Better by Bowhead Health Privacy Policy

(Last updated 01.10.2022)

We have written our privacy policy to explain to you how and why we process your personal and health data when you use the Better by Bowhead Health app, how we keep it secure, and what rights you have. You can find a concise and easy-to-read summary in the first section, and our full contact information is at the end. (For a description of our services and terms of use, please see our Terms of Service.)

  1. In short, what you should know about us

    1. Our mission: to help you optimize your health and decentralize health data collection.

      Bowhead is on a mission to empower people to take control of their health and to promote an open and decentralized healthcare data system. We will achieve this goal by building apps and products that give our users unique insights into their health and wellbeing while developing a collaborative data platform, where also medical and healthcare data scientists gain access to anonymized and aggregated health information, to the extent a users' explicit consent has been obtained.

    2. Our vision for data privacy: to give you full transparency and control over your data.

      Data privacy is what underpins our mission and for us, it means full transparency and freedom of choice. We will never sacrifice your privacy and our door will always be open if you have any questions or suggestions.

    3. Our technology: privacy-preserving smart contracts on the blockchain

      We believe that decentralized technologies such as smart contracts are the secret to build flexible, scalable, and extremely secure health data systems. All your personal and health information is stored in an encrypted Bowhead digital health wallet. It's like a digital vault that only you have access to. Your 12-word recovery phrase is unique to you. Make sure you keep it safe!

    4. Our three main reasons to process your personal data:

      1. To give you access to our app, improve it, and communicate with you, we collect non-personal and personal data that enable us to contact you, analyze how you use our products, and improve them. We do use a few third-party tools to help us with this task but we do not use them for any other purpose.

      2. To help you live better with our customized health insights, part of the service we provide is processing the health data that you choose to enter in the app. Because this data is extremely sensitive, we are encrypting it using one of the most secure encryption standards available before storing it on the blockchain.

      3. To advance scientific and medical research and ONLY if you have given us your explicit consent, we share your anonymized health data in an aggregated format with carefully selected researchers and data scientists. You can withdraw your consent to share your anonymized health data at any time in your app setting and we will stop using any data immediately

    5. Bowhead respects your rights

      Privacy is a fundamental human right and Bowhead firmly believes that. We will gladly assist you with any privacy request you may have regarding the use of our services. You can request information from us about the personal information we hold about you at any time, as well as their correction or their deletion or their transfer back to you or someone else. You can also withdraw your consent for sharing anonymous health information at any time.

  2. Our purposes to process your personal information

    At Bowhead, we want to help you take charge of your wellbeing. Our Better by Bowhead Health app has been designed to give you the insights you need to enhance your health and live better while making sure that you are always in control of your own data. We also believe in the power of digital health to supercharge scientific and medical research and change the healthcare sector for the better. We are building solutions to allow you to contribute to science and medical research on your own terms while remaining completely anonymous.

    As you can understand, data processing is at the heart of everything we do, and whenever you access or use the Better by Bowhead Health app, some personal and non-personal data is collected, stored, and analyzed using internal and third-party tools.

    Below are the purposes for which we process data, the type of data that is processed for each purpose, and the legal basis to do so:

    1. 2.1 To deliver our services, improve your experience, and communicate with you

      1. When you download and start using our app, we collect some personal and non-personal data automatically. We store it, use it, and transmit it to some third-party services that process it on our behalf. We do that to provide our services to you, to send you occasional informational and promotional messages as well as reminders to your smartphone via in-app messages and push notifications, improve the performance of our services, deliver you a personalized experience, address customer support issues, and fix bugs.

      2. Here are the types of data we collect to deliver our services, improve your experience, and communicate with you:

        • IP address: We collect IP addresses provided by your browser or mobile device to deliver the service to your device. We only use the IP address to determine your approximate location for analytics purposes and regulatory compliance in different countries. Your IP address may also be used for customer support operations, more specifically to route your technical support request to the appropriate support representative.

        • Technical data: This data informs us about the device you use to access our services, such as the model, name and identifiers, device settings, application identifier, and crash information. This information helps us to fix bugs, tailor our services to our users' devices and improve our services.

        • Event and usage data: Whenever you use the app, we are processing and analyzing data to understand your usage of it —e.g., which features you use regularly or which button in the app you click on. This information is used as aggregate data to better understand which features are the most relevant or useful to our users as a whole and to communicate with you about relevant and timely information and promotional content.

