Privacy Policy

This Privacy Policy describes how AverCare Holdings LLC ("we", "us", or "our") collects, uses, stores, discloses, and protects your personal data, including sensitive health information, when you access or use our mobile application, websites, or other digital services (collectively, the "Services").

AverCare ensures that the processing of your data is conducted in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA) and related U.S. state privacy laws, as well as other relevant international regulations.

1. Scope

This Privacy Policy applies to all individuals who interact with the Services of AverCare, including mobile app users, website visitors, registered users, healthcare professionals, and any other individuals whose personal data is collected or processed by us. This includes individuals located in the European Economic Area (EEA), the United Kingdom, the United States, and other jurisdictions in which we operate.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, you should not use the Services.

2. Updates to the Policy

AverCare may revise this Privacy Policy from time to time to reflect changes in operations, technology, or legal obligations. When material changes are made, we will notify you via email (if available) or by posting a prominent notice within the Application or website. Users are encouraged to review this Privacy Policy periodically.

3. Information We Collect

3.1 Personal Data (GDPR)

• Identification and contact details (name, region, email, phone number, date of birth)
• Health information voluntarily provided with explicit consent
• Financial and transactional data (via secure third-party processors)
• User-uploaded content, including images or photographs

Processing is conducted under Articles 6 and 9 of the GDPR, based on consent, contractual necessity, or legitimate interest.

3.2 Protected Health Information (HIPAA)

For U.S. users, AverCare may process Protected Health Information (PHI), including:

• Medical records, symptoms, lab results, or clinical history
• Billing and reimbursement information
• Other identifiable health data created or received during service delivery

3.3 Non-Personal and Pseudonymized Data

• Device and technical identifiers
• Usage analytics and diagnostics
• Aggregated or anonymized analytics
• Pseudonymized datasets used under secure conditions

3.4 Sources of Information

Data may be collected directly from you, automatically via cookies and device technologies, or from third parties with consent or legal authorization.

4. How We Use Your Information

4.1 Lawful Basis (GDPR)

AverCare processes data based on explicit consent, contractual necessity, legal obligations, and legitimate interests (security, analytics, platform improvement).

4.2 Primary Purposes

• Digital health services and AI-generated insights
• Account management and authentication
• Payments and subscriptions
• Operational communications

4.3 Secondary Purposes (Optional & Consent-Based)

• Algorithmic and scientific research
• Health education and communications
• Surveys and product feedback

Consent may be withdrawn at any time without affecting core services.

5. How We Share Your Information

AverCare shares data only when necessary and lawfully. Service providers include cloud infrastructure providers, analytics platforms, AI and NLP providers (using anonymized or pseudonymized data), payment processors, and customer support systems. All vendors are bound by GDPR-compliant Data Processing Agreements.

6. Data Security

6.1 Security Measures

• Encryption in transit and at rest
• Role-based access controls
• MFA and identity management
• Monitoring, audits, and testing
• Data minimization and segregation

6.2 Breach Notification

In case of a breach, AverCare will notify affected users and authorities in line with GDPR, HIPAA, and local laws.

7. Your Rights and Choices

7.1 GDPR Rights

Access, correction, deletion, restriction, objection, portability, and withdrawal of consent.

7.2 U.S. Rights (HIPAA / CCPA / CPRA)

Access, amendment, deletion, opt-out, and limitation of sensitive data use.

7.3 Exercising Your Rights

Email: privacy@avercare.global. Response within legal timeframes. Identity verification required.

8. Data Retention

Data is retained only as long as necessary or legally required. Secure deletion includes irreversible deletion, anonymization, or cryptographic erasure.

9. International Data Transfers

Transfers are safeguarded using Standard Contractual Clauses (SCCs), Transfer Impact Assessments, or lawful alternatives.

10. Children's Privacy

AverCare does not knowingly process data of children without lawful parental consent and applies enhanced safeguards where applicable.

11. Contact

Data Controller: AverCare Holdings LLC
Email: privacy@avercare.global
DPO: dpo@avercare.global

Last updated: 06.01.2026