This privacy policy has been compiled to better serve those who are concerned with how their “Personally Identifiable Information” (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect, or otherwise handle your Personally Identifiable Information in accordance with our website and applications.

“Clarity DTX” or “Clarity Digital Therapeutics” henceforth shall refer to Clarity Digital Therapeutics Inc. and any of its product offerings, including but not limited to: BPD Tracker, Lupus Tracker, Stool Tracker, Mood Tracker, Symptom Tracker, Medication Tracker, and all other health tracking applications published under Clarity Digital Therapeutics Inc.

For our complete data handling practices, including storage infrastructure and compliance details, please also review our Data Policy.

1. Health Data Collection: Comprehensive Disclosure

Our applications collect and process sensitive health data that you voluntarily enter or authorize us to import. The following is a comprehensive list of all health data types we access and collect:

1a. Data You Enter Directly

• Symptom tracking: Symptom severity scores (0-10 scale), symptom frequency, duration, triggers, and free-text notes describing your symptoms
• Medication records: Medication names, dosages, dosage units, schedules, adherence records (taken/missed/skipped), side effects, and refill dates
• Mood and mental health: Mood ratings (1-5 scale), mood tags, journal entries, and free-text reflections
• Sleep data: Sleep duration, bedtime, wake time, sleep quality ratings, sleep interruptions, and sleep notes
• Pain tracking: Pain intensity levels (0-10 scale), pain location (body map selections), pain type, and pain triggers
• Activity and exercise: Activity type, duration, intensity level, and exercise notes
• Diet and nutrition: Meal entries, food items, water intake, calorie counts, and dietary notes
• Vitals and measurements: Blood pressure (systolic/diastolic), heart rate, weight, body temperature, blood glucose, blood oxygen, respiratory rate, and custom measurements
• Clinical assessment scores: Validated questionnaire responses and computed scores, including PHQ-9 (depression), GAD-7 (anxiety), PSS (perceived stress), and other standardized clinical scales
• Lab results: Laboratory test names, values, reference ranges, and test dates
• Appointments: Doctor names, appointment dates, appointment notes, and follow-up items
• Photos: Photos of medications, meals, skin conditions, or other health-related images. These photos are stored locally on your device and are never uploaded to our servers.

1b. Data Imported from Health Platforms (with Your Permission)

• Apple Health (HealthKit): Steps, distance, heart rate, resting heart rate, sleep analysis, active energy burned, exercise minutes, weight, BMI, blood pressure, blood glucose, body temperature, respiratory rate, and blood oxygen saturation
• Google Health Connect: Steps, heart rate, sleep sessions, exercise sessions, weight, blood pressure, blood glucose, and body temperature
• Wearable devices: When you connect your account, data from Fitbit (steps, heart rate, sleep, activity), Garmin (steps, heart rate, stress, sleep, activity), and Oura (sleep stages, readiness score, activity) may be imported
• Apple Health Records (Clinical Records): If you choose to connect clinical records, we access FHIR R4 data including lab results, medication prescriptions, immunization records, allergy records, diagnosed conditions, and vital signs from clinical visits

1c. Data Generated Within the App

• PDF clinical reports: Summary reports generated from your tracked data, intended for sharing with your healthcare provider
• Trend calculations: Computed correlations, averages, and trend lines derived from your health entries
• Reminder schedules: Medication and tracking reminder times and configurations

1d. Account and Technical Data

• Account information: Email address, display name, and Apple ID or Google account identifier used during registration
• Purchase information: Subscription status and transaction identifiers processed through the Apple App Store or Google Play Store. We do not directly collect or store credit card numbers or payment details.
• Device data: Device model, operating system version, app version, and language/locale settings
• Usage data: App interaction events, session duration, and feature usage patterns (anonymized)
• Crash data: Error logs and stack traces for diagnosing app crashes (anonymized)

2. How We Use Your Health Data

Specifically, we use your health data for the following purposes:

• Display and organize your entries: To show your symptoms, medications, mood, sleep, and other tracked data within the app in a structured, accessible format
• Generate trends and correlations: To calculate and display charts showing how your symptoms, medications, and lifestyle factors relate to each other over time
• Produce PDF clinical reports: To generate summary reports that you can download and share with your healthcare provider at your discretion
• Send reminders: To deliver medication reminders, tracking reminders, and appointment reminders at times you configure
• Calculate clinical assessment scores: To compute scores for validated questionnaires (PHQ-9, GAD-7, and others) using published scoring formulas
• Provide data export: To allow you to export your data as CSV or PDF files at any time for your personal records
• Improve app stability: To analyze anonymized, aggregated usage patterns and crash reports so we can fix bugs and improve performance

We do not use your health data for advertising or marketing. We do not share your health data with third parties for their own purposes. We do not sell, rent, or trade your health data. We do not use your personal health data to train artificial intelligence or machine learning models.

