Wysa

Privacy Policy

Add Comment

Privacy &amp. Terms Privacy Policy Terms of Service Important notice Recent Changes Introduction Definitions What is Wysa App? Who can use the service? What data do we collect and how do we use it? What data do We process for the purposes of Our Legitimate Interest? How does Touchkin protect Your Data? Where is Your data transmitted and stored? How long do We retain Your data including Personal data? Does Touchkin Use 3rd party Service providers or agents? Does Touchkin share Your data with third parties? What are Your data protection rights? Can Children under 13 use Wysa App? Who can You contact for additional questions, comments or concerns? Can Non-English speaking users use the Wysa App? What are some Best Practices to follow to keep Your devices secure? Changes to this Privacy Policy Severability and Exclusion Changes Log Privacy Policy Terms of Service Wysa's Privacy Policy This policy describes our policies and procedures for collection, transmission, storage, processing, disclosure and protection of any data, including, but not limited to, personal data provided by you as a user while using the service. user shall mean any person/ persons, who visits, uses, deals with and/ or transacts through wysa app (“privacy policy”). please also read our terms of service (“agreement”) which sets out the terms governing the services. the terms and conditions, privacy policy and any other terms and conditions as may be applicable shall hereinafter collectively be referred to as “agreement” or “contract”. Initial Effective Date: June 30, 2017 (GMT) Latest Revised Date: Apr 19, 2021 (GMT) Version: 3.2.0 Content Important notice Recent Changes Introduction Definitions What is Wysa App? Who can use the service? What data do we collect and how do we use it? What data do We process for the purposes of Our Legitimate Interest? How does Touchkin protect Your Data? Where is Your data transmitted and stored? How long do We retain Your data including Personal data? Does Touchkin Use 3rd party Service providers or agents? Does Touchkin share Your data with third parties? What are Your data protection rights? Can Children under 13 use Wysa App? Who can You contact for additional questions, comments or concerns? Can Non-English speaking users use the Wysa App? What are some Best Practices to follow to keep Your devices secure? Changes to this Privacy Policy Severability and Exclusion Changes Log Important Notice: 1. If You are having suicidal thoughts or planning to act on suicidal thoughts, or if You feel that You may be a danger to Yourself or to others, or if You otherwise have any medical or mental health emergency or severe mental health condition, or if You are in a crisis or trauma or abuse, please discontinue use of the Service immediately and call the relevant emergency number in Your country and notify the police or emergency medical Services. For example, You can find Your country-specific suicide emergency number at: Suicide.org - Suicide Prevention, Awareness, and Support 2. If You are less than 18 years of age, please read through the Wysa Privacy Policy and the Wysa Terms of Service with Your parent or legal guardian or check with Your Institution to understand eligibility before use. Wysa is not to be used by children under 13 years. 3. We do not require any personal identifiers or sensitive data hence we do not ask for it. You have the option to limit sharing of Your Personal data (such as full name, date of birth, contact numbers, address, financial identifiers, government-provided identifiers) or Your medical-related data or any other sensitive data (such as religious or political opinions, financial data) when You use the Wysa App and Services. 4. Your interaction with the Wysa Bot is with an AI chatbot and not a human. The Bot is restricted in the means of response, and the intended use is for providing evidence-based tools and techniques to manage emotions and encourage mental well-being in a self-help context. It is not intended for providing diagnosis, treatment or cure of a condition or disease. The Bot cannot and will not offer advice on issues it does not recognize. 5. The Wysa Well-being Coach Service will use text-based messaging to apply motivational interviewing and life coaching to help You work towards Your personal well-being goals. The Service will focus on building wellness and emotional resilience. The underlying principle of the Well-being Coach Service is that You have the knowledge and capacity to make desired changes in Your life. The role that a Well-being Coach will play is to support You in finding Your own way, help You tap into Your own strengths and abilities, so that You can identify and use resources around You to fill any gaps. 6. The Wysa Therapist Service is also a text-based messaging service. It will use person-centered supportive listening, motivational interviewing and CBT principles to help You to take control of Your mental and emotional well-being. Wysa Therapists will draw on various evidence-based techniques to provide empathetic and non-judgmental support. The Wysa Therapist will listen to Your worries empathetically, promote positivity and support You in making successful lifestyle changes, so that You can manage Your situation better and build emotional resilience. 7. Wysa Well-being Coach and Wysa Therapist services are not intended to be a replacement for face-to-face psychotherapy or to provide a diagnosis, prognosis, treatment or cure for a disease/condition/disorder or disability or provide any type of state-regulated mental health services in Your country of residence. It is an enabling and empowering mode of support, rather than treatment of illness or a health condition. 8. By using the Wysa Well-being Coach or Wysa Therapist Services, You understand and agree that the Coach assigned to work with You will be located remotely and may not be located in Your country or state of residence. 9. Wysa Bot and Wysa Well-being Coaches and Wysa Therapists cannot and will not offer medical or clinical advice. In case You mention the need for such advice, they will suggest that You seek advanced (medical) help. 10. We take great pains to keep Your conversations private and secure as outlined here. You can also keep Your conversations private and device secure by following the best practices outlined here of the Privacy Policy. 11. For safety and security reasons, We strongly recommend that You keep Your conversations with Wysa App private. We strongly recommend that You set automatic update of the Wysa App in the application manager settings of Your mobile device. to get the latest Wysa App-based features and fixes. Always exit the Wysa App version in Your mobile device by using the back button before upgrading to a newer version to prevent loss of ongoing or previous conversations. Changes in v3.2.0 | Apr 19, 2021 Updates <ul> <li> Additional clarity on handling data where Wysa App is integrated with Your Institution system </li> <li> Additional clarity on use of minimal and anonymous conversation messages for improving performance of Bot algorithms </li> <li> Additional information around security controls and alignment to ISO 27001: 2013 and ISO 27701: 2019 global standards </li> <li> Additional clarity on anonymized and minimal data shared with third parties </li> </ul> Removed <ul> <li> Video Call- based experimental Coach/therapist Service has been currently discontinued. Section “What do we process when You use the Video Call Service?” removed </li> </ul> You can read the full list of changes in the Changes Log Introduction Welcome to Wysa App, the mobile and online service of Touchkin eServices Private Limited (hereinafter “Touchkin”, “Wysa”, “We”, “Us”, or “Our”). When you as a Data Subject (“User”, or “You/r”) use Touchkin’s Services, You trust us with Your Data. This Privacy Policy governs Your use of the mobile or web browser based software application either on the wysa website or integrated within an Institution website (hereinafter the “Wysa App” or “Mobile Software”) created by Touchkin and also covers Your use of Our Website, other websites maintained by Us. This Privacy Policy along with Wysa Terms of Service constitutes a legal agreement between You and Touchkin. This Privacy Policy (“Policy” or “Privacy Policy”) has been drafted in accordance with the Information Technology Act, 2000, the Information Technology (Reasonable security practices and procedures and sensitive personal data or data) Rules, 2011, including (but not limited to) requirements within General Data Protection Regulation (GDPR) (EU) 2016/679 regulation, the UK-GDPR and where applicable the Health Insurance Portability and Accountability Act (collectively referred to as “Data Protection Laws”). For the purposes of processing Your data, Touchkin eServices Private Limited, the makers of Wysa App will act as the Data Controller. Touchkin is a private limited company, incorporated and existing under the laws of India and having its registered office at No. 532, "Manjusha", First Floor, 2nd main, 16th Cross, II stage, Indiranagar, Bengaluru, KA 560038 IN. What does this Privacy Policy apply to? This Privacy Policy applies to the data You provide Us when You Use the Wysa App and Service. The mobile-based and/or web browser based AI chatbot service, digital premium service, Well-being Coach Service and the Therapist Service provided via Wysa App are collectively referred to as the "Service(s)". This Privacy Policy is meant to help You understand what data We collect, why We collect it, what We do with it, how You can manage and control the Use of Your data and the rights You have to access and control Your Personal data. Please read the definitions in the next section to understand the terminologies used in this Privacy Policy. We will always respect and protect Your privacy, and this forms a part of Our guiding principles. We have policies and procedures in place to protect the privacy and security of Your Personal data. Your trust means a lot to Us. Wysa does not request Your Personal Data. If You inadvertently submit any Personal data then, We will process it with Your data basis this Agreement and will take reasonable measures to irreversibly redact any Personal Identifiable