SymbAIo Inc.

1. Introduction and Scope

SymbAIo Inc. ("Company," "we," "us," "our," or "SymbAIo") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process your personal information in connection with our products and services, including our iMpatient™ health and biomarker application and K@te™ AI companion application for survivors of psychological violence (collectively, the "Services").

This Privacy Policy applies to all individuals who access or use our Services, including users, healthcare providers, and other stakeholders. Our registered address is 1401 Pennsylvania Ave Suite 105, Wilmington, DE 19806. Our head office is located in Los Angeles, California. For more information, visit www.symbaio.io.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not access or use our Services.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

Name, email address, and phone number
Account login credentials and authentication information
Date of birth and demographic information
Medical and health history, including self-reported health conditions
Profile information and preferences
Billing and payment information

2.2 Biomarker Data

Our iMpatient™ application collects and processes sensitive biomarker data including, but not limited to:

Heart rate variability and cardiac metrics
Sleep patterns and sleep quality data
Physical activity and movement data
Stress and emotional state indicators
Blood pressure, oxygen saturation, and other vital signs
Genetic or genomic information (if provided)

2.3 Wearable Device Data

When you connect wearable devices to our Services, we collect and process data transmitted by these devices, including real-time health metrics, activity logs, and biometric information from compatible wearable platforms and health integrations.

2.4 Usage Data and Analytics

We automatically collect information about your use of our Services, including:

Interaction patterns with the iMpatient™ and K@te™ applications
Features accessed and time spent on various sections
Clicks, page views, and navigation behavior
API call frequency and endpoint usage
Error logs and troubleshooting information

2.5 Device Information

We collect technical information about devices used to access our Services:

Device type, operating system, and version
Browser type and version
IP address and location information
Mobile device identifiers
Crash reports and system diagnostics

2.6 Communication Data

When you communicate with us through support channels, we collect:

Support tickets and customer service communications
Feedback, survey responses, and user inquiries
Content of emails and messages sent to our support team

3. How We Use Your Information

We process your information for the following purposes:

Providing and improving our Services
Delivering personalized health insights and recommendations
Generating biomarker reports and health analytics
Providing customer support and technical assistance
Sending service-related announcements and updates
Conducting research, product development, and quality improvement
Complying with legal obligations and regulatory requirements
Preventing fraud, abuse, and unauthorized access
Enforcing our Terms of Service and other agreements
Analyzing usage patterns to enhance user experience

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal information on the following legal bases under the General Data Protection Regulation (GDPR):

4.1 Consent

We process personal information based on your explicit consent, which you may withdraw at any time by contacting us at [email protected].

4.2 Contract Performance

We process information necessary to provide our Services and fulfill your account requirements.

4.3 Legal Obligation

We process information to comply with applicable laws, regulations, and legal requests.

4.4 Legitimate Interest

We process information for our legitimate interests, including improving our Services, preventing fraud, and protecting our users and business.

5. How We Share Your Information

5.1 Service Providers

We share information with third-party service providers who assist us in operating our Services, including cloud infrastructure providers, payment processors, and analytics providers. These providers are contractually obligated to use your information only for the purposes we specify and to maintain confidentiality.

5.2 Claude API and AI Processing

Our K@te™ application utilizes the Claude API provided by Anthropic to deliver AI-powered companion services. We may share relevant information with Claude API to generate personalized responses. Claude API processes information in accordance with Anthropic's privacy practices. Please review Anthropic's privacy policy at https://www.anthropic.com/privacy.

5.3 Wearable Device Integrations

To provide biomarker and health analytics, we integrate with wearable device platforms and health data providers. Information is shared with these platforms as necessary to retrieve and synchronize health data. Your health data remains subject to the privacy policies of the respective wearable device providers.

5.4 Legal Compliance

We may disclose your information when required by law, court order, or government authority, or when we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the rights of others.

5.5 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of such changes and provide you with choices regarding your information.

6. Data Retention

We retain personal information for as long as necessary to provide our Services, fulfill our contractual obligations, and comply with legal requirements. Specifically:

Account information is retained while your account is active and for a reasonable period thereafter
Biomarker and health data is retained according to your account settings and applicable regulations
Usage and analytics data is typically retained for 24 months
Legal and compliance records are retained for the period required by law

You may request deletion of your data subject to legal and contractual obligations. We will retain anonymized or aggregated data indefinitely for research and improvement purposes.

7. Your Rights

7.1 GDPR Rights (EEA Residents)

If you are a resident of the EEA, you have the following rights under the GDPR:

Right of access: Request access to the personal information we hold about you
Right to rectification: Request correction of inaccurate or incomplete information
Right to erasure: Request deletion of your personal information
Right to restrict processing: Request limitations on how we process your information
Right to data portability: Request a copy of your information in a portable format
Right to object: Object to processing of your information
Right not to be subject to automated decision-making: Request human review of certain decisions

To exercise these rights, contact us at [email protected] with your request and proof of identity.

7.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to know: Request information about the categories and sources of personal information we collect
Right to delete: Request deletion of personal information we have collected
Right to opt-out: Opt out of the sale or sharing of your personal information
Right to correct: Request correction of inaccurate personal information
Right to limit use and disclosure: Request limitation of how we use your information

California residents may submit requests via email at [email protected] or through our website. We will respond to verified requests within 45 days, or the timeframe specified by law.

7.3 General Rights

All users may opt out of promotional communications by clicking the unsubscribe link in our emails or by contacting us directly. You may also update your account preferences at any time.

8. International Data Transfers

SymbAIo Inc. is based in the United States. When you use our Services, your information may be transferred to, stored in, and processed in the United States and other countries where we operate. These countries may not offer the same level of data protection as your home country.

For EEA residents, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission. By using our Services, you consent to the transfer of your information to countries outside the EEA as described in this Privacy Policy.

9. Children's Privacy

Our Services are not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete such information and terminate the child's account.

For users between 13 and 18, we provide enhanced privacy protections and limit the processing of personal information. Parents or guardians of minors using our Services may contact us to request access to or deletion of their child's information.

10. Security Measures

We implement comprehensive technical, administrative, and organizational security measures to protect your information against unauthorized access, disclosure, alteration, and destruction. Our security practices include:

Encryption of data in transit using TLS/SSL protocols
Encryption of sensitive data at rest using industry-standard algorithms
Access controls and multi-factor authentication
Regular security audits and vulnerability assessments
Employee training on data protection and privacy
Incident response procedures and breach notification protocols
Compliance with HIPAA and other applicable security standards

While we employ robust security measures, no system is completely secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the revised policy on our website and updating the "Effective Date" at the top of this document.

Your continued use of our Services after such modifications constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your information.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

SymbAIo Inc.
Privacy Team
Email: [email protected]

Head Office:
145 S. Fairfax Ave
Los Angeles, CA 90036
United States

Registered Address:
1401 Pennsylvania Ave Suite 105
Wilmington, DE 19806
United States

Website: www.symbaio.io

For EEA residents with unresolved concerns, you may file a complaint with your local data protection authority.