3. When Do We Collect Information?

We collect information from you when you:

• Register an account or sign in to our app
• Enter health data, symptoms, medications, or other tracked information
• Grant permission to access Apple Health or Google Health Connect
• Connect a wearable device account (Fitbit, Garmin, or Oura)
• Make a purchase or manage your subscription
• Generate or export a clinical report
• Contact us for support
• Respond to a survey or marketing communication

4. How Do We Protect Your Information?

We implement a variety of security measures to maintain the safety of your personal information:

• Data in transit is encrypted using TLS (Transport Layer Security).
• Data at rest is encrypted on our servers using AES-256 encryption.
• Access to personal data is restricted to authorized personnel only.
• We conduct regular security reviews of our infrastructure and application code.
• Health data is stored separately from account identifiers where technically feasible.
• Photos and clinical records data are stored locally on your device and are not uploaded to our servers.

5. Data Retention

We retain your personal data only as long as necessary to provide our services. The following retention periods apply to each category of data:

• On-device health data: All health tracking data (symptoms, medications, mood, sleep, vitals, and other entries) is stored locally on your device. This data persists until you manually delete individual entries, use the “Delete All Data” option in Settings, or uninstall the app.
• Cloud backup data (if enabled): If you enable cloud sync, encrypted backups of your health data are retained on our servers for the duration of your active subscription plus 30 days after cancellation. After this period, cloud backup data is permanently deleted.
• Account data: Your email address, display name, and subscription status are retained for the duration of your account plus 90 days after you submit a deletion request. This 90-day window allows us to process the deletion fully and purge all backup copies.
• Crash and usage analytics: Anonymized crash logs and usage analytics are retained for 12 months, then automatically purged.
• Inactive accounts: Accounts that have been inactive for more than 24 months may be flagged for deletion. We will attempt to notify you via email before any data is removed.
• Aggregated data: De-identified, aggregated data used for statistical analysis or product improvement may be retained indefinitely, as it cannot be linked back to any individual user.
• Legal obligations: We may retain certain data for longer periods if required by applicable law, regulation, or legal proceedings.

How to Delete Your Data

You can delete all your data at any time using any of these methods:

• In-app deletion: Navigate to Settings > Privacy > Delete All Data within the app to permanently remove all your health data and account information.
• Email request: Send an email to [email protected] with the subject line “Data Deletion Request.” Include the email address associated with your account.
• Data export before deletion: Before deleting your data, you can export all your health records as CSV or PDF files from within the app. We recommend doing this so you retain a personal copy of your data.

Upon deletion, all personal data including health records, account information, and usage data will be permanently removed from our active systems within 30 days. Encrypted backups are purged within 90 days.

6. Third-Party Services and SDKs

Our applications use the following third-party services. Each service receives only the minimum data necessary for its specific function. None of these services receive your personal health data.

• RevenueCat (subscription management): Processes purchase receipts and subscription status only. Does not receive any health data.
• Datadog (crash reporting and monitoring): Processes anonymized error logs and performance metrics only. Does not receive any health data or personally identifiable information.
• Firebase Cloud Messaging (push notifications): Processes device tokens for delivering push notifications only. Does not receive any health data.
• Mixpanel (usage analytics): Processes anonymized app usage events (such as “user opened sleep tracker”) to help us understand which features are used. Does not receive any health data, symptom entries, medication names, or other personal health information.

All third-party service providers are contractually bound to process data only as instructed by us, maintain confidentiality, and not use the data for their own independent purposes.

7. Health Data Disclosure Summary

This section provides a consolidated summary of our health data practices for easy reference:

• Data accessed and collected: Symptom severity, medications, mood, sleep, pain, activity, diet, vitals, clinical assessments (PHQ-9, GAD-7), lab results, Apple Health data, Google Health Connect data, and wearable device data. See Section 1 for the full list.
• How data is used: Displaying entries, generating trends and correlations, producing PDF reports, sending reminders, calculating assessment scores, and enabling data export. See Section 2 for the full list.
• How long data is kept: On-device data persists until you delete it. Cloud backups are kept during your subscription plus 30 days. Account data is kept for 90 days after a deletion request. See Section 5 for full retention periods.
• No advertising use: Health data is never used for advertising, marketing, or targeted ads.
• No sale of data: Health data is never sold, rented, or traded to any third party.
• No AI training: Personal health data is never used to train AI or machine learning models.
• Limited sharing: Health data is not shared with third parties except cloud hosting providers (acting as data processors under strict contracts) or as required by law.