Information within 24 hours in Our system as described here . Please do not share any Personal data at any time during Your Use of Our Services. Your data is secured with strong encryption during transmission and storage. Your use of the Wysa App will be governed by this Privacy Policy as applicable to the Wysa App together with all policies, notices, guidelines, disclaimers that are published and shared with You from time to time including but not limited to Wysa Terms of Service. Users may request additional Services from Touchkin or Touchkin affiliates. Because the needs and choices of each User may vary, We may provide separate privacy policies or addendums to this Privacy Policy for certain additional Services. Any applicable separate privacy policies and addendums will explain the types of data We collect, their purposes of Use and other policies that may apply to that Service. When You choose to Use an additional Service, You may be informed of the applicable privacy policy or addendum which applies in addition to, and may modify this Privacy Policy, before You can access the additional Service. Touchkin reserves the right to make changes to this Privacy Policy and to make such changes effective for all data We may already have collected from You. We will notify You via in-app notifications when We make any changes to the Privacy Policy. If the changes to the Privacy Policy include changes to the collection, storing or processing Your Personal information in a way that infringe into Your privacy, we will notify You clearly about the same and seek Your consent for the same where required by the applicable laws and regulations. Please note that by installing Wysa App, providing Your nickname and clicking the proceed arrow within the Wysa App, You acknowledge and consent to this Privacy Policy and Our Terms of Service. Definitions Anonymization is the process of removing personally identifiable data from data sets so that the person can no longer be identified directly or indirectly. Cookie is a small amount of data generated by a Website and saved by Your Web browser. Cookies are used to store User preferences for a specific site. Use of cookies makes Web- surfing easier. You may refuse to accept Cookies by activating the setting on Your browser which allows You to refuse the setting of Cookies. Data or Information under this Privacy Policy means Both Personal and Non-Personal data or information. Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Data Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller. Encryption is the process of transforming data into unreadable text so that it is only legible to those possessing an encryption key. The process of making encrypted data readable again is referred to as decryption. Personal data or Personal Information means data relating to an identified or identifiable natural person who can be directly or indirectly identified by reference to an identifier such as full name, identification numbers, location address, online identifier and other identifiers within the definitions of The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or data) Rules 2011, General Data Protection Regulation (GDPR) (EU) 2016/679 regulation and UK-GDPR. Personally identifiable information (PII) and Sensitive or Special Category of Personal data is covered within the definition of Personal Data. Pseudonymisation means the processing of Personal data in such a manner that the Personal data can no longer be attributed to a specific User without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the Personal data are not attributed to an identified or identifiable natural person. Non-Personal data or Non-Personal Information means any data that does not reveal Your specific identity either directly or indirectly. Sub-Processor/s is a processor who is sub-contracted some of the personal data processing. Web browser is a software program that allows User to access, retrieve and view data on the World Wide Web. Examples of browsers include Internet Explorer, Firefox, Google Chrome and Safari. What is Wysa App? The Wysa App is a virtual AI chatbot (“Bot” or “Wysa Bot”) that You can chat with, including upon Your choice, the ability to subscribe and to message a highly trained and qualified mental well-being professional (“Wysa Well-being Coach” or “Wysa Therapist”) or for Institution Users, to be able to use an institutional support mechanism integrated within the Wysa App, and through a conversational interface get access to tools and techniques to manage Your emotional well-being. The Wysa App is primarily available for both iOS and Android mobile systems and as a web browser based system either on the wysa website or integrated within an Institution website. Your Interaction with the Bot is with an artificial intelligence chatbot and not a human. The Bot is restricted in the means of response, and the intended usage of Wysa App is for providing evidence-based tools and techniques to manage emotions and encourage mental well-being as an early intervention tool in a self-help context. You make the choice of using the Bot, based on Your own estimate of need, and agree that this is only suitable for basic self-help. This is not intended to be a replacement for face-to-face psychotherapy or to provide a diagnosis, prognosis, treatment or cure for a disease/condition/disorder or disability. The Bot cannot and will not offer advice on issues it does not recognize. Using the Wysa App, You can track and manage Your mood, and learn context-sensitive evidence-based techniques that can help You feel better. Wysa App and Service is not intended for use in crisis such as abuse or complex or severe mental health conditions that causes for example. ideation of suicide, harm to self and others, or for any medical emergencies. Wysa App and Service cannot and will not offer medical or clinical advice. It can only suggest that the user seeks advanced (medical) help. Who can Use the Service? You may Use the Service only if You are a natural/legal person, agree to this Agreement and form a binding contract with Wysa, and only in compliance with all applicable local, state, national, and international laws, rules and regulations. If You are between 13 and 18 years of age, please read through this Wysa Privacy Policy and the Wysa Terms of Service with Your parent or legal guardian, and in such a case the Agreement shall be deemed to be a contract between Touchkin and Your legal guardian or parent and to the extent permissible under applicable laws, enforceable against You. Anyone under 13 is strictly prohibited from creating an account and/or Using the Service. If Your Institution specifies a different age restriction, such as at least 18 and above, as a condition of using this Service, that restriction shall apply rather than the one above. If You use the Wysa Well-being Coach or Wysa Therapist Service, You will be asked to provide a Parental or Legal Guardian consent if You reveal Your age to be between 13 and 18 years. You will be required to inform Your parents or legal guardian and have them send Us an email consent to wysa@touchkin.com or hello@wysa.ai, as directed by Your Wysa Well-being Coach or Wysa Therapist, using the same email ID that was used to subscribe to Our Service. Without receiving parental or legal guardian consent, We will be unable to offer Our full Services. If Your parents or legal guardian contact Us We will collect minimal Personal Information such as Your name, Your parents name, Your parent’s email address and the consent message. This data is securely stored in Our Google GSuite account with access to only authorized users. We have a signed Data Protection Addendum and Business Associate Agreement With GSuite. Your parental consent email will be retained within Our system for a maximum of 10 years since Your last subscription with Us and as per Our Information Retention Policy. We process Your data for our Legitimate Interest to provide You Our Wysa Well-being Coach or Wysa Therapist Service. We will not use Your Personal data for any Direct Marketing without Your Consent. We will not sell Your Personal data to any third party. Institution or other Consumer users Corporations, schools, universities, hospitals, insurance, government, and other organizations (“Institution(s)”) may introduce Wysa App to their employees and members. These Institutions may also replace certain Wysa Service(s) or integrate their own Services within the Wysa App (“Institution Version''). Such employees and members of Institutions are also User(s) of the Wysa App or the Institution Version of Wysa App (“Institution User(s)”). In such an event, these Institution(s) terms and their Privacy Policy shall also apply to Your Use of Wysa App and Services. In the event of any conflict with such additional terms and Privacy Policy, Wysa’s Agreement shall apply. Wysa App may carry links to material or Websites or Web Pages or Services managed by third parties on which the Institution and Touchkin may have no control, agreement or affiliation. Please refer to documentation including terms and Privacy Policy provided by such third parties before Using Your Institution Version. The Institution Version and its Services can only be accessed by authorized Institution User(s) after following installation and access instructions as shared by the Institution or their Service provider. What Data do We collect and how do We Use it? <ol> <li> How do We handle Your Personal Data? No identifiable information is solicited or stored in the Wysa app. As data is not related to an identifier or identifiable natural person, it will no longer be Personal data or Special Category of Personal data. There is no user registration nor are You asked to share Personal data when You install and use the Wysa App and Services.We collect, transfer and securely store the unique vendor specific ID provided by the Apple App Store or Android Play store when You install Wysa App on Your device. This is done for the purpose of generating a random pseudonymised user identifier. This pseudonymised identifier generated becomes the userId that is referred to for all subsequent data transfers and linking Your data within the Wysa databases. This processing is based