Changes in V2.0 | October 11, 2023

1. Shorten length of Privacy policy in discussion with Swiss Re.
2. Update for data processing of fitness app (Google fit, Apple healthkit, Health Connect and Garmin) data.
3. Separate CCPA (CPRA) notice

Who are we and how to contact us?

The App, managed by Touchkin eServices Private Limited (referred to as "Wysa," "we," "us," or "our"), operates with data privacy by design and by default (Read about our data safeguards here ). Wysa is a co-developer and technically operates the App, utilizing the Wysa platform with non-identifying user identifiers. Co-developed in collaboration with Swiss Re Solutions Ltd ("Swiss Re"), the App is distributed by Swiss Re to your Institution, who then provides it to users. The Institution and Swiss Re are referred together as our "Partners". This Privacy Policy outlines Wysa's use of your personal data, protective measures, and data security.

Regarding the purposes of our Services and processing of end-user data, Wysa acts as the data controller. When handling aggregated App usage data reports on your Institution's behalf, Wysa may act as a processor or sub-processor. Your Institution receives aggregated App usage data reports for their own purposes. Please check with your Institution directly on how they use your App usage reports. Swiss Re only receives anonymous App usage data reports.

For queries, comments, complaints, and requests about our App and Services, reach us at [email protected]. For Privacy Policy and data protection rights inquiries, contact us at [email protected], addressed to the Head of Compliance/Data Protection Officer. We promise a response within a month from a valid inquiry.

About the Privacy policy

This Privacy Policy pertains to your use of our mobile artificial intelligence (AI) chatbot service, digital self-care tool, analytics, dashboard services, well-being score, and pathways to connect to offline mental well-being therapy (collectively referred to as the "Services"). The policy also applies when you engage with us through events, promotions, websites, email, or social media. We may offer additional services for your Institution ("Institutional Services"), requiring agreement with both Wysa's and your Institution's Terms of Service and Privacy Policies for processing information on behalf of your Institution.

In case of a crisis, call your country's emergency number or Institution's approved helplines. App use requires age 18+. Interaction with the AI chatbot is with Artificial Intelligence, not a human. The AI is limited in its response. The App offers evidence-based tools in a self-help context. It doesn't diagnose, treat, or cure a specific condition or disease or disability. It only provides general mental health advice, not medical. Please seek a healthcare professional for any medical concerns.

Kindly review this policy, along with our cookies policy and terms of service. Your use of our Apps and Services implies consent to information collection and utilization as outlined in this Privacy Policy and Cookie Policy. Unless specified otherwise, terms in this Privacy Policy hold the same meanings as in our Terms of Service.

What personal data do we collect?

Wysa does not aim at collecting personal data. You can choose to remain as anonymous as you want to be when you use the App. By adopting privacy by design and by default safeguards (read here ), we seek to minimize personal data collection and processing and improve your privacy. To help provide our Services, we will collect and process the following information categories.

Information about you - Our App prioritizes anonymity for privacy protection. No registration needed. Use a nickname to start. We gather an app-device ID from your Google play or Apple app store when you install the App. IP address for content delivery (not linked to user conversation data), device information, time-zone, operating system.

AI chatbot conversation data - Your voluntary inputs, like challenges, preferences, feelings, moods, thoughts, emotions and safety plan. Your expression of gratitude or maintaining a task list. Responses to assessments (PHQ, GAD or others). Your use of tools, Cognitive Behavioral Therapy (CBT) programs and other resources. Any inadvertent identifiers voluntarily provided.

App usage event data - Tracks app actions, settings, notifications and screen choices

Fitness App data - Data from Google Fit, Health Connect by android or Apple Healthkit (physical activity and sleep) when you connect.

Promotion/Survey data - your responses to campaigns, surveys and other marketing activities.

Communication data - includes any feedback, complaints, requests via email or social media or our website contact forms. If you have communicated with us by email or website contact form, we will collect email ID, name provided, any contact details shared with us. Institution and Partner name, staff name and their contact information.

Cookies - includes mandatory cookies collected during app use to provide the Services. Also, site-hosting provider’s cookies on our website.

Sources of the information categories
Much of the information categories that we hold about you, are directly from you or your interactions with us, when you use our App, our websites or social media sites or when you contact us for any purpose

How do we use your information?

