top of page

Term of service

for Nexac

Issued by InHDY Co., Ltd.

Last Updated: 19 November 2025

1. Acceptance of Terms and Scope of Services

1.1 These Terms of Service (“Terms”) govern your access to and use of the Nexac application and related features, functions, and tools (collectively, the “Services”) provided by InHDY Co., Ltd. (the “Company”).

1.2 Any person who registers for, creates an account on, or otherwise accesses or uses the Services (the “User”) is deemed to have read, understood, and accepted these Terms in full and agrees to be legally bound by them throughout the period of use.

1.3 If the User does not agree to these Terms, the User must immediately cease all use of the Services and shall have no claim against the Company arising out of such cessation of use.

2. Definitions

Unless otherwise specified, the following terms shall have the meanings set out below:

2.1 “Personal Data” means any information relating to an identified or identifiable natural person, as defined under applicable data protection laws, including the Personal Data Protection Act B.E. 2562 (PDPA) of Thailand.

2.2 “Sensitive Personal Data” means personal data relating to health, medical history, test results, diagnosis, medications, physical or mental conditions, and any other information classified as sensitive personal data under applicable laws.

2.3 “Nexac AI” means the Company’s artificial intelligence functionality that provides general health-related explanations or information to assist the User in understanding their own data. Nexac AI is not a diagnostic tool and does not constitute medical or clinical advice.

2.4 “Care Circle” means the feature that allows a User to add family members or caregivers so that such persons may, subject to permission levels set by the User, access or manage health-related data within a shared group.

2.5 “User Account” means the account that the User registers with the Company in order to access and use the Services, which may be linked to a phone number, email address, or other identifier as specified by the Company from time to time.

3. Purpose of the Services

3.1 The Services are designed to:
(a) facilitate the digital storage, organisation, and management of the User’s health information and/or the health information of members of the User’s Care Circle, where the User has the legal right and proper consent to manage such data;
(b) provide tools for recording symptoms, medical history, appointments, prescriptions, test results, and other medical documents in digital form; and
(c) provide Nexac AI to generate general explanations or summaries of health-related information for self-understanding and self-care purposes.

3.2 The Services are not intended to serve as a medical device, diagnostic tool, or healthcare service, and shall not be used as a substitute for professional medical advice, diagnosis, or treatment.

4. User Eligibility

4.1 The Services are intended for individuals aged 18 years or older who have full legal capacity to enter into agreements.

4.2 In the case of minors or persons who are not legally capable of giving consent under applicable law, the use of the Services and the storage of their data must be managed only by a parent, legal guardian, or other person duly authorised by law.

4.3 The User represents and warrants that any use of the Services to store or manage another person’s data (including members in the Care Circle) is lawful and based on valid consent obtained in accordance with applicable law.

5. Registration and Account Security

5.1 The User shall provide accurate, complete, and up-to-date information when registering for a User Account. In the event of any change, the User shall promptly update such information.

5.2 The User is responsible for maintaining the confidentiality of all login credentials and passwords and shall not disclose them to any third party. Any use of the Services via the User Account shall be deemed to be the User’s own action, unless the User can clearly prove otherwise.

5.3 If any information provided by the User is found to be false, incomplete, or misleading, the Company may suspend or terminate the User’s access to the Services with immediate effect and without prior notice.

6. Categories of Data Collected and Processed

6.1 The Company may collect and process the following data, as necessary and appropriate for the provision of the Services:

(a) General data, such as the User’s name, email address, phone number, User Account details, and technical information about the devices used to access the Services;

(b) Health and Sensitive Personal Data, including but not limited to:

  • appointment slips, discharge summaries, prescriptions;
     

  • laboratory test results and other medical reports;
     

  • medical history, symptoms, medications, and any information recorded by the User;
     

  • images or documents uploaded by the User into the system;
     

(c) data generated through the User’s use of Nexac AI and other features within the Services; and

(d) data related to the Care Circle, such as member names, permission levels, and access logs.

6.2 For any Sensitive Personal Data, the Company will collect, use, or disclose such data only where there is a valid legal basis, and, where required by law, only upon obtaining the explicit consent of the data subject.

7. Use of Nexac AI

7.1 Nexac AI processes information provided or uploaded by the User to generate general explanations, summaries, or self-care suggestions regarding health-related topics.

7.2 Any output from Nexac AI is provided for informational and educational purposes only. It does not constitute medical advice, diagnosis, treatment, or a clinical opinion, and must not be relied upon as such.

