firelogoAssuma o controle dos seus dados de saúde com um desconto exclusivo! Aproveite 20% de desconto no primeiro mês na nossa plataforma – por tempo limitado.

Privacy Policy

Effective Date: August 14, 2025 Data Controller: Nuvem Catita Unipessoal Lda (“Ownership Health”)
Registered Address: Av. Aida 411 - Centro Comercial Estoril Garden, 2765-187 Estoril, Portugal
Contact: [email protected]

1. Scope

This Privacy Policy covers how we collect, use, and share your data in compliance with HIPAA, GDPR, and CCPA.

2. Data We Collect

  • Personal identifiers: Name, email, account details
  • Health and fitness data: Wearable device metrics, nutrition info, session notes
  • Technical data: IP address, browser/device info, usage logs
  • Payment data: Processed securely via third-party payment providers

3. Wearable Data Integration via Terra API

When you connect a wearable device (e.g., Fitbit, Garmin, Apple Watch), data is transmitted securely via Terra API.

  • Terra API acts as a data processor under GDPR and a Business Associate under HIPAA.
  • All data is encrypted in transit and at rest.
  • Terra API does not sell or use your data for advertising.
  • You control which wearable data is shared.

4. Purpose of Processing

We process data to:

  • Provide our services
  • Generate AI insights
  • Maintain security
  • Comply with legal obligations

5. Legal Basis (GDPR)

We rely on:

  • Consent (Art. 6(1)(a))
  • Contract (Art. 6(1)(b))
  • Legal obligation (Art. 6(1)(c))
  • Legitimate interests (Art. 6(1)(f))

Special category health data is processed only with explicit consent (Art. 9(2)(a)) or under HIPAA rules.

6. CCPA Rights

California residents may:

  • Request access, deletion, or portability
  • Opt out of data “sales” (we do not sell data)
  • Receive equal service regardless of privacy choices

7. Sharing & Transfers

We share data with:

  • Terra API and other processors
  • Hosting, analytics, and payment providers
  • Legal authorities when required

International transfers are safeguarded with Standard Contractual Clauses or equivalent measures.

8. Security

We use encryption, access control, and secure infrastructure. No system is risk-free.

9. Retention

We keep data only as long as needed for services or legal obligations.

10. Your Rights

You may access, correct, delete, restrict, or port your data, and withdraw consent at any time.

11. Contact

To exercise your rights, contact: [email protected]