Privacy Policy

Your Communications with Us: We collect personal information from you such as email address when you request information about our Services, register for our newsletter, subscribe to our service, participate in discussion boards or other social media functions on or via Ekaantcare, enter a survey, submit a query, or otherwise communicate with us. We also collect the contents of messages or attachments that you may send to us, as well as other information you choose to provide, and that may be associated with your communications.

App entries: We collect personal information and details about yourself, as an App user, and a Care Recipient profile that you share with us through the App. By creating an account, and automatically creating a Care Recipient profile as an extension, and voluntarily adding personal details of anybody other than yourself, you are confirming that you have received their authorisation and permission to share their personal information with us.

Personal information of you or the Care Recipient may include name, gender, country of residence, birth year, diagnosis, prognosis, relationship to the Care Recipient and personal profile photos. We also collect any entries that you may add on the App, including but not limited to symptoms, their severity and notes, tasks, their details and notes, journal entries, their details and notes, as well as other information you choose to provide, and that may be associated with your account on the App.

You may also at any time share your App entries with other users, by inviting them to your Care Team, or sharing the URL for your Ekaantcare Calendar with them. In doing so, you confirm that you have received authorisation and permission from the Care Recipient and other users in the Care Team to share the Care Recipient's personal information with them. All users and members of the Care Team will be able to access and view your app entries, will be able to invite and provide access to other users to join the Care Team, and can only leave the Care Team, by deleting their account voluntarily.

You are encouraged to review your personal information regularly for accuracy. The app provides features that allow you to confirm your entries before submission and to edit their information at any time to ensure its accuracy.

Any health information, including but not limited to diagnosis, prognosis and symptoms, is classed as sensitive personal data and we ensure safeguarding measures are in place to protect this information. Our lawful basis for processing this sensitive personal data is your consent. You can withdraw your consent at any time – for more information please see "Your privacy rights" below.

Surveys: We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.

Interactive Features: We may offer interactive features such as comment section on blogs, and social media pages. We and others who use our Website or Services may collect the information you submit or make available through these interactive features. Any content you provide via the public sections of these features will be considered "public" and is not subject to the privacy protections referenced herein. By using these interactive features, you understand that the personal information provided by you may be viewed and used by third parties for their own purposes.

Job Applications: We may post job openings and opportunities on the Website or Services. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.

We keep track of certain information about you when you visit and interact with our Website, App or Services.

This automatically collected data may include:

• Technical Information: Your Internet Protocol (IP) address, browser details, operating system, device identifiers, mobile carrier, MAC address, cookie identifiers, and location information (inferred from your IP address).
• Usage Data: Details about your interactions with the Website, App, or Services, including pages visited, time spent on each page, links clicked, page response times, download errors, and any phone numbers used to contact customer support.
• Cookies, Pixel Tags/Web Beacons, and Analytics Information: We, as well as third parties that provide content or other functionality on the Services, may use cookies, pixel tags, local storage, and other technologies ("Technologies") to automatically collect information through the Website, App or Services. Technologies are essentially small data files placed on your devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services. The storage period for these Technologies varies:
  • Cookies: Stored on your device for a specified period depending on the type of cookie (session or persistent). You can manage your cookie settings via your browser settings.
  • Pixel Tags/Web Beacons: Used to track the effectiveness of our marketing campaigns and are deleted after a specific period.
  • Local Storage: Data stored locally in your browser and retained until you delete it.
  You can control and manage these Technologies through your browser settings or via our Cookie Manager.
• Analytics: We may also use third-party service providers to collect and process analytics and other information on our Website or Services. Our Services may also contain links to other websites or applications. This Privacy Policy does not apply to third-party websites or services. We encourage you to review the privacy policies of those third parties to understand their practices regarding your personal data. We are not responsible for the privacy practices or content of such third-party services. These third-party service providers may use cookies, pixel tags, web beacons or other storage technology to collect and store analytics and other information.

We use your personal information for a variety of purposes, including to:

Provide the Services or Requested Information, such as:

• Fulfilling our Services;
• Setting up and administering your account with us;
• Process the Care Recipient's health data to allow you to log health information about the Care Recipient's symptoms including severity, frequency, time, and notes;
• Identifying and communicating with you, including providing newsletters and marketing materials;
• Managing your information;
• Responding to your questions, comments, and other requests;
• Providing access to certain areas, functionalities, and features of our Services; and
• Answering your requests for customer or technical support.

Serve Administrative and Communication Purposes, such as:

• Pursuing legitimate interests, such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
• Sending communications about new product features, promotions, Ekaantcare's strategic partners, and other news about Ekaantcare;
• Measuring interest and engagement in our Services, including analysing your usage of the Services;
• Enhancing functionality and user experience, by analysing user interactions with our Services;
• Developing new products and services and improving the Services;
• Ensuring internal quality control and safety;
• Authenticating and verifying individual identities;
• Carrying out audits;
• Communicating with you about your account, activities on our Services and Privacy Policy changes;
• Preventing and prosecuting potentially prohibited or illegal activities;
• Enforcing our agreements; and
• Complying with our legal obligations;

Marketing of Products and Services: We may use personal information to tailor and provide you with content and advertisements. If you have any questions about our marketing practices or if you would like to opt out of the use of your personal information for marketing purposes, you may contact us.

