Legal & Compliance

Sahha End User Privacy Policy

Overview

At Sahha, your privacy and the security of your health data are of utmost importance to us. One of our foundational principles is transparency, and through this End User Privacy Policy (“Policy”), we aim to clearly explain how Sahha Pty Ltd. (“Sahha,” “we,” “our,” and “us”) collects, uses, shares, and processes your data. When you (“the end user”) use Sahhaʼs platform to connect your wearables and other health devices (collectively “wearables”) to applications (“apps”), these apps are built by our customers (“developers”) and leverage Sahha's technology. By integrating with Sahha, developers can easily include your wearable data into their apps.

This Policy applies to Sahha Pty Ltd. and any affiliates or subsidiaries. It does not cover how developers of connected apps (“apps you have connected wearables to using Sahha”) use, share, or process your data. We encourage you to review the privacy policies and terms of service of any connected apps to understand how your data is ultimately used, stored, and protected. This Policy also does not include data we collect when you visit our website or interact with Sahha outside of using our products or services. For more information, please see the privacy section of our website at sahha.ai/privacy . We encourage you to read this Policy carefully to understand how we handle your data and your privacy rights.


Data Collection

Sahha collects personal information about you from various sources to provide and improve our services. We have categorized these sources as follows:

Data You Provide to Us:

This refers to information that you provide directly when using our services. We may collect the following types of data:

  • Authentication Data : Data required to help verify your identity and connected accounts.
    When you provide this information to connect apps to your wearables using Sahha, you give us permission to access and transfer your data to and from the relevant wearable or health data provider that holds your wearable or health data account (“wearable partners”).

Data from Wearable and Health Data Partners:

This refers to information collected from wearable and health data partners when you connect your wearable or health data account using Sahha. We may collect the following types of data from these sources:

  • Identifiers : Data that uniquely identifies you, such as your gender, age, and date of birth.
  • Authentication Data : Information needed to verify your identity and connected accounts, such as an access token.
  • Account Data : Information about your account with a wearable or health data provider, such as the name of your wearable account provider and your wearable account user ID.
  • Health Device Data : Information about the wearable or health device you connect to an app using Sahha, such as brand, model, serial number, firmware version, and software version.
  • Activity Data : Information about your physical activity and workouts, such as activity duration, calories burned, distance travelled, energy burned, strain, and heart rate.
  • Body Data : Information about your body composition, such as blood pressure, blood glucose, height, weight, body fat, and oxygen saturation.
  • Menstruation Data : Information about your menstrual cycle if applicable to you, such as period length, current day in cycle, cycle length, and current phase.
  • Nutrition Data : Information about your diet and food consumption, including calories consumed, macronutrients (carbohydrates, fats, and proteins), micronutrients (iron, magnesium, potassium), and meal types.
  • Sleep Data : Information collected while you are asleep, resting, or in bed, such as sleep start time, sleep end time, heart rate, heart rate variability, body temperature variation, and respiratory rate.

Data from Electronic Devices:

This refers to information collected from the electronic devices you use to connect your wearables to the apps you are using. We may collect the following types of data:

  • Identifiers : Data that identifies you, such as your gender, age, and date of birth.
  • Account Data : Information about your account with a wearable or health data provider, such as the name of your wearable account provider and your wearable account user ID.
  • Health Device Data : Information about the wearable or health device you connect to an app using Sahha, such as brand, model, serial number, firmware version, and software version.
  • Activity Data : Information about your physical activity and workouts, such as activity duration, calories burned, distance traveled, energy burned, strain, and heart rate.
  • Body Data : Information about your body composition, such as blood pressure, blood glucose, height, weight, body fat, and oxygen saturation.
  • Menstruation Data : Information about your menstrual cycle if applicable to you, such as period length, current day in cycle, cycle length, and current phase.
  • Nutrition Data : Information about your diet and food consumption, including calories consumed, macronutrients (carbohydrates, fats, and proteins), micronutrients (iron, magnesium, potassium), and meal types.
  • Sleep Data : Information collected while you are asleep, resting, or in bed, such as sleep start time, sleep end time, heart rate, heart rate variability, body temperature variation, and respiratory rate.
  • Other Device Data : Miscellaneous data, such as device name, hardware model, operating system, MAC address, and other technical data about your device.

