SYS_LEGAL // PRIVACY_POLICY

Privacy, safety, and control
of your health data

Thank you for choosing OmegaX Health. This notice explains what we collect, how we use it, which third parties may process specific data categories for AI and voice features, and the rights and controls you have when you use our Website and App.

Global (incl. UAE, EU, CA) Updated: Apr 5, 2026
01

What information do we collect?

In short: We collect a broad range of personal information and health & wellness data, plus analytics about how you use our App.

Personal information you disclose to us

We collect personal information you provide when you register, request info, use App features, or contact us. The data depends on your choices and includes:

  • Names; email addresses; usernames; passwords; job titles; employer; other contact and profile information.
  • Payment data (processed by our payment processor): payment instrument number, security code, billing address.
  • Social login data if you register using a third-party account.
  • User-generated content (feedback, comments, logs, goals, settings).
  • AI feature inputs such as onboarding answers, chat messages, uploaded images or audio, voice audio and transcripts, selected task or plan context, and relevant health/profile details and preferences that you choose to submit.

AI feature inputs and related technical context

If you use AI-backed onboarding, chat, uploads, transcription, or live voice features, we may also process technical context needed to fulfill the request, such as locale, timezone, app version, device/session context, and service diagnostics associated with that interaction.

Information automatically collected

In short: device, usage, and analytics info collected automatically to operate and secure the Services.

  • Log and usage data: IP, device information, browser type, settings, pages/screens viewed, features used, timestamps, device events, crash reports, hardware settings.
  • Device data: OS version, model, carrier/ISP, language, unique device ID, accessed features.
  • Location data: precise or approximate location if you grant permission (can be disabled in settings; may impact functionality).
  • Analytics & click-stream data: screens viewed, buttons clicked, feature flows, notifications usage, responses.
  • Performance & diagnostics: crashes, errors, stack traces, latency, battery, memory, other technical metrics.

Information collected through health and wellness integrations

In short: If you opt in to Apple HealthKit, Google Fit, or wearables, we collect the data categories you permit.

Depending on your choices, we may collect: physical activity (steps, distance, workouts, calories), heart rate and variability, SpO₂, respiratory rate, sleep data and stages, body metrics (weight, BMI, body fat, BMR), nutrition logs, blood pressure, ECG/EKG data, stress/wellness scores, temperature, other sensor data (posture, gait, VO₂-max, cadence), device-specific metrics, health history/goals, wellness survey responses, and feature engagement tied to health data.

You remain in control. We only collect the categories you consent to and you can revoke permissions or disconnect at any time.

Information collected from other sources

We may supplement records with information from public databases, marketing partners, social media platforms, or other providers (e.g., mailing addresses, job titles, emails, phone numbers, intent or behavior data, IP addresses, social profiles, demographic data), subject to your settings with those providers.

02

How do we use your information?

In short: to provide, improve, protect, communicate, and comply with legal obligations.

  • Account creation, login, authentication.
  • Linking health data integrations and delivering intended features (insights, dashboards, coaching, reminders, notifications).
  • Running AI-powered onboarding, chat, uploads, transcription, and live voice features, including generating the responses, plans, summaries, and transcripts you request.
  • Administrative and transactional messages (status, security alerts, updates, terms/policy changes).
  • Marketing/promotional communications if you opt in (with opt-out anytime).
  • Targeted content and advertising (including aggregated/analytics data), measuring campaign effectiveness.
  • User-to-user communications where features exist and you consent.
  • Account and preference management; troubleshooting; support; enforcement of terms.
  • Internal analytics, business intelligence, usage trends, feature improvement (favoring aggregated/anonymized data).
  • Presenting and recording feature-specific permissions or consent choices where required before personal data is sent for AI processing or live voice transport.
  • Safety and security (fraud monitoring, abuse prevention, incident response).
  • Legal compliance and rights enforcement.
03

Will your information be shared with anyone?

In short: Only with your consent, to perform a contract, for legal obligations, or legitimate interests compatible with this notice.

Examples include business transfers, service providers, analytics/advertising partners (with limits on health data), affiliates, public/community areas (per your settings), and law enforcement/safety situations.

For AI-backed features, relevant request data may be routed through OmegaX-operated systems and shared with OpenAI for AI processing. For live voice features, voice audio and related session data may also be shared with LiveKit to transport and operate the real-time session. Depending on the feature, this can include onboarding answers, chat messages, uploaded images or audio, voice audio and transcripts, selected task or plan context, relevant health/profile details and preferences, and technical metadata such as locale, timezone, app version, and device/session context.

