Privacy Notices for US users of the ieso Program

THIS NOTICE DESCRIBES HOW YOUR INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

ieso is committed to protecting and respecting your personal data. This Privacy Notice describes the privacy practices of the Ieso Digital Health group of companies (Ieso Digital Health Ltd and Ieso Digital Health, Inc.) (collectively, “ieso”, “we”, “us”, or “our”), and how we handle your personal data that we collect via the use of our digital program. This notice reflects legal requirements and regulations, including HIPAA where applicable. For further information, please contact our Privacy team at privacy@ieso.ai. Full contact details are provided in the Contact Information section below.

Information we collect

Information we collect directly from you

As a user of the app, we will collect the following data from you:

  • Personal Data: Your name and email address
  • Written Conversations: Interactions with our digital guide in the app
  • Questionnaire Responses: Answers provided to our questionnaires
  • Customer Service Inquiries: Queries, requests, or comments when you contact us for customer service or technical support

Information we collect automatically from your use of the app

Certain information is collected automatically from your use of this Service:

  • Session Activity Information: data on your use of the app, including login times and session details
  • Event Data: how the software has interpreted your responses.
  • Device information: information about the device you use, helping us optimize for different devices.
  • Log Information: includes information about the device you’re using, your Internet Protocol (IP) address, and IP location.

Inferred data

The app categorizes your comments to provide better support, using techniques like intent classification and machine learning. This ‘inferred’ data is drawn from your discussions.

You always have the right to refuse to submit your personal data to us, but note that without this information, this Service may be unavailable to you.

‍How we use collected information

We use your Personal Data to:
  • Deliver the service, including account creation and personalizing the experience
  • Enable sign-in, verify access to your account and assist with any login issues
  • Communicate with you
  • Provide you with customer service or technical support
  • Evaluate and improve our services
  • Determine eligibility for clinical trials, research studies, user research, or user experience studies where we may contact you if you qualify for potential participation. We anonymize your personal data to help us improve our product and services, helping us assess our users’ needs and making it more accessible.

Please note, we do not sell your personal information to third parties.

How does our Artificial Intelligence process your data

The ieso Digital Program uses automated text chat to help with your concerns, providing tools and techniques for difficult feelings. While AI (Artificial Intelligence) techniques enhance or personalize interactions, all content delivered by the app to help your well-being has been selected by trained therapists.

‍‍Using your Personal Data for service evaluation

We perform thorough service evaluations to enhance our product’s effectiveness, accessibility, usability, and outcomes. Where possible, we use de-identified data, thereby protecting your privacy. Our internal procedures ensure that we use only the minimum amount of necessary information, prioritizing the use of de-identified data available for these purposes.

‍How we store your Personal Data

We use a small number of well-known Software as a Service (SaaS) providers to store subsets of your information enabling the use of information described in this notice. We have agreements in place with each provider to ensure your data is secure.

How long we retain your Personal Data

We retain your account data for specific durations based on the type of data and its use. We follow a criteria-based approach, retaining information as long as necessary to fulfill the purposes for which it was collected and comply with legal obligations. When your data is no longer needed, we will securely delete it or anonymize it.

Sharing your information

We understand that the confidentiality of your interactions with our service is important to you. Information is only shared on a strictly ‘need to know’ basis. We uphold the confidentiality of all information that you share with the app . Anyone receiving information about you is under an equal legal obligation to keep it confidential. Our internal policies and procedures are designed to share the minimum information necessary to provide you with the  services, care, and protection, for yourself or others, and to conduct our service evaluations.

Data Storage Processing and Retention

We are committed to protecting our data and ensuring transparency about where and how it is processed. Here’s a breakdown of our data storage and processing practices.

United States
  • Primary Storage and Processing: Your data is stored and processed in the US to deliver the core functionalities of our app.
  • Technical and Customer Support: Some technical and customer support activities are handled in the US to assist with resolving issues and providing assistance.
  • Operational Analysis: Some data is processed in the US to support our operational analysis needs.

United Kingdom
  • Operational Analysis and Reporting: Some data is processed in the UK to support our operational analysis and reporting needs.
  • Technical and Engineering Support: Technical support and engineering activities are also handled in the UK to assist with resolving issues and maintaining the app’s functionality.
  • Customer support activities are also conducted in the UK to assist users.
  • Canada and European Union
  • Enhanced Dialogue and Analytics: Data supporting enhanced dialogue via large language models may be processed in the UK or Canada.

Canada and European Union
  • Enhanced Dialogue and Analytics: Data supporting enhanced dialogue via large language models may be processed in the UK or Canada. A small subset of data is stored in the EU for basic, pseudonymized analytics.

We ensure that all data processing complies with relevant legal and security standards.

Confidentiality and Information Sharing

We are committed to maintaining the confidentiality of your personal data.

