Who are we and how to contact us?

About the Privacy policy

What personal data do we collect?

How do we use your information?

How do we protect your personal data?

Your data protection rights

How to Complain

Personal Data Breach Management

Supplementary Privacy Notices

Updates to this policy

Wysa Assure Mental Health App Privacy Policy

Initial Effective Date: Mar 31, 2023(GMT)
Latest Revised Date: May 14, 2026 (GMT)
Version: 3.0

You (“user”or “end-user” or “data subject”) have been granted access to this Wysa Assure App by your institution (the "Institution"). The Wysa Assure App, also known as the "App", enables anonymous use by authorized Institution-associated users.


Who are we and how to contact us?

The App, managed by Touchkin eServices Private Limited (referred to as "Wysa," "we," "us," or "our"), operates with data privacy by design and by default (Read about our data safeguards here ). Wysa is a co-developer and technically operates the App, utilizing the Wysa platform with non-identifying user identifiers. Co-developed in collaboration with Swiss Re Solutions Ltd ("Swiss Re"), the App is distributed by Swiss Re to your Institution, who then provides it to users. The Institution and Swiss Re are referred together as our "Partners". This Privacy Policy outlines Wysa's use of your personal data, protective measures, and data security.

Regarding the purposes of our Services and processing of end-user data, Wysa acts as the data controller. When handling aggregated App usage data reports on your Institution's behalf, Wysa may act as a processor or sub-processor. Your Institution receives aggregated App usage data reports for their own purposes. Please check with your Institution directly on how they use your App usage reports. Swiss Re only receives anonymous App usage data reports.

For queries, comments, complaints, and requests about our App and Services, reach us at [email protected]. For Privacy Policy and data protection rights inquiries, contact us at [email protected], addressed to the Head of Compliance/Data Protection Officer. We promise a response within a month from a valid inquiry.


About the Privacy policy

This Privacy Policy pertains to your use of our mobile artificial intelligence (AI) chatbot service, digital self-care tool, analytics, dashboard services, well-being score, and pathways to connect to offline mental well-being therapy (collectively referred to as the "Services"). The policy also applies when you engage with us through events, promotions, websites, email, or social media. We may offer additional services for your Institution ("Institutional Services"), requiring agreement with both Wysa's and your Institution's Terms of Service and Privacy Policies for processing information on behalf of your Institution.

In case of a crisis, call your country's emergency number or Institution's approved helplines. App use requires age 18+. Interaction with the AI chatbot is with Artificial Intelligence, not a human. The AI is limited in its response. The App offers evidence-based tools in a self-help context. It doesn't diagnose, treat, or cure a specific condition or disease or disability. It only provides general mental health advice, not medical. Please seek a healthcare professional for any medical concerns.

Kindly review this policy, along with our cookies policy and terms of service. Your use of our Apps and Services implies consent to information collection and utilization as outlined in this Privacy Policy and Cookie Policy. Unless specified otherwise, terms in this Privacy Policy hold the same meanings as in our Terms of Service.


What personal data do we collect?

Wysa does not aim at collecting personal data. You can choose to remain as anonymous as you want to be when you use the App. By adopting privacy by design and by default safeguards (read here ), we seek to minimize personal data collection and processing and improve your privacy. To help provide our Services, we will collect and process the following information categories.

Information about you - Our App prioritizes anonymity for privacy protection. No registration needed. Use a nickname to start. We gather an app-device ID from your Google play or Apple app store when you install the App. IP address for content delivery (not linked to user conversation data), device information, time-zone, operating system.

AI chatbot conversation data - Your voluntary inputs, like challenges, preferences, feelings, moods, thoughts, emotions and safety plan. Your expression of gratitude or maintaining a task list. Responses to assessments (PHQ, GAD or others). Your use of tools, Cognitive Behavioral Therapy (CBT) programs and other resources. Any inadvertent identifiers voluntarily provided.

App usage event data - Tracks app actions, settings, notifications and screen choices

Fitness App data - Data from Google Fit, Health Connect by android or Apple Healthkit (physical activity and sleep) when you connect.

Promotion/Survey data - your responses to campaigns, surveys and other marketing activities.

Communication data - includes any feedback, complaints, requests via email or social media or our website contact forms. If you have communicated with us by email or website contact form, we will collect email ID, name provided, any contact details shared with us. Institution and Partner name, staff name and their contact information.