We must comply with data protection laws that mandate the identification and communication of a legal basis or 'ground' for utilizing your personal information. In cases involving sensitive data, an additional legal condition is necessary to be informed. An explanation of each of the grounds can be found below.

1. Consent: where you have consented to our use of your information (you will have been presented with a consent message or opt-in provision in relation to any such use and may withdraw your consent by the means stated in this policy).
2. Contract performance: where your information is necessary to enter into or perform our contract with you (your agreement to the App Terms of Service and this Privacy Policy).
3. Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using, protects your data protection rights and freedom.
4. Legal obligation: where we need to use your information to comply with law or statutory obligations.

These are the additional legal conditions that we typically use to justify our use of special categories of your personal data: In the substantial public interest: processing is necessary for reasons of substantial public interest, on the basis of EU or local law. Mainly, for the provision of counseling, advice or support or for protecting you from physical, mental or emotional harm during use of the App and services.

For each use mentioned below we note the purpose for which we use and disclose it, and the ground we rely on as the basis for our use.

1. Use of Information about you
   
   
   1. To provide and manage Apps and Services: To create a unique user identifier for establishing smooth and continuous conversations within the App. To fulfill contractual obligations resulting from your consent to our Terms of Service and Privacy Policy, including the provision of requested information, Apps, and Services. To inform you about any changes to our Apps and Services. To validate and authorize access code or deeplink to access the customized Institution version of App and Services. Only aggregated data is logged to improve user experience.

   Legal basis: contract performance, legitimate interests (to enable us to perform our obligations and ensure quality, safety and performance of our App and Services).

2. Use of AI chatbot conversation data
   
   
   1. To provide and manage Apps and Services: To conceptualize, design, and develop AI models, content, and conversational strategies for operating the AI Chatbot. To run our AI models on conversation data, generating new insights into emotional states and moods. To proactively identify and rectify inadvertent personal identifiers within your text messages. To ensure contextual understanding and coherent conversation flow. To identify medical or emergency-related terminology and provide guidance to safety and crisis support resources, including safety plans. To derive mood scores and assessment scores, and triage to external helplines and support. To present and facilitate access to validated clinical tools and techniques. To facilitate and manage your utilization of the CBT programs. To enable the modification of your chosen nickname.

   Legal basis: contract performance, legitimate interests (to enable us to perform our obligations and ensure quality, safety and performance of our App and Services),

   Additional legal condition: For reasons of substantial public interest for provision of counseling, advice or support or for safeguarding of individuals at risk.

   2. To use your assessment and questionnaire responses: While using the App, you might need to complete established assessments like PHQ-9/GAD-7 periodically. These are trusted tools for monitoring your well-being progress. Your responses guide us to suggest suitable resources and external support. If your scores fall in the moderate-to-severe range, as defined by the assessment, the App will let you know it might not be sufficient and direct you to our or Institution-approved helplines and Services. If an assessment response indicates an SOS, you'll be directed to relevant emergency helplines

   Legal basis: contract performance. Legitimate interest (to ensure user safety)

   Additional legal condition: For reasons of substantial public interest for provision of counseling, advice or support or for safeguarding of individuals at risk.

   3. To understand our users, and to develop and tailor our Apps and services: To anonymize your personal data before using it for analysis, enhancing effectiveness, engagement, experience, and service quality. For AI model safety and performance enhancement. To elevate App and Service quality and customer experience. For creating labeled training and testing data for improving the AI models. We might produce and share aggregate app usage reports with your Institution, while prioritizing your rights and freedom. These reports will be downloadable files or made available over secure analytic dashboards. For innovating new services, technologies, and products.

   Legal basis: legitimate interests (to ensure the quality, safety and performance of our Apps and Services)

   Additional legal condition: For reasons of substantial public interest for provision of counseling, advice or support or for safeguarding of individuals at risk.

   4. To provide in-app notifications and reminders: To alert you according to your set reminders and notifications. To prompt you about upcoming sessions and events.

   Legal basis: contract performance, consent (opt-in and opt-out of notifications).

   5. To conduct research and clinical studies: We don't utilize fitness data (like physical activity and sleep info) from Google Fit, Health Connect by android or Apple Healthkit for research purposes. Our research uses only essential app usage data, including aggregated data for publications. This data is fully anonymized through irreversible removal of user identifiers before use. This aids in enhancing our product, Services, and contributes to user-centered mental wellbeing best practices globally. If needed, you can always reach out to us to limit processing or opt-out where consented to specific research participation.

