Policies

ZenXGuard Privacy Policy

Effective Date: [July 10th, 2025]  |  Last Updated: [July 22, 2025]

ZenXGuard (“ZenXGuard,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains what information we collect, how we use it, how we share it, and the choices you have. It applies to all websites, mobile apps, APIs, wearables integrations, and other services that link to this Privacy Policy (collectively, the “Platform”).

By using the Platform, you agree to the practices described here and in our Terms of Service. If you do not agree, please do not use the Platform.

1. Scope & Who This Policy Covers

This Policy applies to:

  • Users (patients, caregivers, clinicians, support group members) who create accounts or otherwise interact with ZenXGuard.
  • Visitors to our public-facing websites or marketing pages.
  • Third parties who connect to ZenXGuard via integrations (e.g., wearable devices, EHR/EMR platforms) to the extent their data touches our systems.

This Policy does not govern third-party websites or services you access through ZenXGuard (see Section 11).

2. Information We Collect

We collect information in three main ways: (A) you provide it, (B) it’s collected automatically, and (C) it’s obtained from third parties.

A. Information You Provide Directly

  • Account Data: Name, email, phone number, date of birth, address, profile photo, preferred language, relationship to other users (e.g., caregiver/clinician).
  • Biometric & Behavioral Inputs: Heart rate, sleep patterns, step counts, wearable sensor outputs, device motion, phone usage metrics (call/text metadata, screen time), and other metrics you authorize.
  • Journaling & Survey Data: Mood logs, symptom trackers, free-form journal entries, crisis plans, medication adherence confirmations, self-assessments.
  • Clinical & Health Data: Diagnoses, care plans, medication lists and schedules, provider notes, lab results—only if you or your clinician upload/enter them or you integrate with an EHR.
  • Support Group Communications: Messages, posts, reactions, shared files within encrypted support groups.
  • Contact Lists / Designated Contacts: Emergency contacts or shared access details for caregivers/clinicians.
  • Customer Support Communications: Messages, emails, attachments, or feedback submitted to us.

B. Information Collected Automatically

  • Device & Usage Data: IP address, device identifiers, OS/browser type, app version, crash logs, performance metrics, pages/screens viewed, referring URLs, timestamps, and in-app actions.
  • Cookies & Similar Technologies: Cookies, SDKs, pixels, local storage (see Section 14).

C. Information From Third Parties

  • Wearables & Connected Services: Fitbit, Apple Health, Google Fit, etc., when linked.
  • Healthcare Integrations: EHR/EMR systems, telehealth partners, pharmacies—if enabled.
  • Analytics / Security Partners: Aggregated/pseudonymized data for analytics or fraud prevention.
  • Referral Sources / Marketing Partners: Limited info if you arrive via a campaign or referral.
3. How We Use Your Information

We process personal data for the following purposes:

  • Provide & Improve the Platform: Account management, authentication, journaling, risk scoring, reminders; debugging and performance enhancement.
  • AI-Based Risk Assessments & Insights: Analyze data to produce risk scores and insights; refine ML models using de-identified/aggregated data.
  • Token (Zen Coins) Program Administration: Track qualifying actions; grant or revoke tokens per rules.
  • Crisis Alerts & Notifications: Alert designated contacts/caregivers; deliver reminders and notifications.
  • Security & Fraud Prevention: Detect suspicious activity, protect accounts, maintain platform integrity.
  • Compliance & Legal Obligations: HIPAA/GDPR/CCPA/PIPEDA compliance; respond to lawful requests; enforce Terms.
  • Research & Development (R&D): Conduct studies with de-identified/aggregated data; publish non-identifying insights.
  • Marketing & Communications (Limited): Service-related announcements; optional educational or product emails (no selling of personal data).
5. How & With Whom We Share Information

We do not sell personal information. We may share with:

  • Service Providers / Processors
  • Clinicians & Caregivers You Authorize
  • Support Group Members (for data you intentionally share)
  • Third-Party Integrations (you connect)
  • Legal / Safety Exceptions
  • Business Transfers (e.g., merger or acquisition)

We also share aggregated or de-identified data for research/analytics.

