Privacy Policy | Nightingale Pediatrics
Last Updated: February 2026

Data Protection & Privacy Policy

We are committed to safeguarding your personal data in compliance with the Singapore Personal Data Protection Act 2012 (PDPA).

Bonfire Health Pte. Ltd. (operating as "Nightingale Pediatrics") respects the privacy of our patients, their families, and our website visitors. This Data Protection Policy outlines how we manage Personal Data in compliance with the Singapore Personal Data Protection Act 2012 (“PDPA”).

By interacting with us, submitting information to us, or signing up for any products and services offered by us, you agree and consent to Bonfire Health Pte. Ltd. (including its related corporations and business units) collecting, using, disclosing and sharing your Personal Data in the manner set forth in this Policy.

1. Collection of Personal Data

“Personal Data” refers to any data, whether true or not, about an individual who can be identified from that data. We may collect the following Personal Data from you or your child:

  • Identity Data: Name, NRIC/FIN/Passport number, date of birth, gender, and photographs.
  • Contact Data: Residential address, email address, and telephone numbers.
  • Medical & Health Data: Medical history, developmental history, psychological assessments, therapy notes, school reports, and other clinical data required for diagnosis and treatment.
  • Financial Data: Bank account or credit card details for payment processing.
  • Technical Data: IP address, browser type, and cookies when you visit our website.

2. Purpose of Collection and Use

We collect and use Personal Data for the following purposes:

  • Clinical Care: To provide psychological assessments, therapy, coaching, and medical consultations for your child.
  • Coordination of Care: To communicate with schools, other medical specialists, or allied health professionals (with your explicit consent) to ensure a holistic care plan.
  • Administration: To process registration, appointments, payments, and insurance claims.
  • Communication: To respond to your enquiries via concierge@bonfire.cc, send appointment reminders, and provide updates on our clinic policies.
  • Compliance: To comply with laws, regulations, and professional codes of practice (e.g., Singapore Psychological Society, Ministry of Health).

3. Disclosure of Personal Data

We do not sell your personal data. We will only disclose your Personal Data to third parties in the following circumstances:

  • Medical Referrals: When you request a referral to a psychiatrist, pediatrician, or speech therapist outside of Nightingale.
  • Service Providers: Third-party vendors who provide operational services (e.g., clinic management software, payment processing, secure cloud storage) who are also bound by data protection obligations.
  • Legal Requirement: If required by law or a court order (e.g., in cases where there is an imminent risk of harm to the patient or others).

4. Protection and Retention

We have implemented administrative, physical, and technical measures to safeguard your Personal Data against unauthorized access, misuse, disclosure, or alteration.

  • Secure Systems: Our Electronic Medical Records (EMR) and clinic management systems are enterprise-grade and compliant with both HIPAA (Health Insurance Portability and Accountability Act) and Singapore PDPA standards.
  • Retention: We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by Singapore’s healthcare retention laws (typically 6 years post-discharge for minors).

5. Use of Technology & AI Tools

At Nightingale Pediatrics, we utilize advanced technology, including Artificial Intelligence (AI) tools, to assist in clinical documentation, parent support ("Nighty"), and data analysis. We are strictly committed to the ethical and safe use of these technologies:

  • De-Identified Data Only: We strictly ensure that only de-identified (anonymized) data is processed by our AI systems. No Personally Identifiable Information (PII)—such as names, NRIC numbers, or addresses—is ever fed into external generative AI models for training purposes.
  • Compliance: The AI platforms and cloud infrastructure we utilize are vetted for security and are compliant with relevant data protection standards (PDPA/HIPAA).
  • Human Oversight: AI tools act solely as assistants to our clinicians. All clinical decisions, diagnoses, and treatment plans are made and reviewed by qualified human professionals.

6. Access and Correction

Under the PDPA, you have the right to:

  • Access: Request a copy of the Personal Data we hold about you or your child.
  • Correct: Request that we correct any inaccurate or incomplete Personal Data.
  • Withdraw Consent: Withdraw your consent for the collection, use, or disclosure of your Personal Data. Please note that withdrawing consent for essential medical data may limit our ability to provide continued clinical care.
Data Protection Officer (DPO)

Contact Us Regarding Your Data

If you have any questions about our data protection practices, or if you wish to exercise your rights to access, correct, or withdraw consent, please contact our Data Protection Officer:

Name: Keith Wang
Role: Data Protection Officer
Email: keith@bonfire.cc
Company: Bonfire Health Pte. Ltd.

7. Do Not Call (DNC) Registry

We comply with the DNC provisions of the PDPA. We generally do not send marketing messages via SMS or fax. If we introduce a newsletter or marketing updates, we will obtain your clear and unambiguous consent before contacting you on your Singapore telephone number.

8. Updates to This Policy

We may update this Privacy Policy from time to time to ensure consistency with industry trends and legal requirements. Any changes will be posted on this page.

Nightingale Pediatrics is a trading name of Bonfire Health Pte. Ltd.