Privacy Policy

Welcome to Calmara, your privacy-centric wellness platform provided by HeHealth Inc. Calmara prioritizes your privacy while providing insightful wellness guidance. Your personal data is yours alone — we don’t market or sell your personal data and we never will. That’s a promise.
‍
This policy explains what data, including personal data, we collect from and about you when you visit the Calmara website at calmara.ai (Website) and when you use the Calmara web app (App).

Our handling of your data is governed by principles that ensure anonymity and prioritize security. We appreciate there’s a lot of detail in this policy, but it’s important that you read this policy to ensure you’re fully informed about how we use your personal data and to be aware of your rights.

No Children Allowed

Calmara services are strictly for individuals who are 18 years of age or older. Our services are not designed for, targeted at, nor intended to be used by children under the age of eighteen (18) years. We do not knowingly collect information from minors and will take immediate steps to remove such data if identified. In keeping with this commitment:

1. Use by Legal Adults Only: The Calmara service is available exclusively to individuals who are considered legal adults in their respective jurisdictions, typically those who are eighteen (18) years of age or older. By submitting images or any data to our service, users affirm that they meet this age requirement.
2. Responsibility to Prevent Underage Use: Both users and parents or legal guardians share the responsibility of ensuring that minors do not access or use the Calmara service. While Calmara is dedicated to not knowingly collecting information from individuals under eighteen (18) years of age, the primary responsibility for monitoring and controlling internet use among minors rests with their parents or legal guardians. In the event that a minor’s use of our service comes to your attention, we strongly encourage you to contact us immediately at support@calmara.ai, allowing us to take the necessary steps to address the issue promptly.

Account Creation & Deletion

Starting April 24, 2024, Calmara will transition to a fully paid service. To access Calmara's services, users must create an account using their email address, which facilitates secure and personalized access to our services:

1. Account Creation & Authentication: We use your email for all future logins, ensuring a secure and password-free entry into your account. It is vital to provide an accurate email address as there is no recovery option for accounts created with incorrect emails, reflecting our commitment to protect your privacy.
2. Encouraged Use of Privacy Services: We support and recommend the use of third-party 'Hide my email' services that allow you to use a masked email address. These services enhance your privacy by shielding your actual email address while ensuring you still receive all critical communications from us.
3. Permanent Account Deletion: Users can delete their account at any time. Upon deletion, all associated data is permanently removed from our systems, and recovery is not possible.

The Personal Data We Collect

When we talk about ‘personal data’, we mean any data that identifies or can be used to identify you. This doesn’t include data where your identity has been removed (anonymous data). The types of personal data collected by and about you through our Website and App include:

1. Account Information: Your email address used during the account setup. To enhance your privacy, we recommend using third-party “Hide my email” services, allowing you to keep your actual email address confidential.
2. Images: Calmara provides wellness insights using your submitted images. Images are immediately deleted after processing. For your privacy, please refrain from submitting images that could reveal your identity.
3. Transactions Data: Calmara does not store or have access to your credit or debit card details when you subscribe for any paid services. This is done by our payment partner, Stripe. However, we can see transaction records.
4. User Behaviors: We track how you use our Service, including your navigation and interaction patterns. This helps us understand your needs better and improve our services accordingly. All user behavior data collected is handled with the utmost respect for privacy, employing techniques to anonymize and aggregate data to ensure it cannot be traced back to any individual.
5. Survey/Feedback Data: We collect feedback to understand user satisfaction and areas for improvement. This data helps us enhance our services and ensure they meet your needs. When you provide us feedback in a survey, you choose to provide us additional Personal Data through the survey.
6. Communications data: This includes any emails that you send to us and any interactions we may have with you through our social media channels.

The Personal Data We Don't Collect

We do not collect Protected Health Information (PHI): PHI is a term more specific and is used within the healthcare industry, especially in contexts governed by health privacy laws like the Health Insurance Portability and Accountability Act (HIPAA) in the United States. PHI refers to any information about health status, provision of healthcare, or payment for healthcare that can be linked to an individual, along with any part of an individual’s medical record or payment history. Our focus is on providing wellness insights without delving into personal health information that falls under regulated categories.

Where We Get Your Personal Data From

Your personal data is collected directly from you as you use our Website or App.