on Our Legitimate Interest. Refer here to understand how we protect Your data. If Wysa App is integrated with Your Institution system, Your Institution may securely share a unique random user identifier with Us. This random identifier is processed by Us on behalf of Your Institution for the purpose of accurately linking You with Your provided data when You repeatedly access the Institution System and the Wysa App and to provide the agreed analytics with Your Institution. This processing will be based on Your Institutions contract with Us. If You inadvertently share any personal identifier such as full name, dates, locations, phone numbers, email identifiers or medical terms during Your conversation with the Wysa App and Services, it is Our responsibility to redact such personal identifiers to make the data non-personal. To ensure that no personal identifiers get stored in Our systems, We have developed a high recall AI-NLP algorithm that detects and irreversibly redacts identifiers, which include all numbers more than 2 digits, urls, emails, dates, locations, names and medicalized terms, from Our storage systems. Within 24 hours of starting Your session, Our algorithms will process Your data, detect any personal identifiers and irreversibly redact them. None of Your conversation messages will be lost, and only the specific personal identifier will be irreversibly redacted in Our systems. You can view such obfuscation in the Journey tab within the Wysa App. This obfuscation processing is based on Our Legitimate Interest. This is to ensure that no personal identifier and hence no Personal data inadvertently creeps into Our system and Wysa App is able to maintain complete anonymity. You can always write to Us at the contact provided here. if You want to clarify, rectify or delete specific personal data that You shared with Us. You can also read Your data protection rights here. You have the Right to be Forgotten. You can also, at any point of time, clear all Your provided data by using the “reset my data” feature available in the Wysa App settings. Refer here in our Policy for more details. DO NOTE THAT “RESET MY DATA” DELETES ALL YOUR SUBMITTED DATA INCLUDING YOUR IDENTIFIERS, PAST CONVERSATIONS, REMINDERS, ASSESSMENT RESPONSES AND ENABLED SETTINGS. POST RESET, YOU WILL NOT BE ABLE TO RECOVER YOUR PAST DATA AND YOU WILL BE CONSIDERED AS A NEW USER OF THE APP. HENCE, THIS FEATURE IS TO BE USED BY YOU AT YOUR DISCRETION. </li> <li> How do We handle Your conversation messages? When You Use the Wysa Bot Service, You provide Your messages by selecting pre-formatted options or by way of free-text using keypad or by speech to text. We collect, transmit and securely store Your messages in Our servers. We process Your messages in real-time using safe AI/NLP algorithms that detect the context and direct You appropriately to subsequent conversation based on a proprietary rule-based content engine. At no point during Your conversation with the Wysa Bot does another natural person have access to or get to monitor or respond to, Your messages. The Wysa App’s proprietary and closed rule-based algorithms process all Your messages for positive and negative sentiments. This is done to enable the Wysa App to empathetically converse with You, and personalize Your conversation. There is no solely automated processing done by the Wysa App to determine what You should do. You are always asked to verify whether the Wysa App has understood Your conversation or sentiment or emotions correctly, before proceeding down the conversational path. When You use the Wysa Well-being Coach or Wysa Therapist Service, You get to exchange text-based messages with a mental health and well-being professional. We collect, transmit and securely store these messages in Our servers. If You inadvertently send any Personal identifiers in Your messages, such identifiers are irreversibly hashed by Your Well-being Coach or Wysa Therapist during conversation. Processing of Your conversation messages is based on Our Agreement that You agree at the time of installing and using the Wysa App. Your data, messages or usage is not used for direct marketing nor is it sold to advertisers. We do not use the messages or the data You submit to Us as a way to generate revenue for Wysa. We do not collect any Personally Identifiable Information from You. At the same time, We do use anonymised and only the minimal data that is required to answer the research question for research and statistical purposes based on Our Legitimate Interest to improve Our Product and Services and contribute to the development of user-centered mental wellbeing best practices globally. The messages You send are strongly encrypted during transmission and storage. You can read more about the security provided here of this Privacy Policy. We also use anonymized and minimal conversation messages to tag, train and continually improve the performance of our rule-based AI/NLP algorithms. This processing is based on Our Legitimate Interest to provide the Bot Service and to keep improving and/or optimizing quality, safety and performance of Our Service. You have the Right to be Forgotten. You can also, at any point of time, clear all Your provided data by using the “reset my data” feature available in the Wysa App settings. Refer here in our Policy for more details. All the conversations You have with the Wysa App are private. No one within or outside of Touchkin has access to Your Data except to process based on Our Legitimate Interest as identified here and based on principles of privacy by design and default. We will do our best to irreversibly redact any Personally Identifiable data inadvertently submitted by You as per Our Legitimate Interest. </li> <li> How do we handle Your name? When You Use the Service, We will not ask for and will not require Your full name at any point of time during the conversation. After installation, We take You through a one time on-boarding process. Here We ask for only Your nickname . Processing of Your nickname is based on Our Agreement to help personalize Our conversation with You. We set character limits to prevent You from inadvertently submitting Your full name. ALWAYS USE NON-IDENTIFIABLE NICKNAME TO MAINTAIN COMPLETE ANONYMITY. You can change the nickname once provided to the Wysa App by typing #help and choosing “Change Name” from the slider displayed. </li> <li> Why do We ask about Your thoughts, feelings (emotions), mood, major event or life changes, goals, energy levels and safety plan? When You Use the Service, We may periodically ask You wellness-related information such as Your thoughts, feelings or emotions, mood, major events / changes in life, Your resilience goals and Your energy levels. Processing of Your response is based on Our Agreement and solely to provide You evidence-based tools and techniques to manage emotions and encourage mental well-being in a self-help context. We use Your anonymized and minimal wellness-related information for population-level research and statistical purposes as per Our Legitimate Interest (here of this Policy). When You use the Service, You may be given an option to create a Safety Plan to help You maintain a ready access of support resources and crisis helplines that You may want to access when in need. You may enter data such as life anchors, friendly places, support networks, warning signs, calming activities. Processing of Your data is based on Our Agreement and solely to provide You access to Your own Safety Plan for Your own care. Your data is strongly encrypted during transmission and is securely stored. Kindly refer Our Security safeguards and rights You can exercise here We will do our best to irreversibly redact any Personally Identifiable data inadvertently submitted by You as per Our Legitimate Interest. </li> <li> How do We handle Your responses to mental well-being screening assessments? When You Use the Service, You will be asked to respond to validated assessments. Response is voluntary and You can opt to not report any of the assessments. Wysa App currently Uses four validated assessment scales for understanding Your emotional Well-being namely Patient Health Questionnaire (PHQ9)- to self-report any symptoms of depression, the Generalized Anxiety Disorder Assessment (GAD7) - to self-report any symptoms of anxiety, and the Subjective Units of Distress Scale (SUDS)- to self-report the intensity of distress currently experienced. If Wysa App is integrated with Your Institution system, Your Institution may additionally share Your PHQ9 and GAD7 score, that Your Institution may collect, with Us. This screening data is processed by Us on behalf of Your Institution for the purpose of understanding Your emotional Well-being, providing You the necessary Well-being tools and techniques and to provide the agreed analytics with Your Institution. This processing will be based on Your Institutions contract with Us. You will also be asked to share how You cope with day to day activities as part of the assessments. Assessments are a proven way to baseline and track the progress of Your self-reported symptoms. Processing of Your assessment response is based on Our Agreement and used for the purpose of determining if escalation is required and to provide You access to scientific-evidence based tools and techniques to manage emotions and encourage mental well-being in a self-help context. YOUR RESPONSES TO THESE ASSESSMENT QUESTIONS ARE NOT PROCESSED TO FORM A DIAGNOSTIC OPINION NOR PROCESSED FOR ANY MEDICAL PURPOSES OR FOR GIVING CLINICAL ADVICE. We DO NOT collect or process Your sensitive medical data or Protected Health data (PHI), as defined under the US law, that can directly or indirectly Identify You. We use Your anonymized assessment scores for population-level research and statistical purposes as per Our Legitimate Interest (here of this Policy).We apply organizational and technical measures to endeavour to irreversibly redact any Personally Identifiable data inadvertently submitted by You as per Our Legitimate Interest. Your response is encrypted during transmission and is securely stored. YOUR PERSONAL DATA IS NEVER SHARED WITH A THIRD PARTY WITHOUT YOUR EXPLICIT CONSENT. </li> <li> What data do We collect when working with a Wysa