Data from Developers of Connected Apps:

This refers to data collected directly from the developer(s) of the app you have connected to using Sahha. We may collect the following types of data from this source:

  • Identifiers : Data that identifies you, such as your unique user ID assigned by the developer(s) of the app(s) you have connected to.
  • Authentication Data : Information needed to verify your identity and connected accounts, such as an access token.
  • Account Data : Information about your account with a wearable or health data provider, such as the name of your wearable account provider and your wearable account user ID.
  • Health Device Data : Information about the wearable or health device you connect to an app using Sahha, such as brand, model, serial number, firmware version, and software version.
  • Activity Data : Information about your physical activity and workouts, such as activity duration, calories burned, distance traveled, energy burned, strain, and heart rate.
  • Body Data : Information about your body composition, such as blood pressure, blood glucose, height, weight, body fat, and oxygen saturation.
  • Menstruation Data : Information about your menstrual cycle if applicable to you, such as period length, current day in cycle, cycle length, and current phase.
  • Nutrition Data : Information about your diet and food consumption, including calories consumed, macronutrients (carbohydrates, fats, and proteins), micronutrients (iron, magnesium, potassium), and meal types.
  • Sleep Data : Information collected while you are asleep, resting, or in bed, such as sleep start time, sleep end time, heart rate, heart rate variability, body temperature variation, and respiratory rate.

Data from Google Health Connect:

For users who interact with our service via an Android app and grant us explicit permission, we collect anonymous health data via Google Health Connect. The use of information received from Google Health Connect will adhere to the Health Connect Permissions policy, including the Limited Use requirements .

The health data collected through Google Health Connect will be used to:

  • Provide Personalized Insights : Enhance your experience by offering personalized insights and recommendations based on your health data.
  • Improve App Functionality : Improve the functionality and features of apps to better serve your health and wellness needs.
  • Further Research and Development : Conduct research and development activities to improve our services and develop new health-related features.

Information We Derive from the Data We Collect About You:

This refers to additional data we derive using the information we collect about you. For example, we may use existing information to generate insights about your fitness age, disease risk, weight trends, and mental well-being.


Data Usage

Sahha is committed to using your data in a responsible manner and only for purposes that provide clear value to you and our developers. We handle your information carefully and are committed to helping you understand how we use it. The following describes and categorizes how we use the data we collect:

  1. Deliver Services : To manage, supply, and uphold our service offerings. This includes ensuring that data is properly transmitted between wearables, apps, and developers, and maintaining the integrity and functionality of our platform.
  2. Service Enhancement : To refine, strengthen, and extend our service offerings. We use data to analyze user needs, preferences, and behaviors, helping us to improve our platform and provide more relevant services.
  3. Aid Assistance : To offer assistance to you or developers. This includes helping to resolve queries related to Sahha's services or developers' applications, diagnosing technical issues, and providing customer support.
  4. Product Development : To create new products and services. We use the data we collect to identify gaps, develop new features, and expand our offerings to better serve end users and developers.
  5. Generate Insights : By analyzing the data we've collected, we generate insights. These insights assist connected app developers in offering improved services or enhancing user experiences.
  6. Create Visualizations : With the data we've collected, we create charts and visualizations for our developers to enhance user experiences. These visualizations help provide a clearer understanding of user data and can be used to create tailored health and wellness programs.
  7. Investigating Misuse and Misbehavior : We may examine any improper use of our services or developers' applications, including policy violations, illicit activities, or unauthorized service access. This is to ensure the safety and integrity of our platform.
  8. Consent-Based Usage : Only with your explicit approval, we may use your information for other specified purposes or as directed by you. This may include additional research, new product development, or other initiatives that you have agreed to participate in.
  9. Legal Requirements : To comply with our legal obligations or if otherwise required or authorised by law.

