Touchkin eServices Pvt. Ltd. (“Wysa”) are the makers of the Wysa app and its services. The app and services are available in native English. Select services are available in Spanish, French, German, Brazilian Portuguese and in certain languages of India.

Where Wysa decides the purpose of personal data processing, we will be the “data controller or data fiduciary or equivalent”. Where we perform personal data processing at the direction of your Institution, we will be “data processors”.

If you have any questions, comments, complaints, or requests about our app and services, you can email us at [email protected].

When you use our app and services.

When you use the app and services, we collect the following information. You control the information you share with us. We design our app to collect as little personal data as possible to keep your data safe and protect your privacy. This means there is less risk of your information being misused. When you share information with us, we are responsible for taking care of it.

Information provided by you.

• Information about you. This includes things like your nickname, age-range, gender, pronouns, or identifiers you may voluntarily reveal about yourself. Contact information shared with Wysa Coach or Wysa Medical Assistant or as required for your Institution.

• Conversation data. This covers what you type in messages, your challenges, preferences, feelings, moods, thoughts, task lists, and safety information. It also includes answers to surveys or questionnaires from us or your Institution, and how you respond to the tools and exercises that we offer. This includes everything you type in messages or say in voice or video calls with your Wysa Coach or Wysa Medical Assistant.

• Correspondence data. If you email us, you might share personal data like your name, email address, home address, the company you are part of, your job title, and what you talk about in the message.

• Feedback data. When we ask for your thoughts on our app and services, we gather your contact info and some basic details about you.

Information collected via automated means or by third parties.

• Information sharing with your Institution. Sometimes, your Institutions or their appointed representatives might share or ask you to share your personal data with the app, like your contact details, so we can offer you our services. Where required by your Institution, and without affecting your rights, We may also share your usage and safety data with them.

• App event data. We collect information about what you do in the app, like where you tap, what actions you take, your settings, notifications you get, and the screens you visit.

• Device data. When you install the app, we get an ID for your device from the Google Play Store. We also collect information about your device, like the type of phone, its time zone, and its operating system. A service provider that helps us deliver content might also get your IP address to provide our services.

• Cookie Information. We and our third-party providers collect information about your app use via cookies or similar technologies. We use mandatory or necessary cookies to provide our services.

When you use the Digital Front Door Service

The service helps your Institution guide you and your dependents to the right care and support. The following additional information gets used.

• Information from your Institution.. You can use the service by logging in through your Institution’s Single Sign-On (SSO) web page. This means you can use your usual Institution login details to access the DFD service. The first time you use the DFD service, it will take you to your Institution's login page to verify your identity. Wysa does not collect and use your personal login details. Instead, Wysa gets a unique, encrypted code to create a random identifier for you.

• Information about you. This may include but not limited to pronouns, country, service group.

When you use the AI Coach over WhatsApp.

Where, you directly use the AI Coach on WhatsApp, the focus is on helping you sleep better. The service does not give medical advice and always suggests seeing a doctor if needed. Wysa will not use your WhatsApp messages to send you marketing material. We do collect and use the additional information to provide you with our service.

• Information about you. This may include but not limited to your mobile number, whatsapp profile name, city, interests, language.

Where your Institution provides access to the AI Coach on WhatsApp, they do not give us any of your personal information. They only share a unique identifier to help us connect with your Institution systems and offer our AI Coach service to you. This unique identifier cannot be used to identify you.

When you use the Wysa Medical Assistant Service.

When you use this service, you or your healthcare provider may additionally share protected health information with our app and with our Wysa Medical Assistants. These may include a patient referral form that contains your name, your current or past medication details, your clinical assessments and evaluation details. We will process this information on behalf of your Institution to provide healthcare service. We store information provided by you voluntarily to Wysa Medical Assistants during the course of service. This may include but not limited to your physical and mental health details, medication details, and assessment evaluations.

When you participate in a Wysa research study.

You can choose to sign up and join any of our or our research partner run studies. When you volunteer, we will collect some information from you. These include:

• Information about you. . This may include but not limited to your contact details, country, gender, socio-economic details, age-range.

• Health and Wellness data. This may include but not limited to ethnicity, alcohol/substance use concerns, use of medication, any mental disorder diagnosis or treatment, about hallucination, validated assessment responses.

When you visit our website or social media accounts or our web pages.

