This privacy policy (“Privacy Policy”) governs the collection, processing, and use of data performed by Akusehat.ai. This Privacy Policy concerns data that we collect from individuals who have installed and interacted with our applications, including but not limited to the “Akusehat.ai” application, or those who use the Akusehat.AI management dashboard. Each user will also be referred to here as “You”. This Privacy Policy is also an integral part of the applicable terms of use or any other agreement made between You (or the entity you represent) and us.

By using the Services, you consent to the collection and use of your data in accordance with this Privacy Policy. When using the Services, we may collect and process certain Personal Data from you to enable you to use the Services, as well as for other purposes as detailed below. By using the Application, Dashboard, and Services, you agree to the privacy practices described in this Policy.

If you have any questions regarding this Privacy Policy, please contact us at: getsupport@akusehat.ai.

CHANGES

We reserve the right to modify or revise this Privacy Policy periodically, and such changes will take immediate effect upon applying the revised Privacy Policy to the Application or Dashboard. The date of the last revision will be listed under the “Last Modified” title located at the top of this Privacy Policy. We will use reasonable efforts to notify you if we implement any changes that substantially alter our privacy practices. We encourage you to review this Privacy Policy periodically to ensure you understand our privacy practices and to check for any changes.

Data We Process

1.       Processing of Non-Personal Data

As part of providing the Services to you, we may collect aggregate, non-personal, and non-identifiable information that may be supplied or collected through your use of the Services and your interactions with us (“Non-Personal Data”). Furthermore, we may process identifiable Personal Data to create new de-identified datasets based on applicable common and legal standards. Such new datasets will be considered Non-Personal Data. Non-Personal Data may be used by us without restriction and for any purpose, including commercial, research, or statistical purposes, without further notice to you. If we combine Personal Data with Non-Personal Data, the combined data will be treated as Personal Data.

2.       Processing of Personal Data

As part of your use of the Application or Dashboard, you are required to register and open a user account (either directly or through the use of access credentials provided to you), and provide basic contact information, credentials, and other basic data including demographic information such as gender, age, etc. Furthermore, during your use of the Services, certain usage data may be processed and stored by us, such as body measurements and your vital signs, stress levels, and general usage data such as dates and times of usage. Such data may be considered “Personal Data”, meaning information that identifies an individual or can reasonably be used to identify an individual (“Personal Data” or “Personal Information” as defined under applicable laws).

Below is the table detailing the Personal Data we collect and how we use it.

DATA SET	PURPOSE AND PROCESSING OPERATIONS
Basic Account Data User Account Data includes basic contact details such as name, email address, password, and your device details (type, OS version, etc.). We may also collect relevant demographic data such as age, gender, height, weight, etc.	We collect this data to enable you to access and use the Application, and to customize the Application’s calculations and algorithms according to your characteristics. Furthermore, we may use demographic data and technical device information to evaluate our services (sometimes for the benefit of the relevant Account Owner), improve and develop our services, including through research and development of new products and algorithms. We will collect and process Account Data, create a User Account in our system, identify Users when accessing and registering to the Service, and customize the Service to the User’s preferences and characteristics. Additionally, we may use your contact details to send updates and notifications regarding your use of the Services. For evaluation, improvement, and research purposes, we may analyze your use, aggregate data, and create de-identified datasets for our internal use.
Vital Signs and Health-Related Data As part of using this Application, certain health-related data may be collected and processed, such as Blood Pressure, Heart Rate (BPM), Respiration (RPM), Stress Level, HRV-SDNN (ms), and other calculated biomarkers and related data, including a calculated “Health Score” to track and maintain your historical measurement data.	We use this data to provide the Services to you, which include collecting, tracking, and managing certain body indicators and biomarkers, stress levels, health, etc. Additionally, we may use biomarker indicators and health-related data to evaluate our services (sometimes for the benefit of the relevant Account Owner), improve and develop our services, including through research and development of new products and algorithms. To extract vital-sign measurement results, the Application only uses video of a small area of facial skin, excluding identifiable features such as eyes. The video recording is processed locally (on the user’s device) in real-time, is not stored after the measurement ends, and is not transferred to our servers. Only the extracted measurement results are shared with our cloud and processed as part of the user account.
Ongoing Device Location Data As part of the use of the Akusehat.ai application, you will be asked to consent to the access and processing of your real-time location. With your consent, we will collect device location, including in the background, while the application is running in the background.	When an event occurs (such as a measurement, fall, or activity), your location will only be shared with your organization so they may assist you according to the organization’s policies. Location data is not stored on your device or shared with any third party. Please note that although your device’s Location Data is collected continuously, we do not record your movement and do not use the data unless an event occurs.
Usage Data When you use the Application, information and data are automatically generated and collected that help us understand how you use the Application and how to better provide the Services to you (“Usage Data”). Most Usage Data is non-personal—e.g., pages viewed, Services usage (i.e., accessed or used by an end-user), time spent on pages or features, crash data, analytics data, etc. To the extent that Usage Data contains Personal Data, it will be treated as Personal Data and covered under this Privacy Policy.	We use Usage Data to improve our Services. We may use certain third-party tools for collecting, analyzing, and managing Usage Data, namely SDKs implemented in the Application.
Contact Us and Support If you voluntarily contact us for information regarding our Services or other inquiries, you may be required to provide certain information such as your name, email address, phone number, the company you contact us on behalf of, your industry, and any additional information you choose to share. If you contact us on behalf of someone else, we appreciate your assistance and care for others; however, please note that you are responsible for ensuring that any person whose Personal Data you provide is aware of this statement and agrees that you will provide their Personal Data to us on this basis.	We will use this data to provide the information you request, respond to your inquiries, or provide our Services. We may process our correspondence with you to improve customer service and, if we believe it is necessary, to provide further assistance (if applicable). Correspondence and its contents may be processed and stored by us to improve customer service and, if necessary, maintained—for example, in the case of claims or to provide further assistance (if applicable).