Cookies - includes mandatory cookies collected during app use to provide the Services. Also, site-hosting provider’s cookies on our website.

Sources of the information categories
Much of the information categories that we hold about you, are directly from you or your interactions with us, when you use our App, our websites or social media sites or when you contact us for any purpose


How do we use your information?

We must comply with data protection laws that mandate the identification and communication of a legal basis or 'ground' for utilizing your personal information. In cases involving sensitive data, an additional legal condition is necessary to be informed. An explanation of each of the grounds can be found below.

  1. Consent: where you have consented to our use of your information (you will have been presented with a consent message or opt-in provision in relation to any such use and may withdraw your consent by the means stated in this policy).
  2. Contract performance: where your information is necessary to enter into or perform our contract with you (your agreement to the App Terms of Service and this Privacy Policy).
  3. Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using, protects your data protection rights and freedom.
  4. Legal obligation: where we need to use your information to comply with law or statutory obligations.

These are the additional legal conditions that we typically use to justify our use of special categories of your personal data: In the substantial public interest: processing is necessary for reasons of substantial public interest, on the basis of EU or local law. Mainly, for the provision of counseling, advice or support or for protecting you from physical, mental or emotional harm during use of the App and services.

For each use mentioned below we note the purpose for which we use and disclose it, and the ground we rely on as the basis for our use.

  1. Use of Information about you

    1. To provide and manage Apps and Services: To create a unique user identifier for establishing smooth and continuous conversations within the App. To fulfill contractual obligations resulting from your consent to our Terms of Service and Privacy Policy, including the provision of requested information, Apps, and Services. To inform you about any changes to our Apps and Services. To validate and authorize access code or deeplink to access the customized Institution version of App and Services. Only aggregated data is logged to improve user experience.

    Legal basis: contract performance, legitimate interests (to enable us to perform our obligations and ensure quality, safety and performance of our App and Services).

  2. Use of AI chatbot conversation data

    1. To provide and manage Apps and Services: To conceptualize, design, and develop AI models, content, and conversational strategies for operating the AI Chatbot. To run our AI models on conversation data, generating new insights into emotional states and moods. To proactively identify and rectify inadvertent personal identifiers within your text messages. To ensure contextual understanding and coherent conversation flow. To identify medical or emergency-related terminology and provide guidance to safety and crisis support resources, including safety plans. To derive mood scores and assessment scores, and triage to external helplines and support. To present and facilitate access to validated clinical tools and techniques. To facilitate and manage your utilization of the CBT programs. To enable the modification of your chosen nickname. Where LLM is enabled, to share your limited conversation data with the LLM (“Input”). We apply safety guardrails to keep your messages using the LLM safe. All Inputs go through these guardrails. If your message does not clear the guardrails, we do not send it to the LLM. When the LLM responds (“Output”), it also has to pass the safety rules. If it does not, we do not release the Output, instead providing a pre-defined safe response.
    2. Legal basis: contract performance, legitimate interests (to enable us to perform our obligations and ensure quality, safety and performance of our App and Services),

      Additional legal condition: For reasons of substantial public interest for provision of counseling, advice or support or for safeguarding of individuals at risk.

    3. To use your assessment and questionnaire responses: While using the App, you might need to complete established assessments like PHQ-9/GAD-7 periodically. These are trusted tools for monitoring your well-being progress. Your responses guide us to suggest suitable resources and external support. If your scores fall in the moderate-to-severe range, as defined by the assessment, the App will let you know it might not be sufficient and direct you to our or Institution-approved helplines and Services. If an assessment response indicates an SOS, you'll be directed to relevant emergency helplines
    4. Legal basis: contract performance. Legitimate interest (to ensure user safety)

      Additional legal condition: For reasons of substantial public interest for provision of counseling, advice or support or for safeguarding of individuals at risk.

    5. To understand our users, and to develop and tailor our Apps and services: To anonymize your personal data before using it for analysis, enhancing effectiveness, engagement, experience, and service quality. For AI model safety and performance enhancement. To elevate App and Service quality and customer experience. For creating labeled training and testing data for improving the AI models. We might produce and share aggregate app usage reports with your Institution, while prioritizing your rights and freedom. These reports will be downloadable files or made available over secure analytic dashboards. For innovating new services, technologies, and products.
    6. Legal basis: legitimate interests (to ensure the quality, safety and performance of our Apps and Services)

      Additional legal condition: For reasons of substantial public interest for provision of counseling, advice or support or for safeguarding of individuals at risk.

