PRIVACY POLICY

We know you take your privacy and safety of your data seriously. We have got you covered, maybe a notch higher than your expectations.

If you have ever wondered what personal information we collect from you, how do we collect, use, and share that personal information, this is a simplified guide for you.

SYNOPSIS 🤩

Effective Date:

11th October, 2021

Last Update Date:

29th March, 2024

Your Acceptance To The Privacy Policy

Please read this Privacy Policy very carefully. By accessing or using the Ultrahuman App, Website, our various products and services, you agree and consent to be bound by this Privacy Policy. If you do not agree to be bound by or abide by the terms of this Privacy Policy, you are not authorised to use or access our App, Website, various products and services. If you have any questions, feel free to ask us anytime.

TABLE OF CONTENTS

INTRODUCTION

Ultrahuman Healthcare SP LLC established in Abu Dhabi is a group company of Ultrahuman Healthcare Private Limited, India, which is a global software and hardware company building a metabolic health and fitness ecosystem which includes building the world's largest community of biohackers, athletes and people who love fitness.

Ultrahuman Healthcare SP LLC and its affiliates, successors and assigns are referred to as “Ultrahuman,” “we,” “us,” and “our.”

We are building the future of metabolic health by leveraging preventive healthcare technology and bringing together a community that learns and unlearns together. And, we will not stop until we make you proud of your health and fitness.

Our current arsenal comprises (our ”Products and Services”). Please note, all products may not be available in all geographies We request you to check with our customer support in respect of availability of products in your region.

DEFINING DATA

Lets begin with understanding what is data/personal information before we delve deeper into some advanced level stuff 🤓

Your data essentially falls into either of the 3 (three) buckets, mentioned below, depending on your interaction with the Ultrahuman app (the ”App”), the Ultrahuman website (the “Website”) [collectively, the “Platform”)] and/or our Products and Services (as defined above).

Now that you understand the categories of data, let us give you a detailed break-up of our data collection and processing practices. 💯

ELIGIBILITY AND AUTHORISATION

By signing up on the Platform, and / or using any of the Products and Services you represent that you voluntarily provide us with personal information, including SPDI, and explicitly consent to the collection, use, processing and disclosure of personal information in accordance with this Privacy Policy.

If you are under 16 you must let your parent or guardian know about this Privacy Policy before you use the Platform or any of the Products and Services. You also represent that you are duly authorised by any and all third-parties (including any minor or employee) whose information you share with us. We act based on your representation of authority and do not make any independent enquiries to ascertain the veracity of your authorization. In the event you do not have sufficient authorization to share a third-party’s information with us, you shall be solely responsible for your acts and omissions including sharing of such information with us and the consequential processing and actions taken by us in accordance with this Privacy Policy.

PERSONAL INFORMATION WE COLLECT

We collect personal information when you provide it to us, when you use our Platform or Products and Services, and when other sources provide it to us, as further described below.

Information You Provide Us

🧑Account Creation

When you create an account or otherwise use the Products and Services, we collect information such as your name, email address, physical address, phone number, or other contact information.

You may also register for a User Account using your existing Apple or Google account, or a social media account (such as Facebook), and login credentials (your “Third-Party Site Accounts”). In the event you are registering for a User Account using your Third-Party Site Account, please note we collect your name and email id but do not collect any of your other Third-Party Site Account login information.

📞Your Communications with Us

We collect personal information from you such as email address, phone number, or mailing address when you request information about our Products and Services, register for our newsletter, request customer or technical support, or otherwise communicate with us. We also collect the contents of messages or attachments that you may send to us, as well as other information you choose to provide, and that may be associated with your communications.

🤝Third-Party Integrations

With your permission, we collect certain information from third-parties via integrations with such third-party platforms, such as:

The data read from such integrations will be used solely for measuring and improving the efficacy of your experience of our Products and Services. The data synced from Apple Health, Google Fit, or any other Third-Party platform that integrates with Apple Health or Google Fit, or collected from our integrations with Fitbit, Garmin, Oura and others as mentioned above is not collected, used or disclosed to any third-party for the purpose of marketing and advertising. The use of information received from above-mentioned integrations will adhere to their respective permissions policy, including the Limited Use requirements.

