Privacy Policy

Last Updated: February 19, 2025

Seneca Health, Inc. ("Company," "we," "us," or "our") respects your privacy. We operate the Flarebreak website, mobile applications, and related services (collectively, the "Service") to provide wellness guidance. This Privacy Policy ("Policy") explains how we collect, use, share, and protect your information. By accessing or using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please discontinue use of the Service.

1. INTRODUCTION

1.1 Who We Are

We are Seneca Health, Inc., a Delaware C-Corp headquartered in Atlanta, GA. Our mission is to help users track and manage certain wellness aspects (e.g., gout flares, related data) via our software.

1.2 Scope of This Policy

This Policy applies to personal information we collect through our Service, which includes both the website and our mobile application(s). This Policy does not apply to third-party sites, products, or services, even if they are linked to from our Service. Any additional or different privacy terms that may apply to specific situations (for example, beta programs or special promotions) will be communicated separately or in addition to this Policy.

1.3 Not HIPAA-Covered

We are not a "covered entity" under the Health Insurance Portability and Accountability Act (HIPAA), and your data is not protected by HIPAA in our Service. Nevertheless, we take steps to protect your sensitive information in accordance with this Policy. We also comply with relevant state-level privacy laws covering consumer health data where applicable, ensuring additional protections for health-related information you provide.

2. INFORMATION WE COLLECT

We collect various categories of information—some of which you provide voluntarily and others automatically through technology. We follow a principle of data minimization, meaning we only collect what is necessary for the purposes described in this Policy.

2.1 Personal Identification Information ("PII")

• Account Registration Data: Your name, email address, username, password, and any additional profile details you choose to provide.
• Contact Information: Email, phone number, or postal address (if you voluntarily share).

2.2 Health & Wellness Information

• Gout/Flare Data: Information regarding your condition, such as frequency or severity of flares, uric acid levels, or pictures documenting flares.
• Self-Reported Health Metrics: Data you input about medications, supplements, diet, or other wellness practices.
• Voice Memos or Images: If you choose to upload voice recordings or images.

How We Protect Health Data: Because this data may be considered sensitive, we store it on secure servers with role-based access controls and encryption in transit. Only authorized employees or contractors with a need-to-know are granted access to your health information.

2.3 Transactional & Financial Information

Payment Details: If purchasing subscriptions or services directly through our website, we may collect payment method information. We use Stripe as our primary payment processor for website transactions; by entering your payment information, you consent to Stripe's processing and storage of your data pursuant to Stripe's privacy policy. Purchases made via mobile app marketplaces (e.g., Apple App Store, Google Play Store) are handled by those platforms, subject to their respective privacy policies and payment terms.

2.4 Usage & Device Information

• Technical Data: IP address, browser type, device operating system, unique device identifiers (e.g., IDFA, GAID).
• Log Files: Pages visited, date/time stamps, error logs, and performance analytics.
• Cookies & Similar Technologies: We use cookies, pixels (e.g., Facebook Pixel, TikTok Pixel), Google Analytics, and other tracking technologies to analyze trends and measure user engagement.

2.5 Location Information

If you enable location services in the app or on your browser, we may collect geolocation data to tailor certain features.

2.6 Inferences

We may combine or infer information based on your usage patterns (e.g., inferences about your lifestyle or wellness approach) to improve the Service.

3. HOW WE USE YOUR INFORMATION

3.1 To Provide and Improve the Service

• Create and manage your user account.
• Enable core features like logging gout flares, analyzing patterns, and displaying wellness metrics.
• Personalize user experience, such as recommended guidance or alerts.

3.2 Analytics & Product Development

• Conduct research and analysis to understand how users engage with our Service.
• Develop new features, enhance existing functionality, and improve user satisfaction.

We may use automated processing to provide recommendations or insights based on your data. These automated processes do not produce legally significant effects. You may contact us if you require further information or prefer human review of such decisions.

