Privacy Policy - Zaia Health

Last Updated: May 27, 2025

Zaia Health (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Zaia Health (the “App”) on mobile devices (iOS and Android).

By using Zaia Health, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Information

• Registration Data: Name, email address (if you register via email).

• Account Credentials: Encrypted password or authentication token.

1.2 HealthKit & Google Calendar Data

With your explicit consent, we access and read:

• HealthKit Data: Metrics such as step count, heart rate, sleep analysis, and other health-related data provided by Apple HealthKit.

• Google Calendar Events: Event titles, dates, times, and reminders.

This data powers personalized insights, coaching, and reminders. We do not share raw HealthKit or calendar data with third parties, except as anonymized metrics via our analytics provider.

1.3 Device & Technical Data

Automatically collected when you use the App:

• Device Identifiers: Device model, operating system version (e.g., iOS version).

• IP Address: For geolocation-based features and security.

• Crash Logs & Performance Diagnostics: Error reports, stack traces, performance metrics.

• Email Address: If you sign up or contact support.

1.4 Analytics Data

We use Amplitude to collect anonymized usage data, including screen views, feature interactions, session durations, and in-app events. This helps us improve App performance and user experience.

2. How We Use Your Information

We use the data we collect to:

1. Deliver and personalize the App’s features (e.g., health insights, reminders).

2. Analyze usage trends and improve App stability and functionality.

3. Monitor security and detect fraud or abuse.

4. Communicate updates, promotions, or policy changes (you may opt out of marketing emails).

3. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

• Service Providers: Amplitude for analytics; cloud hosting and database providers.

• Legal Authorities: If required by law or in response to valid requests.

• Business Transfers: In the event of a merger, acquisition, or asset sale, with notice to you.

HealthKit and Google Calendar data remain governed by Apple’s and Google’s privacy terms.

3.1 Compliance with Google Workspace APIs

• The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements. If you would like to know more, check the following links: Workspace API user data and developer policy, Limited use of user data requirement, and the Limited use of user data requirement of the Photos API User Data and Developer Policy.

4. GDPR Disclosures

4.1 Lawful Bases for Processing

• Consent: For processing HealthKit and Calendar data when you enable those integrations.

• Legitimate Interests: For anonymized analytics, performance monitoring, fraud prevention, and security.

4.2 Data Subject Rights

If you reside in the EU, you have the right to:

• Access your personal data.

• Rectify inaccurate or incomplete data.

• Erase your data (“right to be forgotten”), subject to our retention policy.

• Port your data in a structured, machine-readable format.

• Restrict or object to certain processing activities.

• Withdraw Consent at any time (without affecting prior lawful processing).

• Lodge a Complaint with your local supervisory authority.

To exercise these rights, please contact us at privacy@zaiahealth.com.

4.3 Data Retention

We retain personal data (including HealthKit, Calendar, device, and analytics data) for up to five (5) years from the date of collection, unless a shorter period is legally required. After this period, data is securely deleted or irreversibly anonymized.

4.4 International Transfers & Hosting

All servers processing your personal data are located in the European Union. Any future transfers outside the EEA will be protected by European Commission–approved Standard Contractual Clauses.

4.5 Data Protection Officer

Our DPO is:

Gustavo Claudio Comitre

CEO & Data Protection Officer

4.6 Data Breach Notification

In the event of a personal data breach, we will notify you and the relevant EU supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR.

5. Children’s Privacy

We do not knowingly collect data from children under 13. If you are under 16, you must have parental consent to register. If we learn that we have collected information from a child under 13, we will delete it without undue delay.

6. Security

We implement reasonable technical and organizational measures to protect personal data, including:

• Encryption: In transit (TLS) and at rest.

• Access Controls: Limited employee access on a need-to-know basis.

• Regular Audits: Security testing and vulnerability assessments.

However, no system is completely secure; we cannot guarantee absolute protection.

7. Third-Party Links & Websites

Our App may contain links to third-party sites (e.g., privacy policies for Apple HealthKit, Google Calendar). We are not responsible for those sites’ content or practices.

8. Changes to This Privacy Policy

We may update this policy from time to time. Material changes will be communicated via in-App notification and/or email. The “Last Updated” date above will reflect revisions.

9. Contact Us

If you have questions or requests regarding this policy, please contact:

• Email: zaiahealth.dev@gmail.com 

• Website: www.zaiahealth.ai

Thank you for trusting Zaia Health with your data. We are committed to protecting your privacy and providing a secure, transparent experience.