NHMCM Copilot
Privacy Policy
Effective date: 19 June 2026Last updated: 19 June 2026
This Privacy Policy describes how Ning Hin Technology Limited ("NHMCM", "we", "us", "our") collects, uses, stores, and protects information when you use the NHMCM Copilot Chrome extension ("Extension") and related cloud services ("Services").
The Extension is intended for registered Chinese medicine practitioners and other authorised clinical users working in web-based electronic medical record ("EMR") systems. It provides optional AI-assisted documentation support. It is not a substitute for professional clinical judgment.
By installing or using the Extension, you agree to this Privacy Policy. If you do not agree, do not use the Extension.
1. Who we are
Data controller: Ning Hin Technology Limited
Product: NHMCM Copilot
Address: Hong Kong SAR
Privacy contact: contact@nhmcm.com
Website: https://www.nhmcm.com
For questions about this policy or your data, contact us at the email above.
2. Scope
This policy applies to:
- The NHMCM Copilot Chrome extension (Chrome Web Store item ID:
klihanacoddfhlijhcolonmhngafadea) - Our backend APIs and related infrastructure used to provide Copilot features (including transcription, chart-aware suggestions, herb–drug interaction lookup, and imaging assist)
- Practitioner account sign-in through our authentication provider
This policy does not govern third-party EMR platforms, Google's own privacy practices, or websites you visit outside our Services.
3. Important clinical notice
NHMCM Copilot is clinical decision support software. Outputs are suggestions only. You remain solely responsible for diagnosis, prescribing, documentation, and patient care.
- The Extension does not silently modify EMR fields. Text is applied to a field only when you explicitly choose Apply (or equivalent action).
- Suggestions, interaction alerts, and imaging outputs are for reference only and are not prescriptions, licensed radiology reports, or definitive medical advice.
4. Information we collect
We collect information only as needed to operate the Services. Categories include:
4.1 Account and identity information (personally identifiable information)
When you sign in (e.g. via Google through our auth provider), we may collect and process:
- Name and email address associated with your account
- Account identifiers and profile preferences you provide
- Authentication tokens and session metadata
We use this to identify you, secure access, and associate activity with your practitioner account.
4.2 Health and clinical information
When you actively use Copilot features, we may process health-related information present in your workflow, including:
- Visible chart or EMR text read from the page when you invoke a tool (e.g. history, diagnosis, medications, notes)
- Audio you choose to record for live transcription
- Transcripts generated from that audio
- Images you upload via the phone imaging flow
- AI-generated suggestions, interaction query results, and imaging reference outputs
- Context assembled for a specific consult (e.g. structured chart snapshot, focused field draft)
We process this data only to provide the feature you requested, not for unrelated profiling.
4.3 Authentication information
We process credentials and security-related data necessary to maintain your session, including OAuth tokens and related session cookies managed through our authentication infrastructure. We do not ask for or store your EMR login password.
4.4 Website and page content
On EMR domains you allowlist in Extension settings, when you start a consult or invoke a tool, the Extension may read visible content from the active page to build context for AI processing. We do not continuously scrape pages in the background without a user-initiated action.
We do not collect your general browsing history across the web.
4.5 Usage and activity information
We may log how you interact with Copilot outputs to improve reliability, security, and auditability, for example:
- Tool invoked (refine, suggest Rx, interaction search, imaging, etc.)
- Actions such as apply, copy, dismiss, or feedback
- Timestamps, session identifiers, and technical error logs
We do not log keystrokes, mouse movements, or scroll behaviour across unrelated pages.
4.6 Technical information
We automatically receive limited technical data when the Extension communicates with our servers, such as:
- IP address and request metadata
- Browser/extension version and device type
- API request timestamps and performance data
5. How we collect information
| Source | When |
|---|---|
| You — sign-in | When you authenticate with Google (or other enabled provider) |
| You — settings | When you configure EMR site allowlist and preferences |
| You — recording | When you start microphone capture for transcription |
| You — tools | When you click chips, toolbar actions, or shortcuts (e.g. refine, suggest, imaging) |
| You — apply/copy | When you explicitly apply or copy AI output into your chart |
| Automatic — technical | When the Extension calls our APIs for health checks, auth, or error reporting |
Microphone access is used only when you start recording. You can deny or revoke microphone permission in Chrome at any time.
6. How we use information
We use collected information to:
- Provide, operate, and maintain the Extension and Services
- Authenticate practitioners and prevent unauthorised access
- Generate AI-assisted suggestions, transcripts, interaction lookups, and imaging references you request
- Apply text to an EMR field only when you explicitly confirm
- Monitor service health, debug errors, and protect against abuse
- Comply with legal obligations and enforce our terms
- Improve features and reliability (using aggregated or de-identified data where practicable)
We use information only for purposes consistent with the Extension's single purpose: practitioner-initiated AI assistance during EMR charting.