        • Profile and Content Data: Profile data includes your purchases or orders, your interests, preferences, feedback, and survey responses. Content data includes information stored on your device, login information, photos, videos, or other digital content that you make available to the Bowhead community when you upload to your profile.

        • Contact and Financial Data: Contact data includes billing and shipping addresses, email addresses, and telephone numbers. Financial data includes bank account and payment card details.

        • Transaction Data: Transaction data on the blockchain may include details about health and habit logging, payments to and from you, and other details of products and services you have purchased from us and when you obtain, transfer, or exchange (whether or not for value) Bowhead Tokens.

    2. 2.2 To help you live better with our customized health insights

      1. The data you track in the app about your health and activities is considered sensitive personal data. Bowhead does not store it without your explicit permission. It is only when you give us your explicit consent by creating an account that we start storing all health and sensitive data you track in your Bowhead digital health wallet.

      2. Bowhead uses this data to provide our services to you. For our European users, your personal data for account creation is processed based on Art 6, section 1(b) GDPR. The legal basis for the processing of your health data is your consent in accordance with Art 9 GDPR. You can find a detailed explanation of what you consent to when creating an account with Bowhead in Section 5 of our Privacy Policy.

      3. Here are the types of data we collect and process when you create an account and we deliver customized health insights:

        • Personal data used for account creation: We need some of your personal data, such as a username and date of birth, to create your Bowhead account.

        • Health and sensitive data: We store health data, such as your body measurements, and symptoms or events you choose to track in the app (e.g. water intake, energy levels, hours of sleep, meditation, stool, migraines, or medicine intake).

    3. 2.3 To contribute to scientific and medical research thanks to your anonymous health data

      1. Bowhead believes that digital health has the power to radically transform the way the healthcare sector conducts its research and development activities. Studying population health on a large scale and in real-time is now possible and it can be done ethically, where people have freely chosen to actively participate in scientific and medical research with their anonymous data and are fairly compensated for their contribution.

      2. The usage of your personal health data for scientific research purposes is based on your explicit consent. For our European users, the legal basis to process your personal health data is Art 9 GDPR. You can withdraw your consent to share your anonymized health data at any time in your app setting and we will stop sending any data immediately.

      3. Here is the type of data we use when you give your explicit consent to participate in scientific and medical research in the app.

      4. Anonymous health and sensitive data: your health data (as described in section 2.2) is first encrypted and stored in IPFS. It is then anonymized following a stringent process that includes the removal or obfuscation of any information that could be used to identify you and saves it in a smart contract that stores it in an immutable ledger. The anonymized data is then shared with participating research institutions, where it is aggregated with other anonymized data before researchers start analyzing it.

      5. We need to reiterate that we will only share your encrypted and anonymous health information if you give your explicit and informed consent to it. We will never use it without your informed consent, we will never compromise your anonymity and we will never sell your personal information.

  3. Data security

    1. Data security is a core part of Bowhead's identity and has been driving our technology choices from the start. We follow security best practices and have implemented appropriate physical, organizational, contractual, and technological security measures to secure your personal data and protect it from loss or theft, unauthorized access, disclosure, copying, use, or modification. However, while we strive to keep your data secure, you should be aware of the many information security risks that exist and take appropriate steps to keep your phone and your information safe.

    2. Here are a few security facts about Bowhead that we want to know.

      • Your data is safe in a Bowhead digital health wallet

        The Bowhead digital health wallet is a foundational component of our services and it has been created both to always give you full control of your own data and to give you peace of mind when it comes to its security. When you store your personal data in a digital health Bowhead wallet, it is virtually shielded from anyone but you, because it is encrypted using one of the most secure encryption standards available, the AES-256 algorithm.

      • Our main security tip: treat your 12-word recovery phrase with care

        You might have noticed that we do not require you to create a password at account creation. That is because passwords are notoriously insecure. At Bowhead we use what is called a 12-words recovery phrase. It will keep your account protected from hacking, as it is virtually uncrackable! However, you must be very careful with it. Write down, store, and backup your 12-word recovery phrase. If you lose it, we will not be able to recover your account since we do not have access to the decryption keys. We also strongly discourage you from printing it or making a screenshot. If your device or network is compromised, your 12-word recovery phrase might be exposed.

      • Always be careful, when you share your personal health information externally

        Our app allows you to conveniently share your personal health information with your family, friends, or healthcare providers, in the form of a pdf report. Please be mindful of how you share information and who you share it with, as you are solely responsible for it. We recommend using our QR-code-based sharing functionality that allows you to share your data with healthcare providers using end-to-end encryption with 2 Factor Authentication, rather than sending the report in a message or unencrypted e-mail.

