This Evolwe Privacy Policy ("Privacy Policy") describes how Evolwe Technologies Private Ltd. (collectively "Evolwe", "we", "our" or "us") collect, use and share your Personal Data when you use and access our website, mobile sites ("Sites"), and Evolwe application ("App") to show information integrated from Evolwe Ring ("Product") to measure your performance and health, offered by us (collectively, the "Services"). This Privacy Notice also gives information about the rights and options you have to control your personal information. By accessing or using the Evolwe Ring, website and services, you agree and consent to be bound by this Privacy Policy.
We take your privacy seriously and want you to understand how your personal data is dealt. This Privacy Policy does not cover the practise of companies or people that we do not own, control or manage. We are not responsible for the policies and practise of any third parties, and we do not control, operate, or endorse any information, products or services that may be offered by third parties or accessible on or through the Services. For clarity, we are responsible for the data protection practise of our data processors (i.e, those processing Personal Data of which we are the controllers in relation to the Services) in accordance with the data protection laws applicable to the jurisdiction in which you reside.
This Privacy Notice will give you information about:
We may collect the following types of Personal Data:
We collect your contact details, including your first and last name, email address, mailing address, and phone number, so that we can identify you, communicate with you, and provide relevant support or services. In addition, we collect your profile information such as the username and password you create when setting up your Evolwe account which allows us to establish your login credentials, authenticate your identity, and provide secure access to your account features.
Communication that we exchange with you, including when you contact us email, web app, or mobile app with questions, feedback or reviews.
We collect wellness-related information to help understand your physiological patterns and personalised your experience with our Services. This includes metrics such as resting, active and continuous heart rate, heart rate variability, skin temperature, ECG (electrocardiogram), Blood pressure trends, Sleep stages (REM, deep, light), sleep time, interruptions, Stress index, Recovery/readiness scores, Activity (steps, calories, movement patterns), Circadian rhythm analytics, Illness-risk indicators, Restorative time metrics.
We collect device data, such as your computer or mobile device operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purpose), language settings, mobile device carrier, radio/network information. We also gather technical data that helps us maintain and improve our Services, including diagnostic logs, performance metrics, crash reports, and identifiers associated with nearby or connected Bluetooth-enabled devices to ensure stable pairing and functionality.
We collect data, such as pages or screens you view, how long you spend on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access time, and duration of access.
We collect general location information derived from your IP address. If you choose to grant permission, we may also collect your precise location to provide features such as local weather insights and to enable background Bluetooth functionality on Android devices.
We may also use third-party service providers to collect and process analytics and other information on our Website or Services. These third-party service providers may use cookies, pixel tags, web beacons or other storage technology to collect and store analytics and other information. They have their own privacy addressing how they use the analytics and other information and we do not have access to, nor control over, third parties' use of cookies or other tracking technologies.
When you purchase a product or a subscription, we will collect transaction information. We use third-party payment providers to process payments on the Products and Services. We may receive information associated with your payment information, such as billing address, shipping address and transactional information, but we do not directly store payment information such as your debit/credit card information or bank account information with us.
We use cookies and other technologies to automatically collect information through the Website or Services. (Please note there are no cookies on the App). These technologies are essentially small data files placed on your devices that allow us and our partners to record certain pieces of information whenever you visit or interact with our Service. For more information how cookies work, please go through a dedicated Cookie Policy on our Website.
We use your information only for the purposes you have been informed of and agreed to. We do not process your data in any manner that strays from these purposes, nor do we collect anything that isn't necessary to fulfil them. For any new purpose, we will request your explicit consent before doing so.
We do not sell your personal information. We do not share your personal information with third parties for them to market or advertise their product to you.
We collect only such information that is strictly needed for the below mentioned purpose.
Your Data is a vital part of our business and we aim to not disclose/share or sell any data to any third parties for their own marketing, advertising or commercial purpose. You data is shared only with trusted service providers who help us operate, secure and improve our Services. These partners are contractually required to protect your information and use it solely for the purpose we specify.
Here is how we share data with them:
You agree that information collected may be stored and processed in any country including United States, where we rent servers, or where we or our affiliates, subsidiaries, or agents maintain facilities in order to provide Products and Services, and by accessing, registering for, or using the Products and Services, you consent to any such transfer of Information.
We may transfer your information to third-parties acting on our behalf, for the purposes of storage such as AWS in the United States.
