Privacy Policy

PRIVACY POLICY
Parkinson’s AI
Last updated: March 2025

────────────────────────────────────────────────────────────────

  1. WHO WE ARE

Parkinson’s AI (“we”, “us”, “our”) operates the website parkinly.co and the AI health companion service delivered via WhatsApp. We are committed to protecting your personal information and your right to privacy. If you have any questions about this policy, please contact us at privacy@parkinly.co.

────────────────────────────────────────────────────────────────

  1. WHAT INFORMATION WE COLLECT

We collect information you provide directly to us and information generated through your use of our service.

2.1 Information you provide

— Name and email address, when you sign up for our free guide or create an account.
— Health and medical information, including symptom logs, medication schedules, sleep data, exercise records, and therapy tracking data (such as Dr Constantini B1 Therapy dosing and titration details) that you share with the AI companion via WhatsApp.
— Payment information, processed securely by Stripe. We do not store your full card details on our servers.
— Communications you send to the AI companion via WhatsApp, including messages, questions, and health updates.
— Optional caregiver or family member contact details, if you choose to share access to your dashboard.

2.2 Information collected automatically

— Device type, operating system, and browser information when you visit our website.
— Usage data, including pages visited, time spent, and links clicked.
— IP address and approximate geographic location.

2.3 Information from third-party integrations

If you connect a wearable device or health app (such as Garmin, Apple Health, Oura, or similar services), we receive health and activity data from those platforms in accordance with the permissions you grant. We only access data that you explicitly authorise.

────────────────────────────────────────────────────────────────

  1. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

— To provide and improve the Parkinson’s AI service, including generating personalised health insights, symptom trends, medication reminders, exercise guidance, and research summaries.
— To deliver the AI companion experience via WhatsApp and respond to your messages in context.
— To send the free guide and other requested content to your email address.
— To send service-related communications, such as account updates, subscription confirmations, and important notices.
— To process payments for your subscription via Stripe.
— To analyse usage patterns and improve the quality and accuracy of our AI responses.
— To comply with legal obligations.

We do not use your health data for advertising, profiling for third-party commercial purposes, or any purpose other than providing and improving the service you have subscribed to.

────────────────────────────────────────────────────────────────

  1. LEGAL BASIS FOR PROCESSING (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal basis for collecting and using your personal information depends on the data concerned:

— Contract: processing your name, email, and payment information is necessary to provide the service you have subscribed to.
— Legitimate interests: we process usage and analytics data to improve our service, where doing so does not override your rights.
— Consent: we process your health data on the basis of your explicit consent, given when you sign up and begin using the AI companion. You may withdraw this consent at any time.
— Legal obligation: we may process your data to comply with applicable laws and regulations.

────────────────────────────────────────────────────────────────

  1. HEALTH DATA — SPECIAL CATEGORY DATA

Your health information is classified as special category data under the GDPR and is treated with the highest level of care. We process this data solely to deliver the personalised AI health companion service. We apply appropriate technical and organisational safeguards, including encryption of data at rest and in transit.

We never sell your health data. We never share your health data with advertisers, insurers, employers, or any third party for commercial purposes.

────────────────────────────────────────────────────────────────

  1. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information. We share your data only in the following limited circumstances:

— Service providers: we work with carefully selected third-party companies that process data on our behalf, including Stripe (payment processing), Brevo (email delivery), WhatsApp/Meta (message delivery infrastructure), and cloud hosting providers. These providers are contractually bound to process your data only as instructed by us and in accordance with this policy.
— Wearable and device integrations: when you connect third-party devices, data is shared with those platforms only as required to enable the integration you have authorised.
— Legal requirements: we may disclose your information if required by law, regulation, legal process, or governmental authority.
— Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.
— With your explicit consent: we may share your data with your named caregivers or medical professionals if you have specifically authorised this within the service.

────────────────────────────────────────────────────────────────

  1. DATA RETENTION

We retain your personal information for as long as your account is active or as needed to provide the service. If you cancel your subscription:

— Your account data is retained for 30 days, during which you may request a full export.
— After 30 days, your personal data is permanently deleted from our systems unless we are required by law to retain it.
— Anonymised and aggregated usage data, which cannot identify you, may be retained indefinitely for research and service improvement purposes.

────────────────────────────────────────────────────────────────

  1. DATA SECURITY

We take the security of your data seriously and implement industry-standard measures to protect it, including:

— End-to-end encryption for health data in transit.
— Encryption of sensitive data at rest.
— Strict access controls limiting which team members can access personal data.
— Regular security reviews and updates.

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

────────────────────────────────────────────────────────────────

  1. YOUR RIGHTS

Depending on your location, you may have the following rights regarding your personal data:

— Access: request a copy of the personal data we hold about you.
— Rectification: request correction of inaccurate or incomplete data.
— Erasure: request deletion of your personal data (“right to be forgotten”).
— Restriction: request that we restrict processing of your data in certain circumstances.
— Portability: request a machine-readable export of your data.
— Objection: object to processing based on legitimate interests.
— Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are in the EEA or UK and believe we have not addressed your concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

────────────────────────────────────────────────────────────────

  1. COOKIES

Our website uses essential cookies to ensure basic functionality. We do not use advertising or tracking cookies. We may use analytics cookies to understand how visitors interact with our site. You can control cookies through your browser settings at any time.

────────────────────────────────────────────────────────────────

  1. WHATSAPP AND META

Our AI companion operates through WhatsApp, a service owned by Meta Platforms, Inc. Messages sent via WhatsApp are subject to Meta’s own privacy policy and terms of service in addition to ours. We recommend reviewing Meta’s privacy policy at https://www.whatsapp.com/legal/privacy-policy. We access only the content of messages you send directly to the Parkinson’s AI companion account and do not access your broader WhatsApp conversations or contact list.

────────────────────────────────────────────────────────────────

  1. CHILDREN’S PRIVACY

Our service is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected information from a child under 16, please contact us immediately and we will delete it promptly.

────────────────────────────────────────────────────────────────

  1. INTERNATIONAL DATA TRANSFERS

Your data may be processed in countries outside your own, including countries that may not provide the same level of data protection as your home country. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your information.

────────────────────────────────────────────────────────────────

  1. MEDICAL DISCLAIMER

Parkinson’s AI is a wellness and information tool and is not a medical device. The information provided by the AI companion is for informational purposes only and does not constitute medical advice, diagnosis, or treatment. Always consult a qualified healthcare professional — including your neurologist or GP — before making decisions about your health, medications, or therapies. Do not disregard professional medical advice or delay seeking it based on anything the AI companion tells you.

────────────────────────────────────────────────────────────────

  1. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email and update the “Last updated” date at the top of this page. Your continued use of the service after changes are posted constitutes your acceptance of the revised policy.

────────────────────────────────────────────────────────────────

  1. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your data, please contact us:

Email: privacy@parkinly.co