    7. To provide in-app notifications and reminders: To alert you according to your set reminders and notifications. To prompt you about upcoming sessions and events.
    8. Legal basis: contract performance, consent (opt-in and opt-out of notifications).

    9. To conduct research and clinical studies: We don't utilize fitness data (like physical activity and sleep info) from Google Fit, Health Connect by android or Apple Healthkit for research purposes. Our research uses only essential app usage data, including aggregated data for publications. This data is fully anonymized through irreversible removal of user identifiers before use. This aids in enhancing our product, Services, and contributes to user-centered mental wellbeing best practices globally. If needed, you can always reach out to us to limit processing or opt-out where consented to specific research participation.
    10. Legal basis: legitimate interests (to ensure the effectiveness, safety and performance of our Apps and Services)

  3. Use of App usage event data

    1. To understand our users, and to develop and tailor our Apps and services: To share anonymized app event data with third-party analytics providers for refining App and Service quality. Sensitive details in app event data will be obfuscated.
    2. Legal basis: legitimate interests (to ensure the quality, and performance of our Apps and Services)

    3. To understand our users, and to develop and tailor our Apps and services: We might produce and share aggregate app usage reports with your Institution, while prioritizing your rights and freedom. These reports will be downloadable files or made available over secure analytic dashboards. For innovating new services, technologies, and products.
    4. Legal basis: legitimate interests (to ensure the quality, safety and performance of our Apps and Services)

  4. Use of Fitness App data

    1. To use fitness data to derive a risk and well-being score: With your Institution's agreement, we'll use your conversation data and fitness data (physical activity and sleep) to calculate a risk and well-being score. The well-being score will be displayed to you, encouraging you to enhance your well-being. The well-being score serves as a personal benchmarking tool, not a clinical assessment. It will be used within the app to suggest relevant support resources, both from the App and external sources like Institution helplines, EAP, offline care services, and therapist support. We do not share your individual scores with your Institution or Partners. The well-being score doesn't determine diagnoses or treatments, nor does it provide medical advice. This process isn't for emergencies; it's designed to protect at-risk individuals.

      Legal basis: contract performance, consent (your consent to sync with Google Fit, Health Connect by android, Apple Healthkit and Garmin. Your consent to access your sleep and physical data from Google Fit, Health Connect, Apple Healthkit and Garmin).

      Additional legal condition: For reasons of substantial public interest for provision of counseling, advice or support or for safeguarding of individuals at risk.

  5. Use of Promotion/Survey data

    1. To provide any marketing materials: To keep you informed via email, SMS, or online about our Apps and Services. This involves running campaigns, surveys, and providing program-related updates. We'll also reach out about promotions and program enrollment. Additionally, we might utilize anonymous and non-identifiable user data for marketing and benchmarking purposes. If required by law, we'll ask for your consent before engaging in such marketing activities during data collection. You'll have the choice to unsubscribe or opt-out of electronic marketing via the provided option or by reaching out to us through the details in the “Contact” section below. We don't promote third-party offers in the App experience. It's important to note that any promotions or survey responses you provide will remain separate from your App usage.
    2. Legal basis: consent, legitimate interests (to keep you updated with news in relation to our Apps and Services).

  6. Use of Communication data

    1. To communicate effectively with you: To issue access code or deeplink to access the App and Services. To address your inquiries, feedback, grievances, and other messages, which includes requests and concerns about our Apps and Services. To manage and resolve any service-related disruptions. For service-related communications linked to your App and Service usage. To oversee our interactions with you, ensuring quality, procedure compliance, and for training. Your concerns, complaints, or requests about the App and Services are treated with utmost seriousness. To reach out, follow the "Contact" section below. We commit to addressing complaints within 3 business days. Some inquiries may require additional time for resolution. We'll keep you updated throughout the process until your inquiry is adequately resolved.
    2. Legal basis: legitimate interests (to allow us to correspond with you regarding our Apps and Services. To ensure the quality of our Apps and Services), legal obligations.