8. Apple Health and Google Health Connect Integration

Our applications integrate with Apple Health (HealthKit), Apple Health Records (Clinical Records), and Google Health Connect to provide a comprehensive view of your health data. This section discloses our specific practices regarding data accessed through these platform integrations, in compliance with Apple App Store Review Guidelines (Section 5.1.2 and 5.1.3) and Google Health Connect policies.

8a. Apple HealthKit Data

When you grant permission, we read the following data types from Apple HealthKit:

• Steps and distance walked or run
• Heart rate and resting heart rate
• Sleep analysis (time asleep, time in bed)
• Active energy burned and exercise minutes
• Weight and body mass index
• Blood pressure (systolic and diastolic)
• Blood glucose
• Body temperature
• Respiratory rate
• Blood oxygen saturation

We use this data solely to display health trends, correlate imported metrics with your self-reported symptoms and medications, and generate personal health reports within the app.

With your permission, we also write the following data back to Apple HealthKit: symptom severity scores, medication adherence records, and mood entries. This allows your self-tracked data to appear alongside other health metrics in the Apple Health app.

8b. Apple Health Records (Clinical Records)

If you choose to connect your clinical health records, we access data imported from participating healthcare institutions through Apple’s Clinical Records API (FHIR R4 standard). This may include:

• Laboratory test results
• Medication prescriptions and history
• Immunization records
• Allergy and intolerance records
• Diagnosed conditions and procedures
• Vital signs recorded during clinical visits

Clinical records data is used exclusively to help you correlate clinical findings with your self-reported symptoms, medications, and lifestyle factors. This data is stored locally on your device and is not uploaded to our servers. We do not modify, annotate, or write data back to your clinical health records.

8c. Google Health Connect (Android)

For Android users, we integrate with Google Health Connect to access similar health data types, including steps, heart rate, sleep, exercise, weight, blood pressure, blood glucose, and body temperature. The same privacy protections described in this section apply to data accessed through Google Health Connect. Data is read and written only with your explicit permission and is used solely for personal health tracking within the app.

8d. Health Platform Data Protection

The following protections apply to all data accessed through Apple HealthKit, Apple Health Records, and Google Health Connect:

• Local storage: Health platform data is stored on your device. Clinical records data is never uploaded to our servers.
• Encryption: All health data stored on the device is encrypted at rest using platform-provided encryption.
• No advertising: We do not use data from HealthKit, Clinical Records, or Health Connect for advertising, marketing, or use-based data mining, including by third parties.
• No sale of data: We do not sell, license, or trade any health platform data to any third party for any purpose.
• No third-party sharing without consent: Health platform data is not disclosed to third parties without your explicit consent, except where required by law.
• No unrelated use: Health platform data is used only to provide health tracking, trend analysis, and clinical correlation features within the app. It is not used for any purpose unrelated to your personal health management.
• No iCloud storage: Personal health information accessed through HealthKit or Clinical Records is not stored in iCloud.
• Data accuracy: We do not write false or inaccurate data into HealthKit or any other health management platform.

8e. Revoking Health Platform Access

You may revoke access to your health data at any time:

• Apple HealthKit and Health Records: Open the Settings app on your iPhone, tap Health, then tap Data Access & Devices, select the Clarity app, and disable the data types you wish to revoke.
• Google Health Connect: Open the Settings app on your Android device, tap Health Connect, select the Clarity app, and manage or revoke permissions.

Revoking access stops the app from reading new data from that platform. Data previously imported into the app remains available within the app until you delete it or delete your account.

9. Do We Use Cookies?

Our mobile applications do not use cookies. Our website may use essential cookies for basic functionality. We do not use cookies for tracking or advertising purposes.

You can choose to have your browser warn you each time a cookie is being sent, or you can choose to turn off all cookies through your browser settings.