Do note, you can disable these third-party integrations anytime from your App.

💳 Transaction Information

When you purchase a product or a subscription, we will collect transaction information. We use third-party payment providers (such as Stripe, Razorpay) to process payments on the Products and Services. We may receive information associated with your payment information, such as billing address, shipping address and transaction information, but we do not directly store payment information such as your debit/credit card information or bank account information with us.

Data Collected Automatically

💉Health and Fitness Information

Depending on which product or service you use of ours and to provide you personalised recommendations, you may choose to provide us additional information such as your body weight, height, fitness activities, and certain health data such as including hip/lower back mobility issues, and neck/upper body mobility issues.

For tracking your glucose and evaluating your metabolic response, we request from you and collect information such as your glucose data, time duration of events (e.g., sleep, activity, fasting), details of the meals eaten, stress, type of physical activity and other generic logs. This data is shared with our performance coaches to evaluate your metabolic response, subject to your consent.

📋Surveys

We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include personal information.

🍒 Registration for special programs

We may run special programs from time to time including in collaboration with other third-parties. If you decide to participate, you may be asked to provide certain information which may include personal information. The contact information you provide may be used to inform you about such programs and for other promotional, marketing and business purposes.

🏢Conferences, Shows, and Other Events

We may attend conferences, shows, and other events where we collect personal information from individuals who interact with or express an interest in the Products and Services.

👨‍💼Job Applications

We may post job openings and opportunities on the Website. If you reply to one of these postings by submitting your application, CV and/or cover letter to us, we will collect and use your information to assess your qualifications.

📱Interactive Features

We may offer interactive features such as forums, blogs, chat and messaging services, and social media pages. We may collect the information you submit or make it available through these interactive features. Any content you provide via the public sections of these features will be considered “public” and is not subject to the privacy protections referenced herein. By using these interactive features, you understand that the personal information provided by you may be viewed and used by third parties for their own purposes which cannot be controlled by us.

🏃 Location Data

We collect data with respect to your location, distance, duration, and pace to track your runs. With your permission, we obtain your fine location and track every few seconds to calculate the distance, pace and route. When you stop the run, we stop the collection.

Automatic Data Collection

When you access the features of the Platform, we may automatically gather and store certain information about your visit such as the type of browser and operating system used to access our Website, the date and time you accessed our Website, and if you were linked to our Website from another website, the address of that website, as well as additional information related to your visit may be collected. Similarly, we do automatically collect information from your use of our App such as location, phone’s name and model, operating software, IP carrier, and other in-app activities.

Analytics

We may also use third-party service providers to collect and process analytics and other information on our Website or Services. These third-party service providers may use cookies, pixel tags, web beacons or other storage technology to collect and store analytics and other information. They have their own privacy policies addressing how they use the analytics and other information and we do not have access to, nor control over, third parties’ use of cookies or other tracking technologies.

We use pixel tags to collect personal information from website visitors, which may then be used to analyze web traffic, derive insights, and provide tailored advertisements.

Other Sources

Cookies

We use cookies and other technologies to automatically collect information through the Website or Services. [Please note there are no cookies on the App.] These technologies are essentially small data files placed on your devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Services. This information may be used to, among other things, analyse and track data, determine the popularity of certain content and better understand your online activity.

Third-Party Services

We may obtain information about you from other sources, including through third-party services and organisations. For example, if you access our Website or Products and Services through a third-party application, such as a social networking site, we may collect information about you from that third party that you have made available via your privacy settings.

Third-Party entities

We may also collect information you may have provided to any company or its affiliates, associates, subsidiary, holding company to whom you have given consent for sharing of such Information with us.

