Product

Front Desk Appointment booking, reminders, and front-desk questions
Service Quality Feedback collection and review requests
Sales Service offers and screening-package inquiries
Chat with Founder
Pricing FAQ Integrations About Us
Log In Schedule a Demo

Watch Video

MIEA product demo

Product Privacy Policy

Product Privacy Policy

Effective Date: 28 March 2026
Last Updated: 28 March 2026

This Product Privacy Policy explains how MIEA Pte. Ltd. ("MIEA," "we," "us," or "our") collects, uses, stores, discloses, and otherwise processes personal data in connection with the MIEA product and related services, including the MIEA web application available at https://app.miea.ai/, connected integrations, and related support, onboarding, account management, and operational activities (collectively, the "Service").

This Product Privacy Policy is separate from our Website Privacy Policy, which applies to visits to our marketing website and pre-sales interactions.

1. Who We Are

MIEA Pte. Ltd.
Company No. 202320174D
60 Paya Lebar Road, #06-28 Paya Lebar Square, Singapore 409051
Email: hello@mieahealth.com
Support Email: support@mieahealth.com

2. Scope of This Policy

This Product Privacy Policy applies to personal data processed in connection with the Service, including data relating to:

  • customer administrators, workspace owners, staff users, and other authorized representatives of clinics or other customers using the Service
  • connected third-party accounts and integrations enabled by or on behalf of a customer, including Google accounts and Google Calendar integrations
  • scheduling, appointment, reminder, and workflow data processed through the Service
  • support, onboarding, implementation, billing, and account management activities related to the Service
  • service usage, security, and operational data generated through use of the Service

This Product Privacy Policy does not apply to:

  • the MIEA marketing website, landing pages, demo requests, or website cookies, except as separately described in our Website Privacy Policy
  • third-party products, platforms, or services that are not operated by MIEA, even where they integrate with the Service
  • privacy practices of a customer with respect to its own patients, staff, or other contacts

3. Our Role

Depending on the context, MIEA may act in different roles.

  • For customer account, billing, security, subscription, support, and business relationship data, MIEA generally acts as the controller or equivalent responsible party.
  • For service data processed through the Service on behalf of a customer, including scheduling and workflow data configured by the customer, MIEA generally acts as a processor, service provider, or similar intermediary on behalf of the customer.

Customers remain responsible for their own notices, permissions, legal bases, and compliance obligations in relation to patient data, staff data, appointment content, and other third-party data they choose to process through the Service.

4. The Service

MIEA provides clinic workflow automation tools, including appointment-related workflows, reminders, front-desk communication workflows, and connected integrations with third-party systems such as messaging platforms, scheduling systems, practice-management systems, and calendar providers.

Where enabled by a customer, Google Calendar may function as the active scheduling or calendar-management integration used by the Service for availability checks, mirrored appointments, and related synchronization workflows.

5. Categories of Data We Process

Depending on how the Service is configured and used, we may process the following categories of data.

5.1 Account and Organization Data

  • names, work email addresses, phone numbers, job titles, and organization details
  • user roles, workspace permissions, and administrative settings
  • subscription, billing, and contract information
  • support and onboarding records

5.2 Product and Service Data

  • appointment records, dates, times, durations, statuses, assigned practitioners, and locations
  • workflow inputs, outputs, templates, instructions, automations, and related metadata
  • support tickets, implementation notes, validation records, and troubleshooting information
  • product usage data, audit logs, error logs, and operational records

5.3 Google Account Connection Data

If a customer or authorized user connects a Google account to the Service, MIEA may process:

  • the Google account email address
  • a Google account identifier or subject identifier
  • the OAuth scopes granted to MIEA
  • access token and refresh token data
  • token expiry, refresh timing, last synchronization time, and connection error metadata

5.4 Google Calendar Configuration Data

Where Google Calendar is enabled in the Service, MIEA may process configuration data such as:

  • the selected booking calendar for a practitioner
  • one or more selected availability calendars used to determine busy intervals
  • the authorized user who configured the integration
  • connection validation, synchronization, and webhook or watch metadata

5.5 Google Calendar Data

Depending on the permissions granted and the features enabled, MIEA may access and process:

  • the list of calendars available to the connected account
  • calendar availability or busy/free information
  • event data on selected calendars, including event title, description, date, time, duration, status, location, attendees, reminder-related fields, and related metadata
  • event identifiers, calendar identifiers, and internal linking metadata used by MIEA to associate a Google Calendar event with a MIEA appointment record

This data may include personal data entered by the customer or its users into Google Calendar, including appointment-related content.