Well-being Coach or Wysa Therapist? [This section applies only to the conversations with a Wysa Well-being Coach or Wysa Therapist. For some institutional versions of Wysa App, Wysa App may provide links to support from the institution’s EAP service or health provider, in which case their terms and Privacy Policy will apply.] When You use the Wysa Well-being Coach or Wysa Therapist Service, You get to exchange text-based messages with a mental health and well-being professional. We collect, transmit and securely store these messages in Our servers. Processing of Your conversation messages is based on Our Agreement that You agree at the time of installing and using the Wysa App. When You Use the Wysa Well-being Coach Service or the Wysa Therapist Service, You can schedule or reschedule a real-time text-based messaging session with Your assigned Coach or Therapist. We collect Your chosen session dates and time to confirm Your booking. Processing of Your device time zone is based on Our Agreement to calculate Your local date and time so that session bookings are accurately scheduled and for setting accurate session reminder notifications. At times, Wysa App may get Your local time wrong which could affect the session scheduling. PLEASE ALWAYS VERIFY YOUR LOCAL TIME DISPLAYED BY WYSA APP IN THE SESSION SCHEDULING SCREEN BEFORE PROCEEDING WITH BOOKING OF A SESSION. IF YOU NOTICE AN ERROR IN YOUR LOCAL TIME DISPLAYED, GO TO THE BOT MESSAGING INTERFACE AND TYPE #TIME TO CHANGE YOUR TIME. If You face any challenge changing Your local time or booking a session, kindly write to Us at the contact provided here. </li> <li> What do We process when You use SIRI or Google Assistant voice-based Service of Wysa? If You choose to use Apple’s SIRI or Google’s Assistant to invoke the Wysa Bot Service, You get the opportunity to talk to Wysa Bot. These services convert Your voice into text and pass this transcription to Wysa’s secure servers. We do not get access to Your voice patterns. No Personal data gets asked or collected during use of this Service. Please do not share Your Personal Information at any time during use of this Service. When You use SIRI, Apple may collect some Identifiers and Information from You to provide their service for which You are subject to Apple’s terms and conditions and Privacy Policy. You can read Apple’s Privacy Policy here. We do not access, receive or collect any identifiers and information that is collected by Apple. When You use Google Assistant, Google may collect some Identifiers and Information from You to provide their service for which You are subject to Google’s terms and conditions and Privacy Policy. You can read Google’s Privacy Policy here. We do not access, receive or collect any identifiers and information that is collected by Google. </li> <li> How do We handle Your Device data when You Use Our Service? When You Use the Service, We collect, securely encrypt and transfer and store the following data from Your mobile device: mobile application identifier, mobile operating system, OS version, device make and model. We process this data based on Our Legitimate Interest to detect and deter unauthorized or fraudulent Use of or abuse of the Service, to troubleshoot issues, for debugging app crashes and to optimize Your experience for e.g. to make sure the Wysa App is displayed correctly on Your phone, or Your usage settings are applied. Do We use Cookies? We do not use any Cookies and beacons within Our Wysa App. We use cookies and Web beacons on Our Website. These collect and process data such as browser type, browser language, Operating System, browser data including type and language settings along with the actions You take on Our Website (such as the Web pages viewed and the links clicked. This data is collected after taking required consent from the Users based on Our Cookie Policy. We do not share or sell Your provided data to any third party. Do We collect Passive Sensing data from Your mobile device? When You Use the Service, the Wysa App does not passively collect nor process any data from Your mobile device sensors, including accelerometer, ambient light readings and screen on/off readings and call logs. Do We process Your location data? Wysa App does not process Your Geolocation at a level that makes Your data personally identifiable. Wysa may infer Your location through Your timezone or other means at a country or state level to provide You appropriate resources. </li> <li> How do We use any Third Party Analytics tools and software? When You use the Service, Wysa App usage and system generated event data gets logged and sent to third-party operations and analytics tools such as Google Analytics, Facebook Analytics and Firebase via their secure API integrated within the Wysa App. No Personal Data is shared. Any event data sent to third party tools used for operations and analytics is designed to ensure that it is cryptic and does not create a medical or psychological profile of a user in the hands of the processor. These events do not contain any conversational data provided by You during Your use of the Service. We use random Firebase generated Identifiers of the User to send in-app and push notifications. Processing of events data is based on Our legitimate Interest to view Wysa App engagement and Operational performance to improve Our Service Quality, Safety and Performance. No direct advertising or direct marketing is performed both within and outside the app. However, to measure the effectiveness of our social media or other marketing campaigns, We may install third-party modules (Google Analytics, Facebook Analytics, Firebase and branch.io) within the Wysa App to help Us understand Service performance based on User use. This helps us make improvements to Our Service experience for Our Users. Event data from these modules is sent to third-party operations and analytics tools such as Google Analytics,Facebook Analytics and Firebase via their secure API integrated within the Wysa App. No Personal data is shared. These events do not contain any conversational data provided by You during Your use of the Service. Processing of events data is based on Our Legitimate Interest to view Wysa App engagement and Operational performance to improve Our Service Quality, Safety and Performance. You have the right to object to the above processing. Please read here on Your rights. Apart from the App-pushed events, the third party tool APIs also may automatically collect some non-personal events. Google Analytics automatically collected events can be found here . The use of Google Analytics is governed by Google Data Policy and Data Safeguards . Facebook Analytics automatically collected events can be found here and here. The use of Facebook Analytics is governed by Facebook Data Policy and Terms of Service. Firebase automatically collected events can be found here. The use of Firebase is governed by Firebase Terms of Service, Use Policy and Crashlytics Terms of Service. Our Website is hosted on Strikingly, a third party Web management and analytics platform. Strikingly helps Us collect Your Website visit and usage data for the purposes of analytics and improve Your experience on our Website. The Use of Strikingly is governed by Strikingly’s Terms of Service, Privacy and Cookie Policy and GDPR Compliance Statement. We use Branch.io to provide deeplink service for Our Institution Users, that helps provide direct access to Wysa App and Services and is governed by branch.io’s Terms of Service, Privacy Policy and Security &amp. GDPR Compliance. We have a signed Data Processing Agreement (DPA) with Branch.io. We use Mailgun to send confirmation messages to new users who subscribe to Our Services based on Our promotions on Facebook, Google and Instagram. We transmit Your email ID to Mailgun for this processing, but do not store Your email IDs in Touchkin servers. The services provided by Mailgun are based on their Terms of Service, Privacy Policy and Security &amp. GDPR Compliance. We have a signed Data Processing Agreement (DPA) with Mailgun. </li> <li> What additional data do We collect from Institution Users? By using the code or link provided by the institution, You are identifying Yourself as being a part of the cohort supported by the institution. Your Institution may also get access to your aggregated and minimal usage data for their analytic and research purposes basis the consent given by You to Your Institution. We may collect Your Country, Division and in some cases Your City to provide aggregated analytics. We do not share Your Personal conversational messages with the institution. Any inadvertent personal identifiers provided by You are removed prior to aggregation and sharing of any analytics with the institution. This processing of data of Institution cohorts is based on the contract between the Institution and Touchkin. </li> <li> How do We handle Your App password? Wysa App does not use any passwords. For Your privacy and security, You are advised to set Your own Wysa App PIN to protect unauthorized access of Your conversation messages. Your mobile device screen password is Your PIN. To extend Your device password, use the "Set Lock " feature under Wysa App settings. You can also remove Your PIN Using the ‘Remove Lock” option under settings. The PIN that You Use is personal to You, and You are responsible for maintaining the confidentiality and security of Your PIN. PLEASE KEEP YOUR PIN SAFE AND DO NOT SHARE IT WITH ANYONE. The PIN You set remains in Your device and is not collected, transmitted and stored in Our servers. </li> <li> What do We do with Your feedback and ratings? When You Use the Service, You have an option send Your feedback from within the Wysa App and through Our Website. to the Wysa App.Feedback can be given using the Feedback feature provided in the Wysa App setting. Personal data, if any provided in Your privately shared feedback messages, will be manually redacted before any processing of Your feedback. We will always take Your explicit consent before revealing Your nickname or name for social proof purposes. If You contact Us from Our Website “Contact Us”, We will collect minimal Personal Information provided by You such as Your name, Your email address, and Your message along