When you visit our website or web pages or just reach out to us for business purposes, we will collect the following information from you.

• Correspondence data:. If you contact us, you might share personal data like your name, email address, home address, the company you are part of, your job title, business contact details and what you talk about in the message.

• Cookie Information. We and our third-party providers collect information about your website use via cookies or similar technologies. Information could include but not limited to browser type, browser language, operating System, language settings, web page views and the link clicks, campaign clicks, IP address.

You can follow us on Instagram through the Wysa app settings. If you do not have an Instagram account, you can create one and follow us at @wysa_buddy. Your Instagram account will not be linked to your Wysa app account. We will know your personal information when you interact with us on our social media channels.

When you use our DRA services

When you use the DRA on your Institution website to make a referral submission, we will need to collect some information on behalf of your Institution. This information is transferred to the Institution and/or their service providers for review by a clinician.

You can fill out the information required at your own pace. We will obtain your personal data directly from the Institution (such as member id, plan details, demographic information). We will also receive personal details (such as name, date of birth. contact details), answers to health related questions, and any long-term health issues or disabilities. Your Institution decides if you qualify for these services, not us.

We do not decide who is accepted by the institution, nor the type or step of care provided. The DRA only collects the required information and passes it to your Institution and/or their authorised service providers.

When you text your institution clinician or well-being advisor within co-pilot service

Your Institution Clinician or Well-being advisor may add some information about you to identify you on the platform and provide the relevant service. This may include, but not limited to, your title, gender, primary language, and timezone. Wysa will only share the required personal data with your Institution and their clinician or well-being advisor. This to help them review your progress during the service.

When you use the Wysa+ or Generative AI Service

By default, Wysa AI Coach uses propreitary artificial intelligence and third-party Generative AI (“Gen AI”) to provide the service. Users on older versions of the App will continue to avail the on-demand Wysa+ services. Where opted by you, Wysa+ uses third-party Gen AI along with our propreitary AI to chat with you.

Use of Gen AI or Wysa+ provides an improved experience of the AI Coach service. It allows us to provide you with high-quality, and safe responses. This helps the AI Coach talk about varied conversations and provide responses that are more suited to you. Where provided, the AI Coach allows you to chat in native English and specific Indian languages. Your conversation data is processed and part of the input to the Gen AI to provide this service. The input to and the output from the Gen AI passes through our safety guardrails and quality checks before we use it. Our clinical staff check the appropriateness of the Gen AI response at frequent intervals to make sure they are safe, and work well.

Generated Insights within Weekly Report:
Where you use weekly reports, we use third-party Gen AI to create generated insights. These reports give you personalized and useful information based on how you use the app. This can help you learn more about yourself and improve your mental health and well-being.

We share only derived and anonymous data with the Gen AI. The data we use each week comes from the information you provide and your choices while using the app. Here is what we collect each week:

• Mood Description: This is taken from the smiley face you choose at the start of a session. It tells us if you are feeling not great, mostly low, somewhere in the middle, pretty good, or in high spirits.

• Topics and feelings: These are keywords from your conversations with the AI Coach at the beginning of a session. For example, feelings could be sad, calm, confused, happy, numb, confident. Topics could be work or education.

• Tools Used: This is the list of Wysa tools you used during your time on the app.

Important Note: We do not share any of your personal details, including device identifiers with the third-party service provider.

Provision of personalised recommendations of supportive well-being resources and tools

To support your mental health and wellbeing, we use Artificial Intelligence technology to derive key insights from your conversation data and recommend appropriate self-help resources and tools. These insights and recommendation information is never shared with third parties for marketing or commercial purposes. If you wish to delete your conversation data including the derived recommendations, you can do so by choosing the “Reset my data” from the app setting. On reset my data, all your conversation data will be permanently deleted from our system and cannot be retrieved. Please note that provisioning of personalised recommendation is core to providing our services. Opting out of this feature may limit your access to our app functionality and services. If you have any questions about this processing, please write to us at [email protected].

When you participate in online group well-being sessions.

We may collect limited personal information such as your name and contact details, When you participate in group wellness sessions or webinars conducted by our Wysa Coach or Wysa staff.

When you participate in our campaigns or promotions or marketing events.

Any promotions, campaigns, or surveys you participate in will not be connected to your app account. Instead, this information will be stored securely in our Google Workspace or marketing tool accounts. We may collect and process the following information as part of these promotions.