   Legal basis: legitimate interests (to ensure the effectiveness, safety and performance of our Apps and Services)

3. Use of App usage event data
   
   
   1. To understand our users, and to develop and tailor our Apps and services: To share anonymized app event data with third-party analytics providers for refining App and Service quality. Sensitive details in app event data will be obfuscated.

   Legal basis: legitimate interests (to ensure the quality, and performance of our Apps and Services)

   2. To understand our users, and to develop and tailor our Apps and services: We might produce and share aggregate app usage reports with your Institution, while prioritizing your rights and freedom. These reports will be downloadable files or made available over secure analytic dashboards. For innovating new services, technologies, and products.

   Legal basis: legitimate interests (to ensure the quality, safety and performance of our Apps and Services)

4. Use of Fitness App data
   
   
   1. To use fitness data to derive a risk and well-being score: With your Institution's agreement, we'll use your conversation data and fitness data (physical activity and sleep) to calculate a risk and well-being score. The well-being score will be displayed to you, encouraging you to enhance your well-being. The well-being score serves as a personal benchmarking tool, not a clinical assessment. It will be used within the app to suggest relevant support resources, both from the App and external sources like Institution helplines, EAP, offline care services, and therapist support. We do not share your individual scores with your Institution or Partners. The well-being score doesn't determine diagnoses or treatments, nor does it provide medical advice. This process isn't for emergencies; it's designed to protect at-risk individuals.

      Legal basis: contract performance, consent (your consent to sync with Google Fit, Health Connect by android, Apple Healthkit and Garmin. Your consent to access your sleep and physical data from Google Fit, Health Connect, Apple Healthkit and Garmin).

      Additional legal condition: For reasons of substantial public interest for provision of counseling, advice or support or for safeguarding of individuals at risk.

5. Use of Promotion/Survey data
   
   
   1. To provide any marketing materials: To keep you informed via email, SMS, or online about our Apps and Services. This involves running campaigns, surveys, and providing program-related updates. We'll also reach out about promotions and program enrollment. Additionally, we might utilize anonymous and non-identifiable user data for marketing and benchmarking purposes. If required by law, we'll ask for your consent before engaging in such marketing activities during data collection. You'll have the choice to unsubscribe or opt-out of electronic marketing via the provided option or by reaching out to us through the details in the “Contact” section below. We don't promote third-party offers in the App experience. It's important to note that any promotions or survey responses you provide will remain separate from your App usage.

   Legal basis: consent, legitimate interests (to keep you updated with news in relation to our Apps and Services).

6. Use of Communication data
   
   
   1. To communicate effectively with you: To issue access code or deeplink to access the App and Services. To address your inquiries, feedback, grievances, and other messages, which includes requests and concerns about our Apps and Services. To manage and resolve any service-related disruptions. For service-related communications linked to your App and Service usage. To oversee our interactions with you, ensuring quality, procedure compliance, and for training. Your concerns, complaints, or requests about the App and Services are treated with utmost seriousness. To reach out, follow the "Contact" section below. We commit to addressing complaints within 3 business days. Some inquiries may require additional time for resolution. We'll keep you updated throughout the process until your inquiry is adequately resolved.

   Legal basis: legitimate interests (to allow us to correspond with you regarding our Apps and Services. To ensure the quality of our Apps and Services), legal obligations.

Other uses of your information:

To reorganize or make changes to our business: In situations like: (i) negotiations for selling our business or part to a third party; (ii) being acquired by a third party; (iii) going through reorganization; or (iv) facing bankruptcy, we might need to share some or all of your personal data with the relevant third party (or their advisors) for due diligence in analyzing the proposed sale or reorganization. After such events, we could also share your data with the reorganized entity or third party for similar purposes as stated in this Privacy Policy. We'll reasonably try to notify you through methods like: public notice on our website, informing your Institution, in-app notifications or changes to this privacy policy.

Legal basis: legitimate interests (in order to allow us to change our business), legal obligation

To comply with legal and regulatory obligations: We might handle your personal data to meet our legal and regulatory needs. This might involve sharing your data with third parties like insurers, courts, regulators, or law enforcement agencies worldwide. This can happen during their enquiries, proceedings, or investigations, or when legally required. We might also use and disclose data to prevent serious health or safety threats, for public health reporting, and for preserving data during legal matters to prevent tampering. Additionally, we might disclose data to help with an investigation or prosecution of suspected fraud or actual illegal activity.

