Electrokare Privacy Policy

1. Introduction.
‍ElectroKare Inc., a Delaware corporation (“ElectroKare,” “we,” “us,” or “our”) is committed to protecting the privacy of all individuals whose Personal Data we use, collect, and share  (“you” or “your”). This Privacy Policy (this “Policy”)describes what categories of Personal Data we collect; how we use and disclose that information; the safeguards which we maintain; your legal rights; how you can access, correct, or delete your information; and how to contact us for any additional information. This Policy applies to all users of our mobile application, visitors of our website, and any related services (a “Platform”). “Personal Data” means any information that identifies you or can be reasonably linked to you, or information which is otherwise considered to be “personal information ”or “personal data” under applicable laws. We are not responsible for the policies and practices of any third parties, and we do not control, operate, or endorse any information, products, or services that may be offered by third parties or accessible on or through a Platform. Words not defined in this Policy have the same meanings ascribed to them in our Terms of Use. 

‍2. Collection of Personal and Sensitive Information.
‍We collect personal and sensitive information directly from you when you register an account, complete your profile, or otherwise provide information through a Platform. This may include your name, date of birth, gender, height, weight, email address, and preferences. When you use a Platform, you consent to our automatic collection of health and biometric data, including ECG signals, heart rate, accelerometer readings, as available from any sensors or devices which you use in your interactions with a Platform, and electrolyte levels, as well as device identifiers, IP address, operating system, location data, and usage logs. We may also receive information from third-party platforms you choose to link to your account. 

‍3. Use of Information.
‍We use your Personal Data solely to provide, maintain, and improve the Platforms, including to authenticate your identity, process transactions, perform analytics, and adjust content and recommendations to your individual needs (the “Services”). We may also use your information to communicate with you about Services updates, respond to your inquiries and support requests, conduct research and development in de-identified form, and, where you have opted in, send you marketing materials. We will not use or disclose your Personal Data for any purpose other than those set out in this Policy without first obtaining your consent, unless otherwise required or permitted by law.  

‍4.Disclosure and Cross-Border Transfers.
‍Subject to applicable law, we may disclose Personal Data to our service providers and professional advisers (including cloud hosting providers, analytics vendors, payment processors, and legal or financial advisors) strictly to perform functions necessary to deliver the Services. In each such case, we will obtain any necessary consents and shall not permit any service provider to use the Personal Data in any way which would violate this Policy or our Terms and Conditions. We may also disclose Personal Data to law enforcement, regulatory authorities, or courts where required by subpoena, court order, or other legal obligation. Because our service providers are located in various countries, as cloud infrastructure may be deployed in various regions to optimize our performance and scale operations, your Personal Data may be transferred outside of your country of use. In each case, we will take all necessary steps to ensure that cross-border transfers are governed by appropriate safeguards, such as standard contractual clauses or binding corporate rules and comply with our customer agreements. Additionally, in each such case, we shall only disclose Personal Data to the extent necessary in furtherance of the Services. A current list of recipient countries is available upon request. 

‍5. Security Safeguards.
‍We are committed to protecting your Personal Data from misuse, interference, loss, unauthorized access, modification, or disclosure. To that end, we implement best industry practices security measures, including encryption of data in transit(TLS), strict access controls, multi-factor authentication, and staff training on privacy and data-protection best practices. Your data are stored on secure cloud servers using the Google Cloud technology suite. While no system can guarantee absolute security, we continuously review and update our safeguards to ensure your information remains protected. 

‍6. Data Retention.
‍We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Once the information is no longer needed, we will either securely destroy or de-identify it. Retention periods vary by information type: raw signal data, such as ECGs, are stored transiently, and we delete the majority of these data thirty (30) daysf ollowing their collection; activity data, such as your historical data, including heart rates, session types and durations, etc., as well as your account preferences and information, are retained until and unless you request their deletion, the process for this which is detailed below. The retention of your data allows us to provide you with summaries and insights into your trends, habits, and other such information which are comprised of your historical data.  We reserve the right to retain your information indefinitely, unless you request its deletion, in which case we will remove it; this allows us to continually refine and improve our algorithms, contributing to the improvement of our Services. 

‍7. Data Access, Correction, and Deletion.
‍You have the right to access the Personal Data we hold about you and to request correction of any inaccuracies. California residents also have the rights to know, delete, and opt out as provided under State law. We do not discriminate against those who wish to exercise these privacy rights by charging a different price. We do not discriminate against those who wish to exercise these privacy rights by providing a different quality of service except to the extent that the quality of service is reduced intrinsically due to a lack of access to data; ability to process data; or other functions related to data upon which the Services rely. To exercise any of these rights, please contact our Privacy Officer at: 318 Haddon Circle, Vernon Hills, IL60061, email: admin@electrokare.com. We will acknowledge your request within five business days and respond in accordance with applicable law. If we refuse your request, we will provide reasons for the refusal and information about how to lodge a complaint. If you would like your personal data and history deleted from our records, send an email to:admin@electrokare.com with your full name and account email with the subject:"[Your username/email] Data Deletion Request" 

‍8. Complaints and Dispute Resolution.
‍If you believe we have breached this Policy or relevant privacy laws, please submit your complaint to admin@electrokare.com. We will investigate and respond within thirty days. If you remain dissatisfied with our response, you may lodge a complaint with the data protection authority in your jurisdiction. For example, Australian residents may contact the Office of the Australian Information Commissioner; California residents may contact the California Attorney General; Canadian residents may contact the Office of the Privacy Commissioner of Canada; and EEA or UK residents may contact the supervisory authority in their Member State (a full list is available on the European Data Protection Board website). Residents of other countries may contact the data protection authority or equivalent regulator where they normally reside. 