6. Google Permissions We Request

Depending on the Service configuration, MIEA may request the following Google permissions:

  • openid
  • email
  • https://www.googleapis.com/auth/calendar.calendarlist.readonly
  • https://www.googleapis.com/auth/calendar.events
  • https://www.googleapis.com/auth/calendar.freebusy

These permissions are used only to support the Google-connected features described in this Product Privacy Policy.

7. How We Use Data

We may use personal data for the following purposes:

  • to provide, host, operate, maintain, and support the Service
  • to authenticate users and maintain account and workspace security
  • to connect and maintain authorized third-party integrations, including Google Calendar
  • to identify calendars available to a connected account
  • to check busy intervals and scheduling conflicts across selected availability calendars
  • to create, update, and mirror MIEA appointments in a selected booking calendar where the relevant feature is enabled
  • to monitor selected booking calendars for relevant appointment changes and synchronize those changes back into MIEA
  • to validate integration health, diagnose errors, troubleshoot incidents, and maintain operational continuity
  • to communicate with customers about support, account, billing, product, security, or contractual matters
  • to enforce our terms, protect the Service, and comply with legal, regulatory, or security obligations
  • to improve the reliability, usability, and security of the Service, subject to applicable law and the commitments in this Product Privacy Policy

8. How the Google Calendar Integration Works

Where Google Calendar is enabled as the active calendar or scheduling integration for a workspace:

  1. MIEA may access the list of calendars available to the connected Google account so that a workspace administrator or authorized user can configure the appropriate calendars for each practitioner.
  2. MIEA may query selected availability calendars for busy intervals in order to calculate scheduling availability inside the Service. MIEA uses Google Calendar as a source of busy-time information and does not rely on Google Calendar as a standalone availability engine.
  3. Where enabled, MIEA may create or update Google Calendar events in a selected booking calendar to mirror MIEA appointments.
  4. MIEA may store internal linking metadata in or alongside mirrored Google Calendar events to associate the event with a MIEA appointment and support synchronization.
  5. After configuration, MIEA may subscribe to calendar change notifications and perform initial and incremental synchronization so that relevant changes to mirrored appointments can be reflected in MIEA.

MIEA does not perform a general-purpose two-way import of all Google Calendar events into MIEA. Rather, MIEA uses selected calendars for availability checks and synchronization of relevant appointments associated with the Service.

9. AI-Powered Features and Google-Derived Data

MIEA offers AI-powered workflow features in parts of the Service.

MIEA does not intentionally send raw Google OAuth credentials, refresh tokens, Google subject identifiers, or similar connection credentials to AI model providers for AI inference.

However, where a customer enables AI-powered features, derived scheduling or appointment data generated from Google Calendar-connected workflows may be processed by AI-powered components of the Service. This may include, for example:

  • busy interval outputs
  • available slot options
  • appointment dates, times, durations, statuses, locations, or assigned practitioners
  • appointment details that have been synchronized into MIEA and are then used in customer-facing workflow features

MIEA uses such data only to provide customer-facing product functionality requested by the customer, such as scheduling assistance, appointment workflows, operational automation, and related support features.

MIEA does not sell Google user data. MIEA does not use Google user data for advertising, including targeted advertising, retargeting, interest-based advertising, or personalized advertising. MIEA does not use Google Workspace data obtained through Google APIs to train, improve, or develop generalized artificial intelligence or machine learning models.