with Your Consent. This data is securely stored in Our Google GSuite account with access to only authorized users. We have a signed Data Processing Agreement and Business Associate Agreement With GSuite. We will Use this data to address Your requests to provide You support and to improve Our Services. Your Email will be retained within Our system for a maximum of 10 years since last correspondence as per Our Information Retention Policy. We process Your data for our Legitimate Interest. We will not use Your Personal data for any Direct Marketing without Your Consent. We will not share or sell Your personal data to any third party. If You have subscribed to the Well-being Coach Service or Wysa Therapist Service, We will collect anonymous feedback post Your sessions. Processing Your anonymous feedback and rating is based on Our Agreement and used by Us to improve the product and Your Service quality, safety and performance. AS A BEST PRACTICE, IT IS ADVISED THAT YOU TAKE ADEQUATE PRECAUTIONS TO NOT SHARE YOUR SENSITIVE HEALTH OR PERSONAL DATA WHILE GIVING FEEDBACK OVER EMAIL NETWORKS. </li> <li> How do We handle notifications or reminders? When You Use the Service, You have the option to activate or deactivate push notifications or reminders in Your Wysa App settings. The Wysa App will ask Your preference for the time of day to receive notifications and will confirm Your local time to ensure reminders get sent as per Your preference. You can cancel or restrict notifications at any time by invoking help function (type #help) or from Your Wysa App settings.If You use the Coach or Therapist Service, You also have the option and convenience to save Wysa Session reminders to Your calendar management software in Your mobile device. Processing of Your notifications is based on Our Legitimate Interest to send Service information and reminders that help improve Wysa App engagement. WE WILL NOT SEND ANY MARKETING MESSAGES WITHOUT YOUR CONSENT. ANY MESSAGING SENT WITH YOUR CONSENT WILL ALWAYS GIVE YOU AN OPTION TO UNSUBSCRIBE FROM RECEIVING SUCH MESSAGES OR NOTIFICATIONS IN THE FUTURE. </li> <li> How do We handle Your age-range related data? When You Use the Wysa Bot Service, You have the option to provide an age-range (Under 20, 20-30, 30-45, Above 45) during Your conversation. Processing of this age-range data is based on Our Agreement and to understand the age profile of Our Users and to help provide them access to tools and techniques or provide other operational Information relevant to their age range. WE DO NOT ASK, COLLECT OR PROCESS YOUR SPECIFIC AGE OR DATE OF BIRTH AT ANY TIME DURING YOUR USE OF THE SERVICE. </li> <li> How do We handle User Incident support? Touchkin has an Incident Management Policy that guides all our User Issue and Incident management support. There may be occasions where You wish to contact Us to seek support or to complain about any of Our Services.If You contact Us directly in Our Email, either via Our Apps or Website, We will collect minimal Personal Information such as Your name, Your email address, Your phone number (if You provide), subscription receipts, as well as, where required, data about Your mobile device or personal computer such as device type, and OS type. This data is securely stored in Our Google GSuite account with access to only authorized users. We have a signed Data Processing Agreement and Business Associate Agreement With GSuite. We will Use this data to address and investigate the issues or requests You have forwarded to Us, to provide You support and to improve Our customer support Service. Your Email will be retained within Our system for a maximum of 10 years since last correspondence as per Our Information Retention Policy. We process Your data for our Legitimate Interest. We will not use Your Personal data for any Direct Marketing without Your Consent. We will not share or sell Your personal data to any third party. Your issues or complaints or requests about Wysa App and Services are taken very seriously. You will need to send an email request from Your Google or Apple email ID to wysa@touchkin.com or hello@wysa.ai. We will respond to Your complaints within 3 business days. Some of Your complaints may take longer to resolve. We will continuously provide You with an update until Your complaints are satisfactorily resolved. </li> <li> How do We handle data provided during promotions and surveys? We do not promote offers of third party services as a part of the in-app experience. From time-to-time, we send out in-app or push notifications to share discounts and new releases in the Wysa App. These are shared only with existing users for Existing Services. Processing of Your Non-Personal data such as Nickname, Timezone, App usage to send such notifications is based on Our Legitimate Interest and to provide You with Service discounts and improve Your experience of the Wysa App. If You choose to participate in a Wysa promotional event on social media or elsewhere outside of the Wysa App, You may be asked to opt-in to complete a survey questionnaire. Your voluntary submissions including Your personal data such as email address will be processed only for the following purposes - to send You additional data about the programme, to enrol or on-board You to the programme and to correspond with You on programme related matters. Your survey submission will never be linked to Your Wysa app account and hence Your Wysa App conversations and activities will never identify You. Your submissions will reside in a secure and private storage area operated within the Wysa G-suite account and managed by Google Forms (G-Suite security can be read at here ). The Wysa G-Suite account is also protected by a multi-factor secure authentication system. You can opt out at any time from the programmes by sending Us an email request from Your Google or Apple email ID to hello@wysa.ai to delete Your personal data or to discontinue receiving any further communication on this matter. On receipt of Your email, We will verify and remove only the specific Personal data as requested by You, within 72 hours of receiving the request. YOUR SUBMISSIONS WILL NEVER BE SHARED WITH A THIRD PARTY. </li> <li> How do We handle Your Payment data when You subscribe to Our Services? [For some institutional versions of Wysa App, Wysa App may provide links to support from the institution’s EAP service or health provider, in which case their terms and Privacy Policy will apply.] If You choose to purchase or Use a fee-based Service and pay for such Service by means of in-app purchases via iTunes or Google Play, We do not collect, retain and store Your personal, financial and credit/debit card data. This is because Your card settlements including card and personal details will be handled by appropriate third-party payment agencies. We do not not collect any personal data from the play stores post-purchase. Only the payment confirmation and subscription details get collected from the play store and processed (collect, transmit and store) by Us. Processing of this data is for Our Legitimate Interest to support You for any payment or subscription related requests, issues or clarifications. </li> <li> What do We process when You follow Us on Instagram You have the option to follow Us in Instagram Using Your Instagram account by going to Wysa App settings. You can set up an Instagram account, if You do not own one and follow Us at @wysa_buddy. WE DO NOT ASSOCIATE YOUR INSTAGRAM ACCOUNT WITH YOUR WYSA APP ACCOUNT. </li> <li> What data do We process for the purposes of Our Legitimate Interest? We Use Legitimate Interest basis to process Your data in a way which might reasonably be expected as part of running Our business and which does not materially impact Your rights, freedom or interest. When providing Our Services, We may process Your data based on Our Legitimate Interest for the following purposes. <ul> <li>To create a pseudonymized random user identifier from Apple App Store or Android Play store identifier. </li> <li>To do our best to irreversibly redact any Personally Identifiable data inadvertently submitted by You;</li> <li>To monitor, detect and deter unauthorized or fraudulent Use of or abuse of the Service;</li> <li>For Uses and disclosures required by law;</li> <li>For disclosures for judicial and administrative proceedings;</li> <li>For disclosures for law enforcement purposes;</li> <li>For Uses and disclosures for public health reporting purposes;</li> <li>For Uses and disclosures to avert a serious threat to health or safety to You, Us, or others;</li> <li>For improving and/or optimizing Our Service quality, safety and performance;</li> <li>To enable Us to troubleshoot and provide customer support, and to respond effectively to Your inquiries and claims;</li> <li>For purposes of research and statistical analysis;</li> <li>For sending limited in-app and push notifications such as service information, service reminders and service promotions;</li> <li> For purposes of servicing You towards Wysa’s Gift Card program. </li> <li>To allow migration of Your Wysa app data when You change Your mobile device;</li> <li>To accurately and positively identify Your Personal data at Your request when exercising Your data protection rights;</li> </ul> You have the right to object to any of the above processing. Please read here on Your rights. </li> <li> What do We process when You use the Android speech-to-text feature? During Use of Wysa App, You may get an opportunity to talk with the Bot apart from typing. For Android phone Users of Our Service, You will need to give permission to activate Your device Mic to speak to the Bot. On Mic activation, the Google Android provided Speech Software Development Kit (SDK)/API within Your smartphone device gets initiated. The Android SDK/API converts Your speech to text and displays the text in Your chat. The converted text data is securely transferred to Our secure servers. We do not get access nor collect nor store Your voice data in Our servers. No Personal data gets asked during use of this Service. Please do not share Your Personal or sensitive Information at any time during use of this Service. The Mic is deactivated when You stop speaking and will not be always listening. The lawful basis for processing