• Promotion event data: If you participate in our promotional activities, we may collect your name and contact details.

We may put ads online to see how many people are interested in our service or to promote it. We use only trusted ad managers. We do not collect any personal information when you see or click on our ads.

When you apply for a role at Wysa

We may process personal information you may provide us when you apply for an open position or attend our hiring interviews.

• Recruitment data: This may include but not limited to your name, contact details, resume, references, credentials, transcripts, government provided identification, compensation information, race or ethnic origin, opinions and beliefs, physical or mental health or condition, sexual orientation.

Sources of personal data

We get your personal data either from you or your Institution, or service providers your Institution asks us to work with.

Legal grounds

We need to follow data protection laws that make sure we look after your personal data properly. Here is how and why we might use it:

1. Consent: Sometimes, we ask you if it is okay to use your personal data. You can always change your mind later if you decide you do not want us to use it anymore by writing to us

2. Contract Performance: When you use our app or services, we might need some of your personal data to provide our services and make sure everything works properly.

3. Legitimate Interests: We or someone we trust, might use your personal data to keep our services safe from fraud or security problems. We might also use it to make our services better.

4. Legal Obligation: Sometimes, we need to use your personal data to follow the law or to protect our company and the people who provide the services.

Sometimes, we need to use sensitive data that you share, like how you feel, your mood, or other things about your emotional health. We will only do this if we follow the law and have a good reason, such as:

1. Reasons for substantial public interest: Helping you with advice or support like counselling, or keeping you safe while you use our app and services.

2. Health Care: Acting on behalf of your Institution to provide healthcare and redirect you to care resources.

Uses of your Information

We might use the information you give us on our app and services for these reasons.

1. Information about you

   1. To provide and manage app and services: Here is how we use your information:

      1. To recognize which institution you are part of.

      2. To recognize whether you are a new or existing user to the app and service.

      3. When needed, we will ask for your permission to turn on your device's microphone and camera.

      4. We collect, move, save, and use your provided information to make our services work.

      5. We set up and keep track of your chats and use of our services.

      6. We let you change your nickname.

      7. Where needed, we will connect with your Institution's approved systems to handle your information.

      8. If your Institution offers the Wysa Coach service, we will connect you with a human mental health and well-being professional.

      9. If your Institution offers the Wysa Medical Assistant service, we will connect you with a human healthcare professional.

      10. If there is an emergency, Wysa Coach or Wysa Medical Assistant can call you or someone you trust.

      11. We keep a record of any permissions you give us.

      12. We let you know if we change our rules or privacy notice in the app.

      Legal grounds: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests and consent.
2. Use of Conversation data

   1. To provide and manage app and services: We do the following with your information:

      1. We come up with ideas and create AI programs, stories, and ways to talk for our AI Coach.

      2. The AI coach translates your preferred language to English and the other way around. This helps us understand each other and keep chatting with the AI Coach.

      3. The AI coach remembers the text messages you send and choices you make while using the app.

      4. The AI coach figures out if you are feeling happy, sad, or have any problems or questions. This helps us chat with you safely and give you required resources.

      5. The AI coach makes sure it understands you so that the conversations make sense.

      6. The apps show you safe tools and techniques that can help you.

      7. We make sure any personal details you accidentally share in your messages are removed and cannot be traced back to you.

      8. The AI coach looks for any medical or emergency words in your messages to help keep you safe.

      9. If the AI coach detects something that seems like an emergency, we may inform your Institution.

      10. We might use some anonymous chats to help our AI learn better.

      11. To provide personalised recommendations of supportive self-help resources and tools.

      12. We give you information and resources when you text your Institution clinician or well-being advisor during use of Co-Pilot service. Any data involving safety or risk is shared automatically to ensure that your clinician or well-being advisor is aware.

      Legal basis: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests, and consent. Use of appropriate additional conditions for any sensitive data.

   2. To perform well-being assessments: We do the following with your responses:

      1. The AI coach will ask you about how you feel and your mental well-being from time to time.

      2. The AI coach recognises if you inform any emergencies and may let your Institution know to provide support.

      3. The AI coach guides you to helpful hotlines and support resources if you need them.

      4. The AI coach recommends tools, tips, and resources to help you to manage your mood and improve your wellbeing.

      Legal basis: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests. Use of appropriate additional conditions for any sensitive data.