You authorise us to transfer, store, and use your information in any country where we operate. For citizens of EU/EAA, if we transfer, store and use your information outside EU/EAA to a country that does not have an adequacy decision, such transfer take place on the basis of European Commission's Standard Contractual Clauses (SCCs). We implement additional security and organizational measures where required and ensure that our processors and sub-processors offer GDPR equivalent protection.
We like to inform you that our systems are protected using AES-256 encryption for data at rest and TLS 1.2/1.3 encryption for data in transit, ensuring that your information stays secure whether stored or being transmitted. We use AWS Key Management Service (KMS) for secure and compliant key management, and enforce strict IAM role-based access controls so that only authorised personnel can access specific resources.
We take complete measures to safeguard you and our Platform, Products and Services from unauthorised access, alteration, disclosure, or destruction of Information we hold, including: a) Use of encryption to keep your information private while in transit; b) Timely review of our information collection, storage, and processing practices, including physical security measures, to prevent unauthorised access to our systems.
However, we cannot guarantee absolute security as no method of protection and transmission of information is completely secure. Therefore, while we strive to protect your information, you agree and acknowledge that (i) there are security and privacy limitations of the internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Platform cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite our best efforts.
We retain Personal Data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy or as required under applicable law (including tax, legal, accounting, or regulatory obligations). Account-related information is retained until the account is deleted. Once an account is deleted, we retain system backups for up to 90 days, after which the data is automatically overwritten as part of our routine backup cycle.
Any health-related data is deleted immediately upon account deletion and is not used or retained beyond that point, except to the limited extent it may remain in system backups until the end of the 90-day backup-retention period, after which it is permanently removed.
We follow your instructions about your information we hold. You may request details of your information collected by us, request reasons for collection, correct your information, request deletion of your information, request restricted processing of your information, the category of entities with whom we have shared it and the reason for any disclosures, request a portable copy of the information you have provided, object to processing of your information, such as for direct marketing, and where we obtain your consent, you may withdraw such consent at any time.
If you are located in the European Union or the United Kingdom, you have specific rights under the GDPR and UK GDPR. You have the right to access your Personal Data and receive information about how we process it, the right to request rectification of inaccurate or incomplete data, and the right to request erasure of your data where it is no longer required or where you withdraw your consent. You have the right to restrict processing in certain circumstances, including when you contest the accuracy of your data or when processing is unlawful. You have the right to data portability, allowing you to obtain your Personal Data in a structured, commonly used, machine-readable format and to request that we transfer it to another controller where technically feasible. You have the right to object to processing based on our legitimate interests and to object at any time to processing for direct marketing purposes. Where processing is based on consent, you have the right to withdraw such consent at any time. You also have the right not to be subject to automated decision-making that produces legal or similarly significant effects. Finally, you have the right to lodge a complaint with your local data protection authority, including the Information Commissioner's Office (ICO) in the United Kingdom.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the CPRA. You have the right to know what categories of Personal Information we collect, use, and disclose, and the right to request access to the specific data we hold about you. You have the right to request deletion of your Personal Information, subject to certain legal exceptions, as well as the right to request correction of any inaccurate data. You have the right to opt out of the sale or sharing of your Personal Information; however, we do not sell Personal Information. You also have the right to exercise these rights without facing any discrimination for doing so, including no denial of services, price changes, or reduced quality because you exercised your privacy rights.
The Services are not intended for individuals under the age of 16, and we do not knowingly collect or process Personal Data from anyone under 16 without verifiable parental consent. If we become aware that we have collected Personal Data from a minor without such consent, we promptly delete the data and take reasonable steps to remove it from our systems. If you believe that a minor under 16 has provided us with Personal Data without parental authorization, please contact us at Support: support@evolwe.com or privacy@evolwe.com so we can address the issue.
We do not provide medical care or advise and are thus not a Covered Entity under HIPAA (US Health Insurance Portability and Accountability Act) ("HIPAA"). However, in respect of the health data of Our US-based customer, we strive to comply with all of the requirements as per HIPAA.
To resolve any complaints, or if you have questions regarding this policy, please contact us as, privacy@evolwe.com. In the event we do not address your grievance, you may approach the Data Protection Board of India to make a complaint.
Evolwe may from time to time update this policy. The date of issue will be indicated by the date on the top of this policy. Changes in technology, legislation and authorities' guidance may require us to inform you if changes in policy affects your Privacy, we will do so by sending you email, for the same.