  7. Use of Cookie Information

    We need to use some necessary cookies to make sure our website and app works properly. Here is a simple guide to the kinds of cookies we might use:

    • Essential cookies. These are very important and are needed for the website and app to work. They help make sure everything runs smoothly, like when you chat on the app. These cookies do not collect any information about you. We manage these cookies ourselves.

    "Do Not Track" (DNT) is something you can turn on in your web browser to keep your online activities more private. However, even if you turn DNT on, we do not collect those signals today.

    You can access our Cookie Policy here.

    Legal basis: legitimate interests.

Other uses of your information:

To reorganize or make changes to our business: In situations like: (i) negotiations for selling our business or part to a third party; (ii) being acquired by a third party; (iii) going through reorganization; or (iv) facing bankruptcy, we might need to share some or all of your personal data with the relevant third party (or their advisors) for due diligence in analyzing the proposed sale or reorganization. After such events, we could also share your data with the reorganized entity or third party for similar purposes as stated in this Privacy Policy. We'll reasonably try to notify you through methods like: public notice on our website, informing your Institution, in-app notifications or changes to this privacy policy.

Legal basis: legitimate interests (in order to allow us to change our business), legal obligation

To comply with legal and regulatory obligations: We might handle your personal data to meet our legal and regulatory needs. This might involve sharing your data with third parties like insurers, courts, regulators, or law enforcement agencies worldwide. This can happen during their enquiries, proceedings, or investigations, or when legally required. We might also use and disclose data to prevent serious health or safety threats, for public health reporting, and for preserving data during legal matters to prevent tampering. Additionally, we might disclose data to help with an investigation or prosecution of suspected fraud or actual illegal activity.

Legal basis: legal obligation (as App manufacturer to provide app performance and safety report to regulator ask), legitimate interests (to cooperate with law enforcement and regulatory authorities)

We do not combine and process your personal data with any other third party available data. Your data, messages or usage is not transferred or sold to advertisers or data brokers or any information resellers. We will always take your consent before using your name for social proof purposes. If you have any questions about the legal basis we rely on, please contact us using the details set out in the “Contact” section below.

Processing for Legitimate Interests

We may need to use your personal information for important reasons. Before doing this, we will always protect your rights and privacy. Here are the reasons we might use your data:

  • To follow our main agreements with your Institution.
  • If the law requires us to use or share it.
  • For court cases or legal orders.
  • For law enforcement or national security needs.
  • To help investigate or stop illegal activities.
  • To freeze data for legal reasons so that it cannot be changed or deleted.
  • To report public health information.
  • To prevent serious risks to health or safety.
  • To do basic research and understand how people use our services.
  • To communicate with you about using our app and services.
  • To fix and protect the app’s security and operations.
  • To stop fraud or misuse of our service.
  • To keep your data secure and private.
  • To make sure the app and services work well and are easy to use.
  • To protect your fundamental rights, and safety.
  • To use anonymous data for benchmarking and marketing.
  • To create new services, technologies, and products.
  • To answer your questions and requests.


How do we protect your personal data?

  1. Where is your data stored?

    The data we gather is transferred and stored in USA-based infrastructure instances managed by our service provider, Amazon Web Services (AWS). Some of your information might be shared and stored with our third-party service providers to provide our services. For a list of service providers please read point 8 under this section.

  2. How long is your data stored?

    Personal identifiers you voluntarily share in your text messages with the AI chatbot will be securely redacted in our database within 24 hours of its detection.

    We adhere to legal retention limits for any remaining data about you. It's kept only as long as necessary for requested services or purposes mentioned in the 'How do we use your personal data?' section above. If not specified, we retain your data for up to 10 years after termination or a period agreed upon with your Institution

    You also have the option to permanently delete all your messages using the 'reset my data' feature in the App settings.

    Where LLM is enabled, we have enabled Zero data retention (ZDR) with the LLM provider (Open AI API) and hence your conversation data does not get stored with them.

  3. When you trigger “Reset my data” from App settings

    Reset my data deletes all your submitted data including your identifiers, past conversations, reminders, assessment responses and enabled settings. Post reset, you will not be able to recover your past data and you will be considered as a new user of the App. Hence, this feature is to be used at your discretion.