Please refer to the table below, which details the Personal Data that we do not collect and how it is used.

DATA SET	PURPOSE AND PROCESSING OPERATIONS
Facial Data As part of using the Akusehat.ai app, you will be asked to consent to real-time access to your device’s camera.	The app uses video from a small area of facial skin without capturing identifiable features such as the eyes. The video is processed locally on the user’s device in real time, and no face data is stored after the measurement is completed. This processing is performed solely to extract vital sign measurement results.

Please note that the actual processing purposes may vary based on the usage detailed above. Such processing usually involves a set of automated operations such as collection, storage, use, disclosure via transmission, deletion, or destruction. Transfers of Personal Data to third countries, as further detailed in the Data Transfer section, are based on the same legal grounds described above.

Additionally, we may use certain Personal Data to prevent potentially prohibited or unlawful activities, fraud, abuse, violations, identity theft, and misuse of the Services, as well as to enforce the Terms, protect the security or integrity of our databases and Services, and take precautions against legal liability. Such processing is based on our legitimate interests.

How We Collect Informatio

• Automatically – We may use cookies, SDKs, or similar tracking technologies in connection with our Dashboard and Application. The way we and third parties place cookies in connection with the Services, their use, and data collection is described in the Cookie section below.
• Provided Voluntarily by You – We will collect information when you choose to provide it to us, such as through the Application, registration process, measurement processes, contact-us interactions, etc.
• Provided by Third Parties – Such as through relevant Account Owners, or through our vendors and service providers.

Cookies & Tracking Technologies

When you use the Dashboard, we may use Cookies to collect, store, and track certain information related to your access, activity, and interactions with the Dashboard. You may find more information about cookies at www.allaboutcookies.org.

The use of Cookies in the Dashboard is under your control through the Cookie banner installed on our dashboard. You can also delete Cookies by following your device’s instructions for adjusting your preference settings. Our Cookies do not grant access to or inspection of any other information on your device. If you wish to be notified when a Cookie is placed on your device, you may set your web browser to provide such notifications.

Most browsers allow you to delete cookies, block acceptance of cookies, or receive warnings before cookies are stored. However, blocking or deleting cookies may limit your browsing experience. See the following links for more information on blocking or deleting cookies: Google Chrome; Firefox; Internet Explorer; Safari; Edge; Opera.

In the Application, we may use tracking and analytics technologies, known as SDKs, to collect and analyze usage data for monitoring and improvement purposes as described above.