   3. To Provide Wysa Coach services:We do the following with your information:

      1. You can send text messages and have video or audio calls with your Wysa Coach.

      2. The service gives you information and resources shared by your Wysa Coach.

      3. The service shares your AI Coach conversation data with your Wysa Coach to help with your care. You can stop this sharing anytime from the app settings.

      4. Some of the messages you send to your Wysa Coach are checked for quality. This helps make the service better and safer.

      Legal basis: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests and consent. Use of appropriate additional conditions for any sensitive data.

   4. To provide in-app notifications and reminders: We will send you alerts if you choose to set reminders and notifications. We will send appropriate Wysa Coach session reminders.

      Legal basis: consent.

   5. For research, analytics, and compliance reporting: We might remove details that show who you are so that no one can tell the information is about you. We will use this changed information to check how well our app is working and to see if it is safe and useful. Sometimes, we also share this information with regulators to make sure we are following the laws.

      Legal basis: For each purpose listed above we will rely on one among the following, legitimate interests, legal obligations.
3. Use of Correspondence data

   1. To communicate effectively with you:We do the following with your responses:

      1. We answer your questions, requests, complaints, and other feedback.

      2. We fix any problems with our services.

      3. We send you important service updates.

      4. We keep track of our conversations with you to make sure we are doing a good job and following the rules, and also to help train our team.

      Legal basis: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests.
4. Use of Feedbacks

   1. To improve our app and services: We do the following with your information:

      1. To invite you to join activities like sharing your thoughts about our product, or helping us test it.
      2. To understand your feedback so we can make our product and services safer and better.
      3. To use your personal details to make sure everyone has a fair chance to join in and that we test our product with the right groups of people.
      Legal basis: For each purpose listed above we will rely on one among the following, consent and legitimate interest.
5. Regarding Information sharing with your Institution

   1. To provide and manage app and services: We do the following for your Institution:

      1. We may send you links or allow you to use codes so you can use the App.
      2. The apps may check to make sure you are part of your Institution.
      3. We share required reports and statistics with your Institution.
      Legal basis: contract performance. Use of appropriate additional conditions for any sensitive data.
6. Use of app event and device data

   1. To understand app and service usage: We do the following with your information:

      1. We remove any identifiers from your information before using it to check how well our app works and to make sure your information is safe.
      2. We check and record the safety and performance of the app so we can report to your Institution or meet our legal requirements.
      3. We confirm sessions with your Wysa Coach.
      4. We share data that cannot identify you about your usage of the app with trusted analytics providers. This helps us make the app and their services better.
      5. We use the Information to create new services, technologies, and products.
      Legal basis: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests, legal obligation. Use of appropriate additional conditions for any sensitive data.

   2. For marketing purposes: We do the following with your information:

      1. Sometimes, we create and run campaigns, send out surveys, and give updates about our programs.
      2. We also use anonymous data to understand how well we are doing, make marketing materials, and benchmark ourselves with others.
      Legal basis: For each purpose listed above we will rely on one among the following, legitimate interests, consent.

   3. To ensure availability and security: We do the following with your information:

      1. To make sure the content on our app works well.
      2. To keep your information safe from hackers and online threats.
      Legal basis: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests.

   4. For fraud prevention: To prevent fraud or misuse of our services and to secure our systems.

      Legal basis: legitimate interests.
7. Use of Cookie Information

   We need to use some necessary cookies to make sure our website and app works properly. Here is a simple guide to the kinds of cookies we might use:

   • Essential cookies. These are very important and are needed for the website and app to work. They help make sure everything runs smoothly, like when you chat on the app. These cookies do not collect any information about you. We handle these cookies ourselves.

   • Analytical cookies. We also use these cookies to see how well our website and app is doing. They help us understand what is working and what needs fixing. Sometimes, we use our own cookies for this, and sometimes we use Google Analytics. If you want to know what Google Analytics does with the information, you can visit their website. https://www.google.com/policies/privacy/partners/. You can opt out from Google’s cookies by downloading the Google Analytics Opt-out Browser Add-on Download Page. We do not use special Google tools to show you ads or test features on the website, DRA and the app. We do not use Google signals, which means we do not collect information about you or what you like.

   "Do Not Track" (DNT) is something you can turn on in your web browser to keep your online activities more private. However, even if you turn DNT on, we do not collect those signals today.

   Legal basis: legitimate interests.