3.3 Communications & Customer Support

• Marketing Communications: Send you promotional messages about product updates, offers, or surveys (subject to your opt-in preferences).
• Service Announcements: Notify you of changes to our Service, security alerts, or administrative messages.
• Technical Support: Respond to queries or requests submitted through info@flarebreak.com.

3.4 Legal & Security

• Enforce our Terms & Conditions or other usage policies.
• Protect the Service, investigate fraudulent or unlawful behavior, or address security risks.
• Comply with legal obligations, lawful requests from public authorities, or court orders.

3.5 Aggregated & De-Identified Uses

We may convert your personal data into aggregated or de-identified forms that do not identify you personally. "Aggregated" means we combine data from many users in a way that no individual can be identified; "de-identified" means we remove personal identifiers so it cannot reasonably be linked back to you. This aggregated data helps us understand user trends and may be shared externally for research or other lawful purposes.

4. LEGAL BASES FOR PROCESSING (FOR EU/EEA USERS)

Where the General Data Protection Regulation ("GDPR") applies, we rely on the following lawful bases:

• Consent: For processing certain sensitive data (e.g., health information) and for sending you direct marketing communications where required by law.
• Contract: To provide the Service you requested (e.g., processing your subscription payment).
• Legitimate Interests: For our internal analytics, research, security, and improving the Service.
• Legal Obligation: Where we need to comply with a legal or regulatory requirement.

If you have questions about your GDPR rights or wish to lodge a complaint, you may contact your local Data Protection Authority.

5. DISCLOSURE OF YOUR INFORMATION

We do not sell or rent your personal information to third parties. However, we may share your information as follows:

5.1 Service Providers ("Processors")

Cloud hosting providers, analytics services, payment processors (including Stripe), and other vendors who help us operate the Service. These providers are contractually required to safeguard your data and only process it according to our instructions. Employees and contractors within our organization are bound by confidentiality obligations to protect your data.

5.2 Business Transfers

If we undergo a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will bind the acquiring entity to respect the commitments made in this Privacy Policy and notify you via email and/or a prominent notice if a new entity takes over your data.

5.3 Legal Compliance & Protection

• If required by law, subpoena, or other legal process, or to protect our rights, property, or safety, or those of our users.
• To investigate or prevent violations of our Terms & Conditions or other potential illegal activities.

5.4 Affiliates & Future Partners

We may share aggregated or de-identified data with affiliates or potential partners. If we expand into partnerships that involve sharing personal data, we'll update this Policy and obtain any necessary consents.

6. COOKIES & TRACKING TECHNOLOGIES

6.1 What Are Cookies?

Cookies are small text files stored on your device when you visit websites. They allow us or third parties to recognize your device, improve site functionality, and measure analytics.

6.2 Types of Cookies We Use

• Essential Cookies: Required for our site/app to function (e.g., session cookies).
• Analytics Cookies: For collecting usage data, such as pages visited or features used (e.g., Google Analytics).
• Advertising Pixels: Facebook Pixel, TikTok Pixel, or similar technologies that help deliver ads relevant to you.

6.3 Managing Cookies

You can manage cookies through your browser settings to block or delete them. If you reject cookies, some features of the Service may not function properly.

6.4 Do Not Track (DNT)

We do not honor Do Not Track signals.

6.5 EU Cookie Consent (If Applicable)

If you are located in the EU, we may present a cookie banner that allows you to accept or reject certain categories of cookies (except those strictly necessary). By adjusting your preferences, you can opt out of non-essential cookies.

7. INTERNATIONAL DATA TRANSFERS

7.1 United States & Beyond

Your data may be transferred to and processed in the United States, where our servers and central databases are located. By using the Service, you acknowledge that your data may be transferred across borders.

7.2 EEA & Swiss Users

If you reside in the European Economic Area (EEA) or Switzerland, we will take appropriate safeguards (e.g., Standard Contractual Clauses) to ensure an adequate level of data protection consistent with EU law. You can contact us to learn more about these transfer mechanisms or request copies.

7.3 Cross-Border Data Requests

We will respond to data subject requests from international users in a manner consistent with the applicable laws of their jurisdiction. If we cannot honor a request based on local law, we will provide an explanation.