of Your transcribed text is governed by this Agreement. The processing of Your voice for the purpose of converting to text is performed by Android SDK/API which is governed by Google’s Terms and Condition and Privacy Policy. Google may collect some Identifiers and Information from You to provide their service for which You are subject to Google’s terms and conditions and Privacy Policy. You can read Google’s Privacy Policy here. We do not access, receive or collect any identifiers and information that is collected by Google. PLEASE SPEAK CLOSE TO THE DEVICE MICROPHONE FOR IMPROVED TRANSLATION. If you accidentally submitted any Personal Information, please write to us for any rectification at the contact provided here. The same Android SDK/API playback the BOT message for You. PLEASE ENSURE YOUR MOBILE DEVICE VOLUME IS KEPT IN OPTIMAL LISTENING MODE. Please note that You may experience some performance issues if You have low internet speeds. You have the Right to be Forgotten. You can also, at any point of time, clear all Your provided data by using the “reset my data” feature available in the Wysa App settings. Refer here in our Policy for more details. </li> <li> How do We handle Your data when used for Research purposes? We use minimal non-longitudinal data for research and statistical analysis purposes and towards peer-reviewed publications. This data is completely anonymized by way of de- identification using non-identifying one-way cryptographic functions prior to use. Here, the pseudonymized user identifiers are deidentified so as to completely anonymize Your data. As a policy, we never use Your entire longitudinal conversation messages, provided either to the Bot or to Our Coach/Therapist, for research. If at all, We only use limited PII redacted conversation message data collected at random and specific bot endpoints for research and statistical analysis. Any research performed by Our Coach/Therapist on Your provided data during Coach/Therapist Service, is based on informed consent taken from You. For research conducted by independent researchers or Institutions, only aggregated and minimal de-identified data of the research participant is shared basis Your consent and approval received by the researcher or Institutions from their Institutional Review Board (IRBs). We sign a Collaboration and Data Sharing Agreement with the researcher or Institution which includes data protection clauses before sharing any de-identified aggregate data. You can always write to us at wysa@touchkin.com or hello@wysa.ai to restrict processing of Your data for Research purposes. </li> <li> What data do we process as part of Gift Card purchase? When You purchase a “Gift Card” from Us, You will be asked by the payment gateway to provide Your email address and phone number for the purpose of creating a payment account, payment processing and verification. Payment Processing and verification is based on payment gateway’s Terms of Service and Privacy policy. The Payment security practices followed by the Payment Gateway is outlined here and their Responsible Disclosure Policy . On successful payment confirmation from the payment gateway, We will issue the Gift codes on the payment completion screen, which You can then forward to the Recipient to avail Gift Card services as per Wysa Terms of Service. Your card settlements including payment card and personal details will be handled by the payment gateway provider as per their Terms and Privacy Policy. Your Personal Information including Card details will not be collected or stored at Our end. Only the payment confirmation, such as Order Identifier, receipts, gets collected from the Payment Gateway provider and processed (collect, transmit and store) by Us. Processing of this data is for Our Legitimate Interest to support You for any payment related requests, issues or clarifications. If You have any questions regarding Your Gift Card please write to us at wysa@touchkin.com or hello@wysa.ai. </li> <li> What additional processing is performed? There is no additional or different processing performed beyond the purpose for which Your data was collected as mentioned here from a to v. If there is any additional or different purpose for processing we will always inform these transparently to You by mentioning it in this Privacy Policy. We will notify You when we make a change in Our policy. Please read this Privacy Policy from time to time. </li> </ol> How does Touchkin protect Your data? To fulfil Our commitment to respecting and protecting Your privacy and the confidentiality of Your Personal data, Touchkin has implemented industry-standard security safeguards to prevent unauthorized access or disclosure, misuse, alteration or destruction of Your data. More specifically, We will comply with all applicable data protection and security laws in order to assure confidentiality, availability, integrity, privacy and security of Your data. We do not ask for any User registration or account profile creation during the setup of the app. We collect, transfer and securely store the vendor specific ID provided by the Apple App Store or Android Play store when You install Wysa App on Your device. This is done for the purpose of generating a random pseudonymised user identifier. This pseudonymised identifier generated becomes the userId that is referred to for all subsequent data transfers and linking within the Wysa databases. All Your data is encrypted by strong AES-256 protocols and securely stored. This processing is based on Our Legitimate Interest. You always have the Right to be Forgotten. You can at any point of time, clear all Your provided data including all identifiers by Using the “reset my data” feature available in the Wysa App settings. Refer here in our Policy for more details. Inadvertently collected personal data may be transferred outside the country before being automatically detected and irreversibly redacted in 24 hours. All data transmitted from Your mobile device to Our servers are encrypted using strong TLS protocols via Secure Socket Layer (SSL). Data is transmitted to Our secure database servers using TLS and Salted Challenge Response Authentication Mechanism (SCRAM) and encrypted at-rest using AES-256 protocols. Our Infrastructure is managed by MongoDB ATLAS and Amazon Web Services (AWS). Both MongoDB and AWS are industry leaders in the provision of hosting Services. You can find out more about AWS GDPR compliant security program and controls here. We operate Our databases on Mongodb Atlas to provide secure storage with end-to-end encryption. You can find out more about Mongodb Atlas GDPR compliant security program and controls here and here. Access to stored data is protected by multi-layered security controls including firewalls, role-based access controls, Multi-factor authentications and strong password policies. We carry out technical, privacy and security due-diligence before finalizing and signing agreement with sub-processors. We have a rigorous hiring process including reference checks for all employees, subcontractors and consultants. All Wysa staff members directly interacting with the user and building the product have to complete the basic GDPR and HIPAA awareness training at the time of joining the company. We have information privacy and security policies aligned to ISO 27001: 2013 (ISMS) and ISO 27701: 2019 (PIMS) global standards and have put procedures in place that provide for adequate security controls. Twice a year we conduct Vulnerability Assessment and Penetration testing (VAPT) of our Apps and Infrastructure to ensure no vulnerabilities exist in our Information System. On an annual basis we conduct an internal security audit to ensure compliance to Our policies and procedures. Because no method of electronic transmission or method of data storage is perfect or impenetrable, We cannot guarantee that Your data will be absolutely safe from intrusion during transmission or while stored in Our systems. To help protect Your privacy and confidentiality of Your data, We also need to ask for Your cooperation regarding the following: Please do not copy and transmit Your chat conversations, well-being data and/or Personal data with other people. Also, please notify at the contact information provided here, in the event You suspect any unauthorized Use of Your account or any other breach of security. Where is Your data transmitted and stored? To provide the Service in a reliable and responsible manner, Touchkin stores all Your data on secure Virtual Private Cloud servers physically located in the USA. All communication between the processing and storage Virtual Private Cloud servers are established over secure Virtual Private Cloud peering networks. We have taken appropriate safeguards by contracting with our sub-processors, MongoDB and AWS which includes standard contractual clauses approved by the European Union (EU) data protection authorities. How long do We retain Your data including Personal data? Inadvertently received personal data from the Wysa app will be in the system for a maximum of 24 hours before being processed for irreversible redaction as outlined here. Touchkin retains Your data with appropriate redactions of any potential personal identifiable information.for the length of time needed to fulfil the Agreement or to fulfil any of the applicable purposes mentioned as Our Legitimate Interest, or to comply with requirements of applicable Data Protection or consumer Laws. We may retain Your data with appropriate redactions of any potential personal identifiable information. even after Your subscription ends if retention is reasonably necessary. This could be in situations where We need to comply with applicable Data Protection or consumer Laws, or on request of a returning subscriber, or to provide and complete customer support Service, or to detect and deter unauthorized or fraudulent Use of or abuse of the Service. Where not specified we retain Your data for a maximum of 10 years since receipt and as per our Information Retention policies. You have the Right to be Forgotten. You can also, at any point of time, clear all Your provided data by Using the “reset my data” feature available in the Wysa App settings. Refer here in our Policy for more details. Does