Data Sharing

We share your data with third parties, including trusted partners or service providers that help us provide and improve our services:

CATEGORY OF RECIPIENT	DATA SHARED	PURPOSE OF SHARING
Account Owners (who appoint us to provide Services to you, such as companies)	Personal Data such as Account Information, biomarker statistics, Contact Information, etc.	We use usage data based on contractual obligations to provide our services to you. In some cases, Vital Signs and Health-Related Data are sent directly from your device through our Application to the relevant Account Owner; however, we do not store or process such data. Further use of transferred data is subject to our agreement with the Account Owner as the relevant Data Controller, as well as the Account Owner’s independent privacy practices and policies.
Any party acquiring our business	All types of Personal Data.	We may share Personal Data in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale). In such cases, our affiliated or acquiring company will take over the rights and obligations described in this Policy.
Law and Enforcement Authorities	Subject to verified requests from law enforcement authorities.	We may disclose certain data to law enforcement, government agencies, or authorized third parties in response to verified requests related to terrorism, criminal investigations, or suspected illegal activities, or any activities that may expose us, you, or other users to legal liability, and only to the extent necessary.

When we share information with service providers and partners, we ensure they only have access to the information strictly necessary for us to provide the services. These parties must secure the data they receive and use it only for the agreed-upon purposes, ensuring compliance with applicable data-protection regulations.

Your Data Subject Rights Under Privacy Laws

Under relevant privacy laws, individuals may have specific rights allowing them to request information or modifications regarding how we process their Personal Data. These rights may include:

·         Access to your Personal Data

·         Correction of your Personal Data

·         Deletion of your Personal Data

·         Restriction of our use of your Personal Data

·         Objection to our use of your Personal Data

·         Request to transfer your information to another organization or provide a copy of your Personal Data (Data Portability)

·         Withdrawal of your consent

To exercise these rights, please contact us through available communication methods, directly or via our Data Protection Representative. We may not always be able to fulfill your request, and not all rights apply in every jurisdiction or situation. If we cannot provide the requested information, we will explain why and inform you of your rights, including the right to file a complaint with a supervisory authority. We reserve the right to request reasonable proof of identity before providing information as required by law.

If you are a user under an Account Owner, some or all of your rights may only be exercised under the responsibility and discretion of that Account Owner. In such cases, please contact your Account Owner directly. Any such requests forwarded to us will be transferred to the relevant Account Owner as the Data Controller.

If you are dissatisfied, you have the right to lodge a complaint with the relevant data protection authority at any time. However, we appreciate the opportunity to address your concerns before involving authorities. Please feel free to contact us first.

Data Retention

In general, we retain Personal Data we collect for as long as necessary for the purposes listed above, in compliance with applicable regulations, or until you choose to opt-out where applicable.

Our criteria for determining retention periods include:

·         We retain Personal Data for the period required to fulfill the purposes of its collection. For example, Contact Communication data will be retained for at least as long as needed to answer your inquiry.

·         We retain Personal Data for the period required to meet legal obligations. For example, transactional data may be stored for up to seven years or more depending on bookkeeping requirements.

·         If you have a dispute with us, we may retain certain types of Personal Data as needed for your claim, including legal proceedings between us, until the dispute is resolved and, if necessary, afterward according to applicable statutes of limitation.

·         Additionally, if you exercise your rights, we will retain relevant correspondence for as long as necessary to demonstrate compliance.

Data processed by us as a Processor on behalf of an Account Owner will be retained in accordance with instructions from that Account Owner, as the Data Controller.

Security

We use physical, technical, and administrative security measures for the Services that we believe comply with applicable laws and industry standards to prevent your information from unauthorized access, improper use or disclosure, unlawful alteration, or accidental loss.

However, transmission of information via the internet and online data processing cannot be 100% secure. Therefore, although we will do our best to protect your Personal Data, we cannot guarantee the security of data transmitted through the Application or Services, and any data transmission is at your own risk.

Data Processing Location

We may store or process your Personal Data in various countries, including Indonesia, as we are headquartered there. In such cases, we remain responsible for protecting your data privacy and security in accordance with applicable legal requirements.

If you are a resident of a jurisdiction where transferring your Personal Data requires consent, your acceptance of this Privacy Policy constitutes explicit consent for such transfer.

We are not responsible for further processing, including storage and processing locations, of any data transferred by us or sent from the Application to an Account Owner. Such data is managed under the sole responsibility and discretion of the Account Owner as the Data Controller.