Data Processing & Immediate Deletion

Calmara adheres to strict privacy protocols:

1. Immediate Deletion of Images: Following the automated analysis to generate wellness insights, submitted images are directly and permanently deleted from our systems. This deletion process is immediate.
2. Security During Processing: All data are protected with robust security measures to prevent unauthorized access or leaks.
3. Scan History Data Retention: Users can view the high-level results of their scan history and rename each scans. However, due to our immediate deletion measures, you will not be able to retrieve detailed scan results.
4. Scan History Data Deletion: Users have the right to delete any scan history. It is important to note that deleting past cases does not restore or refund any used scans from the user's purchased plan.

Payment Processing

All payments are securely processed through Stripe. To maximize security, our trusted payment processor, Stripe, directly manages your payment details, which are never stored on Calmara’s systems.

What We Use Your Personal Data For

We use your personal data to:

1. Deliver and enhance the service.
2. Respond to your queries and support needs.
3. Comply with legal obligations.

Who We Share Your Personal Data With

At Calmara, we are committed to your privacy: we don’t sell your personal data and we never will.

The data we share is restricted and is carefully managed to ensure your privacy is maintained. Below is a detailed description of who can access your personal data and what specific data they have access to:

• Our Staff: Access to personal data is granted to designated personnel, such as researchers, doctors, developers, marketers, and support staff, who are explicitly authorized based on their job requirements. They may access certain aspects of your data to effectively perform their roles. This includes:

  • Account Information: To manage user accounts and provide support.
  • User Behaviors: To understand user interaction with our services for enhancement, such as app navigation paths, feature usage, and time spent on the app.
  • Survey/Feedback Data: To improve our service offerings based on your feedback.
  • Communications Data: To respond to your inquiries and engage with you effectively.
  • Transaction Data: For managing transactions and addressing any related issues, such as payment discrepancies or refunds.

  All staff are bound by strict confidentiality and data protection obligations to ensure your data is handled securely. We conduct regular audits to ensure that access to personal data is strictly necessary and limited to authorized personnel.

• Technical Service Providers: We collaborate with trusted technical partners who help maintain and operate our platform, ensuring smooth service delivery. These partners only have access to data necessary for performing their specific functions and are contractually obligated to handle it securely. They may access:

  • User Behaviors: To analyze service usage patterns.
  • Communications Data: Managed to facilitate effective user support and engagement. It’s important to note that when you communicate with us via email or other communication platforms, these platforms may also have access to the information you share. We utilize secure platforms for these communications, but it's crucial to be aware that the security and privacy practices of these third-party platforms also play a role in protecting your data.

  Please note that all transaction processing is managed directly by Stripe, our payment partner, ensuring that your payment data remains secure and inaccessible to other third parties.

• Regulatory Authorities: In rare instances where we are legally required to share personal data, we do so in accordance with the law. We carefully consider each request to ensure that any disclosure is necessary and that your rights are prioritized. Should we face a legal request or court order to disclose personal data, we will seek legal counsel to protect your rights and interests to the fullest extent possible before any disclosure.

How Long We Keep Your Data For

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.

‍Account-Linked Data: While you maintain an account with us, we retain personal data linked to your account. Should you choose to close your account, all personal data associated with it will be immediately and permanently deleted from our systems. This action is irreversible, and data cannot be recovered once your account is deleted.

‍Non-Identifiable Data: Data that does not directly identify you may be kept indefinitely for analytics and product improvement purposes.

‍Data Deletion Requests: If you wish to have your data deleted prior to closing your account, or if you have specific queries regarding our data retention practices, please contact our support team at support@calmara.ai.

Protecting Your Personal Data

We’ve put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We also limit access to your personal data to those of our staff and technical service providers that have a need to access it (based on the principle of ‘least privilege’). They’ll only use your personal data based on our instructions and are required to keep your personal data confidential. Contact us at support@calmara.ai if you believe your data's security has been compromised.

Policy Updates & Contact Information

We periodically review and update our Privacy Policy to reflect enhancements in our practices. We encourage you to review our Privacy Policy periodically to stay informed about how we protect your personal data. Any significant changes will be communicated through our platform to keep you informed.

Should you have inquiries regarding our privacy practices, please reach out to us at support@calmara.ai.