Touchkin Use 3rd party Service providers or agents? To facilitate and provide You with the Service, it sometimes is necessary for Touchkin to request third party service providers or agents to help Us process and/or store Your data. We strictly evaluate the Service providers and agents, and We make every effort to ensure that they have established appropriate and secure data administrative, organizational and security control of their systems, and We strictly require that they comply with confidentiality and non-disclosure obligations and applicable laws and regulations including relevant Data Protection Laws. We also require that they access Your data only to the extent necessary to perform tasks on Our behalf. WE COMPLY WITH DATA PROTECTION LAWS BY HOLDING AGREEMENTS WHICH INCLUDES DATA PROCESSING ADDENDUM (DPA) WITH ALL OUR 3RD PARTY DATA SUB-PROCESSORS. IN OUR ROLE AS A DATA CONTROLLER OR AS A BUSINESS ASSOCIATE. WHERE APPLICABLE, WE ALSO HAVE SIGNED BUSINESS ASSOCIATE AGREEMENT (BAA) TO COMPLY WITH HIPAA REQUIREMENTS. Both Our 3rd party data sub-processors (MongoDB and AWS) get periodically audited by independent auditors for platform security, privacy and compliance controls. Some of the Compliance includes ISO27K, SOC2 Type II, FIPS 140-2. Does Touchkin share Your data with third parties? Other than as described in this Privacy Policy and, where relevant, other applicable privacy policies or addendums, Touchkin will never provide Your conversational data to any third parties without Your explicit consent, unless We believe in good faith that We are required or permitted to do so under applicable contracts and laws, or to protect and defend Touchkin’s rights and/or property. We do not collect any Personally Identifiable Information from You. At the same time, We do use anonymised and only the minimal data that is required to answer the research question for research and statistical purposes based on Our Legitimate Interest to improve Our product and contribute to the development of user-centered mental wellbeing best practices globally. We also use third parties to tag and/or translate anonymized and only minimal conversation messages to continually improve the performance of our rule-based AI/NLP algorithms based on Our Legitimate Interest to provide the Bot Service and to keep improving and/or optimizing Our Service quality, safety and performance. As required by Data Protection Laws and as per the Non-Disclosure agreements executed with data sub-processors, third-parties, health psychologists and well-being Coaches and research partners, they are required to protect the data shared with them and are required to keep Your data private and secure. In the future, if We are involved in the transaction of a merger, acquisition, sale of assets, business reorganization, bankruptcy, We may sell, transfer or otherwise share some or all of Our assets which may include Your data. However, in such an event of sale or transfer, We shall reasonably ensure that Your data collected and stored by the Us is stored and Used by the transferee in a manner that is consistent with this Privacy Policy. Any such third party to whom We transfer shall have the right to continue to Use the data that You provide to Us or collected by Us immediately prior to such transfer or sale. On completion of the sale or transfer, the Privacy Policy of the third party shall apply with respect to Your data. To stay updated about such business transactions, please read this Privacy Policy from time to time. What are Your data protection rights? You have certain rights under the Data Protection Laws in relation to Your Personal data. Any inadvertently obtained Personal data is auto-redacted within 24 hours in Our systems. Beyond that, for the non-personal data held by Us We do provide You the following rights. We have tried to make it as easy as possible for You to have control over Your data. To exercise any of Your rights, You will need to send an email request from Your Google or Apple email ID to the contact information provided here. Please note that We may require to verify You before responding to any requests to exercise Your rights. We may also limit Your individual rights requests (a) where denial of access is required or authorized by law. (b) when granting access would have a negative impact on other's privacy. (c) to protect our rights and properties. or (d) where the request is unjustified or excessive. Right to rectification and Right to restrict processing You will need to send an email request with reasons from Your Google or Apple email ID to the contact information provided here at any time to rectify or restrict processing of Your data basis the Agreement. Touchkin will provide You with a request form that You will need to fill and submit back to Us via email. After verifying You and examining Your request, We will respond to You over email on the action decided and/or taken within one calendar month from verification. We may at times be unable to address Your request, if We are unable to correctly identify You. Right to object You have the right to object to processing of Your data only for the purposes listed here, basis Our Legitimate Interest, by sending Us an email request with reasons from Your Google or Apple email ID to the contact information provided here. After verifying You and examining Your request, We will respond to You over email with our decision and/or action taken within one calendar month of receipt of request. We may at times be unable to address Your request, if We are unable to correctly identify You. Right of access You always have the access to view Your latest conversations with the Bot or view Your older conversation messages within the Journey tab of the Wysa App. All Your sessions with a Wysa Well-being Coach or Wysa Therapist are also accessible through the Coach or Therapist tab within the Wysa App. Due to limited functionality within the Web browser based Wysa App, You may not be able to view Your past conversations with the Bot. If You want to access Your past conversations, You will need to send Us an email request to the contact information provided here. After verifying You and examining Your request, We will respond to You over email on the action decided and/or taken within one calendar month from verification. We may at times be unable to address Your request, if We are unable to correctly identify You. IF YOU EXERCISE YOUR RIGHT TO BE FORGOTTEN AND RESET YOUR DATA, YOU WILL LOSE THE RIGHT TO ACCESS YOUR DATA AS IT WILL BE PERMANENTLY DELETED.. You can also access your other Personal data collected such as vendor specific ID provided by the App/Play store, mobile operating system, OS version, device make and model.You will need to send an email request with reasons from Your Google or Apple email ID to the contact information provided here. at any time, if You have any further questions around access to Your Personal data. Touchkin will provide You with a request form that You will need to fill and submit back to Us via email. After verifying You and examining Your request, We will respond to You over email on the action decided and/or taken within one calendar month from verification. We may at times be unable to address Your request, if We are unable to correctly identify You. Right to data portability If You replaced Your mobile device that had the Wysa App installed and You are a paid subscriber of Our Services, You can place a request along with Your subscription receipt and the reasons to transfer Your data from Your older device to Your replaced mobile device. If You are not a paid subscriber, We will need to accurately verify You, before we can process Your request. You can also place a request to receive a digital copy of Your data in a machine readable format. We may charge You a small fee for this Service. You will need to send an email request with reasons from Your Google or Apple email ID to the contact information provided here. After verifying You and examining Your request, We will respond to You over email with our decision and/or action taken within one calendar month from verification. We may at times be unable to address Your request, if We are unable to correctly identify You. Right to Erasure or Right to be Forgotten When You Use the Service, You have the option to reset Your data in the Wysa App by using the “Reset my data” feature in the Wysa App settings. Reset my data, automatically without any manual intervention, clears all Your conversation messages, clears Your completed tools, clears reminders or any enabled settings or activities and well-being-related assessment responses. Your identifiers will be permanently redacted from Our Database. YOU CANNOT REVERSE OR RECOVER YOUR PAST DATA POST A RESET. You will need to send an email request with reasons from Your Google or Apple email ID to the contact information provided here, if You have any further questions around Your right to be forgotten. After verifying You and examining Your request, We will respond to You over email on the action decided and/or taken within one calendar month from verification. We may at times be unable to address Your request, if We are unable to correctly identify You. Right to authorize and unauthorize Your data with Your Well-being Coach or Therapist [This section applies only to the conversations with a Wysa Well-being Coach or Wysa Therapist. For some institutional versions of Wysa App, Wysa App may provide links to support from the institution’s EAP service or health provider, in which case their terms and Privacy Policy will apply.] When You Use the Wysa Well-being Coach Service or Wysa Therapist Service, You have the option to either share or stop sharing access to specific data with the Wysa Well-being Coach or Wysa Therapist. Data that can be shared includes assessment scores and activity with the Bot. This feature can be activated or deactivated at any time during Your conversation by Using the “Authorize/Unauthorize Well-being Coach” feature in the Wysa App settings. You can also opt-in or opt-out of sharing your Wysa Bot messages with Your Coach or Therapist by typing #sharechat in the Wysa Bot. Do California residents have specific privacy rights? This section provides additional disclosures