Comprehensive Privacy, Terms & Legal Policies — G‑Wellness

This document is provided for informational purposes only and must be reviewed by legal counsel. It combines Privacy Policy, Terms & Conditions, Cookie Policy, HIPAA Notice, CCPA Notice, and other compliance clauses.

1. Scope & Applicability

G‑Wellness operates www.g-wellness.com, an AI-driven health platform providing wellness analysis based on laboratory results. This Policy applies worldwide and governs all interactions with the Service.

2. Key Definitions

• “Personal Information” — information identifying or linkable to an individual.
• “Sensitive / Health Information” — laboratory results, biomarkers, lifestyle data, diagnoses, and clinical notes.
• “PHI” — Protected Health Information under U.S. HIPAA.
• “Processor” — third party handling data on our behalf.
• “De‑identified Data” — data stripped of identifiers, per HIPAA Safe Harbor or GDPR anonymization.

3. Information We Collect

Voluntarily provided: name, contact details, account info, lab uploads, symptoms, communications.
Automatically collected: IP address, browser, device IDs, cookies, location.
Sensitive data: health records, summaries, AI outputs. We do not process this without consent.

4. Legal Bases for Processing

GDPR/UK GDPR bases: Consent, Contract, Legitimate Interests, Legal obligation, Vital interests.

5. Use of Data

• Provide core health analysis services.
• Improve AI models (with de‑identification).
• Provide customer support.
• Fraud prevention and security.
• Compliance with law.

6. AI & Automated Processing

The Service uses AI to generate insights. These do not replace professional medical advice. Outputs may contain inaccuracies; medical decisions must be confirmed by a licensed professional.

7. Sharing of Information

We may share data with: service providers (hosting, payments, analytics), professional advisors, regulators, and successors. We never sell or share PHI for advertising.

8. Security Measures

• Encryption in transit and at rest
• Role‑based access control
• Audit logs
• Penetration testing
• Incident response procedures

9. Data Retention

Data is retained only as necessary:
• Health data: minimum required by law or until deletion request.
• Financial data: 7 years (for accounting).
• Support logs: 2 years.
Data may be anonymized for research.

10. International Transfers

Cross‑border transfers follow Standard Contractual Clauses (EU), UK IDTA, or equivalent safeguards.

11. Regional Requirements

11.1 GDPR (EU/EEA)

Rights: access, rectification, erasure, restriction, objection, portability. Complaints may be filed with Data Protection Authorities.

11.2 UK GDPR

Same rights as GDPR; enforced by the ICO.

11.3 CCPA/CPRA (California, USA)

Rights: know, access, correct, delete, opt‑out of selling/sharing. We do not sell PHI. A ‘Do Not Sell or Share’ link is provided.

11.4 HIPAA (USA)

We sign BAAs with covered entities. PHI is safeguarded via encryption, access controls, breach notification.

11.5 Canada — PIPEDA & Quebec Law 25

We comply with 10 fair principles: accountability, identifying purposes, consent, limiting collection/use, accuracy, safeguards, openness, access, challenging compliance.

11.6 Australia APPs

We comply with 13 Australian Privacy Principles regarding collection, use, disclosure, and overseas transfer.

12. Children’s Privacy

We do not knowingly collect data from children under 13 (US) or local equivalent. Parental consent is required where minors’ data is processed.

13. Cookie Policy

Cookies: essential, analytics, personalization. EU users see cookie banner.

14. Terms & Conditions

Use of the Service is subject to these terms:

• Informational use only; no medical liability.
• No warranties, service is ‘as is’.
• Users remain responsible for health decisions.
• We are not liable for indirect damages.
• Liability cap = 12 months’ fees paid.
• Force majeure applies.
• All disputes resolved by binding arbitration; no class actions.
• Governing law: Latvia

15. Contact Information

Controller / Operator: G Wellness SIA, Lastādijas iela 12 k-3, Riga, LV-1050, Latvia, 

Email: privacy@g-wellness.com

Website: www.g-wellness.com

Effective date: 30 September 2025

Privacy Policy — G‑Wellness

Your privacy is important to us. It is G‑Wellness's policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, www.g-wellness.com, and other sites we own and operate.

Personal information is any information about you which can be used to identify you. This includes information about you as a person such as your name, your devices, payment details, and even information about how you use a website or online service.

In the event our site contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

Information We Collect

Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information. "Voluntarily provided" information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions. While we collect sensitive health information, it is used solely for providing our core services and is never shared with third parties for marketing purposes or used for non-essential functions. "Automatically collected" information refers to any information automatically sent by your devices in the course of accessing our products and services.

Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device's Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit.

Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

Device Data

When you visit our website or interact with our services, we may automatically collect data about your device, such as:
• Device type
• Operating system
• Unique device identifiers
• Device settings
• Geo-location data
Data we collect can depend on the individual settings of your device and software. We recommend checking the policies of your device manufacturer or software provider to learn what information they make available to us.

Personal Information

We may ask for personal information — for example, when you subscribe to our newsletter or when you contact us — which may include one or more of the following:
• Name
• Email
• Phone/mobile number
• License Information
• Location

Sensitive Information

"Sensitive information" or "special categories of data" is a subset of personal information that is given a higher level of protection. In the context of G‑Wellness's services, sensitive information primarily includes health information and potentially other personal details shared during patient interactions.

The types of sensitive information that we may collect include:
• Health information
• Transcripts and summaries of patient sessions
• Information related to mental health conditions and treatments
• Personal details shared during patient interactions that may include information about past medical history, relationships, work, lifestyle, and personal history

This information may sometimes include details relating to racial or ethnic origin, political opinions, religion, sexual orientation, or other sensitive topics, but only insofar as they are relevant for clinical purposes.

We will not collect sensitive information about you without first obtaining your consent. For clinicians using our platform, we obtain consent to collect this information as part of our service agreement. For patients, consent should be obtained by the clinician as part of their standard practice.

We will only use your sensitive information for the purpose of providing our core services, which include the core service, note generation. We will never use this information for marketing purposes or share it with third parties for non-essential functions.

All sensitive information is handled in strict compliance with applicable laws and regulations, including HIPAA, PIPEDA, and GDPR.

Health Insurance Portability and Accountability Act (HIPAA)

G‑Wellness is designed to be fully compatible and compliant with the provisions of the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, including the Privacy Rule and Security Rule, as amended ("HIPAA").

We understand the importance of HIPAA compliance in healthcare settings and have built our platform from the ground up with these regulations in mind. G‑Wellness implements robust security measures and privacy controls that align with HIPAA requirements to help healthcare providers maintain compliance while using our services.

How We Support HIPAA Compliance

Our platform includes the following features and safeguards designed to support your HIPAA compliance needs:
• End-to-end encryption for all sensitive patient data, both in transit and at rest
• Role-based access controls to ensure appropriate data access
• Comprehensive audit logs for tracking user activity and data access
• Secure authentication mechanisms and session management
• Regular security assessments and vulnerability testing

As a healthcare provider using our platform, you will receive a Business Associate Agreement (BAA) that outlines our responsibilities in handling Protected Health Information (PHI). This agreement ensures that all parties understand their obligations under HIPAA and establishes a framework for the secure handling of patient data.

Protected Health Information Handling

We apply the standards of the Privacy Rule in all aspects of our service delivery. We maintain strict controls on how PHI is processed, stored, and transmitted within our systems.

Our platform helps you manage specially protected information that may be subject to additional federal and state regulations. We provide the technical infrastructure to help you implement appropriate safeguards for different categories of health information.

We are committed to maintaining the confidentiality, integrity, and availability of information entrusted to us, especially individually identifiable personal and health information. Our internal policies and procedures are regularly reviewed and updated to maintain alignment with HIPAA requirements and industry best practices.

Use of Protected Health Information

When you use our platform, you retain all rights and control over the PHI you input or upload. We only use such information as expressly permitted in our Terms of Service, the BAA, and this Privacy Policy. Specifically, we will:
• Only use PHI for providing and improving our services to you
• Implement appropriate safeguards to prevent unauthorized use or disclosure
• Report any security incidents or breaches involving PHI as required by law
• Honor patients' rights regarding their health information
• Return or securely destroy PHI when our relationship ends

We may de-identify health information in accordance with the methods outlined in the Privacy Rule. Such de-identified information no longer constitutes PHI and may be used for quality improvement, research, and development purposes.

De-Identified Information

We may create de-identified datasets from User Health Information in accordance with HIPAA de-identification standards. All de-identification processes follow HIPAA's Safe Harbor or Expert Determination methods.