  4. International transfer of your information

    To deliver our App and Services, we may need to process your submitted data in a country different from your own, where data protection laws might be less strict.

    When we move personal data from within the European Economic Area (EEA), Switzerland, and/or the United Kingdom (referred to as the 'Europe region'), we'll take extra steps to secure your data in line with data protection laws. Some countries in the Europe region have been endorsed by regulators for having sufficient data protection, so no additional safeguards are needed to transfer data there. For countries without such approval, we'll use suitable measures to protect data transfer, like the new EU Standard Contractual Clauses and/or UK addendum to the EU SCCs or UK International Data Transfer Agreement (IDTA), as allowed by the law.

    Minimal and necessary data may be shared among our companies (located in the UK, US, and India) to provide specific Services. In line with relevant data protection laws, we'll ensure your data rights are well protected with appropriate technical and organizational safeguards.

    For any queries, reach out through the details provided in the 'Contact' section below.

  5. How do we safeguard your data?

    We prioritize your data security and take extensive measures to ensure it. With strong dedication, we've put in place both technical and organizational safeguards. Here are a few of the steps we've taken:

    Privacy by design and by default

    1. There is no user registration required. We don’t need it hence we don’t ask for it.
    2. Only a nickname is sufficient to help us personalize our conversation with you.
    3. We use pseudonymized identifiers to protect your data and identity.
    4. No human eavesdrops during your conversation with the AI chatbot.
    5. We irreversibly redact any inadvertent personal identifiers in your text messages.
    6. As an App user, you can choose "reset my data" to delete your information.
    7. We adhere to the 7 key principles set out by GDPR (see here).

    Security by design and by default

    1. We use strong encryption to protect your data when it is being sent or stored.
    2. Random identifiers are used for all data transactions between App and our servers.
    3. Our systems are secured with role-based access, strong passwords and two-step verification.
    4. We enable endpoint security in all staff systems.
    5. We review and maintain data processing agreements with our service providers.
    6. We have a strict hiring and background verification process in place.
    7. We provide regular awareness and training to our staff.
    8. We conduct annual 3rd party compliance audits and data protection certifications.
    9. We perform regular vulnerability scans and penetration tests of our Apps and Infrastructure.
    10. Checks and remediation of any vulnerabilities in code for e.g. OWASP Top 10.
    11. We conduct regular checks to ensure compliance to our policies.

    Additional safeguards when you use LLM-enabled AI

    1. Every message sent to and from the LLM is encrypted so no one else can read it.
    2. Any personal identifiers voluntarily shared in conversation data gets removed. This helps keep your private details safe from being shared with the LLM service provider.
    3. We use safety rules to always check what is sent and received from the LLM to make sure it is safe and good to use.
    4. We do not share your device data with the LLM.
    5. Your conversation messages are never stored at the LLM.
    6. Your conversation messages are not used as training data by the LLM.

    Certifications and Registrations

    1. Wysa's Information Security Management System (ISMS) and Privacy Information Management System (PIMS) is certified for ISO 27001 and 27701.
    2. Wysa is registered with the UK Information Commissioner’s office (ICO).
    3. Wysa meets standards of the NHS Digital Data Security and Protection Toolkit (DSP Toolkit).
    4. Wysa complies with DCB0129 Clinical Safety and Risk Management standards.
  6. We do our best to keep your personal data secure and safe, but no method is perfect. We cannot promise complete security and safety. You can help keep your data safe too. Please do not share personal identifiers where not asked. Please do not copy and share your chats with people you do not know.

  7. Responsible use of Artificial Intelligence (AI)

    At Wysa, we use artificial intelligence (AI) programs to understand what you type to us. These AI programs help us talk with you in a way that makes sense and guides you to helpful information. Our AI programs follow set rules and do not learn new things on their own. We make sure our AI chatbot is fair, safe, and treats your information with care. Where enabled, we use third-party Large Language Models (“LLM”) and our own AI to chat with you. Our AI is a purpose-built AI and does not operate as a general-purpose generative AI. Our AI does not change in real time (i.e. it does not continually modify itself or learn every time on its own). Each conversation with the AI works at a conversational node level within a decision-tree structure. At each node we may use either the prediction from our AI programs or the inferences from LLMs, or both. We may also use our proprietary AI programs to qualify a conversation sentence for an LLM inference. We have safety measures in place to keep our conversations secure and trustworthy. All recommendations from Wysa come from our own care library which is a closed source and written by our clinicians. Every piece of content generated by the AI passes through our safety and quality checks, and all LLM based conversational prompts are designed and tested by clinicians to ensure that they are clinically safe and appropriate. We also have good practices to monitor and check the use of AI at Wysa, making sure your rights are protected. Please contact us at [email protected] if you have any more questions about our use of AI.