required by the California Consumer Privacy Act (or “CCPA”). California law permits Users who are California residents to request and obtain from Us once a year, free of charge, a list of the third parties to whom We have disclosed their Personal data (if any) for direct marketing purposes in the prior calendar year, as well as the type of Personal data disclosed to those parties. Please note that Wysa does not share or sell Personal data You may provide when using Our Service with third parties for direct marketing purposes as a matter of policy. Subject to certain limitations and exceptions, California based Users can still write to Us at the contact information provided here to know more details about specific pieces of personal information they would have shared, to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights After verifying You and examining Your request, We will respond to You over email on the action decided and/or taken within 45 calendar days from verification. We may at times be unable to address Your request, if We are unable to correctly identify You or due to any of the limitations and exceptions provided within CCPA. What are the controls for Do-Not-Track features? Do Not Track (“DNT”) is a privacy preference that Users can set in certain web browsers. We do not respond to DNT signals transmitted by web browsers. Right to Breach notification In addition to the right to request disclosures of Your data specified in the Right to access above, We will notify You as required by Data Protection Laws if there has been a breach of the security of Your identifiable Personal data within 72 hours of breach confirmation. Concerns and Complaints If You have any concerns or grievances about this Privacy Policy You will need to send an email request from Your Google or Apple email ID to wysa@touchkin.com or hello@wysa.ai with Attn. to our Data Protection Compliance Officer Mr. Vinod Subramanian and Our Co-founder Mr. Ramakant Vempati. We will respond to You within 48 hours and help resolve Your concerns or complaints. If You are not satisfied with Our resolution, You have the right to complain to a Data Protection supervisory authority in Your country or state of residence. We will fully cooperate with the supervisory authority. Contact details for Data Protection Authorities in the EU are available here. Can children under 13 use Wysa App? The Wysa App is intended for a general audience and is not directed to or intended to be Used by children under the age of thirteen (13) years. We understand the special necessity to protect children's privacy on Wysa App, and We do not knowingly collect any Personal data from children. If, however, as a legal Parent or guardian, You believe We have collected any Personal data of Your child, then You will need to send an email request from Your Google or Apple email ID to the contact information provided here. After verifying You and examining Your request, We will respond to You over email on the action decided and/or taken within one calendar month from verification. We may at times be unable to address Your request, if We are unable to correctly identify the User. If We have inadvertently collected Personal data from Your child, We will deactivate the relevant account(s) upon identification and will take reasonable measures to promptly delete such Personal data from Our records. Please be responsible and do not share or Use Your credit/debit card or other payment instrument with Your child to make any in-app purchase. Who can You contact for additional questions, comments or concerns? For any product, services, subscription, technical or payment-related issues, please contact Us from Your Google or Apple email ID to wysa@touchkin.com or hello@wysa.ai with Your questions. Our mail address for all communication is: Touchkin eServices Private Limited 1st Floor, Manjusha, No 532 16th Cross, 2nd Main Road, 2nd Stage Indiranagar, Bengaluru, 560038 Karnataka - INDIA Can Non-English speaking users use the Wysa App? The Wysa App has been built and is currently provided only for English language users. To ensure wider reach, Touchkin will, in the near future, launch Wysa in other international languages. We will keep You updated of this development. What are some Best Practices to follow to keep Your devices secure? You are also responsible for helping to protect the security of Your Personal data. You are responsible for maintaining the security of any personal computing device on which You utilize the Services. US Federal Trade Commission (FTC) publishes information for Users on how to secure Your personal data and devices. These can be found at the following public link. FTC - How to Keep Your Personal Information Secure Touchkin strongly believes in security and safety of data in Your mobile device. As a responsible Service provider, We therefore like to share important device based security data for Your attention. These have been sourced from US FTC best practices and guidelines. Always refer back to the US FTC link provided above for more details and future security updates. <ul> <li>Always lock Your mobile screen by setting a password. Use strong passwords and keep passwords private.</li> <li>Always extend Your mobile screen password to set a Wysa App PIN to keep Your conversations with Wysa App private.</li> <li>Always keep Your mobile operating system up-to-date.</li> <li>Enable remote access of Your devices to enable You to locate and control Your devices remotely in the event Your device gets stolen.</li> <li>Install anti-virus software to protect against virus attacks and infections </li> <li>Avoid phishing emails. Do not open files, click on links or download programs from an unknown source.</li> <li>Be wise about Using Wi-Fi. Before You send Personal and sensitive data over Your laptop or mobile device on a public wireless network in a coffee shop, library, airport, hotel, or other public place, see if Your data will be protected.</li> </ul> Changes to this Privacy Policy We may modify Our Privacy Policy from time to time for various reasons including to improve Our privacy practices, to ensure Our Users Right to be Informed, to reflect changes to Our Service, and to comply with relevant laws. If and when this policy is changed, We will post the new notice on our Website and Wysa App and notify You through an in-app notification automatically or as otherwise required by relevant law. It is Your responsibility to check Our Website and Wysa App periodically for updates or changes to Our policy. We encourage You to review changes carefully. If the changes to the Privacy Policy include changes to the collection, storing or processing Your Personal information in a way that infringe into your privacy, we will notify you clearly about the same and seek your consent for the same where required by the applicable laws and regulations. If You agree to the changes, then please continue to Use Our Service. If You, however, do not agree to any of the changes and You no longer wish to Use Our Service, You may choose to unsubscribe Service or uninstall Our App. Continuing to Use Our Service after a notice of change has been communicated to You or published on Our Service constitutes Your acceptance of changes and consent to the modified Privacy Policy. Severability and Exclusion We have taken every effort to ensure that this Privacy Policy adheres with the applicable laws, including Data Protection Laws. The invalidity or unenforceability of any part of this Privacy Policy shall not prejudice or affect the validity or enforceability of the remainder of this Privacy Policy. This Privacy Policy does not apply to any data other than the data collected by Touchkin while providing the Services. Changes Log v3.2.0 | Apr 19, 2021 Updates <ul> <li> Additional clarity on handling data where Wysa App is integrated with Your Institution system </li> <li> Additional clarity on use of minimal and anonymous conversation messages for improving performance of Bot algorithms </li> <li> Additional information around security controls and alignment to ISO 27001: 2013 and ISO 27701: 2019 global standards </li> <li> Additional clarity on anonymized and minimal data shared with third parties </li> </ul> Removed <ul> <li> Video Call- based experimental Coach/therapist Service has been currently discontinued. Section “What do we process when You use the Video Call Service?” removed </li> </ul> v3.1.0 | Feb 10, 2021 Updates <ul> <li> Additional clarity on the retention of data. </li> <li> Additional data processed from Institution users in section “What additional data do We collect from Institution Users?” </li> </ul> v3.0.0 | Feb 03, 2021 Overall <ul> <li>An overall review and necessary updates were made to align Privacy Policy to ISO/IEC 27001:2013 (Information Security Management System) and ISO/IEC 27701:2019 (Privacy Information Management System). </li> </ul> Additions <ul> <li> Included “For purposes of servicing You towards Wysa’s Gift Card program” as a Legitimate Interest basis. </li> <li> Three new subsections added at the end of “What Data do We collect and how do We Use it?” <ol> <li>What do we process when You use the Video Call Service? (experimental service for android users only)</li> <li>How do We handle Your data when used for Research purposes?</li> <li>What data do we process as part of Gift Card purchase?</li> </ol> </li> </ul> Updates <ul> <li> Included details on use of branch.io and mailgun third party analytics software services. </li> <li> UK GDPR mentioned as another regulation requirement for this Privacy Policy. </li> <li> Additional items included in “Definition” Section. </li> <li> Additional clarity on need for parental consent for those between 13 and 18 years in “Who can use the Service” Section. </li> <li> Updated link to Wysa Cookie Policy in “Do we use Cookies?” Section. </li> <li> Additional clarity on the retention of data </li> <li> Additional clarity on “Do California residents have specific privacy rights?” </li> <li> Additional clarity on “What are the controls for Do-Not-Track features?” </li> <li> Additional clarity on changes to privacy policy </li> </ul> Removed <ul> <li> Section “Governing Law and Dispute Resolution” to align with EU GDPR laws </li> </ul>