PURPOSE OF COLLECTION

We will not process your information in a way that is incompatible with or outside of the purpose(s) for which it has been collected or subsequently authorised by you, or collect any information that is not needed for the below mentioned purposes. For any new purpose, we will ask you for your separate consent.

We do not sell your personal information. We do not share your personal information with third parties for them to market or advertise their products to you.

We collect only such information that is strictly needed for the below mentioned purposes.

1. Delivery of our Products and Services to you; providing access to certain areas, functionalities, and features of our Products and Services to you; and for the purpose of fulfilment of our contractual obligations towards you.

1. Addressing your feedback, requests, queries, issues, complaints, and other customer care related activities pertaining to our Products and Services.

1. Research, analysis, case studies for the development and improvement of Products and Services.

1. Developing machine learning algorithms and tools to improve targeting of Products and Services, and other products and services we offer you, with your consent.

1. For providing recommendations to customize or tailor your experience of the Products and Services.

1. Carrying out audits and ensuring internal quality control and safety.

1. In any other way that we specify at the time of requesting information from you.

1. For other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.
2. Diagnosing technical glitches.

1. Creating insights for corporate / business strategy and marketing operations.

1. Technical administration and customisation of Products and Services, and other general administrative and business purposes.

1. Create your unified profile with analytics and insights generated through processing your information.

1. For performing data analysis and testing, processing of statistics for advertising, affiliate marketing, analytics.

1. To investigate fraud or abuse.

1. Investigating, enforcing and resolving any disputes or grievances.

1. Communicating with you about your account, activities on our Products and Services and Privacy Policy changes.

1. To comply with the law and respond to legal requests.

1. Measuring interest and engagement in our Products and Services, including analyzing your usage of the Products and Services.

1. To use statistical information in any way permitted under law, including from Third-Parties in connection with commercial and marketing efforts.
2. To push transactional, marketing, and other product and service related notifications and newsletters

1. Contacting you (including via marketing emails) to provide information on existing or new products and services, features, special promotions or offers, both of Ultrahuman and affiliates as well as third-party offers or products with whom we have a tie-up and which are relevant to use of the Products or Services. You may choose to opt-out of receiving promotional emails at any time via the “Unsubscribe” link in every such promotional email communication. Once you unsubscribe, we will no longer send you promotional/marketing emails however you will continue to receive servicing and transactional emails.

1. Offering you personalised services and targeted advertisements of our healthcare and wellness plans and offering you customised health insights.

1. To create de-identified and/or aggregated information. De-identified and/or aggregated information is not personal information, and we may use and disclose such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes.

DISCLOSURES

Ultrahuman is not in the business of selling your information. We consider this information to be a vital part of our relationship with you.

There are, however, certain circumstances in which we may share your information with certain third-parties without further notice to you, as set forth below:

SERVICE PROVIDERS

We may share any information we collect about you with our third-party service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Products and Services; (ii) the provision of information, products, and other services you have requested; (iii) marketing and advertising; (iv) payment and transaction processing; (v) customer service activities.

BUSINESS PARTNERS

We may provide personal information to business partners with whom we jointly offer products or services.

Also, where you have been referred to use our Products and Services by our business partners such as gyms and other B2B partners, we may share your data with them upon their request subject to informing you via email prior to sharing data with them.

Where we share your data with third-parties, they may use it for their business purposes and data in their possession will be governed by such third-party’s privacy policy.

BUSINESS AFFILIATES

We may share information with our affiliated entities.

At your request and with your explicit consent, we may collect health data from you on behalf of a third-party telemedicine provider, for the limited purposes consented to by you. Any data shared or transferred between us and a third-party telemedicine provider will be subject to strict network- and software-security protocols designed to ensure the safety of your data.

We may also display to you, at your request and through the App, health data from third parties that you have consented to share with us.

ADVERTISING PARTNERS

We do not share your information to advertise any third party’s products or services via the Products and Services. We may use and share your information with third-party advertising partners to market our own Products and Services and grow our Products and Services’ user base, such as to provide targeted marketing about our own Products and Services via third-party services.