Additional processing for Digital Front Door Service

1. To process Institution provided data: We do the following

   1. Where applicable, to redirect you to your Institution’s SSO web page when you access the app.
   2. Collect, store and use the Institution provided identifier to provide access to the app and service.
   Legal basis: contract performance and as defined by your Institution.

   If you have any questions about your use of SSO please contact your Institution directly.

2. To process your provided data: We do the following;

   1. Direct you to approved support resources based on your provided information, the language you prefer, the kind of support you need, and how you are feeling. These resources may include the Institution's Employee Assistance Program (EAP), the Wysa apps, and other services provided by your Institution.
   2. Share population-level and aggregated analytics on app and service engagement and use with your Institution. You can delete your data at any time by selecting the “Reset my data” option available within the app.
   Legal basis: contract performance and as defined by your Institution.

Additional processing for AI Coach over WhatsApp.

1. To process your provided Information. We do the following

   • Recognize you as a new or existing user on whatsapp.
   • If needed, we will connect with your Institution's approved systems to handle your information.
   • Associate users to their provided data to provide uninterrupted services.
   • To provide personalised recommendations of supportive self-help resources and tools.
   • Use whatsapp profile name to personalize the communication with you.
   • Process data for addressing your data rights.
   • Respond to your inquiries, requests and feedback.
   • Troubleshoot any issues.
   Legal basis: For each purpose listed above we will rely on one among the following, contract performance and legitimate interests.

   Note: Your messages on WhatsApp Business are always end-to-end encrypted. According to WhatsApp's Privacy Policy, your messages are usually stored on your device(s) and not on WhatsApp's global servers. WhatsApp will keep your messages in encrypted form temporarily while they are being delivered. Once delivered, your messages are deleted from WhatsApp's global servers. You can protect your information on WhatsApp by using its privacy and security features. Find out more about WhatsApp’s end-to-end encryption and how it keeps business messages safe. WhatsApp allows you to send attachments or voice messages, but we do not need them to provide our service. Please avoid sharing such information with us.

Additional processing for Wysa Medical Assistant Service.

1. To process Institution provided data: We do the following

   1. For Wysa Medical Assistant to contact you for healthcare and associated services within the app on behalf of your healthcare provider.
   2. To encourage and support you for medication adherence and for your care.
   3. To summarize and record health notes.
   4. To assist you with appropriate support resources and guidance.
   5. To share your case notes and information with your healthcare provider.
   Legal basis: contract performance and as defined by your Institution.

Additional processing when you use the DRA service

1. For processing your eligibility and clinical assessment data

   1. To process your provided data: We do the following with your information:

      1. We gather, move and store the information you submit.
      2. We delete your personal data when we no longer need it, as agreed with your Institution.
      3. The app provides you with safety resources and guides you on how to use them.
      Legal basis: as defined by your Institution for public health, legitimate interests. Use of appropriate additional conditions for any special category personal data specified by your Institution.

   2. To transfer data to your Institution: We do the following with your information:

      1. We connect securely with your Institution clinical management system (EPR/EHR).
      2. We receive your personal information for sharing with Institution authorised service providers for care purposes.
      3. We share your eligibility and clinical assessment information with your Institution.
      4. We retain and delete your information as agreed with your Institution.
      Legal basis: as defined by your Institution for public health, legitimate interests. Use of appropriate additional conditions for any special category personal data specified by your Institution.

   3. To transfer data to your Institution authorized service providers: We do the following with your information:

      1. Provide you access to your Institution provided therapy or care services.
      2. We connect securely with the service provider’s clinical management system.
      3. We transfer your Institution provided data along with data provided by you with the service providers for care purposes.
      4. We share your clinical assessment information with the service providers.
      5. We retain and delete your information as agreed with your Institution.
      Legal basis: as defined by your Institution for public health, legitimate interests. Use of appropriate additional conditions for any special category personal data specified by your Institution.

Additional processing when you text your institution clinician or well-being advisor as part of co-pilot service

1. For processing your data when you communicate with your Institution clinicians or well-being advisors

   1. To process your provided data: We do the following

      1. Provide access to use the resources provided by your assigned clinician or well-being advisor.
      2. Allow your Institution assigned clinicians or well-being advisor to review your AI Coach progress and support you in your care.
      3. Where provided access, to allow clinicians or well-being advisors to review your AI Coach conversation data, and assessment evaluations.
      4. Assist you with appropriate support resources and guidance.
      Legal basis: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests.