10. How We Share Data

We may disclose personal data to the following categories of recipients where reasonably necessary to operate the Service:

  • hosting, infrastructure, storage, and security providers
  • customer support, communications, logging, monitoring, and analytics providers
  • payment processors and billing service providers
  • integration partners and third-party platforms enabled by the customer
  • AI or automation service providers used to deliver customer-facing Service functionality
  • professional advisers, auditors, insurers, and transaction counterparties
  • regulators, courts, authorities, law enforcement, or other third parties where disclosure is required or permitted by law
  • affiliates or successors in connection with a financing, merger, acquisition, restructuring, or sale of assets

We do not transfer or disclose Google user data to third parties except:

  • as necessary to provide or support the customer-facing functionality of the Service
  • to service providers operating on our behalf under appropriate contractual or technical restrictions
  • for security, fraud prevention, abuse prevention, troubleshooting, or legal compliance purposes
  • in connection with a corporate transaction, where legally permitted and subject to appropriate protections

11. International Processing

MIEA may process personal data in Singapore, the EEA, and other jurisdictions where MIEA or its service providers operate.

Where personal data is transferred across borders, MIEA takes commercially reasonable steps to implement safeguards appropriate to the nature of the transfer and as required by applicable law, including contractual, technical, organizational, and security measures.

12. Security

MIEA takes commercially reasonable technical, administrative, and organizational measures designed to protect personal data against unauthorized or unlawful access, use, disclosure, alteration, or destruction.

These measures may include:

  • role-based access controls
  • authentication controls
  • encryption in transit where appropriate
  • encryption at rest for stored OAuth token values and similar sensitive credentials
  • logging and monitoring
  • environment and configuration controls
  • incident detection and response processes

No method of transmission or storage is completely secure, and MIEA cannot guarantee absolute security.

13. Retention and Deletion

MIEA retains personal data for as long as reasonably necessary to provide the Service, maintain security and operational integrity, resolve support issues, comply with legal or contractual obligations, and enforce our rights.

For Google Calendar-connected data, the following generally applies:

  • connected-account records, including token metadata and granted scopes, are retained while the connection remains active
  • practitioner-level Google configuration data is retained while the relevant Google Calendar integration remains configured for that workspace or practitioner
  • service logs, sync records, and error records may be retained for operational, support, audit, and security purposes
  • where a workspace administrator disconnects Google Calendar through Admin -> Workspace Settings -> Integrations -> Google Calendar -> Disconnect, MIEA deletes stored connected-account records and practitioner-level Google Calendar configuration from its active Service records as part of the disconnect flow
  • where Google Calendar configuration is removed only at the practitioner level, the practitioner-level configuration may be removed even if the broader Google account connection remains active for the workspace
  • certain appointment-level metadata previously stored in MIEA records in connection with mirrored or synchronized appointments may remain in appointment records until those records are updated, deleted, or otherwise handled under the customer's broader data-retention settings
  • where change-notification subscriptions or calendar watches have been established, MIEA may attempt to stop them during disconnect or reconfiguration, but some remote Google-side subscriptions may remain active until their existing expiry time

Users may also revoke MIEA's access from their Google account settings. Revocation may prevent further synchronization and may cause connected features to stop working.

14. Customer Responsibilities

Customers are responsible for:

  • ensuring they have appropriate authority to connect Google accounts and other third-party services to the Service
  • selecting appropriate calendars, permissions, and workflow configurations
  • deciding what information is entered into appointment records and calendar events
  • providing notices and obtaining permissions required by applicable law for their own patients, staff, and other third parties
  • determining whether and how the Service should be used in regulated clinical, healthcare, or administrative workflows

15. Your Choices and Rights

Depending on applicable law and your relationship with MIEA, you may have rights to request access to, correction of, deletion of, restriction of, or objection to certain processing of your personal data, or to request portability of certain data.

You may also withdraw consent where processing is based on consent.

MIEA may need to verify identity and authority before acting on a request. Where MIEA processes data on behalf of a customer, MIEA may direct the request to the relevant customer or ask that the request be submitted through that customer.

16. Changes to This Product Privacy Policy

We may update this Product Privacy Policy from time to time by publishing an updated version on our website.

Where required by law, or where changes materially affect how we use Google user data or other personal data, we will provide additional notice and, where required, seek consent before applying the change.

17. Contact Us

For privacy questions, requests, or complaints, contact:

MIEA Pte. Ltd.
60 Paya Lebar Road, #06-28 Paya Lebar Square, Singapore 409051
hello@mieahealth.com