Privacy Policy

1. Introduction

Inself ("we", "us", "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wellness platform.

We process personal data in accordance with the General Data Protection Regulation (GDPR)and other applicable data protection laws.

2. Data Controller

Inself acts as the Data Controller for personal data processed through our platform.

• Company: Inself Ltd
• Email: privacy@inself.co
• Data Protection Inquiries: dpo@inself.co

3. Categories of Data Collected

3.1 Identity Data

• Name, email address
• Date of birth, gender
• Account credentials

3.2 Health Data (Special Category Data)

• Health questionnaire responses
• Fitness and wellness goals
• Blood test results (if uploaded)
• Biomarker data
• Wearable device data (if connected)
• Biological age calculations

3.3 Usage Data

• Platform interactions
• Preferences and settings
• Recommendations viewed
• Feature usage patterns

3.4 Technical Data

• IP address
• Device information
• Browser type and version
• Cookies and similar technologies

4. Legal Basis for Processing

4.1 Consent (Article 6(1)(a) and Article 9(2)(a))

We rely on your explicit consent for:

• Processing health data
• Marketing communications
• Non-essential cookies

4.2 Contract Performance (Article 6(1)(b))

We process data necessary to:

• Provide our wellness services
• Manage your account
• Deliver personalized recommendations

4.3 Legitimate Interests (Article 6(1)(f))

We process data for:

• Platform security and fraud prevention
• Service improvement and analytics
• Customer support

4.4 Legal Obligations (Article 6(1)(c))

We process data to comply with legal requirements.

5. Your Rights Under GDPR

You have the following rights regarding your personal data:

5.1 Right of Access

You can request a copy of your personal data we hold.

5.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

5.3 Right to Erasure

You can request deletion of your personal data ("right to be forgotten").

5.4 Right to Restrict Processing

You can request we limit how we use your data.

5.5 Right to Data Portability

You can request your data in a machine-readable format.

5.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

5.7 Right to Withdraw Consent

You can withdraw consent at any time without affecting prior processing.

5.8 Right to Lodge a Complaint

You can file a complaint with your local data protection supervisory authority.

6. Data Retention

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Employee training on data protection
• Incident response procedures

8. International Data Transfers

If we transfer data outside the European Economic Area (EEA), we ensure protection through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Your explicit consent where applicable

9. Third-Party Services

We may share data with trusted third parties for:

• Cloud hosting: Secure data storage
• Analytics: Service improvement (with consent)
• AI services: Generating personalized recommendations
• Payment processors: Handling transactions securely

All third parties are contractually bound to protect your data.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through our platform.

12. Contact Us

For privacy-related inquiries:

• Privacy Team: privacy@inself.co
• Data Protection Officer: dpo@inself.co