← Back to HealthGPT home
en/privacy_policy_v6.1.md
Terms & Conditions Privacy Policy Refund Policy Cookie & Ad Preference Policy Data Security Statement Membership Terms Suppliers & Partners Policy

Privacy Policy

# 🛡️ 2Zone Therapy / HealthGPT – Privacy Policy v6.1

**Effective Date:** 30 November 2025  
**Last Updated:** 25 April 2026  

---

## 1. Who We Are

We are **2Zone Therapy**, based in Israel, and the operators of **HealthGPT** and the AI assistant **ERRIC**.

This Privacy Policy explains how we collect, process, and protect your personal information when you use our services or visit our websites, in compliance with the **General Data Protection Regulation (GDPR)** and other applicable privacy laws.

We own and operate the following websites:

- https://www.2ZoneTherapy.co.il  
- http://www.iBellaBeauty.com  
- http://www.HealthProtocolToday.com  
- http://www.2ZoneTherapy.com  
- https://www.HealthGPT.co.il  

---

## 2. Information We Collect

We collect only the information necessary to provide, operate, and improve our wellness and AI-driven services.

### 2.1 Personal Identification & Security Data

- **Personal Identification:** Name, email address, secondary recovery email, IP address, and contact details  
- **Account Security Data:** Login history, failed attempts, device/browser information, and session data  
- **PassPhrase Security:** Secret PassPhrases are hashed using **Argon2 or bcrypt** and are never stored in plain text  

---

### 2.2 Wellness & Platform Data

- **User Observations & Lifestyle Information:** Intake responses, observation descriptions, emotional indicators, and lifestyle data  
- **AI Interaction Logs:** Conversations with **ERRIC** and HealthGPT  
- **Generated Outputs:** Protocols, summaries, structured guidance, charts, and progress reports  

This data is used solely to provide personalised wellness insights and platform functionality.

---

### 2.3 Mobile Application & Microphone Usage

The **ERRIC Mobile** application may request access to your device microphone **only when you explicitly choose** to record a Health Diary Voice Note.

- **Purpose:** To capture voice notes that you voluntarily record  
- **Optional:** The application remains fully functional without microphone access  
- **Security:** Voice data is transmitted via encrypted HTTPS connections  
- **User Control:** You may request deletion of voice notes and related data at any time  

---

### 2.4 Data Processing Engine (TEL)

We use an internal structured system called **TEL (Tracking Engine Logic)**.

- TEL converts unstructured user inputs (e.g. “I ate eggs”, “Blood pressure 120/80”) into structured, time-stamped metrics  
- These metrics enable tracking, charting, and personalised insights  
- **TEL does not provide medical diagnosis or clinical decision-making**

---

### 2.5 Financial & Transaction Data

- **Guidance Credit (GC) Purchases:** Records of GC top-ups and usage  
- **Invoices & Payment Confirmations:** Stripe or PayPal confirmations  
- **Payment Processing:** Handled securely by third-party providers  

We **do not store full credit card numbers or banking details** on our servers.

---

### 2.6 Data We Do Not Collect

We do not collect:

- National ID numbers  
- Government-issued identifiers  
- Biometric identifiers  
- External medical records unless voluntarily provided by the user  

---

## 3. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

- **Contractual Necessity:** To provide HealthGPT services, ERRIC interactions, TEL tracking, and protocol generation  
- **Explicit Consent:** For optional features and communications  
- **Legal Obligation:** For invoicing, taxation, fraud prevention, and compliance  
- **Legitimate Interests:** Platform security, abuse prevention, optimisation, and anonymised analytics  

Protocol tiers (Silver, Gold, Platinum) reflect levels of detail in generated outputs.  
They are not subscriptions and do not involve recurring billing.

---

## 4. Pay-As-You-Go (PAYG) Model

HealthGPT operates on a **Pay-As-You-Go (PAYG)** basis:

- Users purchase Guidance Credits (GCs) as one-time transactions  
- No subscriptions  
- No automatic renewals  
- No long-term commitments  

Access to services depends solely on available GC balance.

---

## 5. Your GDPR Rights

You have the right to:

- Access your personal and platform data  
- Request correction of inaccurate data  
- Request permanent deletion (Right to Erasure)  
- Restrict or object to processing  
- Request data portability  
- Withdraw consent at any time  

Requests may be submitted to **privacy@2zonetherapy.com**, subject to identity verification.

---

## 6. Data Retention & Archiving

| Data Type | Retention Period | Notes |
|----------|----------------|------|
| Active Account Data | While account is active | Full functionality |
| Dormant Accounts | Archived after 60 days | Retained up to 12 months |
| GC & Payment Records | 7 years | Legal compliance |
| Deleted Accounts | Erased within 30 days | Irreversible |
| Anonymised Metrics | Indefinite | System improvement |

---

## 7. Data Deletion (Protocols & Logs)

Users may request deletion of:

- ERRIC interaction logs  
- Generated outputs (protocols, reports)  
- Voice notes  
- Structured tracking data  

### Verification Process

1. Deletion request submission  
2. PassPhrase confirmation  
3. Verification code sent to registered email(s)  
4. Final confirmation  

Deletion is **permanent and irreversible**.

---

## 8. HealthGPT & ERRIC Disclaimer

- Content is provided for **educational and wellness support purposes only**  
- No medical diagnosis, treatment, or prescription is provided  
- Not intended for emergency use  
- Data is encrypted in transit and stored securely  
- Third-party sharing occurs only with explicit user consent  

---

## 9. Account Security & Recovery

We operate a **zero-knowledge security model**:

- PassPhrases are securely hashed  
- Identity verification is required for recovery  
- Abuse prevention limits reset attempts  
- Temporary lockouts protect against misuse  

---

## 10. Cookies & Analytics

We use cookies to:

- Maintain secure sessions  
- Store language and user preferences  
- Analyse performance and improve stability  

Advertising cookies are used **only with explicit user consent**.

---

## 11. Children’s Privacy

Our services are **not intended for users under 16 years of age**.

If such data is identified, it will be deleted immediately.

---

## 12. International Data Transfers

Data may be processed on secure servers located in Israel or in jurisdictions that provide adequate data protection safeguards under GDPR.

---

## 13. Policy Updates

We may update this Privacy Policy periodically.

Material changes will be communicated via:

- Email notification  
- Dashboard announcement  

The “Last Updated” date reflects the latest version.

---

## 14. Contact & Data Protection Officer (DPO)

**2Zone Therapy – Data Protection Officer**  
📧 privacy@2zonetherapy.com  

General Support:  
📧 erric@healthgpt.co.il
Tip: change language using ?lang=xx (example: ?type=terms&lang=fr). If a language folder doesn’t exist, it falls back to English.