Legal basis: legal obligation (as App manufacturer to provide app performance and safety report to regulator ask), legitimate interests (to cooperate with law enforcement and regulatory authorities)

We do not combine and process your personal data with any other third party available data. Your data, messages or usage is not transferred or sold to advertisers or data brokers or any information resellers. We will always take your consent before using your name for social proof purposes. If you have any questions about the legal basis we rely on, please contact us using the details set out in the “Contact” section below.

How do we protect your personal data?

1. Where is your data stored?

   The data we gather is transferred and stored in USA-based infrastructure instances managed by our service provider, Amazon Web Services (AWS).

2. How long is your data stored?

   Personal identifiers you voluntarily share in your text messages with the AI chatbot will be securely redacted in our database within 24 hours of its detection.

   We adhere to legal retention limits for any remaining data about you. It's kept only as long as necessary for requested services or purposes mentioned in the 'How do we use your personal data?' section above. If not specified, we retain your data for up to 10 years after termination or a period agreed upon with your Institution

   You also have the option to permanently delete all your messages using the 'reset my data' feature in the App settings.

3. When you trigger “Reset my data” from App settings

   Reset my data deletes all your submitted data including your identifiers, past conversations, reminders, assessment responses and enabled settings. Post reset, you will not be able to recover your past data and you will be considered as a new user of the App. Hence, this feature is to be used at your discretion.

4. International transfer of your information

   To deliver our App and Services, we may need to process your submitted data in a country different from your own, where data protection laws might be less strict.

   When we move personal data from within the European Economic Area (EEA), Switzerland, and/or the United Kingdom (referred to as the 'Europe region'), we'll take extra steps to secure your data in line with data protection laws. Some countries in the Europe region have been endorsed by regulators for having sufficient data protection, so no additional safeguards are needed to transfer data there. For countries without such approval, we'll use suitable measures to protect data transfer, like the new EU Standard Contractual Clauses and/or UK International Data Transfer Agreement (IDTA), as allowed by the law.

   Minimal and necessary data may be shared among our companies (located in the UK, US, and India) to provide specific Services. In line with relevant data protection laws, we'll ensure your data rights are well protected with appropriate technical and organizational safeguards.

   For any queries, reach out through the details provided in the 'Contact' section below.

5. How do we safeguard your data?

   We prioritize your data security and take extensive measures to ensure it. With strong dedication, we've put in place both technical and organizational safeguards. Here are a few of the steps we've taken:

   Privacy by design and by default

   1. There is no user registration required. We don’t need it hence we don’t ask for it.
   2. Only a nickname is sufficient to help us personalize our conversation with you.
   3. We use pseudonymized identifiers to protect your data and identity.
   4. No human eavesdrops during your conversation with the AI chatbot.
   5. The AI Chatbot will always check if it has understood you correctly before progressing.
   6. We irreversibly redact any inadvertent personal identifiers in your text messages.
   7. You can opt-out at any time using the “reset my data” feature available in the App settings.
   8. We adhere to the 7 key principles set out by GDPR (see here).
   9. We perform Data Protection Impact Assessment (DPIA) for personal data processing.

   Security by design and by default

   1. We use TLS and SSL encryption during transfer and AES-256 protocol at rest.
   2. Random identifiers are used for all data transactions between AI Coach and our servers.
   3. Our systems are secured with role-based access, strong passwords and two-step verification.
   4. We enable endpoint security in all staff systems.
   5. We review and maintain data processing agreements with our service providers.
   6. We have a strict hiring and background verification process in place.
   7. We provide regular awareness and training to our staff.
   8. We conduct annual 3rd party compliance audits and data protection certifications.
   9. We perform regular vulnerability scans and penetration tests of our Apps and Infrastructure.
   10. Checks and remediation of any vulnerabilities in code for e.g. OWASP Top 10.
   11. We conduct regular checks to ensure compliance to our policies.

   Certifications and Registrations

   1. Wysa's Information Security Management System (ISMS) and Privacy Information Management System (PIMS) is certified for ISO 27001 and 27701.
   2. Wysa is registered with the UK Information Commissioner’s office (ICO).
   3. Wysa meets standards of the NHS Digital Data Security and Protection Toolkit (DSP Toolkit).
   4. Wysa complies with DCB0129 Clinical Safety and Risk Management standards.