FOR LEGAL PURPOSES

We may access, preserve, and disclose any information we store in association with you to external parties if we, in good faith, believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) protect your, our, or others’ rights, property, or safety; (iii) enforce our policies or contracts; (iv) collect amounts owed to us; or (v) assist with an investigation and prosecution of suspected or actual illegal activity.

IN THE EVENT OF MERGER, SALE, OR OTHER ASSET TRANSFER

If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, then your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.

SHARE CONTENT WITH FAMILY AND FRIENDS

Our Services may allow you to provide information about your family and friends, and may allow you to forward or share certain content with a family member, friend or colleague, such as an invitation email.

EXCLUSIONS

All Unsolicited/ Public Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited/Public Information to others without limitation or attribution.

Anonymised, aggregated data may be shared with advertisers, research firms, and other partners.

WHERE DATA IS ALSO ACCESSED AND STORED BY THIRD-PARTIES

When we jointly offer some products and services together with our business partners and we share your personal information with such business partners, or where you have been referred to use our Products and Services by our business partners such as gyms and other B2B partners, we may share your data with them upon their request subject to informing you via email prior to sharing data with them, in such cases we cannot control or delete your data that they have stored. You will need to contact them separately and such data will be governed in accordance with the privacy policy of these third-parties respectively.

The following third-parties assist us in performance of our contractual obligations towards you and help us provide our Products and Services to you. We cannot control and delete any data that they may have of you. In the event you wish to get your data removed from these platforms, you will need to contact them separately and such data will be governed in accordance with the privacy policy of these platforms respectively.

INTERNATIONAL DATA TRANSFER AND STORAGE

You agree that information collected may be stored and processed in any country including United States, where we rent servers, or where we or our affiliates, subsidiaries, or agents maintain facilities in order to provide Products and Services, and by accessing, registering for, or using the Products and Services, you consent to any such transfer of Information.

We may transfer your information to third-parties acting on our behalf, for the purposes of storage such as including AWS, Snowflake and MongoDB Atlas in the United States.

You authorise us to transfer, store, and use your information in any country where we operate. Some of these countries may have different privacy and data protection laws and rules from those in the country where you live. If you do not agree to the transfer, storage and use of your information in any other country where we operate, please do not use our Platform, the Products and Services.

DATA RETENTION AND DELETION

We keep your information only for as long as necessary to provide you with our Products and Services or as may be required under any applicable law. We store your information for lawful purposes only. We may keep de-identified data for research and statistical purposes for a longer period. If you close your User Account, we have no obligation to retain your data, and we may delete any or all of your data without liability. However, we may retain data related to you if we believe it may be necessary to prevent fraud or future abuse, or if required by law, or for other legitimate purposes. If you have elected to receive marketing communications from us, we will retain Information about your marketing preferences for a reasonable period of time, which will be determined by us based on the date you last expressed interest in our content, Platform, Products and Services.

If you would like to request the deletion of your data from our systems, please contact us at support@ultrahuman.com. We will make every reasonable effort to fulfill your request in accordance with applicable data protection laws. Certain data may be retained for a period required by law, our legitimate business purposes, or as necessary to fulfill contractual obligations. We may retain anonymized or aggregated data that does not personally identify you for analytical and reporting purposes. We will notify you once your data deletion request is processed. If there are any challenges or exceptional circumstances that may affect the processing time, we will communicate these issues to you promptly.

DATA BREACH

In the event we become aware that the security of the Platform, Products or our Services has been compromised or your information has been disclosed to unrelated third-parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities.

In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website, and where required, send you an email. If for any reason, you have a reason to believe that your information shared with us is no longer secure, you may contact us via our e-mail address at legal@ultrahuman.com.

USES OR PROCESSING OF INFORMATION AS PER YOUR PREFERENCES

General

Where you have consented to the processing of your information, you may withdraw that consent at any time by contacting us. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Platform and Services and for other legal purposes as described above.