6. Data Retention

We retain data as long as needed for the purposes above, or longer if required by law (e.g., HIPAA). When no longer needed, we delete or de-identify it.

7. Security Measures
  • Encryption: AES-256 or equivalent at rest; TLS/HTTPS in transit.
  • Access Controls: Role-based, least privilege, audit logs.
  • Monitoring & Testing: Reviews, anomaly detection, penetration tests.
  • Incident Response: Formal plan for investigation, containment, notification.

No system is 100% secure; use strong passwords and protect your devices.

8. Your Choices & Controls
  • Access/Update Account Info
  • Manage Data Sharing
  • Opt Out of Marketing Emails
  • Control Device Permissions
  • Request Deletion or Portability

Some core features may require minimal data use; disabling them can limit functionality.

9. Your Privacy Rights (Region-Specific)

A. United States (CCPA/CPRA, etc.)

  • Right to know/access
  • Right to delete (with exceptions)
  • Right to correct
  • Right to limit sensitive data use/disclosure
  • Right to opt out of “sale”/“sharing” (we do not sell)
  • Right to non-discrimination

Submit requests by [contact method]; we will verify your identity.

B. HIPAA (U.S. Health Information)

If applicable, you may have rights to access/amend PHI and receive an accounting of disclosures. A HIPAA Notice of Privacy Practices will be provided where required.

C. EU/UK/EEA/Swiss (GDPR/UK GDPR)

  • Access, rectification, erasure
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

D. Canada (PIPEDA/Provincial Laws)

  • Access and correct information
  • Withdraw consent (subject to limits)
  • Challenge compliance with PIPEDA principles

Exercising Your Rights

Contact us at privacy@zenxguard.com or via the in-app privacy request form.

10. International Transfers

ZenXGuard is headquartered in [Insert Country/State]. Your data may be processed in countries with different laws. We use safeguards like Standard Contractual Clauses where required.

11. Third-Party Services & Links

We are not responsible for third-party privacy/security practices. Review their policies before use.

12. Children’s Privacy

ZenXGuard is for users 18+ (or age of majority). We do not knowingly collect data from children under 18.

13. Automated Decision-Making & Profiling
  • Outputs are informational, not diagnoses/treatment plans.
  • They may influence alerts/recommendations.
  • Models are reviewed to minimize bias/error.

You can request human review of significant automated decisions where required by law.

14. Cookies & Tracking Technologies
  • Authenticate sessions
  • Remember preferences
  • Analyze usage

Manage cookies in your browser/device. Disabling may affect functionality. See our [Cookie Policy] if separate.

15. Data De-Identification & Aggregation

We may de-identify data and use/share it for research, analytics, or product improvement. We will not re-identify it.

16. Breach Notification

If a breach compromises your data, we’ll notify you and authorities as required and mitigate harm.

17. Changes to This Policy

We may update this Policy. Material changes will be communicated. Continued use signifies acceptance.

18. Contact Us

ZenXGuard Privacy Office
[ZenXGuard]
Email: admin@zenxguard.com

EU/UK users: Contact our DPO (if appointed) at [DPO email/contact]. You may lodge complaints with your local authority.

19. Definitions (Quick Reference)
  • “Personal Data” / “Personal Information”: Info about an identified/identifiable individual.
  • “Protected Health Information (PHI)”: Health info protected under HIPAA (U.S.).
  • “Processing”: Any operation on personal data (collection, storage, use, disclosure, etc.).
  • “De-identified Data”: Data that cannot reasonably identify a person.
  • “Zen Coins”: Non-monetary, non-transferable tokens earned within the Platform.
Appendix A: Data Categories & Purposes Matrix
Data Category Examples Source Purpose(s) Legal Basis (GDPR) Shared With
Account Data Name, email, DOB User Account creation, authentication Contract Service providers
Biometric Data HR, sleep, steps Wearables AI risk scoring, insights Consent Clinicians (with permission)
Journals/Surveys Mood logs, notes User Insights, reminders Consent/Contract None (unless shared)
Device/Usage IP, crash logs Automatic Security, analytics Legitimate Interests Analytics vendors
PHI/Medical Diagnoses, meds User/Clinician/EHR Care coordination Consent/Legal Obligation Clinicians (with permission)