Knose Health Privacy Policy
Effective date: Aug 2, 2024
In this Privacy Policy, we explain how EMOTION SENSE LTD (“we” or “us”) collects, stores, uses, and protects your personal data when you use our application “Knose” (the “App” or the “application”) or website https://knose.health (the “Website”). The Website and the Application are referred to together as the “Services”.
In this policy, we also explain your rights in respect of the personal data we hold about you and how we protect your privacy.
If you do not want us to process your personal data as described in this Privacy Policy, please do not use our App.
1. WHAT PERSONAL DATA WE COLLECT AND WHY
We do not collect any data when you use the Website. When you use the App, we collect certain data about you, which we call your Personal Data:
Purpose: To create your account with Knose.
Data categories: public FaceID key.
Collection: When you accept our Privacy Policy, you can sign up using Face ID. When you do, a key pair (public + private key) is generated. The private key is stored securely on the device, we don’t have access to it, and the public key is sent to our server for registration and is used later for verification of cryptographic signature.
Purpose: To connect your data to your account through an anonymised ID.
Data categories: Unique User ID.
Collection: When you accept our Privacy Policy and sign up with Face ID for the first time, we generate a Unique User ID for you.
Purpose: To provide you with core features of the App (for example, analysing your health data to detect patterns and anomalies).
Data categories: Health data from Apple Health (Activity Summary, Daily Flights Climbed Samples, Daily Step Count Samples, Active Energy Burned, Sleep start and end times). Self-reported sleep and activity norms.
Collection: This data is collected automatically when we have your Apple Health permissions. You provide us with sleep and activity norm information when you start using the App.
Purpose: To analyse our App performance via Google Analytics 4 Firebase, and improve it.
Data categories: Device and App Identifier Data, Approximate geolocation, session statistics, basic app usage data, conversion events, app engagement and retention, app stability metrics.
Collection: Collected automatically by GA4F. GA4F has no access to your health data or personal information such as name or email.
Purpose: To provide you with customer support.
Data categories: Email Address, Name, contents of communication.
Collection: We see and use this information when you contact Knose support to get help with your account.
Purpose: Knose AI Chatbot
The Knose AI chatbot supports you in understanding your health data by analysing the health data collected from Apple Health and sharing the insights with you. The chatbot is powered by Google’s Gemini AI, and your data is stored securely on Google Cloud servers.
How do we use your personal data?
Are my conversations stored somewhere?
No, we do not store contents of your conversation.
2. PERSONAL DATA RETENTION
We keep your Personal Data for as long as your account is active.
If you want to delete your account and the Personal Data associated with it, send us a request at support@knose.health. We will delete your account within one month after receiving the request. It may take up to 90 days in some cases to complete the full erasure of your personal data stored in our backup systems.
To erase the data that is stored on the client in the App, you will simply need to delete the App.
If you choose to deactivate your account or delete the app, your data will not be recoverable if you decide to reinstall the app later, although you will still be able to log in using Face ID.
Please note that we may still retain certain data about you if needed because of applicable legislative requirements, any potential or ongoing dispute resolution, or in order to enforce our rights.
3. YOUR DATA PROTECTION RIGHTS
If you decide to exercise any of the rights you are entitled to under this section, please contact us at support@knose.health.
EEA/UK residents. Individuals residing in the European Economic Area (“EEA”) and the United Kingdom (“UK“) have certain statutory rights in relation to their Personal Data including under the General Data Protection Regulation (Regulation (EU) 2016/679) (“EEA GDPR“) and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 (SI 2020/1586), as may be amended from time to time (“UK GDPR“) (collectively, the “GDPR“), including the rights specified below.
Please keep in mind that in case of a vague request to exercise any of the aforementioned rights, we may ask for more details if needed to complete your request. If this is impossible, we reserve the right to refuse to grant your request.
Following the provisions of the applicable law, we might also ask you to prove your identity in order for you to invoke the mentioned rights. We do so to ensure that no rights of third parties are violated by your request and that the mentioned rights are exercised by an actual data subject or an authorised person.
We will process your request within one month after receiving it. We may extend this period by up to an additional two months where necessary, taking into account the complexity and number of the requests. If we extend the response period, we will let you know as soon as possible. We will not discriminate against you for exercising your rights under the law.
4. SECURITY MEASURES
We use reasonable and appropriate information security safeguards to help keep your personal data secure and in an effort to protect it from accidental loss and unauthorised access, use, alteration, and disclosure.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we take measures to do our best to protect your personal data, we cannot guarantee the security of the collected information transmitted to or through our Services or an absolute guarantee that such information may not be accessed, disclosed, altered, or destroyed. Any transmission of your personal data is at your own risk. We are not responsible for the circumvention of security measures contained in the App.
If you want to report a security incident related to our Services, please contact us at support@knose.health.
5. CHILDREN’S PRIVACY
Our Services are not intended for or directed at children under 18, and we do not knowingly collect or solicit any information from anyone under the age of 18 or knowingly allow any such persons to use our Services (in accordance with the eligibility requirements under our Terms and Conditions).
If you are under 18, do not: (i) use or provide any information in our Services or through any of its features, or (ii) provide any information about yourself to us, including your name, address, telephone number, or email address. If you are a parent or guardian and believe we have collected information from your child who is under the age of 18, please contact us at support@knose.health.
6. SHARING OF YOUR PERSONAL DATA
We may disclose the information we process about you, including your personal data, as follows:
7. CROSS-BORDER DATA TRANSFERS
If you use our Services outside of the United Kingdom, your Personal Data will be stored outside your home country, including in the United Kingdom, for the purposes described in this Policy. The privacy protections and the rights of authorities to access your personal information in such countries may not be equivalent to those of your home country.
8. CONTACT US
If you have any questions about this Privacy Policy, please contact us via email at support@knose.health.
9. CHANGES TO OUR PRIVACY POLICY
The date this Privacy Policy was last reviewed is indicated at the top of the page. We may modify or update this Privacy Policy from time to time. Some changes do not require your consent or notification: for example, when we make changes for the sake of transparency, when we add a new purpose of processing that is compatible with the existing purposes, or a new processing activity that falls under the users’ reasonable expectations. However, if the changes made may pose a risk to your rights and freedoms (for example, by including a new purpose of processing that is not compatible with the existing purposes of processing, a new legal basis, or a new category of personal data to be collected or a new data subject, all of which are not reasonably expected by the users), we will ask for your consent to those changes separately from this Privacy Policy. If you did not receive a request for your consent to the changes or refused to give consent, those changes will not apply to you. This can negatively affect some of our Services provided to you if those Services inevitably require consent to the changes.