7.3 The User acknowledges and accepts all risks arising from decisions made based on information generated by Nexac AI. The Company shall not be liable for any loss, damage, or consequence arising from such decisions, except where caused by the Company’s wilful misconduct or gross negligence.

8. Care Circle and Management of Third-Party Data

8.1 A User who creates or manages a Care Circle represents and warrants that they have duly informed and obtained lawful consent from each individual whose data is added to the Care Circle, or from that person’s legal representative, as required under applicable law.

8.2 The User is responsible for setting appropriate permission levels for each Care Circle member and for any access rights granted to such members.

8.3 The Company shall not be liable for any dispute, damage, or infringement of rights arising from the User’s addition of, or granting of access to, other persons in the Care Circle without proper authorisation or consent.

9. Disclosure and Sharing of Data

9.1 The Company will not disclose or transfer the User’s health information to external parties, clinics, or healthcare providers, except in the following circumstances:

(a) where the User actively shares or exports data through functions made available within the Services, including displaying data for the User to present to a healthcare provider directly;

(b) where the User scans or confirms a QR Code or similar mechanism to add or connect a Care Circle member, and such disclosure is technically necessary for that operation; or

(c) where disclosure is required by law, court order, or a competent authority.

9.2 If, in the future, the Company offers functionality enabling direct access by healthcare providers, the Company will implement a separate and explicit consent process for such access prior to any disclosure.

10. Consent Under Data Protection Laws

10.1 The Company shall obtain consent from data subjects in a clear, transparent, and verifiable manner, informing them of the purposes, categories of data, and their rights prior to collecting or processing any Sensitive Personal Data, except where an exemption under applicable law applies.

10.2 Data subjects may withdraw their consent at any time through channels designated by the Company. Upon receiving a valid withdrawal of consent, the Company will cease processing the relevant data, except to the extent that continued processing or retention is required or permitted by law.

11. Rights of Data Subjects

Subject to legal limitations, data subjects have the following rights with respect to their Personal Data:

(a) the right to request access to and obtain a copy of their Personal Data held by the Company;
(b) the right to request rectification of inaccurate or incomplete data;
(c) the right to request deletion, destruction, or anonymisation of data when it is no longer necessary for the purposes for which it was collected or when there is no lawful basis for its continued retention;
(d) the right to request restriction of data processing in certain circumstances;
(e) the right to request data portability, whereby the Company transfers certain data in a structured, commonly used, and machine-readable format to the data subject or another controller, where technically feasible;
(f) the right to object to certain types of processing, as permitted by law; and
(g) the right to withdraw consent as described in Clause 10.2.

Requests to exercise these rights may be submitted to: contact@inhdy.com

12. Data Security Measures

12.1 The Company will implement appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful access, use, alteration, disclosure, or destruction, including but not limited to encryption, access control, and audit logging, as well as periodic review of such measures.

12.2 In the event of a personal data breach, the Company will take steps and make notifications as required under applicable data protection laws, including notification to the relevant supervisory authority and, where required, to affected data subjects.

13. Data Retention and Cross-Border Transfers

13.1 As of the date of these Terms, the Company stores data on systems located within the Kingdom of Thailand.

13.2 If, in the future, the Company needs to use cloud infrastructure located outside Thailand, such as services provided by AWS or other providers, the Company will comply with cross-border transfer requirements under the PDPA and, where necessary, seek additional consent from data subjects.

14. Suspension and Termination of Services

The Company may suspend or terminate the User’s access to the Services, temporarily or permanently, in any of the following circumstances:

(a) the User breaches these Terms or any related policy;
(b) there is reasonable ground to believe that continued use of the Services may compromise system or data security, or the rights of other users or third parties; or
(c) the Company is required to do so by law, court order, or a competent governmental authority.

15. Limitation of Liability

15.1 The Company shall not be liable for any loss or damage arising from decisions made by the User based solely on information provided by the Services or Nexac AI, without seeking appropriate medical advice from a healthcare professional.

15.2 The Company shall not be responsible for errors, inaccuracies, or omissions in data that the User records, uploads, or shares, nor for any disclosure of data resulting from the User’s own actions.

15.3 To the maximum extent permitted by law, the Company’s aggregate liability to the User arising out of or in connection with the Services shall be limited to the extent expressly required by applicable law.

16. Amendments to the Terms

The Company may amend or update these Terms from time to time. The Company will notify Users through appropriate channels. Continued use of the Services after the effective date of the amended Terms shall constitute the User’s acceptance of such amended Terms.

17. Contact Information

InHDY Co., Ltd.
Email for data subject rights and general inquiries: contact@inhdy.com

bottom of page