Effective Date: 01 August 2025
At AiCenna (“we,” “our,” or “us”), your privacy is a priority. This Privacy Policy outlines how we collect, use, share, and protect your personal information in compliance with applicable privacy regulations, including HIPAA (U.S.), CCPA (U.S.), and GDPR (EU).
1. Information We Collect
We may collect the following types of data when you use our services:
• Personal Information: Name, email address, account credentials.
• Health & Biosensing Data: Data from sensors, wearables, and other connected devices.
• Genomic Data: DNA and methylation data you voluntarily provide.
• Technical Data: IP address, browser type, device identifiers, and usage logs.
2. Legal Bases for Processing (GDPR)
We process personal data under one or more of the following legal bases:
• Consent: For example, when you connect wearable or genomic data.
• Contractual Necessity: To provide services you request.
• Legitimate Interest: To improve, secure, and optimize our platform.
• Legal Obligation: To comply with applicable laws and regulations.
3. HIPAA Compliance (U.S. Users)
For users in the United States, we comply with the Health Insurance Portability and Accountability Act (HIPAA):
• We implement administrative, physical, and technical safeguards to protect your Protected Health Information (PHI).
• We enter Business Associate Agreements (BAAs) when working with healthcare providers.
• PHI is encrypted, access-controlled, and shared only with authorized parties.
4. How We Use Your Data
We use your data to:
• Deliver personalized AI health insights and digital twin simulations.
• Provide tailored health and wellness recommendations.
• Conduct research and development (R&D) using anonymized or de-identified data only.
• Fulfill legal, regulatory, and compliance obligations.
5. Data Sharing
We do not sell your personal data. We may share your data only in the following circumstances:
• With your explicit consent: For example, with authorized healthcare providers.
• With trusted service providers: Including cloud hosting, analytics, and AI infrastructure, under strict confidentiality agreements.
• With regulators: When required by law or to comply with legal processes.
6. Your Rights
You have rights regarding your personal data, which may vary depending on your jurisdiction:
• Access & Correction: You may request access to or correction of your data.
• Deletion: You may request deletion, subject to legal and medical record-keeping requirements.
• Portability: You may request a copy of your data in a machine-readable format.
• Withdraw Consent: You may opt out of non-essential data processing at any time.
EU Residents: To exercise your rights under the GDPR, email us at: info@aicenna.com
7. Data Security
We implement strong security measures, including:
• Encryption of data both in transit and at rest.
• Role-based access controls and detailed audit logs.
• Continuous monitoring and regular vulnerability assessments.
8. International Data Transfers
Your data may be processed in the United States, United Arab Emirates (UAE), and Pakistan.
We rely on Standard Contractual Clauses (SCCs) and other lawful safeguards to ensure adequate protection for data transferred outside the EU/EEA.
9. Children’s Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect data from minors.
10. Updates to This Policy
We may update this Privacy Policy periodically. When we do, we will revise the “Last Updated” date at the top of the page. Continued use of our services after changes indicates your acceptance of the updated policy.
11. Contact Us
For questions, concerns, or to exercise your privacy rights, please contact:
Email: info@aicenna.com