we retain personal data only for as long as reasonably necessary for legal, business, operational, security, or service purposes.
  • Accountability: we maintain policies, processes, vendor controls, and internal responsibilities to support compliance.
  • Transparency: we provide privacy notices, consent screens, and other information so individuals understand how their data is used.

6. Categories of Personal Data

Depending on the service and relationship, Kalibra may process the following categories of personal data:

  • Identity and contact information, such as name, email address, phone number, organisation, role, and account details.
  • Demographic and profile information, such as age, sex, goals, preferences, and lifestyle information.
  • Health and wellness information, such as symptoms, medical history, health goals, conditions, medications, nutrition, activity, sleep, recovery, body measurements, survey responses, and self-reported information.
  • Laboratory, biomarker, genetic, microbiome, imaging, PDF, report, intake, or clinical information that a user, practitioner, partner, or authorised organisation provides or connects.
  • Wearable and device information from authorised integrations, such as Apple Health, Google Fit, Samsung Health, Garmin, and other supported sources.
  • Practitioner, coach, care team, clinic, enterprise, or partner relationship information needed to provide Kalibra services.
  • Payment, billing, subscription, and transaction information where applicable.
  • Employment, contractor, applicant, supplier, and business contact information.
  • Technical, usage, cookie, analytics, diagnostic, log, device, browser, IP address, and security information.
  • Communications, support messages, feedback, forms, and marketing preferences.

7. Collection of Personal Data

Kalibra may collect personal data when an individual:

  • Creates an account or uses Kalibra services.
  • Submits a form, inquiry, support request, survey, assessment, or intake questionnaire.
  • Connects a wearable, health app, laboratory, practitioner, clinical, or other third-party integration.
  • Uploads or shares health reports, PDFs, records, test results, or other documents.
  • Uses Kalibra Pro, Kalibra Elite, or services provided through a practitioner, coach, clinic, employer, insurer, partner, or organisation.
  • Communicates with Kalibra by email, phone, video, chat, support ticket, social media, or other channels.
  • Applies for employment, contractor work, partnership, or commercial engagement.
  • Visits our websites or uses our apps, where technical and usage information may be collected automatically.

If an individual provides personal data about another person, they are responsible for ensuring they have the right or consent to do so where required.

8. Purposes of Processing

Kalibra processes personal data for purposes including:

  • Providing, operating, maintaining, and improving Kalibra services.
  • Creating and administering accounts, profiles, integrations, permissions, subscriptions, and support requests.
  • Generating health, wellness, performance, lifestyle, and care-related insights.
  • Supporting practitioners, coaches, clinicians, care teams, partners, and organisations authorised to use Kalibra with or for an individual.
  • Personalising content, priorities, recommendations, workflows, and user experience.
  • Communicating service, administrative, security, legal, product, and marketing messages.
  • Monitoring reliability, security, abuse prevention, fraud prevention, and service performance.
  • Conducting analytics, quality assurance, product development, research, and diagnostics using aggregated, de-identified, or appropriately protected information where possible.
  • Complying with legal, regulatory, tax, accounting, audit, contractual, public safety, and enforcement obligations.
  • Managing employment, contractor, supplier, partner, and corporate operations.

9. Sensitive Health Data

Kalibra may process sensitive health-related data only where reasonably necessary for the relevant service, where authorised by the individual or applicable organisation, or where otherwise permitted by law. Sensitive health data may include lab results, biomarkers, genetic or microbiome information, wearable data, symptom data, medical history, practitioner notes, intake information, and other health-related records.

Where we use sensitive health data for research, analytics, model improvement, benchmarking, or product development, we seek to use aggregated, de-identified, pseudonymised, or otherwise protected data where appropriate. If a specific research activity requires separate consent, we will request it separately.

10. Automated Processing and AI-Assisted Systems

Kalibra may use analytics, automation, algorithms, and AI-assisted systems to structure information, identify patterns, prioritise signals, generate summaries, and support health-related insights. These systems are designed to support users and authorised professionals, not to replace medical judgement or create a standalone medical diagnosis.

We apply reasonable controls to review, test, monitor, and improve automated systems, including attention to security, data quality, relevance, and appropriate human oversight where needed.

11. Disclosure and Sharing

Kalibra may disclose personal data where reasonably necessary and lawful, including to:

  • Service providers that host, operate, secure, support, analyse, or improve our services.
  • Practitioners, coaches, clinicians, care teams, clinics, partners, or organisations authorised by the individual or involved in providing services to the individual.
  • Third-party integrations or services that an individual connects or instructs us to use.
  • Professional advisers, auditors, insurers, legal advisers, and regulators.
  • Authorities, courts, law enforcement, or other parties where required by law or necessary to protect rights, safety, security, and integrity.
  • Successors or counterparties in connection with a merger, acquisition, financing, reorganisation, sale of assets, or similar transaction, subject to appropriate safeguards.