Supporting Patient Rights

Our platform includes features that support healthcare providers in fulfilling their obligations regarding patient rights under HIPAA, such as:
• Tools to facilitate patient access to their health information
• Capabilities for patients to request amendments to their records
• Mechanisms to track disclosures of PHI
• Options for patients to receive communications by alternative means

Personal Information Protection and Electronic Documents Act (PIPEDA)

G‑Wellness is fully committed to compliance with PIPEDA, Canada's federal privacy law. We incorporate PIPEDA's ten fair information principles into our design and operations:
• Accountability
• Identifying Purposes
• Consent
• Limiting Collection
• Limiting Use and Disclosure
• Accuracy
• Safeguards
• Openness
• Individual Access
• Challenging Compliance

We recognize provincial privacy laws in Quebec, Alberta, and British Columbia, and comply where applicable, including specific health information privacy laws. For healthcare providers operating in Canada, we support compliance with:
• Secure storage of personal health information (including regional hosting where required)
• Strong encryption and access controls
• Specialized consent management
• Tools for managing patient access requests

Cross-Border Data Transfers

Where personal information is transferred outside of Canada, we use appropriate contractual or other means to protect it, notify users transparently, and comply with both Canadian and destination-country privacy laws.

Transaction Data

Transaction data refers to data that accumulates over the normal course of operation on our platform. This may include transaction records, stored files, user profiles, analytics data and other metrics, as well as other types of information, created or generated, as users interact with our services.

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

Collection and Use of Information

We may collect personal information from you when you do any of the following on our website:
• Register for an account
• Purchase a subscription
• Sign up to receive updates from us via email or social media channels
• Use a mobile device or web browser to access our content
• Contact us via email, social media, or on any similar technologies
• When you mention us on social media

We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
• to provide you with our platform's core features and services
• to enable you to customize or personalize your experience of our website
• to contact and communicate with you
• to enable you to access and use our website, associated applications, and associated social media platforms
• for technical assessment, including to operate and improve our app, associated applications, and associated social media platforms

We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. If you provide us with your location, we may combine this with general information about currency and language to provide you with an enhanced experience of our site and service.

We emphasize that any health-related information we collect is used exclusively for providing our core services. This sensitive information is never used for marketing purposes or shared with third parties for non-essential functions.

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. Although we will do our best to protect the personal information you provide to us, no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security. You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.

How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. If your personal information is no longer required or you request deletion, we will delete it or make it anonymous, subject to legal retention requirements. We may retain data for legal, accounting, or reporting obligations or for archiving in the public interest, scientific or historical research purposes, or statistical purposes.

Children's Privacy

We do not aim any of our products or services directly at children under the age of 13 and we do not knowingly collect personal information about children under 13.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:
• a parent, subsidiary or affiliate of our company
• third-party service providers (IT, hosting, analytics, maintenance, payments)
• our employees, contractors, and/or related entities
• our existing or potential agents or business partners
• courts, tribunals, regulatory authorities, and law enforcement, as required by law
• an entity that buys, or to which we transfer all or substantially all of our assets and business

Important Note on Data Privacy:
We do not sell or share sensitive health information with third parties for advertising purposes. We may use basic contact information (such as email and name) for targeted advertising, but never sensitive health data.

Third Parties We Use

Third parties we currently use include:
• Google Analytics
• Stripe
• AWS
• Batch.io
• Google Workspace

International Transfers of Personal Information

The personal information we collect may be stored and/or processed in locations where we or our partners, affiliates, and third-party providers maintain facilities (including the European Union, the United States, and Canada). If we transfer your personal information to third parties in other countries, we will perform those transfers in accordance with applicable law and protect the transferred personal information in accordance with this policy.

Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us; however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person's consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us. Our marketing communications only use basic contact information and never include or are based on sensitive health data.

Access & Correction: You may request details of the personal information that we hold about you and request corrections if it is inaccurate, out of date, incomplete, or misleading.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information.

Downloading of Personal Information: We provide a means for you to download the personal information you have shared through our site. Please contact us for more information.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us with full details; you may also contact a data protection authority.

Unsubscribe: To unsubscribe from our email database or opt-out of communications, please contact us or use the opt-out facilities provided in the communication. We may need to verify your identity.

Use of Cookies

We use cookies to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified. It does not store any sensitive patient information.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. Any such parties may continue to use your personal information according to this policy, as permitted by applicable law.

Limits of Our Policy

Our website may link to external sites that are not operated by us. We have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices.

Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If the changes are significant or required by applicable law, we will notify users and, where required, obtain consent. Updates will be posted at www.g-wellness.com.

Contact Us

G‑Wellness
info@g-wellness.com

By using G‑Wellness, you acknowledge that you have read and understand this privacy policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with our policies and practices, please do not use our services.

Last updated: 30 September 2025

Legal

Terms and Conditions • Privacy Policy • Refund Policy

Primary website: www.g-wellness.com