8. DATA RETENTION

8.1 Retention Periods

We keep your personal information only as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is legally required or permitted.

8.2 Deletion & Anonymization

When data is no longer needed or upon verified request from you, we will securely delete or anonymize it. Note that residual copies of your data may persist in backups for a limited period but will not be used actively.

9. DATA SECURITY

9.1 Security Measures

We employ administrative, technical, and physical safeguards aimed at protecting your information from unauthorized access, alteration, or disclosure. Examples include encryption in transit (HTTPS), encryption at rest for certain sensitive data, firewalls, secure hosting environments, and restricted, role-based access to data.

9.2 No Guarantee

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your login credentials.

9.3 Breach Notification

If we become aware of a data breach that affects your personal information, we will notify you in accordance with applicable law.

10. CHILDREN'S PRIVACY

10.1 No Directed Use

Our Service is not directed to children under 13, and we do not knowingly collect personal information from them without parental consent.

10.2 Parental Involvement

If you are between 13 and 18 (or the age of majority in your jurisdiction), you may only use the Service with the involvement of a parent or guardian.

10.3 Reporting

If you believe a child under 13 has provided us with personal data, please contact info@flarebreak.com so we can remove it.

11. YOUR RIGHTS AS A RESIDENT OF CALIFORNIA

This section provides additional disclosures required by the California Consumer Privacy Act (CCPA). In the last 12 months, we collected the following categories of personal information: identifiers (such as name and contact information); internet or other electronic network activity information (such as browsing behavior); and approximate geolocation data. For more details about the personal information we collect, including the categories of sources, please see the "Information We Collect" section above. We collect this information for the business and commercial purposes described in the "How We Use Your Information" section above. We share this information with the categories of third parties described in the "Disclosure of Your Information" section above.

Subject to certain limitations and exceptions, the CCPA provides California consumers the right to request to know more details about the categories and specific pieces of personal information, to delete their personal information, to opt out of any "sales" that may be occurring, and to not be discriminated against for exercising these rights. We do not "sell" the personal information we collect (and will not sell it in the future without providing a right to opt out).

California consumers may make a rights request by contacting us as indicated below. We will verify your request by asking you to provide information that matches information we have on file about you. Consumers can also designate an authorized agent to exercise these rights on their behalf, but we will require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.

12. YOUR CHOICES & RIGHTS

Depending on your jurisdiction, you may have certain rights regarding your personal information:

12.1 Access & Correction

You can access or update your account information within the app or by contacting us. If you request changes that we cannot make, we will explain why.

12.2 Deletion

You may request deletion of personal data by emailing info@flarebreak.com. We will review and comply if required by law or feasible under operational constraints. We may ask for certain information to verify your identity.

12.3 Opt-Out

• Emails: Click the "unsubscribe" link in any marketing email or adjust your preferences in your account settings.
• Push Notifications: Disable these via your device's settings or in-app settings.

12.4 Additional GDPR Rights

If GDPR applies, you have the right to data portability, objection to processing, and restriction of processing, among others. Contact us at info@flarebreak.com to exercise these rights. You also have the right to lodge a complaint with your local Data Protection Authority if you believe we are not complying with GDPR.

13. THIRD-PARTY SERVICES & LINKS

Our Service may contain links to third-party websites or services (e.g., external articles, payment processors, social media). We do not control and are not responsible for their privacy practices. We encourage you to review those privacy policies before interacting with third parties.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy at our discretion. The "Last Updated" date at the top indicates the latest revision. If we make material changes (e.g., a new data processing purpose), we will notify you via email and/or a prominent notice in the Service. Your continued use after any update signifies your acceptance of the revised Policy. We will maintain a record (version history) of major changes to this Policy, available upon request, so you can see previous revisions.

15. CONTACT US

If you have any questions, comments, or concerns regarding this Privacy Policy or wish to exercise your privacy rights, please contact us at:

Seneca Health, Inc.
Atlanta, GA
Email: info@flarebreak.com