Privacy Policy

1. Introduction

Uniwell ("we," "us," or "our") is operated by Uniwell Technologies LLC, a company registered and headquartered in the United Arab Emirates. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Uniwell mobile application, website, Apple Watch companion app, and related services (collectively, the "Services").

This policy is drafted in compliance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "PDPL") and its implementing regulations, as well as applicable regulations issued by the UAE Data Office.

2. Data Controller

The data controller responsible for your personal data is:

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Account Information

• Full name, email address, and phone number
• Date of birth, gender, and profile photo
• Language preference and country of residence
• Account credentials (encrypted)

3.2 Health & Fitness Data

• Heart rate, blood oxygen (SpO2), ECG readings, and sleep data from Apple Watch and HealthKit
• Step count, calories burned, workout sessions, and GPS routes
• Meal photos and AI-generated nutritional analysis from our Meal Scanner feature
• Menstrual cycle data (Harmony Cycle feature)
• Weight, height, and body composition data
• Hydration intake records

3.3 Social & Communication Data

• Posts, comments, and stories shared in the community
• Voice and video call records (metadata only, not content)
• Waves rooms participation data
• Direct messages (end-to-end encrypted)

3.4 Device & Technical Data

• Device model, operating system, and app version
• IP address, browser type, and approximate location
• Push notification tokens
• Crash logs and performance analytics

4. Legal Basis for Processing

Under Article 5 of the PDPL, we process your personal data based on the following legal grounds:

• Consent: You explicitly consent to the collection and processing of your health data when you create an account and enable HealthKit integration. You may withdraw consent at any time.
• Contract Performance: Processing is necessary to provide you with the Services you have subscribed to, including personalized health insights and AI recommendations.
• Legitimate Interest: We process limited data for security, fraud prevention, and service improvement, where such interests do not override your rights.
• Legal Obligation: We may process data to comply with applicable UAE laws, court orders, or regulatory requirements.

5. How We Use Your Data

• To provide, maintain, and improve the Services, including personalized health dashboards and AI-powered insights
• To sync health data between your Apple Watch, iPhone, and our cloud infrastructure
• To generate AI-based meal analysis, fitness recommendations, and wellness scores
• To enable social features including community posts, Waves rooms, and video calls
• To send notifications about your health metrics, goals, and community activity
• To connect you with certified Pro Trainers and wellness professionals
• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations under UAE law

6. Sensitive Personal Data

Health and fitness data is classified as sensitive personal data under Article 7 of the PDPL. We process this data only with your explicit opt-in consent. You may revoke access to specific health categories at any time through your device settings or within the Uniwell app under Settings → Privacy → Health Data Permissions.

7. Data Sharing & Third Parties

We do not sell your personal data. We may share data with:

• Cloud Infrastructure: Microsoft Azure (UAE North region) for data hosting and AI processing
• AI Services: Azure OpenAI for health insights and meal analysis (anonymized where possible)
• Authentication: Apple Sign-In and Firebase Authentication
• Analytics: Aggregated, de-identified analytics for service improvement
• Legal Authorities: When required by UAE law, regulation, or valid court order

All third-party processors are bound by data processing agreements that comply with the PDPL.

8. Cross-Border Data Transfers

In accordance with Article 22 of the PDPL, we primarily store and process your data within the UAE (Azure UAE North region). Where cross-border transfers are necessary (e.g., for global AI model inference), we ensure adequate safeguards are in place as required by the UAE Data Office, including standard contractual clauses and adequacy assessments.

9. Data Retention

We retain your personal data for as long as your account is active and as necessary to provide the Services. Upon account deletion:

• Account and profile data is deleted within 30 days
• Health data is purged within 30 days
• Community content (posts, comments) is anonymized
• Certain data may be retained for up to 5 years to comply with UAE commercial and financial record-keeping requirements

10. Your Rights

Under the PDPL, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Withdraw Consent: Withdraw previously given consent at any time without affecting the lawfulness of prior processing
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge a Complaint: File a complaint with the UAE Data Office

To exercise any of these rights, contact us at privacy@uniwell.app. We will respond within 14 days as required by the PDPL.

11. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• End-to-end encryption for direct messages
• Biometric authentication (Face ID / Touch ID) support
• Regular security audits and penetration testing
• Role-based access control for internal systems
• HIPAA-compliant cloud infrastructure

12. Children's Privacy

Uniwell is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18 without verified parental consent, we will promptly delete such data in compliance with UAE child protection laws.

13. Cookies & Tracking

Our website uses essential cookies for functionality. We do not use third-party advertising cookies. Analytics cookies are only activated with your explicit consent, in line with UAE data protection standards.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified through the app and via email at least 30 days before taking effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

15. Governing Law & Dispute Resolution

This Privacy Policy is governed by the laws of the United Arab Emirates. Any disputes arising from or related to this policy shall be subject to the exclusive jurisdiction of the courts of the United Arab Emirates, unless otherwise required by applicable law.

16. Contact Us