    Read our product’s intended purposes and terms of use here.

    Read our Responsible AI for mental health playbook here.

    While Wysa has put in place reasonable clinical safety and data protection controls, you understand and acknowledge that AI is a developing technology. The potential risks inherent to this technology may not be fully understood and fulsome safeguards may not be fully developed. Due to the nature of the technology, you may sometimes get incorrect responses that do not accurately reflect the action required.

  8. What about external links to other sites?

    The App, websites, and social media pages feature links to third-party, Partner, or affiliate websites and resources. When you click on such links, remember that these sites have their own privacy policies. We don't manage these third-party sites and are not liable for their privacy policies. It's a good practice to review these policies before sharing personal data on these sites.

  9. Our use of service providers

    We work with third party companies that help us run our app, fix any problems, and offer other important services. These companies might use your personal data to provide services for us. For a list of service providers please read below.

    We also work with the Institution’s authorised service providers to connect and share your information so you may get the required care from your Institution.

    Service Providers Data Type Purpose Data Storage / Processing Location
    Amazon Web Services (AWS) All data submitted and collected from you during App use They help provide cloud-based systems, tools and APIs that keep our service running smoothly and securely. USA
    MongoDB ATLAS All data submitted and collected from you during App use They provide use of a database to keep your information safe. This database resides on AWS. USA
    Firebase, Google Analytics Anonymised event data, Cookie Information They look at how you use our App to improve the experience. We do not share what you talk about or any personal details with the third party. All the actions you do in the App are given false names so they cannot tell who you are or learn anything about your health or feelings. USA
    Branch.io Communication data (Institution supplied email ID) They help provide a special link that helps you access our App more easily. USA
    Google Workspace Communication data (email identifiers) To answer your questions, requests, and feedback. They help us keep records without using your personal data. Europe
    CloudFlare Device Data (Internet protocol address) They help us keep our services secure and running smoothly. They need to use your IP address to do this. Wysa does not store or use your IP address after it has been used by Cloudflare. Your IP address is never linked to your conversations, so everything you chat about stays private. Also, Cloudflare might look at information like your browser and operating system to prevent any misuse. USA
    Zendesk Communication data (email and other identifiers) This is our customer support system. We use it to collect and answer your questions and requests for help in the event that you contact us. USA
    Private AI Conversation data The service checks for any personal details you might accidentally share when talking with the App. It runs on Wysa's cloud servers, so your messages do not go to Private AI. USA
    Open AI Conversation data submitted and collected from you during use of LLM enabled AI To provide LLM enabled AI alongside Wysa’s own proprietary AI. Provide clinically validated tools and resources for support. USA
    Google API Services Fitness App data (physical activity and sleep) We use Google API services to collect data from Google fit (Physical activity and sleep) from authenticated users. No personal data is shared by Wysa to Google API Services
    Health Connect API Fitness App data (physical activity and sleep)

    We use Google Health Connect API to collect Activity and Sleep data from on-device data captured by other Fitness tracking apps.

    1. Activity captures any activity that a user does, such as running, swimming and cycling.
    2. Sleep captures interval data related to the length and type of a user's sleep.

    Apps distributed through Google Play that use Health Connect are subject to the Google Play Developer policies.

    No personal data is shared by Wysa to Health Connect API Services
    Garmin Fitness App data (physical activity and sleep) We collect activity and health data from Garmin users, which encompasses their workout information such as swimming, cycling, running, as well as health metrics like sleep patterns and step counts. Users grant permission for data sharing by logging into their Garmin accounts, and they have the option to disable this authorization at any time. No personal data is shared by Wysa to Garmin

    We will keep updating this section where we make any changes to our service provider. If you have any questions please contact us at [email protected].

    Our use of Google API services for use of fitness data

    The App doesn't collect or track identifiable geolocation or call logs. The App’s use or transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including their limited use requirements.