6. Safety of our Artificial Intelligence (AI)

   At Wysa, we employ our own Artificial Intelligence and Natural Language Processing/Understanding (NLP/NLU) algorithms ("AI") to comprehend your messages. NLP/NLU algorithms are used to understand your text through classification techniques. This enables the AI to have meaningful conversations and direct you to suitable resources. Our commitment demands that the AI within the App is transparent, trusted, secure, and privacy-preserving. All AI in our Apps is "FIXED" or "CLOSED". The chatbot responses are carefully crafted with clinical expertise and undergo thorough safety testing before deployment. There are no generative or adaptive models in use, meaning no dynamic response creation or continuous learning. These algorithms operate within a structured decision-tree conversation framework.

   No electronic transmission or data storage method is flawless or invulnerable. Despite our efforts to implement safeguards for your personal data, we can't guarantee absolute security. Your cooperation is vital for data security as well. Please avoid copying and sharing your conversations with unfamiliar individuals.

7. What about external links to other sites?

   The App, websites, and social media pages feature links to third-party, Partner, or affiliate websites and resources. When you click on such links, remember that these sites have their own privacy policies. We don't manage these third-party sites and are not liable for their privacy policies. It's a good practice to review these policies before sharing personal data on these sites.

8. Our use of service providers

   For our Services, we collaborate with third-party service providers for data storage and processing. We thoroughly evaluate their security and privacy methods. They must adhere to confidentiality, non-disclosure obligations, and legal requirements, including Data Protection Laws. They or their providers (fourth parties) access your data only as needed for tasks on our behalf.

   Cloud Service Providers

   To provide the Service, we collect, transfer and store your data in secure servers provided by our authorized cloud service provider AWS. You can find more on their security practices here, here and here. We maintain a Data Processing Agreement (DPA) with Standard Contractual Clauses (SCCs) and Business Associate Agreement (BAA) with our cloud service providers.

   Other Service Providers

   We use Wysa authorized third party service providers to provide our Services.

   List of our service providers include:

   Service Providers	Purpose	Data Storage Location
   Firebase, Google Analytics	Information shared: App usage event data Purpose: No user conversation or personal data gets shared. To analyze App event data to understand user engagement and experience. Only a de-identified user identifier is shared along with the event data. All event data is made cryptic so that no medical or psychological profile gets created at the hands of the analytics provider. No direct advertising or direct marketing is performed. However, to measure the effectiveness of our social media or other marketing campaigns, we may use these tools to help us make improvements to our Service. The third-party tool APIs may automatically collect some non-personal events. Google Analytics automatically collected events can be found here. The use of Google Analytics is governed by Google Data Policy and Data Safeguards. Firebase automatically collected events can be found here. The use of Firebase is governed by Firebase Terms of Service and Crashlytics Terms of Service . We maintain Data Processing Agreements (DPA) with SCCs with these service providers	USA
   Branch.io	Information shared: Communication data (Institution provided email ID) Purpose: No user conversation or personal data gets shared. Only aggregated data is logged to improve user experience. We use Branch.io to provide deeplink service for our Institution users that helps provide direct access to the App and Services and is governed by branch.io’s Terms of Service , Privacy Policy and Security & GDPR Compliance . We have a signed Data Processing Agreement (DPA) with SCCs with Branch.io.	USA
   Google Workspace	Information shared: Communication data (contact details provided such as email id) Purpose: Only limited, aggregated and anonymised data will get stored in GDrive for the purpose of improving quality, performance and safety of App and Services. Your email ID when you write to us with inquiry will remain in our Gmail servers. We use Google Workspace to provide our corporate email service, to store Information received from our clients and end users in google drive and google docs. We have a signed DPA with SCCs and BAA with Google Workspace.	Europe
   CloudFlare	Information shared: Information about you (IP address) Purpose: No user conversation or personal data gets shared. Your IP address is never mapped to your conversation messages. Hence your conversations remain secure and private. We use Cloudflare for its CDN and DDOS Protection Services. Cloudflare helps us to efficiently secure and provide our Services for you. Cloudflare has access to your IP address to provide the services. Wysa does not store or process your IP address beyond the CDN. Cloudflare may process your browser and operating system related information for logging and abuse prevention purposes. You can read Cloudflare’s terms of service , privacy policy and GDPR Compliance to know more about how they handle your data. We have a signed DPA with SCCs with Cloudflare.	USA
   Business Development and Marketing Tools	Information shared: Communication data (Institution and Partner name, staff name and their contact information) Purpose: We use marketing tools for lead identification, lead generation and business operations, for communications in marketing campaigns and other marketing activities. To communicate with our existing or prospective business clients or users. We ensure appropriate consent and opt-outs are provided when we reach out to prospects. We perform vendor and tool security assessment and vulnerability checks before we onboard a tool. We sign required agreements along with appropriate data protection clauses with tool suppliers. These include Salesforce, Pardot and Iterable.	USA
   Google API Services	Information shared: Fitness App data (physical activity and sleep) Purpose: No user conversation or personal data gets shared. We use Google API services to collect data from Google fit (Physical activity and sleep) from authenticated users. Use of Google API is governed by their Terms of Service , User Data Policy and Additional Requirements for Specific Scopes .	USA
   Health Connect API	Information shared: Fitness App data (physical activity and sleep) Purpose: We use Google Health Connect API to collect Activity and Sleep data from on-device data captured by other Fitness tracking apps. Activity captures any activity that a user does, such as running, swimming and cycling. Sleep captures interval data related to the length and type of a user's sleep. Apps distributed through Google Play that use Health Connect are subject to the Play Developer Program Policy.	User’s device
   Garmin	Information shared: Fitness App data (physical activity and sleep) Purpose: We collect activity and health data from Garmin users, which encompasses their workout information such as swimming, cycling, running, as well as health metrics like sleep patterns and step counts. Users grant permission for data sharing by logging into their Garmin accounts, and they have the option to disable this authorization at any time. Use of Garmin is governed by their Terms of use , Privacy Policy. Read more about their Security practices here .	User’s device