Real-Time Streaming Functionality

Sahhaʼs service offers real-time streaming functionality, allowing your wearable and health data to be transmitted to connected apps instantly upon generation. This feature enables apps to provide you with up-to-date and dynamic insights and allows apps to offer highly personalized user experiences based on your current data. When you use our services and grant permission for an app to access your data, please be aware that your information—potentially including all applicable data types mentioned in the ‘Data Collectionʼ section of this Policy—may be streamed in real-time to connected apps.


Data Sharing

This section of the Policy outlines the categories of third parties with whom we may share your information, giving you a clear understanding of how your data may be disclosed to others. We may share your data with:

  1. Developers of the App(s) You Use : Developers are our customers; they use Sahha to easily integrate many wearables into the apps they built and that you use.
  2. Wearable or Health Data Providers : Providers that you have connected to apps using Sahha may receive your data.
  3. Contractors That Perform Services for Sahha : This includes data analysis, data storage, customer support, marketing, and other essential functions.
  4. Communication Platform Providers : Providers that facilitate communication and data transfer between Sahha's employees and between Sahha and our customers. These platforms may act as intermediaries in the data-sharing process, even if they cannot access the content of the messages directly.
  5. Service Providers : Providers that help Sahha analyze data for business purposes. These platforms may help us track our customersʼ engagement and behavior, identify trends in data, and visualize data.
  6. Cloud Storage Services Providers : Providers that offer remote data storage solutions over the internet that allow us to store, manage, and/or access collected data in a secure and scalable environment.
  7. Software Development Services Providers : Providers that assist with software maintenance, software testing, quality assurance, and application support, among other things.
  8. Sahha Group Entities and Subsidiaries : Entities and/or subsidiaries that are wholly owned by Sahha Pty Ltd.
  9. Third Parties to Comply with Relevant Laws : We may share data to respond to subpoenas or warrants served on Sahha, protect or defend the rights or property of Sahha or users of the services, or investigate or assist in preventing any violation or potential violation of the law, this End User Privacy Policy, or our Terms of Service. This includes law enforcement or other governmental authorities.

Corporate Restructuring

We may share some or all of your data in connection with or during the negotiation of any merger, financing, acquisition, dissolution, transaction, or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of insolvency, bankruptcy, or receivership, data may also be transferred as a business asset. If another company acquires Sahha, our business, or assets, that company will possess the data collected by us and will assume the rights and obligations regarding your data described in this End User Privacy Policy.


Data Retention and Deletion

This section covers our retention and deletion practices, designed to reduce data retention periods to the minimum required time to deliver our services to our customers successfully:

To offer our services, itʼs necessary for us to retain your data.
If an app you have connected your wearable(s) to using Sahha ceases to be a customer of Sahha, your data will normally be deleted.
If the connection between your wearable(s) and the app you use is terminated by the appʼs developers, through your instruction or otherwise, all your data stored by us will usually be immediately deleted. Exceptions to this normality include but are not limited to:

  • There is a functioning connection established by Sahha between your wearable(s) and another app;
  • The law compels Sahha to keep your data;
  • Separately from the acceptance of this policy, you grant us permission to retain your data for longer than six months;
  • Fulfil the purposes for which it was collected and any other purposes set out in this Privacy Policy;
  • Any additional purposes notified to you at or before the time of collection of the relevant personal information; or
  • We need your data to aid our anti-fraud efforts or investigations into misuse and misconduct.

When retention of personal information is no longer required for legal, compliance, or other business purposes, we will use reasonable measures to ensure the personal information is either securely deleted, destroyed, or anonymised.
You may request deletion of your personal information, which we will comply with subject to certain exceptions (such as complying with our legal obligations).


Protection of Data

Sahha is committed to protecting the security of your data. We use a variety of security technologies and procedures to help protect your data from unauthorized access, use, or disclosure. We do not use or store your data in non-production systems or environments. This means your data is not used or stored using technology not meant for live use of our services, such as systems or environments used for testing, staging, and development. No method of transmission over the internet, or method of electronic storage, is 100% secure, however. Therefore, while Sahha uses reasonable efforts to protect your data, we cannot guarantee its absolute security.