10. Third-Party Disclosure

We do not sell, trade, or otherwise transfer your Personally Identifiable Information to outside parties. This does not include trusted third parties who assist us in operating our app and services, so long as those parties agree to keep this information confidential. These service providers act as data processors under our instruction and are contractually bound to:

• Process data only as instructed by us
• Maintain confidentiality and security of all data
• Not use personal information for their own independent purposes
• Delete or return data upon termination of the service agreement

We may also release information when its release is appropriate to comply with the law, enforce our policies, or protect ours or others’ rights, property, or safety.

11. Third-Party Links

Our app may contain links to external websites or services. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any third-party site you visit.

12. California Online Privacy Protection Act (CalOPPA)

According to CalOPPA, we agree to the following:

• Users can visit our site anonymously.
• A link to this privacy policy is available on our home page or on the first significant page after entering our website.
• Our Privacy Policy link includes the word “Privacy” and can be easily found on the page specified above.

Privacy Policy Changes: You will be notified of any privacy policy changes on our Privacy Policy page.

Changing Your Personal Information: You can change your personal information by logging in to your account within the app.

13. Do Not Track Signals

We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

We do not allow third-party behavioral tracking.

14. COPPA (Children’s Online Privacy Protection Act)

We do not specifically market to children under the age of 13 years old. Our apps are not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information promptly.

15. Fair Information Practices

In order to be in line with Fair Information Practices, we will take the following responsive action should a data breach occur:

• We will notify affected users via email within 7 business days of discovering the breach.
• We will notify affected users via in-app notification within 7 business days.
• We will provide details about what data was affected and steps users can take to protect themselves.

We also agree to the Individual Redress Principle, which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

16. Data Deletion Requests

In accordance with applicable data privacy laws, users have the right to request the deletion of their data. You can request data deletion through any of the following methods:

1. In-App Deletion: Navigate to Settings > Privacy > Delete All Data within the app to permanently remove all your health data and account information.
2. Email Request: Send an email to [email protected] with the subject line “Data Deletion Request.” Include the email address associated with your account.
3. Processing Time: Data deletion requests are processed within 30 days of receiving the request. You will receive a confirmation email once the request has been completed.

Upon deletion, all personal data including health records, account information, and usage data will be permanently removed from our active systems within 30 days. Encrypted backups are purged within 90 days.

17. User Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data (see Section 16).
• Data Portability: Request your data in a structured, commonly used format. You can export your data as CSV or PDF from within the app at any time.
• Withdraw Consent: Withdraw your consent to data processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Object: Object to processing of your personal data under certain circumstances.

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

18. CAN-SPAM Act

We collect your email address in order to send information, respond to inquiries, and/or other requests or questions.

To be in accordance with CAN-SPAM, we agree to the following:

• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, follow the instructions at the bottom of each email. We will promptly remove you from all correspondence.

19. International Data Transfers

Your data may be processed in Canada, the United States, or other jurisdictions where Clarity Digital Therapeutics Inc. or its service providers operate. We ensure appropriate safeguards are in place for cross-border data transfers, including compliance with applicable data protection regulations.

20. Changes to This Privacy Policy

We reserve the right to update this privacy policy at any time. When we do, we will revise the “Last Updated” date at the top of this page. We encourage you to review this privacy policy periodically to stay informed about how we are protecting your information. Continued use of our services after changes are posted constitutes acceptance of those changes.

21. Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below:

Clarity Digital Therapeutics Inc.
45 Karachi Drive
Markham, Ontario, Canada [email protected]

End User License Agreement (EULA)

IMPORTANT: PLEASE READ THIS LICENSE CAREFULLY BEFORE USING THIS SOFTWARE.

DISCLAIMER: This software is not a medical treatment. It is not a medical device and it does not provide any medical advice. It is intended for informational purposes only and comes with no warranty. Consult with your doctor if you are experiencing any symptoms of an illness. In an emergency, dial 911 or your local emergency number immediately.

1. License

By receiving, opening the file package, and/or using any Clarity Digital Therapeutics application (“Software”) containing this software, you agree that this End User License Agreement (EULA) is a legally binding and valid contract and agree to be bound by it. You agree to abide by the intellectual property laws and all of the terms and conditions of this Agreement.

Unless you have a different license agreement signed by Clarity Digital Therapeutics Inc., your use of the Software indicates your acceptance of this license agreement and warranty.

Subject to the terms of this Agreement, Clarity Digital Therapeutics Inc. grants to you a limited, non-exclusive, non-transferable license, without right to sub-license, to use the Software in accordance with this Agreement and any other written agreement with Clarity Digital Therapeutics Inc. Clarity Digital Therapeutics Inc. does not transfer the title of the Software to you; the license granted to you is not a sale. This agreement is a binding legal agreement between Clarity Digital Therapeutics Inc. and the purchasers or users of the Software.