   We will keep updating this page where we make any changes to our service provider.

   Our use of Google API services for use of fitness data

   The App doesn't collect or track identifiable geolocation or call logs. The App’s use or transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including their limited use requirements.

Your data protection rights

During your interactions, you might have the right to: ask for more details on how we use your personal data; receive a copy of the personal data we may hold about you; correct inaccuracies and fill incomplete personal data we may have; delete no-longer-needed personal data; and limit processing while we review an inquiry you raised.

You're also free from decisions solely based on automated processing of your personal data, unless it's necessary for our Agreement or you've agreed. You can ask us to halt such decisions. While we don't usually engage in these activities, we're open to discussing any concerns.

Under specific conditions, you can also: withdraw consent; ask us to send your personal data to a third party electronically; object to processing based on 'legitimate interests' or 'public interests'; and opt out of direct marketing, including profiling. We typically let you know or get your consent (before collecting data) if we plan to use your data for marketing purposes or share it with third parties. To stop this, just click 'unsubscribe' in marketing emails we send you.

The above rights have exceptions to protect public interest (like crime prevention) and our interests (such as legal privilege). They might not all apply in your country of residence.

If you can, use the contact info in the 'Contact' section to exercise your rights. We might need to verify you before responding. Once verified, we'll respond within a month of your request. If we can't verify you, we might be unable to address your request. Your individual rights requests may be limited, were

• denial of access is required or authorized by law;
• grant of access would have a negative impact on other's privacy;
• required to protect your, our or other’s rights, property or safety;
• the request is unjustified or excessive.

If you're unsatisfied, you can complain to your Data Protection Authority. You can file a complaint with the UK ICO using the outlined process here. For EU Data Protection Authorities', check here

Notice for California, USA residents

There are certain disclosures required by the California Consumer Privacy Act (or “CCPA”) and California Privacy Rights Act (“CPRA”). Please read our CCPA (CPRA) notice it applies to users who reside in the State of California.

Updates

Any changes we may make to this Privacy Policy will be notified to you within the App. Continuing to use our App and Services after a notice of change has been published constitutes your acceptance of the changes.

Change Log

V2.0 | October 11, 2023

1. Shorten length of Privacy policy in discussion with Swiss Re.
2. Update for data processing of fitness app (Google fit, Apple healthkit, Health Connect and Garmin) data.
3. Separate CCPA (CPRA) notice