9.Legal Basis for Processing (EEA and UK Residents).
If you are located in the European Economic Area or the United Kingdom, the GDPR requires that we identify the legal grounds we rely on whenever we process your personal data. For all other users (including those in the U.S., Australia, Canada, etc.),consent to our Privacy Policy is generally sufficient under local law. We rely on the following lawful bases for processing your information:

‍9.1 Performance of a Contract. We process Personal Data necessary to perform our contract with you: creating and managing your ElectroKare account; delivering the Services you request(including but not limited to device connection, diagnostics, electrolyte and other health analytics, and personalized recommendations); and fulfilling purchases or subscriptions you make through the app.

‍9.2 Legal Compliance. Where required by law, such as for tax, financial reporting, or in response to a court order, we process your information to comply with our legal obligations.

‍9.3 Legitimate Interests. We process certain non-sensitive information to support our legitimate business interests (for example, app security, fraud prevention, service-quality monitoring, research and development of new features), provided those interests do not override your fundamental rights and freedoms.

‍9.4 Consent. For optional processing—such as sending you marketing communications or surveys—we rely on your consent. You may withdraw consent at any time by following the unsubscribe link in any marketing email or by adjusting your preferences in the app.

‍9.5 Vital Interests &Public Interest.On rare occasions (such as to protect someone’s life or in the public interest for health and safety), we may process data without consent. We will inform you if this becomes necessary under applicable law. 

10.Data Breaches In the event of a data breach impacting personally identifiable information, we will notify all affected individuals and/or entities, as well as the appropriate regional authority/authorities, as detailed in above in Section 8(Complaints and Dispute Resolution). Affected users will be notified within fourteen days of our discovery of any data breaches. Following any such notification, we shall provide a timely outline of remedial action and, at our cost, remedy such breach and provide evidence of such remedial action and any consequent data security improvements. An internal review and assessment will be conducted in order to establish the impact of the breach, as well as possible causes, and actions will be taken as soon as reasonably possible in order to prevent further consequences from the breach.

11. Additional Disclosures for Israeli Users If you reside in Israel, your personal information is handled in accordance with Israel’s Protection of Privacy Law, including its Data Security Regulations and 2023 reforms under Amendment 13. We obtain explicit consent for collection and use of sensitive biometric data, including ECG signals and electrolyte-level estimations. Upon request, Israeli users may obtain a list of countries where their data is stored or processed, and information about the safeguards used for cross-border transfers. You may request access to, correction of, or deletion of your personal data by contacting our Privacy Officer at admin@electrokare.com.We will maintain internal records of data processing activities and appoint a Privacy Protection Officer (PPO) where required under applicable law. Marketing communications will only be sent with your prior consent, and we comply with Israeli anti-spam regulations, including the "Do Not Call Me" registry.

12. Additional Disclosures for Brazilian Users (LGPD)If you reside in Brazil, your Personal Data is processed in accordance with Brazil’s Lei Geral de Proteção de Dados (“LGPD,” Federal Law No. 13,709/2018). The following additional disclosures apply:
‍12.1 Legal Bases for Processing We process your Personal Data under one or more of the following legal bases under Articles 7 and 11 of the LGPD:
(a) Consent for collection and processing of sensitive personal data, including ECG signals, biometric measurements, electrolyte estimations, and any other health-related information you provide through the Services;
(b) Performance of Contract, including creating and managing your account, providing analytics, and delivering the Services;
(c) Legitimate Interests, including service improvement, fraud prevention, security monitoring, and non-identifiable research, provided such interests do not override your fundamental rights;
(d) Legal or Regulatory Obligations applicable to ElectroKare;
(e) Research Purposes, in anonymized or de-identified form, in accordance with Article 7, item IV, and Article 11, item II of the LGPD;
(f) Protection of Life or Physical Safety of the data subject or a third party, where applicable.
‍12.2 Sensitive Personal Data Under Article 11 of the LGPD, ECG signals, biometric identifiers, electrolyte estimations, and health-related session data are considered Sensitive Personal Data. We only process Sensitive Personal Data with your explicit consent or where another lawful basis applies.
‍12.3 Data Subject Rights (Article 18 LGPD)Brazilian users have the following rights:
(a) confirmation of processing;
(b) access to data;
(c) correction of incomplete, inaccurate, or outdated data;
(d) anonymization, blocking, or deletion of unnecessary or excessive data;
(e) portability to another provider;
(f) deletion of data processed with consent;
(g) information about public and private entities with which we share data;
(h) information about the possibility of denying consent and the consequences;
(i) revocation of consent;
(j) review of decisions made solely on automated processing that affect your interests. Requests can be made by contacting our Privacy Officer or our Brazil Data Protection Officer (“Encarregado”) using the contact information below.
‍12.4 Automated Decision-Making and Profiling Our Services use automated processes to analyze ECG signals, session data, biometrics, and electrolyte estimations to provide performance insights and recommendations. You may request:
(a) clarification regarding the automated processing logic;
(b) review of automated decisions;
(c) correction of resulting inferences where appropriate.
‍12.5 Cross-Border Transfers
‍Your Personal Data may be transferred outside Brazil. We adopt appropriate safeguards permitted under the LGPD, including standard contractual clauses, technical protections, and contractual commitments from service providers. A list of countries where processing occurs is available upon request.
‍12.6 Brazil Data Protection Officer (Encarregado) Our DPO for Brazil is:
Brazil Privacy Contact: dpo-brazil@electrokare.com