Privacy Policy
1. Who we are
This Privacy Policy explains how Audiri Health B.V. (“Audiri”, “we”, “our”, or “us”) collects and uses your personal data when you use the Audiri Platform — our Android application (Audiri Health), software, websites, APIs, and related products and services.
Controller: Audiri Health VOF, Willem de Zwijgerlaan 56-2, 1056 JT, Amsterdam, Chamber of Commerce number: 90025040, The Netherlands
Email: support@audirihealth.com
Data Protection Officer (DPO): Laurens Hofstede, reachable via support@audirihealth.com.
We are committed to protecting your privacy and complying with the General Data Protection Regulation (EU 2016/679) (“GDPR”) and the Dutch Implementation Act (UAVG).
2. What data we collect and why
| Category | Examples | Purpose | Lawful Basis |
|---|---|---|---|
| Account data | Email address, password | Create and manage your account, authenticate you, communicate with you | Performance of contract (Art. 6 (1)(b)) |
| Device & usage data | IP address, browser type, pages visited, time spent in app | Operate and improve the Platform, detect fraud, ensure security | Legitimate interest (Art. 6 (1)(f)) |
| Health & well-being data | Symptoms, triggers, pain intensity, sleep, mood, activity impact | Provide personalized assessments and self-management support | Explicit consent (Art. 6 (1)(a) + Art. 9 (2)(a)) |
| Technical support data | Crash logs, bug reports, emails to support | Respond to queries and resolve issues | Legitimate interest (Art. 6 (1)(f)) |
| Analytics data | Aggregated or pseudonymized app metrics | Evaluate features and improve services (anonymized where possible) | Legitimate interest (Art. 6 (1)(f)) / Consent for non-essential cookies |
We do not access your photos, contacts, or precise location unless you explicitly allow it.
3. How we protect your data
- All data is stored within the European Union, currently on AWS Frankfurt (eu-central-1).
- Data in transit are encrypted (TLS 1.2 or higher); data at rest use AES-256 encryption.
- We apply CIS Critical Security Controls, OWASP Top 10 guidelines, and regular penetration tests.
- Only authorized personnel with signed confidentiality agreements may access personal data.
- Health data used for analytics are pseudonymized or anonymized whenever possible.
Despite robust measures, no internet transmission is entirely secure. We continually monitor and improve our safeguards.
4. How long we keep your data
| Data Type | Retention Period |
|---|---|
| Account data | Deleted immediately upon account deletion or after 15 months of inactivity (12 + 3 notification months) |
| Health data | Deleted 30 days after account deletion or irreversibly anonymized for research/analytics (if you consent) |
| Device & usage logs | Stored for 12 months for security and diagnostics then anonymized |
| Customer support emails | Stored for up to 24 months to resolve incidents then deleted |
| Analytics data | Anonymized immediately after collection where feasible |
We periodically review all retention periods to comply with Art. 5(1)(e) GDPR.
5. Cookies and similar technologies
We use cookies and similar technologies for essential functions (security, login) and optional analytics.
- Essential cookies: required for the app to function; processed under legitimate interest.
- Analytics or marketing cookies: only set with your consent via our Cookie Banner.
You can change your cookie preferences anytime in the app or browser settings. See our separate Cookie Policy for details.
6. Sharing your data
We never sell your personal data.
We share data only with carefully selected processors who provide hosting, analytics, communication, or customer-support services.
- Each processor is bound by a Data Processing Agreement under Art. 28 GDPR.
- Processors may act only on our instructions.
- If any processor stores or accesses data outside the EEA, we ensure appropriate safeguards (e.g., EU Standard Contractual Clauses).
We may also disclose data when required by law, regulation, or valid court order.
7. Your rights
You may exercise the following rights at any time by contacting support@audirihealth.com:
| Right | Description |
|---|---|
| Access (Art. 15) | Obtain a copy of your personal data and information about processing. |
| Rectification (Art. 16) | Correct inaccurate or incomplete data. |
| Erasure (Art. 17) | Request deletion of your data (“right to be forgotten”). |
| Restriction (Art. 18) | Limit processing in specific situations. |
| Portability (Art. 20) | Receive your data in a structured, commonly used format. |
| Objection (Art. 21) | Object to processing based on legitimate interest. |
| Withdraw consent (Art. 7(3)) | Withdraw your consent at any time without affecting the lawfulness of prior processing. |
| Complaint (Art. 77) | Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). |
Requests will be handled within one month (extendable by two months for complex requests).
8. International data transfers
All primary data are hosted in the EU. If any subprocessors operate outside the EEA, we rely on adequacy decisions or Standard Contractual Clauses (2021/914/EU) to ensure equivalent protection.
9. Children’s privacy
Audiri is not intended for individuals under 16 years of age. We do not knowingly collect data from minors. If we learn that we have collected data from a child under 16, we will delete it immediately.
10. Changes to this policy
We may update this Privacy Policy from time to time to reflect legal or technical changes. If changes are material, we will notify registered users by email or in-app message at least 7 days before the new version takes effect.
The latest version is always available at audirihealth.com/docs/privacy
11. Contact us
Questions, concerns, or privacy requests:
Email: support@audirihealth.com
Postal address: Audiri Health VOF, Willem de Zwijgerlaan 56-2, 1056 JT, Amsterdam, The Netherlands.