Your data protection rights

What Can You Do About Your Data?

  1. Ask Questions: You can ask us how we are using your personal data.
  2. Get a Copy: You can ask for a copy of the personal data we have about you.
  3. Fix It: If any personal data about you is wrong or missing, you can ask us to fix it.
  4. Delete It: If we do not need your personal data anymore, you can ask us to delete it.
  5. Pause It: While we look into any questions you have, you can ask us to stop using your data.
  6. Change Your Mind: If you had said yes to something before, you can still say no later.
  7. Send It Elsewhere: You can ask us to send your personal data to someone else electronically.
  8. Object: You can tell us not to use your personal data for things we think are important.
  9. No Marketing: If you do not want to get marketing emails, just click ‘unsubscribe’ in the emails.
  10. Be fair: When you use our app, we will not treat you unfairly for using your rights.
  11. No Sale: You can choose to stop your personal data from being sold or shared with others who might want to sell it.
  12. Automated Decisions: Our service uses AI to help you. We do not use AI to know your identity. We always check with you before making key suggestions. We change our conversation anytime you inform us that the AI is not helping. We and our service providers might use AI to make automated decisions or automatically process information if we need to perform our services or to stop fraud, abuse or misuse of our services. By using our services, you agree to let us use AI for providing our service. We might change the automated approach we use in the future.

Consent Management

Obtaining Consent: Where we request your consent before collecting any personal data, clear and easily understandable explanations will be provided regarding the purpose and scope of data processing activities. You have the right to grant or deny consent.

Modification of Consent:
If you wish to modify your consent for data processing, you can do so easily by contacting our Data Protection Officer (DPO) or our customer support. Modification will not affect the lawfulness of any processing based on prior consent.

Withdrawal of Consent:
If you wish to withdraw your consent for data processing, you can do so easily by contacting our DPO or our customer support. Withdrawal will not affect the lawfulness of any processing based on prior consent.

By incorporating this consent management facility, we aim to empower you with control over your personal data, ensuring transparency and compliance with privacy regulations.

How to Exercise Your Rights

You do not usually have to pay anything to use your rights. Sometimes, we might need to check if it is really you asking. Contact us using the details at the top of this privacy notice. We will reply within one month if you ask us for something.

When We Might Say “No”

We might not be able to agree to your request if:

  • The processing is required to provide continuity of our services.
  • The law says we cannot.
  • It affects someone else’s privacy.
  • It could harm you, us, or someone else’s rights or safety.
  • If we need to retain data to ensure the reliability of our research studies.
  • The request is too much or does not make sense.


How to Complain

If you have any concerns about our use of your personal data, you can make a complaint to us at [email protected]. We will get back to you about your complaints within 3 working days. Some might take a bit longer to sort out. We will keep you updated until everything is fixed.

If you are still not happy with how things have been sorted out, you can send an email to our grievance officer / Data Protection Officer (DPO) at [email protected].

DPO Roles and Responsibilities:

  • Oversee the implementation of data protection policies and procedures.
  • Ensure the organization’s compliance with data protection regulations.
  • Conduct risk assessments related to data processing activities.
  • Serve as a point of contact for data subjects / data principal and supervisory authorities.
  • Monitor data security measures, investigate breaches, and enforce staff training to uphold data security.

If you're unsatisfied, you can complain to your Data Protection Authority. You can file a complaint with the UK ICO using the outlined process here. For EU Data Protection Authorities', check here.


Personal Data Breach Management

In the event of a personal data breach, we follow a stringent procedure to mitigate and address the incident promptly. Our response includes identifying the breach, containing its impact, assessing affected data, notifying relevant authorities, and communicating transparently with affected individuals. We conduct thorough investigations to understand the extent of the breach and implement corrective measures to prevent recurrence.

Any detected personal data breach will be reported to relevant authorities and where applicable, the affected individuals within 72 hours of its identification or within the time period defined in compliance with applicable data protection regulations.


Supplementary Privacy Notices

Read supplementary privacy notice for USA states.


Updates to this policy

Any changes we may make to this Privacy Policy will be notified to you within the App. Continuing to use our App and Services after a notice of change has been published constitutes your acceptance of the changes. For a list of past changes please read here.