PodoHealth Privacy Policy

Last Updated: December 23, 2025

1. Scope and Controller

This Privacy Policy governs your use of the PodoHealth website and application (the “Product”). Depending on your location, PodoHealth complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Australian Privacy Act 1988 (including the Australian Privacy Principles).

The controller of your personal data is PodoHealth Inc. (support@podohealth.co).

2. Categories of Data Collected

2.1. Voluntary Data (Directly Provided)

  • Profile Data: Name, email address, and date of birth (to ensure users are 18+ ).
  • Health & Wellness Data (Sensitive Information): Dietary habits, activity levels, and wellness concerns collected via surveys. For Australian and EU users, we treat this as "Sensitive Information" requiring explicit consent.

2.2. Automated Data

  • Device & Usage: IP address, device type, hardware ID, and interaction logs (features used, time spent).
  • Tracking Technologies: Cookies, IDFA (Apple), or AAID (Google) to distinguish users and personalize services.

3. Legal Basis for Processing

We process your data based on:

  • Consent: For marketing and processing sensitive health data.
  • Contractual Necessity: To provide personalized assessments and support.
  • Legitimate Interests: To improve product features, prevent fraud, and conduct research.
  • Legal Obligation: To comply with tax, security, or regulatory requests.

4. Regional Privacy Rights

4.1. EU/UK (GDPR)

You have the right to access, rectify, or erase your data, and to withdraw consent at any time. If we transfer data outside the EEA, we use Standard Contractual Clauses (SCCs).

4.2. USA - California (CCPA/Shine the Light)

California residents may request a list of third parties to whom we disclosed personal data for marketing purposes in the last 12 months (free once a year). We do not "sell" your sensitive health data to third parties.

4.3. Australia (Privacy Act 1988)

In accordance with the Australian Privacy Principles (APP), we ensure that:

  • Sensitive information is only collected with consent and where necessary for our functions.
  • You may remain anonymous or use a pseudonym where practicable (though some services may be restricted).
  • You have a clear path to lodge complaints regarding privacy breaches via support@podohealth.co.

5. Data Sharing and Third Parties

We share data with trusted service providers for:

  • Infrastructure: Cloud storage (Google Cloud/AWS).
  • Analytics: Improving user experience (Amplitude/Google Analytics).
  • Integration: With your consent, syncing with Apple HealthKit or Google Health Connect.

6. Data Retention and Security

We retain data only as long as necessary for the purposes outlined or to comply with anti-money laundering and legal obligations. We use industry-standard encryption (SSL) and pseudonymization to protect your information.

7. Children’s Privacy

Our Product is not intended for children under 18. We do not knowingly collect data from minors and will delete such information immediately upon discovery.

8. Contact and Complaints

For questions or to exercise your rights, contact us at support@podohealth.co. Australian users may also contact the Office of the Australian Information Commissioner (OAIC) if their complaint is not resolved.