Consent: We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

De-identified and Aggregated Information Use: We may use personal information and other data about you to create de-identified and/or aggregated information. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.

We may share your personal information with the following categories of third parties:

Service Providers: We may share any personal information we collect about you with our third-party service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising; (iv) customer service activities; and (v) the provision of IT and related services.

Currently, we use the following Service Providers for (i), (ii), (iv), and (v):

• Amazon Web Services (AWS): Used for cloud storage and hosting of personal data to ensure secure and reliable data management.
• Apple: Used for app distribution through the App Store and related services for iOS devices.
• Firebase: Used for push notification services to deliver notifications to users, including notifications on iOS devices.
• Google: Used for app distribution, analytics, and marketing services, including through Google Play.
• Google Places API: Used for map services to provide location-based features within the app. Specifically, to autocomplete the "Location" field in the Care Planner.
• Mailerlite: Used for email marketing and managing communication with users.
• Retool: Used for internal application management to provide operational support and develop internal tools.
• Sentry: Used for error tracking and bug reporting to improve the app's stability and functionality.
• Typeform: Used for collecting feedback through surveys and questionnaires.
• Webflow: Used for website design and hosting of certain sections of the company's site, the App library.
• WordPress: Used for website management and hosting of Ekaantcare public website.

Business Partners: We may provide personal information to business partners to provide you with a product or service you have requested. We may also provide personal information to business partners with whom we jointly offer products or services.

Affiliates: We may share personal information with our affiliated entities.

Advertising Partners: We do not share your information, including personal information, to advertise any third party's products or services via the Services. We may use and share your personal information with third-party advertising partners to market our own Services and grow our Services' user base, such as to provide targeted marketing about our own Services through third-party services. If you prefer not to share your personal information with third-party advertising partners, you may follow the instructions below.

We may share your personal information with other third parties, including other users, in the following circumstances:

• Disclosures to Protect Us or Others: We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others' rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.
• Disclosure in the Event of Merger, Sale, or Other Asset Transfer: If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

All information processed by us may be transferred, processed, and stored in a variety of locations, including cloud services provided by Amazon Web Services (AWS) based in the Frankfurt region, which may process and store data in regions outside your country of residence, such as the Netherlands, the United Kingdom, and the United States. To ensure your data is protected, we endeavour to safeguard your information consistent with the requirements of applicable laws.

Some data is stored locally on your device to enable functionality within the app. Users also have the option to manually export their data, through downloading reports, and once exported, it is their responsibility to manage and store it securely.

General: You may have the right to object to or opt out of certain uses of your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described above.

Email Communications: If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to this Privacy Policy).

Mobile Devices: We may send you push notifications through our Apps. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. With your consent, we may also collect location information if you use our Apps. You may opt out of this collection by changing the settings on your mobile device.

Depending on your location and in accordance with applicable laws, you may have the following rights regarding your personal data:

• Request access: You have the right to request access to the personal information we hold about you. You may also request to receive a copy of your electronic personal information in a structured, commonly used, and machine-readable format.
• Request correction: You have the right to request that we correct any inaccuracies or incomplete information in your personal data.
• Request deletion: You have the right to request the deletion of your personal information when it is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
• Request data portability: You have the right to request that we transfer your personal data to another organisation or directly to you, where technically feasible, in a structured, commonly used, and machine-readable format.
• Right to not be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you. If such processing occurs, you have the right to request human intervention, express your point of view, and contest the decision.
• Not be discriminated against: You will not be discriminated against for exercising any of these rights.
• Request restriction or object to processing: You have the right to request the restriction of processing of your personal data in certain circumstances or to object to the processing of your personal data, including the right to opt in or opt out of the sale of your personal information to third parties.

Certain data processing activities are essential for providing our services and ensuring the proper functioning of the app. While you may manage your consent for other types of processing (such as marketing communications or tracking technologies), these essential activities are necessary for the operation of the app and cannot be opted out of. These include:

• Account management, authentication and service provision: Processing of personal data required to create and manage your account, ensure authentication, and provide access to the app's core features, and fulfilling our Services
• Service-related communications: Communications necessary for the operation of the service, such as notifications about changes to the app, security updates, or critical service-related messages. These communications are considered transactional and cannot be opted out of.
• Legal obligations: Processing necessary to comply with legal obligations, such as retention of certain data for tax or regulatory compliance purposes.

To exercise any of these rights, please contact us as set forth below, in section 14. We will process such requests in accordance with applicable laws, and respond to your request within two to fourteen business days, although this period may be extended for complex requests. To protect your privacy, we will take steps to verify your identity before fulfilling your request, such as by requiring you to submit your request via your account.

Please note that there are certain exceptions to these rights. For example, we may not be able to delete your personal data if it is necessary for compliance with a legal obligation or if it is needed for the establishment, exercise, or defence of legal claims.