Email Communications

You may choose to opt-out of receiving promotional emails or WhatsApp messages at any time via the “Unsubscribe” link in every such promotional email or WhatsApp communication. Once you unsubscribe, we will no longer send you promotional/ marketing emails or messages however you will continue to receive servicing and transactional emails and messages.

Mobile Devices

We may send you push notifications through our Apps. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device. With your consent, we may also collect precise location information if you use our Apps. You may opt out of this collection by changing the settings on your mobile device.

SECURITY

We are proud to share that we are an ISO 27001 certified organization. We are happy to share the certificate with users, upon request.

Reasonable industry standard technical, administrative, and physical security safeguards and measures are in place to help protect against the loss, misuse and alteration of the information under our control. We promote safety and security on and off our Platform, Products and Services, such as by investigating suspicious activity or violations of this Privacy Policy and Terms of Use and to ensure our Platform, Products and Services are being used legally. If we do detect something risky that could compromise your privacy and security, we shall notify you by updating our respective policies and help guide you through steps to stay better protected.

We take complete measures to safeguard you and our Platform, Products and Services from unauthorised access, alteration, disclosure, or destruction of Information we hold, including: a) Use of encryption to keep your information private while in transit; b) Timely review of our information collection, storage, and processing practices, including physical security measures, to prevent unauthorised access to our systems.

However, we cannot guarantee absolute security as no method of protection and transmission of information is completely secure. Therefore, while we strive to protect your information, you agree and acknowledge that (i) there are security and privacy limitations of the internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Platform cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite our best efforts.

We also have comprehensive internal policies in place to prevent unauthorised access to your data. We take steps to seek to ensure that third parties we share data with also adopt an adequate, reasonable level of security practices and procedures to ensure the privacy and security of your information. However, we are not responsible for any loss, unauthorised access, safety issue or any harm caused to you by any misuse of your information, unless it is a direct and foreseeable consequence of negligence and noncompliance on our part only. You hereby acknowledge that we are not responsible, in particular, for any third-party action or action on your part leading to loss, damage or harm to you or any other person. For any data loss or theft due to unauthorised access to your electronic devices through which you avail our Services, we shall not be held liable for any loss whatsoever incurred by you.

Do note, personal data is encrypted at rest and in transit using industry-standard encryption algorithms. Secure data handling practices are implemented, including secure storage, transmission, and disposal. Data protection regulations are complied with, and privacy by design principles are applied. We have E2E and use Google and Apple auth for authentication which is the gold standard for security.

HIPAA COMPLIANCE [US Only]

We do not provide medical care or advise and are thus not a Covered Entity under HIPAA (US Health Insurance Portability and Accountability Act) (”HIPAA”).

However, in respect of the health data of our US-based customers, we strive to comply with all of the requirements as per HIPAA.

THIRD-PARTY WEBSITES/APPLICATIONS

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

YOUR RIGHTS

We follow your instructions about your information we hold. You may request details of your information collected by us, request reasons for collection, correct your information, request deletion of your information, request restricted processing of your information, the category of entities with whom we have shared it and the reason for any disclosure, request a portable copy of the information you have provided, object to processing of your information, such as for direct marketing, and where we obtain your consent, you may withdraw such consent at any time.

You are free to not to share any medical or other information that you consider confidential and withdraw consent for us to use data that you have already provided. In the event that you refuse to share any information or withdraw consent to process information that you have previously given to us, we reserve the right to restrict or deny the provision of our Products and Services for which we consider such information to be necessary.