      • We never keep your personal data for longer than we need to.

        We will keep your personal data for no longer than is necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements.

      • Security breaches

        We have procedures in place to deal with any suspected personal data breach. We will notify you and any applicable regulator of a suspected personal data breach where we are legally required to do so.

  4. Third-party services and international data transfers

    To provide you with all the features of the Better by Bowhead Health app, as well as ensuring that the app remains always available and performs all its functions as intended, we are using some services and tools provided to us by specialized third-party companies. We are very stringent in the way we select them and we only supply them with the information they need to perform their services for specified purposes and following our instructions exclusively.

    1. 4.1 Amazon Web Services / Microsoft Azure

      1. We use third-party cloud storage providers Amazon Web Services and Microsoft Azure to host our blockchain and the interplanetary file system (IPFS).

      2. We dynamically route your request to the most adequate availability zone, currently we have servers in the following locations:

        • Frankfurt, Germany

        • Dubai, UAE

        • Tokyo, Japan

        • Seoul, Korea

        • São Paulo, Brazil

        • North Virginia, USA

    2. 4.2 Firebase

      1. Bowhead uses Firebase, which is a suite of performance analysis and monitoring tools provided by Google LLC that allows us to monitor the overall performance and stability of our app, identify bugs and prioritize fixes. For this purpose, Firebase collects your IP address, device identifier, as well as event and usage data related to your use of the app. This data will be transferred to and stored on servers operated by Google, Inc.

      2. It is not possible to opt-out of Firebase as it is an essential tool that we require to provide a functioning app to you.

    3. 4.3 Shopify

      1. Our store is hosted on Shopify Inc., an online e-commerce platform allowing us to sell our products and services to you. Your contact and financial data are stored through Shopify's data storage, databases, and the general Shopify service.

      2. Please find Shopify's privacy policy here for more information.

    4. 4.4 Zendesk

      1. We use Zendesk to handle our customer support requests. Zendesk may automatically collect profile information included in support emails, as well as contextual information that may be useful to help with your support issue, such as browser and operating system information, when available.

      2. Please find Zendesk's privacy policy here.

    5. 4.5 About international data transfers

      1. Please note that we may send personal data outside of the country for purposes related to processing and storage by our third-party service providers. For example, we may have cloud storage providers with data storage facilities in the US, Canada, Europe, or other countries. Please note that the data transferred to such other jurisdiction is subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement, or regulatory agencies of such other country, according to the laws of such country.

  5. Your informed consent for the processing of your personal and health data

    When you create an account in the Better by Bowhead Health app, your personal data—including sensitive data and data related to your health—is stored on your device and is also stored and processed on our servers and published in our blockchain. By creating an account with Bowhead you explicitly consent to the following:

    1. Bowhead may store and process personal data you provide through creating an account and using the Better by Bowhead Health app for the purpose of providing our services to you and of improving our service features. Such services may include sending you relevant information, timely notifications, and reminders through the Better by Bowhead Health app, e.g. via in-app or push notification or to the email address you provided to us.

    2. The personal data you provide to Bowhead through the account creation process for the purpose of providing our services includes personal data you enter into the Better by Bowhead Health app, such as your account data (e.g. your username, gender, opt-out, and date of birth), and your health data, which may include your migraine and atopic dermatitis information (e.g. description of symptoms) and depending on the data you provide, it may also contain information about your general health (e.g. weight, water intake, energy levels, hours of sleep).

    3. You also agree that to improve the effectiveness of our advertising campaigns, we may process technical information about your app usage, such as the frequency of use and which of the content offerings from Bowhead you have used, in pseudonymized form.

    4. Only when you explicitly agree to it, Bowhead may use your personal and health data to create anonymized and encrypted sets of data for scientific and medical research purposes, which Bowhead makes available to its research partners and collaborators. This anonymized research data does not contain any information that would allow the research partner to identify you as an individual. You can withdraw your consent to the use of your anonymous health data for scientific and medical research purposes at any time.

    5. If you have given us one or more consents to the processing of your personal data, in particular for the processing of special categories of data as described above, all consents or separately granted consents can be withdrawn by you at any time with prospective effect only. To exercise your right of withdrawal, you must inform us of your decision to withdraw your consent by means of a clear declaration (e.g. a letter sent by post or e-mail) to the contacts mentioned above. If you make use of this option, we will immediately send you (e.g. by e-mail) a confirmation of receipt of such withdrawal.