Some of the security measures we implement include:

  • Use reputable cloud hosting providers to host personal information;
  • Passwords and access control procedures, anti-virus, firewall and security controls for email and other applicable computer software and systems;
  • Maintain files, in both hard-copy and electronic form, at our offices and other access-controlled premises;
  • Operate online records management systems on secure networks;
  • Regularly perform security testing;
  • Maintain physical security measures in our buildings and offices such as visitor access management, cabinet locks, surveillance systems and alarms to ensure the security of information systems (electronic or otherwise);
  • Require our employees, agents, and contractors to comply with privacy and confidentiality provisions in their employment and subcontractor agreements that we enter into with them;
  • Use SSL encryption on our systems;
  • Have data backup archiving and disaster recovery processes in place;
  • If appropriate in the circumstances, taking into account the state of the art, the costs of implementation, and the nature, scope, content, and purpose of the processing, we will encrypt personal information; and
  • With respect to personal information that we no longer require or where we are otherwise required to destroy it under applicable law, we ensure that such personal information is securely destroyed.

International Data Transfers

Sahha operates globally, and as part of providing our services, we may process your data in multiple jurisdictions, including Australia, the European Union (EU), and the United States of America. By using our services, you understand and agree that your data may be transferred to, processed, and stored in these countries, which may have different data protection laws than those in your country of residence. We will only disclose your personal information overseas in accordance with the applicable laws.


Your Rights and Controlling Your Information

Your choice:

Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to do business with you.

Information from third parties:

If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict and unsubscribe:

To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access:

You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction:

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints:

If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (if you are an Australian resident), or the Office of the New Zealand Privacy Commissioner (if you are a New Zealand resident).


Notice to European End Users

The information provided in this “Notice to European Usersˮ section applies only to individuals in Europe.

  1. Personal Information : References to “personal informationˮ in this End User Privacy Policy are equivalent to “personal dataˮ governed by European data protection legislation.

  2. Role as Processor : Sahha generally processes your personal information on behalf of controllers, and hence Sahha is the processor of your personal information. To the extent that we collect your data directly and determine the purposes and means of the processing of your data, Sahha is the controller.

  3. Data Protection Officer : We have appointed a Data Protection Officer, whose contact information is: support@sahha.ai.

  4. Legal Bases for Processing : We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this End User Privacy Policy are described in the table below.

Data Protection Rights

The following ensures that you are aware of your rights and how you can exercise them. Understanding your data protection rights enables you to make informed decisions about how your personal information is used and managed. We will honor the following rights, subject to limitations of the law. You may:

  • Withdraw the consent you previously provided us with to process your data;
  • Request the update or correction of inaccuracies in your data;
  • Access data collected about you;
  • Request the restriction of processing of your personal data;
  • Object to our reliance on legitimate interest as a legal basis for processing your data that impacts your rights;
  • Request that we erase or limit the processing of your data;
  • Request further details of the data types we have collected about you in the last six months;
  • Request that a machine-readable copy of your data be sent to a third party of your choice;
  • Request further details about the third parties your data has been shared with.

If you wish to exercise any of the above rights, you should contact the developer of the app that you are using; they are the controller of your data.

Childrenʼs Privacy

Our Services are not intended for children under 13 years of age, and you must be at least 18 years old to have our permission to use our Services. We do not knowingly collect, use, or disclose personally identifiable information from children under 13. If you believe that we have collected, used, or disclosed personally identifiable information of a child under the age of 13, please contact us using the contact information below so that we can take appropriate action.

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Additional Information

This policy may change from time to time. If we update it, it will be available on our website: sahha.ai/privacy

If you have any questions or complaints about this Policy or other privacy-related topics, you can contact us at support@sahha.ai.