EEA, UK, CALIFORNIA, and UAE

If you are an EEA or a UK resident, you also have the right to file a complaint with the supervisory authority in the EEA and in the UK. You can file a complaint with the Information Commissioner’s Office. If you are an EEA or a UK resident, you may also write to our Data Protection Officer at the below address:

Ametros Group Ltd Lakeside Offices, Thorn Business Park Rotherwas Industrial Estate Hereford Herefordshire England HR2 6JT 0330 223 2246 dpo@ametrosgroup.com www.ametrosgroup.com

Further, please find below the details of our EEA and UK representative:

EEA

Ametros Ltd Unit 3D, North Point House North Point Business Park New Mallow Road Cork, Ireland gdpr@ametrosgroup.com www.ametrosgroup.com

UK

Ametros Group Ltd Lakeside Offices, Thorn Business Park Rotherwas Industrial Estate Hereford, Herefordshire England, HR2 6JT 0330 223 2246 dpo@ametrosgroup.com www.ametrosgroup.com

If you are a California resident, you may also request information that we may have collected about you in the previous twelve months, the reason we collected it, the category of entities with whom we have shared it and the reason for any disclosure, by writing to us.

If you are a resident of UAE, you also have the right to file a complaint with the UAE Data Protection Office or Ministry of Economy Consumer Protection Department hotline (600-522-225). Alternatively, you may write to our Data Protection officer, Mr. Adhit Shet at legal@ultrahuman.com.

You can exercise all these above mentioned rights by raising a request to us at legal@ultrahuman.com.

ASSIGNMENT AND TRANSFER

All our rights and obligations under this Privacy Policy and Terms of Service are freely assignable by us to any of our affiliates, in connection with a merger, acquisition, restructuring, liquidation, bankruptcy or sale of assets, or by operation of law or otherwise, and we may transfer your information to any of our affiliates, successor entities, or new owner.

GOVERNING LAW AND DISPUTE RESOLUTION

These Privacy Policy is governed and construed in accordance with the Federal laws of the United Arab Emirates as applied in the Emirate of Abu Dhabi, and the laws of Abu Dhabi, without giving effect to the principles of conflicts of laws of choice of law provisions therein. In case of disputes or controversies arising out of or in connection with or relating to this Privacy Policy, the parties shall first try to resolve it amicably through negotiations. If a satisfactory solution can not be reached within a period of thirty (30) days from the date on which written notice of a dispute is provided by one of the parties, the parties shall refer to and finally resolve by arbitration under the Arbitration Rules of the Abu Dhabi Commercial Conciliation and Arbitration Centre (“Rules”), which Rules are deemed to be incorporated by reference in this clause. The number of arbitrators shall be one. The seat, or legal place, of arbitration shall be Abu Dhabi. The language to be used in the arbitration shall be English. Notwithstanding the foregoing, we reserve the right to seek injunctive or other equitable relief in a court of competent jurisdiction to prevent the actual or threatened infringement, misappropriation or violation of our copyrights, trademarks, trade secrets, patents or other intellectual property rights (an “IP Protection Action”). You acknowledge and agree that any Dispute must be notified to us within thirty (30) days after the occurrence of the matter giving rise to the Dispute or you becoming aware of the same, whichever is later.

MODIFICATIONS TO THIS POLICY

We may modify the Privacy Policy from time to time at our sole discretion. If we do so, we will revise the date at the top of this Privacy Policy and if there is any significant update, we will inform you through email or any other preferred mode of communication. It is important that you review our Privacy Policy from time to time because your continued use of the Platform, Products and Services after the effective date of any change to the Privacy Policy will be deemed to be your acceptance to the modified Privacy Policy. If you do not agree to be bound by the modified Privacy Policy, then you must not use the Platform, Products and Services anymore.

SEVERABILITY

If any term or condition of this Privacy Policy is deemed invalid or unenforceable by a court of law or tribunal with binding authority, then the remaining terms and conditions shall not be affected.

CONTACT US

If you have any questions about this Privacy Policy, our practices or your dealings with us, or your rights, you may contact Adhit Shet, our Grievance Officer at legal@ultrahuman.com.

Ultrahuman Healthcare SP LLC is located at 4th floor, Etihad Airways Center, Al Raha, Al Muneera, Abu Dhabi, UAE.