Kalibra does not sell personal data.

12. Service Providers and Data Processing Agreements

Kalibra conducts appropriate diligence on service providers that process personal data and requires suitable contractual safeguards where appropriate. These safeguards may include confidentiality obligations, security requirements, purpose limitations, assistance with data subject requests, breach notification obligations, subprocessors controls, audit or assurance rights, and return or deletion requirements.

13. International Transfers

Personal data may be stored or processed in Singapore and other countries where Kalibra, its service providers, partners, or affiliates operate. Where personal data is transferred internationally, Kalibra takes steps designed to ensure that the data receives appropriate protection, including contractual safeguards where required.

14. Security Controls

Kalibra applies reasonable administrative, technical, and organisational safeguards based on the nature and sensitivity of the data. These may include:

  • Access controls, role-based permissions, and least-privilege principles.
  • Authentication and account security controls.
  • Encryption in transit and, where appropriate, at rest.
  • Secure hosting, network protections, firewalls, monitoring, and logging.
  • Vendor and subprocessors controls.
  • Internal confidentiality obligations and staff awareness.
  • Backup, recovery, and business continuity measures.
  • Security review of material changes and integrations.
  • Incident response and breach assessment procedures.

15. Retention and Disposal

Kalibra retains personal data for as long as reasonably necessary for the purposes for which it was collected, including to provide services, maintain records, comply with legal or contractual obligations, resolve disputes, enforce agreements, protect security, and support legitimate business needs.

When personal data is no longer required, Kalibra will take reasonable steps to delete, de-identify, archive, or securely dispose of it in accordance with applicable requirements and operational constraints.

16. Accuracy and Correction

Kalibra takes reasonable steps to keep personal data accurate, complete, and up to date where the data is likely to be used to make decisions about an individual or disclosed to another organisation. Individuals may request correction of their personal data through account settings, support channels, or by contacting the Data Protection Officer.

17. Access, Deletion, Restriction, and Other Requests

Individuals may request access to, correction of, deletion of, restriction of, or portability of personal data, or may object to certain processing, depending on applicable law. Kalibra may need to verify identity before fulfilling a request and may decline or limit a request where permitted by law.

Personal data requests can be submitted using the personal data forms or by contacting the Data Protection Officer.

18. Consent and Withdrawal

Where Kalibra relies on consent, an individual may withdraw consent by using available settings, disconnecting integrations, changing sharing permissions, unsubscribing from marketing, or contacting us. Withdrawal of consent may affect our ability to provide certain services. Kalibra may continue processing where another lawful basis applies or where retention is required or permitted by law.

19. Data Breach Management

Kalibra maintains procedures to assess, contain, investigate, remediate, and document suspected or actual personal data breaches. Where a breach is notifiable under applicable law, Kalibra will notify the relevant authority and affected individuals as required.

20. Training and Accountability

Kalibra maintains a data protection management programme appropriate to its size, activities, and risk profile. This may include internal policies, assigned responsibilities, vendor controls, staff awareness, data inventories, access reviews, incident procedures, and periodic review of data protection practices.

21. Cookies and Technical Data

Kalibra uses cookies and similar technologies to operate the website and services, remember preferences, support security, understand usage, improve performance, and support marketing. Individuals can manage cookies through browser settings, though some features may not work properly if cookies are disabled.

22. Employment, Contractor, and Supplier Data

Kalibra processes employee, contractor, applicant, director, adviser, and supplier data for recruitment, onboarding, employment administration, payroll, benefits, access management, performance, security, legal compliance, finance, procurement, and business operations.

23. Children

Kalibra services are intended for adults. Users under 18 are not permitted to use the services. If Kalibra becomes aware that it has collected personal data from a child under 18 without appropriate authority, we will take reasonable steps to delete it.

24. Review and Updates

Kalibra may update this Policy from time to time to reflect changes in our services, technology, legal obligations, or data protection practices. The most recent version will be posted on this page with the updated date.

25. Data Protection Officer

All enquiries related to this Data Protection Policy or Kalibra’s handling of personal data may be sent to Kalibra’s Data Protection Officer:

Ivan Vatchkov
Email: support@kalibra.ai

For more information about how Kalibra explains its privacy practices to users, please see our Privacy Policy.

Kalibra Elite

What country do you reside in?

Singapore
Kalibra g
Hong Kong
Kalibra hk
Rest of the World
Kalibra ROW1

Your country determines where you will attend in-person assessments