    6. In the event of the withdrawal of your explicit consent, the processing of your data that has taken place up to that point remains lawful. Please note the withdrawal of your consent, your personal data might be processed further, insofar as this is legally permissible, e.g. for invoices or within the framework of statutory retention periods or in the event of legal disputes before courts or authorities.

  6. What your rights are and how to exercise them

    Privacy is the right to be free from unwarranted interference in your life, it is a fundamental human right and for us, it also includes data privacy, which is the right to control your personal information. Bowhead is committed to respecting your privacy rights and we will assist you to exercise any of the rights listed below:

    1. Right to confirmation and right of access: we will confirm if we are processing any of your personal data, which data we are processing, and for what purpose we are processing it, and we will help access it to the best of our abilities.

    2. Right to rectification:we will help you correct any of the data we have stored that you want to be rectified.

    3. Right to erasure: we will comply with your deletion request as far as legally possible, should you wish your personal data to be deleted

    4. Right to restriction of processing: Should you wish to restrict data processing, we will comply with your request as far as legally possible.

    5. Right of data portability: we will help you recover your information in a readable format

    6. Right to withdraw your consent: should you wish to revoke any previously granted consent, we will comply with your request. Please note however that withdrawing your consent does not work retroactively.

    7. Right not to be subjected to profiling or automated decision-making: Bowhead does not engage in any automated decision-making or profiling activities.

    If you reside in the EU or EEA

    You also have the right to submit complaints to the supervisory authority in your jurisdiction. A list of supervisory authorities in the EEA can be found here: https://edpb.europa.eu/about-edpb/board/members_en.

    If you are a California resident:

    The California Consumer Privacy Act permits you to request in writing a list of the categories of personal information relating to third parties to which Bowhead has disclosed personal information during the preceding year. To make such a request, please contact us at: privacy@bowheadhealth.com

  7. Minimum age requirement

    1. The better by Bowhead Health app and any of the services that we are offering are not intended for the collection of children's personal information and when children or young people under the age of 18 use our services, their personal data should not be collected.

    2. In the event we learn that we collected personal information from anyone under the age of 18, and do not have a parent or legal guardian's consent, we will delete that information as quickly as possible.

    3. If you are the parent or legal guardian of a child or young person under the age of 18 and you believe that we are processing their personal information inappropriately, do not hesitate to get in touch with us.

  8. Changes to this policy

    Bowhead reserves the right to change this Privacy Policy from time to time, to reflect changes in the law, our practices regarding data collection and use, the features of our services, or advances in technology. Please check this page periodically for changes. If we make any changes to this Privacy Policy that we consider to be material to your consent, we will notify you.

  9. Applicable law and responsibility for data processing

    Bowhead Health is a Canadian Company with a European office in Estonia.

    We are complying with all applicable privacy regulations and statutes currently in force, notably the Personal Information Protection and Electronic Documents Act ('PIPEDA') in Canada, the General Data Protection Regulation (GDPR) in the European Union, or the California Consumer Privacy Act (CCPA) in California, amongst others.

    We have also appointed a data protection officer to supervise our personal data processing-related activities and to respond to requests as required. Our DPO can be contacted at the following address: privacy@bowheadhealth.com

    Bowhead Health's head office details:

    Bowhead Health, Inc.

    210 Barrow Crescent

    K2L 2C7

    Kanata

    Canada

    Bowhead Health's head office details:

    Francisco Diaz-Mitoma

    Bowhead Health Europe OÜ

    Valgevase 11b-8

    Tallinn 10414

    Estonia

  10. Prevailing language

    Please note that the English version of this Privacy Policy is the original version of this Policy. In the event of inconsistency or discrepancy between the English version and any of the other linguistic versions of this policy, the English language version shall prevail. The most current version of this Privacy Policy is always available in English on our website.

Your data is precious (and it's yours).

At Bowhead, we understand that your personal and health information is your most treasured asset. We are asking for your explicit consent to collect and use your personal and health information before you start your journey with us. You can withdraw your consent at any time.

Our privacy policy has been written to give you complete transparency about the use of your information when you start tracking your health and habits in our app. In a nutshell, we only use your information to give you unique insights into your habits and wellness and we use the most secure technologies to do so. You can also consent to share your anonymous data for scientific research. But we will always ask you first and you can withdraw your consent at any time.

Please read our privacy policy and consent to the processing of your data to start your journey with us.