Privacy Policy
Effective Date: May 9, 2025
This Privacy Policy (“Policy”) explains how Elysia Solutions ("we", "us", or "our") collects, uses, and protects your personal data when you use our applications, websites, and related services (“Services”). By using our Services, you agree to the terms outlined in this Policy.
We are committed to privacy and security by design. This means your personal data, including sensitive health information, is handled with care, encrypted in transit and at rest, and never sold. We comply with the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and relevant Swiss data protection laws.
1. What Data We Collect
| Data Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Personal Identifiers | Name, email, phone number | Account setup, communication | Contractual necessity |
| Health Data | Heart rate, symptoms, labs, medications, etc. | Health insights, predictions | Explicit consent (GDPR Art. 9) |
| Biometric Data | HRV, SpO2, stress, energy | Digital biomarker analysis | Explicit consent (GDPR Art. 9) |
| Location Data | GPS data (if enabled), city | Personalization, weather/environment | Legitimate interest / consent |
| Device Info | Device model, OS, app usage | Troubleshooting, analytics | Legitimate interest |
| Correspondence | Email, messages, survey answers | Customer support and improvement | Legitimate interest / legal obligation |
| 3rd Party Data | From Apple Health, Google Fit, wearables | Personalized insights | Explicit consent |
2. How We Use Your Data
- Deliver and improve the Services
- Generate personal health insights
- Send reminders, alerts, and feature notifications
- Communicate with you about service updates
- Comply with legal obligations
We do not sell your personal data to third parties.
3. Research Use and Consent
With your explicit consent, your pseudonymized health data and biological samples (e.g., blood, saliva) may be used for biomedical research by trusted institutions. This includes:
- Analysis of anonymized or coded datasets
- Use of leftover biological material stored in secure biobanks
- Sharing with academic research partners under strict data protection protocols
You may revoke your research consent at any time by contacting us.
4. Data Storage and Security
We host our systems on Google Cloud Platform (GCP), with all data encrypted in transit and at rest. Access is restricted by role, and audits are regularly performed.
Data from EU, Swiss, or UK residents is stored in EEA-compliant data centers under GDPR-aligned agreements.
5. Sharing of Data
We share your data only:
- With your consent and healthcare provider
- With service providers under binding agreements
- As required by law or regulatory obligation
- With research institutions (only with explicit consent)
6. Your Rights (GDPR)
You can:
- Access, correct, or delete your data
- Restrict or object to processing
- Revoke consent at any time
- Request data portability
Please contact us at hello@elysia-solutions.com to exercise your rights.
7. Retention Policy
We retain data only as long as necessary for the purposes described. You can request deletion of your data and account at any time.
8. International Transfers
Data may be processed outside your country. When this happens, we ensure appropriate legal safeguards are in place, such as EU standard contractual clauses.
9. Changes to This Policy
We may update this policy. Major changes will be communicated via the app or email. Please review regularly.
10. Contact
Elysia Solutions Privacy Office
Email: hello@elysia-solutions.com
Effective Date: May 9, 2025