Additional Processing When you use the Gen AI or Wysa+ service

1. Use of Conversation data

   1. To provide the Gen AI or Wysa+ Service: We do the following with your information:

      1. We share your relevant conversation messages to Gen AI (“Input”) for classification purposes or to receive controlled Gen AI responses.
      2. To provide personalised recommendations of supportive self-help resources and tools.
      3. We design prompts to guide Gen AI to respond appropriately to the Input. The prompts include your message, summaries of your chats over a period and our validated instructions.
      4. Detect personal identifiers that you might have shared by mistake. If there are any, the AI coach will ask you to change your conversation message before sending it to Gen AI.
      5. We have safety guardrails to keep your chats with Gen AI safe. All Inputs go through these guardrails. If your message does not clear the guardrails, we do not send it to Gen AI. When Gen AI responds (“Output”), it also has to pass the safety rules. If it does not, we do not release the Output, instead providing a pre-defined safe response.
      Legal basis: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests.

   2. To provide the Generated Insights within Weekly Report: We do the following with your information:

      1. Find topics and feelings through Wysa’s programs.
      2. Derive mood values from your choices during check-ins.
      3. Record how you use Wysa’s tools.
      4. Prepare an anonymous dataset.
      5. Share this anonymous dataset with the third-party service provider.
      6. Get and store the output received from Gen AI.
      7. Ensure everything is safe, private, and secure through proper precautions.
      8. Create useful insights from the results and add them to the weekly report.
      9. Talk with you, answer your questions, and provide help.
      10. Follow the law and protect your rights and interests.
      Legal basis: For each purpose listed above we will rely on one among the following, contract performance, legitimate interests. Use of appropriate additional conditions for any sensitive data.

Additional processing during participation in research studies.

1. To process the information shared by you during participation. We do the following

   1. Inform about the study purposes.
   2. Understand your eligibility for the study.
   3. Manage your joining process.
   4. Send study related information and reminders.
   5. Contact you during the study for research purposes and respond to requests.
   6. Seek your feedback and clarify any questions.
   7. Perform analysis using the information provided.
   Legal basis: your consent and legitimate interests.

   Note: You can stop participating in the research at any time after it starts. You can do this by changing the settings in the app or sending an email to [email protected] with the subject "opt out of Wysa Study". Once you opt out, we will delete your enrollment data within one year. However, the data you provided while using the app will be kept according to our data retention policy, which you can read about here. Your study data will always be kept safe. You can learn more about how we protect your data here.

Additional processing when you visit our website or social media accounts or our web pages.

1. To process your correspondence data: We do the following

   1. We collect, store, and use business data when you contact us.
   2. We respond and provide support for your questions.
   3. We talk to customers to find new leads, help our business grow, manage accounts, or for marketing purposes.
   4. Monitor, enforce and comply with unsolicited communication laws prior to any marketing and business development reach outs.
   Legal basis: your consent and legitimate interests.

2. To process cookie information during your visit. To find out how we manage cookie data, please look at Use of Cookie Information section.

Additional processing during online group well-being sessions.

1. To process your provided information: We do the following

   1. We collect, store and use your information to enroll and connect you to the well-being sessions.
   2. Contact you regarding the session and future sessions.
   3. Send session related materials and resources.
   Legal basis: For each purpose listed above we will rely on one among the following, your consent, legitimate interests and as defined by your Institution.

Additional processing during campaigns or promotions or marketing events.

1. To process the promotion event data: We do the following

   1. Sign you up and get you started on the promotion or campaign.
   2. Contact you about campaigns and promotions.
   3. Send you information about promotions, newsletters, webinar invites, and reminders.
   4. Make sure we follow the rules about not sending unwanted messages before we contact you for marketing or business reasons.
   Legal basis: For each purpose listed above we will rely on one among the following, your consent, legitimate interests and as defined by your Institution.

Note: If you want to leave the promotion or campaign, you can email us at [email protected]. We will reply within 3 business days. Your information will stay private.

We use Meta Ads Manager to make ads about our service, to send these ads, and to see how well they are doing. We also group users together for anonymous cohort analysis. We use Google Analytics to see how much people use this service, but no personal data is collected or shared with them.