You can manage your consent and communication preferences in the following ways:

• Email Communications: Adjust your settings in the app, or use the unsubscribe link in our marketing emails to opt-out.
• App Notifications: Adjust your settings in the app or on your device.
• Cookies and Tracking Technologies: Manage your preferences through our Cookie Manager or browser settings.

We are committed to ensuring that our practices comply with the UK General Data Protection Regulation (UK GDPR). We uphold your rights regarding your personal data, including the rights to access, correct, delete, and restrict the processing of their information. We also ensure that personal data is processed lawfully, fairly, and transparently.

We store the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfil the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defences, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

Users have the option to delete their accounts directly from the App. If they are part of a Care Team, they have the choice to retain logged data to assist their Care Team. Once a User deletes their account, their information will be permanently erased from our system, or it will be modified so it no longer identifies the User. Please note that this process may take up to 30 days.

Please note that while we delete user data from our systems, Amazon Web Services (AWS), our cloud service provider, retains backups of our data for up to 6 months. These backups are kept for disaster recovery and legal compliance purposes and are automatically deleted after the retention period.

We retain personal data for as long as necessary to fulfil the purposes for which it was collected and as required by applicable laws. Retention periods vary depending on the type of data.

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy.

We use the S3 storage service under Amazon Web Services (AWS) to store files, such as profile pictures. All other sensitive data is stored in a PostgreSQL database hosted and managed by AWS using their RDS service. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption both in transit and at rest, access controls, regular security audits, and staff training on data protection, ensuring that all personal information is encrypted in transit between the device and any external storage host. AWS complies with industry-standard security certifications, including ISO 27001. While we strive to protect your personal data, to the fullest extent permitted by applicable law, we do not accept liability for unauthorised disclosure.

By using the Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services. If we learn of a security breach that affects your personal data, we may attempt to notify you electronically by posting a notice on the Services, or by sending an email.

In the event of a data confidentiality breach, we follow a structured process to mitigate the impact. Upon detecting or being notified of a breach, we will promptly:

• Investigate the breach to determine its nature, scope, and the data affected.
• Contain the breach to prevent further unauthorised access, use, or disclosure.
• Assess the risks to individuals whose data may have been compromised, including potential harm or impact.
• Notify affected users if their personal data has been compromised, in accordance with legal requirements. Notifications will include details of the breach, the data affected, and steps users can take to protect themselves.
• Take corrective actions, such as enhancing security measures and conducting audits to prevent future breaches.

We will also report the breach to relevant supervisory authorities as required by applicable laws and regulations.

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact to help you understand their practices regarding your personal data. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

The Services are not directed to children under 16 (or other ages as required by local law), and we do not knowingly collect personal information from children. If the Care Recipient profile of your Care Team belongs to a child who is under 16, by adding their personal information, you are confirming that you are their parent or sole guardian or have the legal authority to share their personal information with us.

If you believe we have collected such information without consent or if you learn that your child has provided us with personal information without your consent, please contact us immediately, so we can take steps to delete the information. If we learn that we have collected a child's personal information in violation of applicable law, we will promptly take steps to delete such information and terminate the child's account.

We are committed to ensuring our Privacy Policy is accessible to all users, including those with disabilities. If you require this Privacy Policy in an alternative format, please contact us and we will provide the information in a suitable format.

We are committed to providing a user-friendly experience and making our app as accessible as possible to all users. We strive to align with recognised standards for app design and functionality, including:

• Apple Human Interface Guidelines (HIG) for iOS app development.
• Android App Quality Guidelines for Android app development.

By aligning with these standards, we aim to ensure that our app is inclusive and delivers a high-quality user experience.

We prioritise the safety, security, and reliability of the Services to ensure a seamless and protected user experience. We are also transparent about any potential risks associated with using the app, so you can make informed decisions.

While our Services are designed to assist you with care management, you should be aware of the following potential risks:

• Accuracy of data input: Our app relies on user-provided data; inaccurate or incomplete inputs may affect the app's recommendations or outputs.
• Health information use: The app and the content provided in it are not intended to replace professional medical advice. Always consult with a qualified healthcare provider, and seek a doctor's advice in addition to using Ekaantcare before making any medical decisions.
• Data security: Despite strong encryption and security measures, no system is entirely immune to unauthorised access or breaches.
• Dependence on connectivity: Certain features of the app may require a stable internet connection, and disruptions may limit app functionality.

By highlighting these potential risks, we hope you fully understand both the app's capabilities and limitations.

We may revise this Privacy Policy from time to time at our sole discretion. We encourage you to review our Privacy Policy to stay informed.

If there are any changes to the purposes for which we collect and process your personal data, we will update this Privacy Policy accordingly.

If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. Where the lawful basis for processing is user consent, we will re-obtain your consent before any such changes are applied.

If you have any questions about our privacy practices or this Privacy Policy, please contact our data protection officers in one of these ways:

RA Health Innovations Ltd, 43 Deeside Brae, South Deeside Road, Aberdeen, AB12 5UE, Scotland, United Kingdom, or via Email to info@trackerhealth.ai

We aim to acknowledge emails, and reports, and reply within two business days of receiving your message.

Aakanksha Sadekar is the data protection officer and data controller of the personal data processed under this policy.