7. What we do not do
We do not:
- Sell or rent your personal or health information to third parties
- Use your data for unrelated advertising or marketing by unrelated third parties
- Use your data to determine creditworthiness or for lending decisions
- Access your microphone except when you start recording
- Modify EMR content without your explicit action
- Collect a list of all websites you visit outside allowlisted EMR use
8. Legal bases (where applicable)
Depending on your jurisdiction, we rely on one or more of the following:
- Performance of a contract — to provide the Services you sign up for
- Legitimate interests — to secure, maintain, and improve the Services (balanced against your rights)
- Consent — where required (e.g. microphone access, optional features)
- Legal obligation — where we must retain or disclose data by law
For health-related data processed on your behalf as a practitioner, you are responsible for ensuring you have an appropriate legal basis under applicable healthcare and privacy laws (including patient consent or other grounds) before using Copilot in a clinical setting.
9. Sharing and subprocessors
We do not sell personal data. We share information only with:
| Recipient | Purpose |
|---|---|
| Cloud hosting providers (e.g. Railway) | Run application servers |
| Database providers (e.g. Neon) | Store account, session, and audit data |
| Authentication provider (Neon Auth) | Practitioner sign-in and session management |
| OAuth sign-in (subject to Google Privacy Policy) | |
| Google Cloud Platform | Speech-to-text, AI/ML inference, and related processing where enabled |
| Professional advisers | Legal, audit, or compliance where required |
| Authorities | If required by law or to protect rights and safety |
We require subprocessors to protect data under contractual safeguards appropriate to the sensitivity of the information.
10. International transfers
Our Services may be hosted or processed in Singapore and other regions (including AWS ap-southeast-1). If you access the Services from Hong Kong or elsewhere, your information may be transferred to jurisdictions with different data-protection laws. We implement appropriate safeguards for such transfers.
11. Retention
We retain information only as long as necessary for the purposes described in this policy, unless a longer period is required by law.
Typical retention (subject to change; see your organisation agreement if applicable):
| Data type | Retention approach |
|---|---|
| Account/profile | While your account is active, plus a reasonable period after closure |
| Session/transcript/audio processing | Per service configuration and operational need; may be deleted or aggregated after consult completion |
| Audit/output-action logs | As needed for security, billing, and compliance |
| Local Extension storage | Until you clear extension data, uninstall, or sign out |
You may request deletion of account-associated data subject to legal and operational constraints (see Section 13).
12. Security
We implement technical and organisational measures designed to protect information, including:
- HTTPS encryption in transit
- Access controls and authentication for practitioner accounts
- Separation between Extension, application API, and knowledge-base services
- Environment-based secrets management for production systems
No method of transmission or storage is 100% secure. You are responsible for securing your device, Google account, and clinic workstation.
13. Your choices and rights
Depending on applicable law (e.g. PDPO in Hong Kong, GDPR where relevant), you may have the right to:
- Access personal data we hold about you
- Correct inaccurate account information
- Delete account data (subject to retention limits)
- Withdraw consent where processing is consent-based (e.g. stop using recording)
- Object to or restrict certain processing
- Data portability where applicable
In the Extension you can:
- Remove EMR sites from the allowlist
- Sign out to clear auth session cookies on the auth origin
- Revoke microphone permission in Chrome
- Uninstall the Extension to remove locally stored settings
To exercise rights, contact contact@nhmcm.com. We may need to verify your identity. We will respond within the timeframe required by applicable law.
14. Patient data and practitioner responsibilities
If you use Copilot in connection with patient care, you act as the party responsible for compliance with healthcare confidentiality and privacy obligations toward your patients. You should:
- Use Copilot only where you have a lawful basis to process patient information
- Inform patients where your clinic policy requires
- Avoid entering unnecessary identifiable patient data beyond what the clinical task requires
- Review all AI outputs before relying on them or recording them in the chart
NHMCM processes patient-related content on your instructions as part of providing the Service to you as practitioner.
15. Children
The Extension is not directed at individuals under 18 and is not intended for patient self-use. We do not knowingly collect personal information from children.
16. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on our website with a new "Last updated" date. Material changes may also be communicated through the Extension or by email where appropriate. Continued use after changes constitutes acceptance of the updated policy.
17. Contact us
Ning Hin Technology Limited
Email: contact@nhmcm.com
Address: Hong Kong SAR
For Chrome Web Store users: this policy applies to NHMCM Copilot extension ID klihanacoddfhlijhcolonmhngafadea.
Summary for Chrome Web Store (public disclosure)
Data collected: Account/identity information; health/clinical information when you use tools; authentication information; EMR page content on allowlisted sites when you invoke features; usage/activity logs; limited technical data.
Data use: Solely to provide NHMCM Copilot AI documentation assistance to authorised practitioners.
Data sale: We do not sell or transfer user data to third parties except as described for service providers above.
Unrelated use: We do not use data for unrelated purposes or for credit/lending decisions.
Questions? Email contact@nhmcm.com.