Additional processing when you apply for a role at Wysa

1. To process recruitment data: We do the following

   1. Gather, save, and organize recruitment data from external recruitment sources.
   2. Review your application.
   3. Make a job offer.
   4. Sign a work contract with you.
   5. Run background and reference checks.
   6. Inform you of your application status.
   7. Consider you for other job opportunities.
   8. Make our hiring process better.
   Legal basis: your consent and legitimate interest.

We do not share or sell your information, messages, or how you use our apps to advertisers or companies that buy data.

Processing for Legitimate Interests

We may need to use your personal information for important reasons. Before doing this, we will always protect your rights and privacy. Here are the reasons we might use your data:

1. To follow our agreements with your school or Institution.

2. If the law requires us to use or share it.

3. For court cases or legal orders.

4. For law enforcement or national security needs.

5. To help investigate or stop illegal activities.

6. To freeze data for legal reasons so that it cannot be changed or deleted.

7. To report public health information.

8. To prevent serious risks to health or safety.

9. To do basic research and understand how people use our services.

10. To communicate with you about using our app and services.

11. To fix and protect the app’s security and operations.

12. To stop fraud or misuse of our service.

13. To keep your data secure and private.

14. To make sure the app and services work well and are easy to use.

15. To protect your fundamental rights, and safety.

16. To use anonymous data for benchmarking and marketing.

17. To create new services, technologies, and products.

18. To answer your questions and requests.

Protecting your privacy

1. You do not need to register to use the app.
2. Just give us a nickname so our chatbot knows what to call you.
3. We use masked identifiers to keep your data and identity safe.
4. No real people can listen to what you are talking about with the AI Coach.
5. If you accidentally share personal data, we will make sure to remove it so no one can see it.
6. As an app user, you can choose "reset my data" to delete your information.
7. Before we use any personal data about you, we make sure it respects your rights.

Protecting your security

1. We use strong encryption to protect your data when it is being sent or stored.
2. Only authorised people can access your data. They have to use strong passwords and an additional access code.
3. All our staff computers have extra security.
4. We maintain contracts with companies we work with to keep your data safe.
5. We carefully check the background of new staff before hiring them.
6. We train our staff on how to handle your information securely.
7. We have experts from outside our company check if we are following the rules every year.
8. We regularly test our app and systems for any weaknesses.
9. We fix any problems in our computer code to make sure it is safe.
10. We often check to make sure we are following our safety plans and rules.

Additional safeguards when you use Gen AI or Wysa+ Services

1. Every message sent to and from Gen AI is encrypted so no one else can read it.
2. We check each message you send to make sure it does not have personal identifiers. This helps keep your private details safe from being shared with the Gen AI service provider.
3. We always check what is sent and received from Gen AI to make sure it is safe and good to use.
4. We also use safety rules to double-check and make sure everything is safe.
5. We do not share your device data with Gen AI.
6. Your conversation messages are never stored at the Gen AI.
7. Your conversation messages are not used as training data by Gen AI.

Responsible use of Artificial Intelligence

At Wysa, we use artificial intelligence (AI) programs to understand what you type to us. These programs help us talk with you in a way that makes sense and guides you to helpful information. Our programs follow set rules and do not learn new things on their own. We make sure our AI chatbot is fair, safe, and treats your information with care. If you use the Gen AI or Wysa+ service, we use Generative AI technology to assist you. We have safety measures in place to keep our conversations secure and trustworthy. We also have good practices to monitor and check the use of AI at Wysa, making sure your rights are protected. Please contact us at [email protected] if you have any more questions about our use of AI.

While Wysa has put in place reasonable clinical safety and data protection controls, you understand and acknowledge that AI is a developing technology. The potential risks inherent to this technology may not be fully understood and fulsome safeguards may not be fully developed. Due to the nature of the technology, you may sometimes get incorrect responses that do not accurately reflect the action required.

We do our best to keep your personal data safe, but no method is perfect. We cannot promise complete security. You can help keep your data safe too. Please do not share personal identifiers where not asked. Please do not copy and share your chats with people you do not know.

Payment Data

We do not collect, keep, or store your credit card information. Third-party payment companies handle your card processing. We do not get any personal data from app stores after you buy something or from our third-party payment providers. However, we might note the name of the business for our internal purposes. Please read the payment gateway’s terms and privacy policy before you make a payment. We do receive and handle payment confirmations and subscription details. This is to help you with your subscription requests.