If you do not agree to be bound by this agreement, remove the Software from your device now.

2. Distribution

The Software and the license herein granted shall not be copied, shared, distributed, re-sold, offered for re-sale, transferred, or sub-licensed in whole or in part except that you may make one copy for archive purposes only. For information about redistribution of the Software, contact Clarity Digital Therapeutics Inc.

3. User Agreement

3.1 Use

Your license to use the Software is limited to the number of licenses purchased by you. You shall not allow others to use, copy, or evaluate copies of the Software.

3.2 Use Restrictions

You shall use the Software in compliance with all applicable laws and not for any unlawful purpose. Without limiting the foregoing, use, display, or distribution of the Software together with material that is pornographic, racist, vulgar, obscene, defamatory, libelous, abusive, promoting hatred, discriminating, or displaying prejudice based on religion, ethnic heritage, race, sexual orientation, or age is strictly prohibited.

3.3 Copyright Restriction

This Software contains copyrighted material, trade secrets, and other proprietary material. You shall not, and shall not attempt to, modify, reverse engineer, disassemble, or decompile the Software. Nor can you create any derivative works or other works that are based upon or derived from the Software in whole or in part.

Copyright law and international copyright treaty provisions protect all parts of the Software, products, and services. No program, code, part, image, audio sample, or text may be copied or used in any way by the user except as intended within the bounds of the single user program. All rights not expressly granted hereunder are reserved for Clarity Digital Therapeutics Inc.

3.4 Limitation of Responsibility

You will indemnify, hold harmless, and defend Clarity Digital Therapeutics Inc., its employees, agents, and distributors against any and all claims, proceedings, demand, and costs resulting from or in any way connected with your use of the Software.

In no event (including, without limitation, in the event of negligence) will Clarity Digital Therapeutics Inc., its employees, agents, or distributors be liable for any consequential, incidental, indirect, special, or punitive damages whatsoever (including, without limitation, damages for loss of profits, loss of use, business interruption, loss of information or data, or pecuniary loss), in connection with or arising out of or related to this Agreement, the Software, or the use or inability to use the Software, whether based upon contract, tort, or any other theory including negligence.

Clarity Digital Therapeutics Inc.’s entire liability, without exception, is limited to the customer’s reimbursement of the purchase price of the Software (maximum being the lesser of the amount paid by you and the suggested retail price as listed by Clarity Digital Therapeutics Inc.) in exchange for the return of the product, all copies, registration papers and manuals, and all materials that constitute a transfer of license from the customer back to Clarity Digital Therapeutics Inc.

3.5 Warranties

Except as expressly stated in writing, Clarity Digital Therapeutics Inc. makes no representation or warranties in respect of this Software and expressly excludes all other warranties, expressed or implied, oral or written, including, without limitation, any implied warranties of merchantable quality or fitness for a particular purpose.

3.6 Governing Law

This Agreement shall be governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. You hereby irrevocably attorn and submit to the non-exclusive jurisdiction of the courts of Ontario, Canada. If any provision shall be considered unlawful, void, or otherwise unenforceable, then that provision shall be deemed severable from this License and not affect the validity and enforceability of any other provisions.

3.7 Termination

Any failure to comply with the terms and conditions of this Agreement will result in automatic and immediate termination of this license. Upon termination of this license granted herein for any reason, you agree to immediately cease use of the Software and destroy all copies of the Software supplied under this Agreement. The financial obligations incurred by you shall survive the expiration or termination of this license.

4. Disclaimer of Warranty

THIS SOFTWARE AND THE ACCOMPANYING FILES ARE PROVIDED “AS IS” AND WITHOUT WARRANTIES AS TO PERFORMANCE OR MERCHANTABILITY OR ANY OTHER WARRANTIES WHETHER EXPRESSED OR IMPLIED. THIS DISCLAIMER CONCERNS ALL FILES GENERATED AND EDITED BY THE SOFTWARE AS WELL.

5. Consent of Use of Data

You agree that Clarity Digital Therapeutics Inc. may collect and use information gathered in any manner as part of the product support services provided to you, if any, related to the Software. Clarity Digital Therapeutics Inc. may also use this information to provide notices to you which may be of use or interest to you. All data collection and use is subject to the Privacy Policy above.

Last updated: March 10, 2026