General Confidentiality
  • Non-Disclosure Outside Privacy Notices and User Agreement: We will not share or disclose your personal data to any third party outside the terms outlined in this Privacy Notice and our User Agreement without your explicit consent, unless required by law.
  • No Unauthorized Access: Only authorized personnel with a need to know will have access to your personal data, and they are bound by strict confidentiality obligations.

Specific Situations
  • Emergency Situations: We may disclose your personal data in emergency situations if deemed necessary to protect your safety or the safety of others. Such disclosures will be limited to what is necessary to address the emergency.
  • Health Plan/ Healthcare Provider Communication: If we are partnered with your health plan or healthcare provider and our relationship with you is through them, your information may be shared with them as contractually obligated. In such cases, HIPAA may also apply. Please review the User Agreement link within the app and for more information regarding HIPAA, review the HIPAA section below.

Legal Obligations
  • Compliance with Legal Requirements: We may disclose your personal data if required to do so by law, in response to a court order, subpoena, or other legal process, or to comply with government or regulatory requirements. In such cases, we will limit the disclosure to only what is legally required.
  • Protecting Rights and Safety: We may disclose your information to enforce our terms of service, protect the rights, and property of ieso, and to investigate fraud or security issues. This will be done only when necessary and in compliance with legal standards.

User Rights and Permissions
  • User Consent: We will always seek your permission before disclosing any information that identifies you directly or indirectly to any other person or organization for any reason other than those set out in this Privacy Notice, unless we have an overriding legal duty to do so. For more information about user consent, please review the Consent section below.

How we secure your Personal Data

We place great importance on the security of personal data. We have put controls in place to safeguard your personal data, applying physical, technical, and procedural measures against unauthorized access, loss, misuse, and alteration of personal data under our control.

We use de-identified data for service evaluation where possible, and we limit access to your personal data to those who have a genuine need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

We have achieved the International Standard certification for Information Security (ISO27001).

‍‍Your data protection rights

Under applicable US federal and state laws, you have several rights regarding your personal data. These rights are designed to give you control and transparency over how your information is used and protected. Here’s an overview of data protection rights that may be available to you:

  • Right to be Informed: You have the right to be informed about the collection and use of your personal data. This includes who we are, what data we collect, how we use it, and who we share it with.
  • Right of Access: You can request access to the personal data we hold about you to help you understand how your data is being used.
  • Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete this information.
  • Right to Erasure: You can request the deletion of your personal data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations, such as if you contest the accuracy of the data.
  • Right to Data Portability: You can request to have your personal data ‘ported’ or transferred to another provider in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.

Consent and Withdrawal of Consent

Under some federal or state laws, we may be required to obtain consent to process certain types of personal data. You will be asked to provide consent during our onboarding process in the app.

If you wish to withdraw your consent, you may do so at any time by contacting our customer support team at supportservices@ieso.ai .We will act promptly and will do so within 30 days of a validated request.

Please note that withdrawing consent may impact your ability to use certain features of the entirety of our service.

How to Exercise Your Rights

To exercise any of your rights, see the Contact Information section below.  We may need to verify your identity to ensure the security of your data. We aim to respond to all valid requests within 30 days.

Your Rights Under HIPAA (if applicable)

If our Service involves handling your protected health information (PHI) through collaboration with your healthcare provider or health plan, we comply with the Health Insurance Portability and Accountability Act(HIPAA). You would have been presented with a Privacy Notice and User Agreement at onboarding specific to this collaboration. Please review the details of those documents (via the links provided under Legal Documents in the app. Here’s what you need to know.

  • When HIPAA Applies: HIPAA applies if we are working with your healthcare provider or health plan and use PHI to deliver our services.
  • Your Rights: You have the right to access, correct, and request restrictions on your PHI. You can also ask for a list of certain disclosures and request confidential communications. However, please note that these requests should be directed to your healthcare provider or health plan, as they are responsible for handling such inquiries.
  • Our Commitment: We use encryption, access controls and regular staff training to protect your PHI.

You may also have rights under certain US state data protection laws. Please contact us if you wish to exercise any rights under state laws. We do not knowingly sell your personal information.

‍Cookies

There are no cookies in the ieso app or set during the initial account registration on our company website.

Contact information

To exercise your rights specified above or to let us know you need to update your data, or for any comments or questions, please contact Member Support at supportservices@ieso.ai questions and comments regarding this privacy notice or data protection please contact our Privacy team at privacy@ieso.ai

Rights to Change the Notice

We reserve the right to modify this Privacy Notice at any time. Any changes will be effective immediately, upon the posting of the revised Privacy Notice, unless otherwise specified.

Notification of Changes

Users will be notified of significant changes to this Privacy Notice through reasonable means, such as updates on our company website, notifications within our app stores, or via email. It is important to check these sources regularly for updates.

User Responsibility

We encourage you to review this Privacy Notice periodically to stay informed about how we are protecting and using your personal data. Your continued use of our services following any changes indicates your acceptance of the revised Privacy Notice.

Effective Date of Changes

This Privacy Notice is effective as of October 29, 2025.