Third-Party Sites

The app might have links to other websites or resources. When you click on these links, remember that these other sites have their own rules about privacy. We do not control these other sites and we are not responsible for their privacy rules. It is a good idea to read their privacy rules before you share any personal data on those sites.

Children’s Privacy

The app is intended for anyone who is older than 13 years or where approved by your Institution, follow the age criteria and rules set by your Institution. If you are a child, please ask your parent or guardian to read this policy and the terms of service with you. We may need parental consent to use our service as required by applicable laws in your country of residence. You will require your parents or guardian to send their consent to [email protected] or to your Institution if you are an Institutional user. Wysa does not take responsibility if someone misrepresents their age to use the app and services.

It is very important for us to protect children's privacy on the app. We do not knowingly collect personal data from children below the approved age. If you think we have any personal data of your child, please write to us. We will respond within one month after verifying the information. If we cannot identify the user correctly, we might not be able to address your request. However, if we find we have collected personal data from your child, we will deactivate their account and take steps towards removing relevant data.

We encourage parents and guardians to watch over their children's internet use. Tell your children not to give out personal information without your permission. You should not share your credit/debit card or other payment methods with your child to make in-app purchases.

Best Practices

We want to help you stay safe online. Here are some important tips to stay secure:

• Always lock your mobile screen with a password. Make sure it is strong and do not share it with anyone. Never leave your device alone.
• Always update your mobile’s operating system to the latest version.
• Turn on remote access on your device so you can find and control it if it gets stolen.
• Install anti-virus software to protect your device from viruses.
• Be careful with emails. Do not open files, click on links, or download anything from sources you do not know.
• Be smart about using Wi-Fi. Before sending personal or important data over a public Wi-Fi in places like a coffee shop or airport, check if the network is safe.

Service Providers
We work with third party companies that help us run our app, fix any problems, and offer other important services. These companies might use your personal data to provide services for us. For a list of service providers please read here.

Legal
We sometimes need to use your personal data to follow the law. This might mean sharing your information with other people like insurance companies, courts, police, or other important organisations. We might also use your information to stop serious health or safety problems, for public health reports, and to keep information safe during legal situations so it is not changed. Also, we might share your information to help with finding out or stopping fraud or crime. We will make sure your rights and interests are protected.

Reorganization
In situations like when we might sell our business, join up with another company, reorganize, or are facing bankruptcy, we may need to share some of your personal data with others. These third parties will use your information to look at the business deal. After these changes happen, we might also share your information with the new company for the same purposes mentioned in this privacy notice. We will try to let you know by putting a notice on our website, telling your Institution, sending you a notification in the app, or updating this privacy notice.

What Can You Do About Your Data?

• Ask Questions: You can ask us how we are using your personal data.
• Get a Copy: You can ask for a copy of the personal data we have about you.
• Fix It: If any personal data about you is wrong or missing, you can ask us to fix it.
• Delete It: If we do not need your personal data anymore, you can ask us to delete it.
• Pause It: While we look into any questions you have, you can ask us to stop using your data.
• Change Your Mind: If you had said yes to something before, you can still say no later.
• Send It Elsewhere: You can ask us to send your personal data to someone else electronically.
• Object: You can tell us not to use your personal data for things we think are important.
• No Marketing: If you do not want to get marketing emails, just click ‘unsubscribe’ in the emails.
• Be fair: When you use our app, we will not treat you unfairly for using your rights.
• No Sale: You can choose to stop your personal data from being sold or shared with others who might want to sell it.
• Automated Decisions: Our service uses AI to help you. We do not use AI to know your identity. We always check with you before making key suggestions. We change our conversation anytime you inform us that the AI is not helping. We and our service providers might use AI to make automated decisions or automatically process information if we need to perform our services or to stop fraud, abuse or misuse of our services. By using our services, you consent to let us use AI for this purpose. We might change the automated approach we use in the future.

How to Exercise Your Rights

You do not usually have to pay anything to use your rights. Sometimes, we might need to check if it is really you asking. Contact us using the details at the top of this privacy notice. We will reply within one month if you ask us for something.

When We Might Say “No”
We might not be able to agree to your request if:

• The processing is required to provide continuity of our services.
• The law says we cannot.
• It affects someone else’s privacy.
• It could harm you, us, or someone else’s rights or safety.
• If we need to train data to ensure the reliability of our research studies.
• The request is too much or does not make sense.