Privacy Policy
Last updated: 1 March 2026 · Version 1.0
Healzen is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, and the rights you have over it. We have written this policy in plain language — no legal jargon where we can avoid it.
1. Information We Collect
We collect information you provide directly (name, date of birth, health data, contact details), information generated by your use of the app (activity logs, metrics, AI conversations), and technical data (device type, browser, IP address, cookies). Health data you log — including vitals, medications, medical history, mood logs, and nutrition — is treated as sensitive personal data under applicable data protection laws.
2. How We Use Your Information
Your personal and health data is used solely to: • Provide and improve the Healzen service • Generate personalized AI health recommendations • Send you reminders and alerts you configure • Respond to support requests • Comply with legal obligations We do NOT sell your personal or health data to third parties for advertising or commercial purposes.
3. Legal Bases for Processing
We process your data under the following legal bases (GDPR Article 6): • Contract performance: to provide the service you signed up for • Legitimate interests: improving service quality, fraud prevention, security • Consent: for optional features such as AI training data contribution or research participation (you may withdraw consent at any time) • Legal obligation: when required by applicable law
4. Data Storage & Security
All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Health data is stored on servers located within the European Union (primary) with regional mirrors. We apply role-based access controls, regular penetration testing, and third-party security audits to protect your data.
5. Data Sharing
We share your data only in these limited circumstances: • With service providers (cloud hosting, analytics) who are contractually bound to data protection standards • With healthcare professionals you explicitly choose to share with via the app's sharing feature • With your authorised family members (as configured by you) • When required by law, court order, or to protect life Any sharing you initiate via the app's share feature uses encrypted, time-limited links. You retain full control and can revoke access at any time.
6. Your Rights
Under GDPR, PDPA, and similar applicable laws, you have the right to: • Access: request a copy of all data we hold about you • Rectification: correct inaccurate personal data • Erasure: delete your account and all associated data permanently • Portability: export your health data in machine-readable format (JSON/PDF) • Restriction: limit processing of your data • Objection: object to processing based on legitimate interests • Withdraw consent at any time for consent-based processing To exercise any right, email [email protected] or use Settings → Privacy → Data Rights.
7. AI & Automated Decision-Making
The app uses AI to generate health insights, recommendations, and suggestions. These recommendations are informational only and do not constitute medical advice. AI-generated outputs are clearly labelled. No automated decision-making has legal or similarly significant effects on you as defined by GDPR Article 22. A qualified healthcare professional should always be consulted for clinical decisions.
8. Children & Minors
The main account must be held by a person 18 years or older. Child profiles (under 18) managed under a parent or guardian account are subject to parental consent, which the account holder provides on behalf of the child. Child health data is subject to enhanced protections. When a child profile reaches age 18, data is migrated to a new independent account with the young person's own consent obtained fresh.
9. Cookies
We use strictly necessary cookies (session authentication), functional cookies (language preference, theme), and optional analytics cookies (app usage statistics, opted-in only). Third-party analytics cookies are only placed with your explicit consent. You may manage cookie preferences in Settings → Privacy → Cookie Preferences.
10. Data Retention
Health data is retained for as long as your account is active. Upon account deletion, all personal data is permanently erased within 30 days, except where retention is required by applicable health or financial law (e.g., prescription records under medical regulation). Anonymised, aggregated statistical data (with no possibility of re-identification) may be retained indefinitely for service improvement.
11. International Transfers
If we transfer your data outside your home jurisdiction (e.g. outside the EU/EEA), we do so under Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent safeguards, ensuring an equivalent level of protection.
12. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will notify you in-app and by email at least 14 days before the change takes effect. Continued use of the app after that date constitutes acceptance of the updated policy.
13. Contact & Data Controller
Healzen is operated by Healzen. Data Controller: Healzen Email: [email protected] Address: Available upon request For EU users: We have appointed a GDPR representative for Data Protection Officer inquiries. Contact: [email protected]
Questions? Email [email protected]