Annex A: Data Handling Table Key

Key Type Key Description
Data Use Key 1 Deliver Services: To manage, supply, and uphold our service offerings.
2 Service Enhancement: To refine, strengthen, and extend our service offerings.
3 Provide Assistance: To offer assistance to you or developers.
4 Product Development: To create new products and services.
5 Generate Insights: To assist connected app developers in offering improved services or enhancing user experiences.
6 Create Charts and Visualizations: For our developers to enhance user experiences.
7 Investigating Misuse and Misbehavior: Examination of any improper use of our services or developers' applications, including policy violations or illicit activities.
8 Consent-Based Usage: Only with your explicit approval, we may use your information for other specified purposes or as directed by you.
Data Sharing Key 1 Developers of app(s) you use, and as directed by the developer(s).
2 Wearable or health data providers.
3 Partners and contractors in connection with the services they perform for Sahha or Sahha's developers.
4 Communication platform providers which facilitate communication and data transfer between Sahha's developers and between Sahha and our customers.
5 Service providers that help Sahha analyze data for Sahha's business purposes.
6 Cloud storage services providers.
7 Software development services providers.
8 Sahha group entities and/or subsidiaries.
9 Third parties to comply with relevant laws or to respond to subpoenas or warrants served on Sahha; to protect or defend the rights or property of Sahha or users of the Services; to investigate or assist in preventing any violation or potential violation of the law, this End User Privacy Policy, or our Terms of Service.

Source of Personal Information

Source Data Sahha May Collect Example(s) Uses of Data Categories of Parties with Whom Data May Be Shared
Data You Provide Authentication data: needed to help verify your identity and connect your accounts Multi-factor authentication (MFA) code 1, 3, 7, 8 2, 3, 4, 6, 7, 8, 9
Data from Wearable and Health Data Partners Identifiers: data that identifies you Date of birth information 1, 3, 7, 8 1, 2, 3, 4, 6, 7, 8, 9
Authentication data: needed to help verify your identity and connect your accounts Security/access token 1, 3, 7, 8 2, 3, 4, 6, 7, 8, 9
Account data: data about your account with a wearable or health data provider Wearable or health data provider name, Account number or provider assigned user ID 1, 2, 3, 4, 7, 8 1, 2, 3, 4, 5, 6, 7, 8, 9
Health device data: data about a wearable or health device you connect to an app using Sahha Brand, Model, Serial number, Firmware version, Software version 1, 2, 3, 4, 7, 8 1, 3, 4, 5, 6, 7, 8, 9
Activity data: about your physical activity and workouts Active duration, Calories burned, Distance travelled, Energy burned, Strain, HR 1, 2, 3, 4, 5, 6, 7, 8 1, 2, 3, 4, 6, 7, 8, 9
Body data: data about your body composition Blood pressure, Blood glucose, Height, Weight, Body fat, Oxygen saturation 1, 2, 3, 4, 5, 6, 7, 8 1, 2, 3, 4, 6, 7, 8, 9
Menstruation data: data about your menstrual cycle if applicable Period length, Current day in cycle, Cycle length, Current phase 1, 2, 3, 4, 5, 6, 7, 8 1, 2, 3, 4, 6, 7, 8, 9
Nutrition data: data about your diet and food consumption Calories consumed, Macros like carbohydrate, fat, and protein consumed, Micros like iron, magnesium, and potassium consumed, Meal types 1, 2, 3, 4, 5, 6, 7, 8 1, 2, 3, 4, 6, 7, 8, 9
Sleep data: collected while you are asleep, resting, and in bed Sleep start time, Sleep end time, Sleeping heart rate, Body temperature variation, Respiratory rate, Heart rate variability 1, 2, 3, 4, 5, 6, 7, 8 1, 2, 3, 4, 6, 7, 8, 9
Data from Electronic Devices Other device data: miscellaneous data about your device Hardware model, Operating system, Device name, Browser data, MAC address 1, 2, 3, 7, 8 1, 3, 4, 6, 7, 8, 9
Data from the Developer(s) of Connected Apps Identifiers: data that identifies you User ID 1, 2, 3, 7, 8 1, 2, 3, 4, 6, 7, 8, 9
Authentication data: needed to help verify your identity and connect your accounts Security/access token 1, 3, 7, 8 2, 3, 4, 6, 7, 8, 9
Account data: data about your account with a wearable or health data provider Wearable or health data provider name, Account number or provider assigned user ID 1, 2, 3, 4, 7, 8 1, 2, 3, 4, 5, 6, 7, 8, 9
Information We Derive from Collected Data Derived data Fitness age, Disease risk, Weight, Mental wellbeing 1, 2, 4, 5, 6, 7, 8 1, 3, 4, 5, 6, 7, 8, 9
Previous
FAQ