04

Who will your information be shared with?

Categories include analytics/measurement providers, cloud/hosting providers, payment processors, marketing/advertising partners (subject to consent), social login providers, wearable/health integration partners, affiliates/business partners/service providers, and legal/audit/compliance advisers when required.

For the AI and voice features described above, named processors can include OmegaX-operated systems, OpenAI for AI processing, and LiveKit for live voice transport.

Important: We do not share raw individual health readings with third-party advertisers for targeting without your explicit consent. Where health/wellness data is shared (e.g., research, aggregated dashboards, integrations), we de-identify or aggregate it first where possible.

We require our processors to handle personal data under contractual confidentiality, security, and data-processing obligations intended to provide the same or a comparable level of protection that OmegaX applies to the data it handles.

05

Do we use cookies and tracking technologies?

Yes. We may use cookies, web beacons, pixels, local storage, SDKs, and similar technologies for analytics, performance, marketing, and essential functionality. You can usually refuse or limit these in your browser/device settings, though functionality may be affected. See our Cookie Notice or in-app settings for details.

06

How do we handle your social logins?

If you register or log in with a social media account (e.g., Google, Apple, Facebook), we receive profile information you permit (e.g., name, email, profile picture). Use is limited to the purposes in this notice. Review the provider’s privacy policy for their practices and settings.

07

Third-party websites and integrations

Our Services may link to or integrate with third-party sites/apps/platforms we do not control. Their data practices are not covered by this notice; review their policies before sharing information. Manage permissions on external health platforms (e.g., Apple HealthKit, Google Fit) directly within those platforms.

We avoid exposing protected health information in analytics platforms where applicable regulations (e.g., HIPAA) apply, and configure tools accordingly.

08

How long do we keep your information?

We retain personal information only as long as needed for the purposes described or to meet legal, regulatory, security, support, or business obligations. When no longer needed, we delete or anonymize it; if deletion isn’t immediately possible (e.g., backups), we securely store and isolate it until deletion.

09

How do we keep your information safe?

We use organizational and technical measures such as encryption in transit/at rest, secure authentication, access controls, and security assessments aligned with health/wellness app best practices. We also require relevant processors to protect data under contractual confidentiality and security obligations. No system is 100% secure; transmission is at your own risk, so please use secure devices and environments.

10

Do we collect information from minors?

No. We do not knowingly collect data from or market to children under 18. If we learn data from a user under 18 was collected, we will deactivate the account and promptly delete the data. If you become aware of such data, contact us at info@omegax.health.

11

What are your privacy rights?

Depending on your region (e.g., EEA, UK, UAE), you may have rights to access, correct, delete, restrict, port, withdraw consent, or object to processing (including direct marketing). To exercise rights, email info@omegax.health. We respond per applicable law and will not discriminate for exercising rights.

Account information

  • Review or change your account info in settings.
  • Contact us to terminate your account; we will deactivate/delete from active databases, retaining limited info for fraud prevention, troubleshooting, investigations, enforcement, or legal obligations.
  • Where a feature offers in-app AI consent controls, you can decline or later revoke that consent; affected AI or live voice features may remain unavailable until consent is granted again.

Marketing and advertising opt-out

You can unsubscribe from marketing emails anytime via the unsubscribe link or by contacting us. We may still send essential service messages.

12

Controls for Do-Not-Track features

Browsers and mobile OSs may include a Do-Not-Track (DNT) setting. No uniform standard exists yet, so we do not currently respond to DNT signals. If a standard is adopted that we must follow, we will update this notice.

13

Jurisdiction Specific Rights

Depending on location (e.g., California CCPA; UAE/UAE free zones; EU GDPR), you may have rights to disclosure, access, deletion, opt-out of “sale”/targeted advertising, and non-discrimination. California residents can send CCPA requests to info@omegax.health. UAE users: we comply with applicable UAE and DMCC/DIFC regulations; you may have rights to access, rectify, erase, and inquire about cross-border transfers.

14

Updates to this notice

Yes. We may update this notice periodically. The “Last Revised” date will indicate the current version, effective when posted. Material changes may be communicated (e.g., email or in-app). Please review frequently.

15

Contact Us

For questions about this Privacy Policy, contact OMEGAX HEALTH FZCO via email at info@omegax.health.

OmegaX Health FZCO

Unit No: UT-12-CO-253

DMCC Business Centre, Level 12

Uptown Tower

Dubai, United Arab Emirates