Privacy Policy
PRIVACY v5.02Zone Therapy – Privacy Policy v5.0
**Effective Date:** 6 August 2025
**Last Updated:** 23 October 2025
---
1. Who We Are
We are **2Zone Therapy**, based in Israel.
This Privacy Policy explains how we collect, process, and protect your personal information when you use our services or visit our websites, in compliance with the **General Data Protection Regulation (GDPR)** and other applicable privacy laws.
**We own and operate the following sites:**
- [https://www.2ZoneTherapy.co.il](https://www.2ZoneTherapy.co.il)
- [http://www.iBellaBeauty.com](http://www.iBellaBeauty.com)
- [http://www.HealthProtocolToday.com](http://www.HealthProtocolToday.com)
- [http://www.2ZoneTherapy.com](http://www.2ZoneTherapy.com)
- [https://www.HealthGPT.co.il](https://www.HealthGPT.co.il)
---
2. Information We Collect
We collect information necessary to provide and improve our wellness and AI-driven health-protocol services, including:
- **Personal Identification:** Name, email, secondary recovery email, IP address, and contact details.
- **Health & Protocol Data:** Reported symptoms, intake responses, lifestyle data, emotional indicators, generated health protocols, and progress reports.
- **AI Interaction Logs:** Conversations with **ERRIC** and **HealthGPT**, used solely for providing personalised support.
- **Account Security Data:** Login history, failed attempts, device/browser info, and session data.
- **Payment & GC Transactions:** Guidance Credit (GC) purchases, invoices, Stripe or PayPal confirmations. *(We do not store card data.)*
- **Optional Contributions:** Surveys, testimonials, or images voluntarily provided.
We **do not** collect national IDs, government identifiers, or biometric data.
---
3. Legal Bases for Processing (GDPR)
We process data under:
- **Contractual Necessity:** To deliver HealthGPT, ERRIC, and protocol generation.
- **Explicit Consent:** For wellness AI interactions and optional communications.
- **Legal Obligation:** For invoicing, tax, and anti-fraud compliance.
- **Legitimate Interests:** For service improvement, analytics, and platform security.
Membership plans (Silver, Gold, Platinum) are managed under **contractual necessity**, as defined in our [Terms & Conditions](../terms_conditions_v5.0.md).
---
4. Your GDPR Rights
You have the right to:
- Access and review your stored data
- Request correction of inaccuracies
- Request **permanent deletion** of personal and health data (“Right to Erasure”)
- Object to non-essential processing or marketing
- Request data portability
- Withdraw consent at any time without affecting past lawful processing
Requests may be made to **privacy@2zonetherapy.com** with identity verification.
---
5. Data Retention & Archiving
| Data Type | Retention Period | Notes |
|------------|------------------|-------|
| Active Account Data | As long as account remains active | Full functionality retained |
| Dormant Account (no login for 60 days) | Archived for 12 months | To allow reactivation |
| GC & Payment Records | 7 years | Required for tax and audit compliance |
| Deleted Accounts | Erased within 30 days of verified deletion request | Irreversible |
| Anonymized Metrics | Indefinite | Used only for aggregated analytics |
---
6. Data Deletion (Protocols & Logs)
You may request **complete deletion** of your ERRIC logs, protocols, and health data if closing your account, from the **Services** section of your dashboard.
Deleted data is **lost forever** and cannot be recovered under any circumstances.
**Verification Process:**
1. Submit a deletion request in your dashboard.
2. Confirm your **Secret PassPhrase**.
3. Verify via security codes sent to both registered emails.
4. Final confirmation using both tokens and your PassPhrase.
⚠ **Once confirmed:**
- All related data (logs, protocols, chat history) are **permanently erased**.
- This process cannot be reversed.
- A deletion receipt will be emailed for your records.
This triple-verification system protects against accidental or unauthorised deletion.
---
7. HealthGPT & ERRIC Addendum
- **Purpose:** AI-generated content is for **educational and wellness support** only. It does not diagnose or prescribe medication.
- **Emergency Use:** HealthGPT and ERRIC are **not emergency medical tools**. In urgent cases, contact local emergency services.
- **Data Handling:** AI logs are encrypted, anonymised for analytics, and deleted upon verified request.
- **Reseller / Practitioner Access:** Only allowed with explicit, time-limited client consent.
---
8. Account Security & PassPhrase Recovery
We use **zero-knowledge encryption**:
- Your **Secret PassPhrase** is encrypted and never stored in plain text.
- We **cannot recover** forgotten passphrases without user verification.
- Recovery requires a verified email and/or WhatsApp code.
- Abuse controls limit resets to **3 attempts per 24 hours**, with temporary lockout after repeated failures.
---
9. Cookies & Analytics
We use cookies to:
- Maintain secure login sessions
- Analyse site usage and performance
- Remember language and preference settings
If you are a **Free User**, third-party advertising cookies or similar technologies may be used **only with your consent** to deliver and measure ads. Pay-As-You-Go and Members (Silver/Gold/Platinum) do not receive third-party advertising and therefore no third-party advertising cookies are used for those accounts.
You may disable cookies entirely, though some features may be limited.
---
10. Advertising & Membership
We operate on a simple principle — you choose between **Free with Ads** or **Paid without Ads**.
- **Free Users:**
Free accounts are supported by advertising.
You may select which ad categories you prefer to see (for example: Wellness & Supplements, Fitness, Healthy Food, Technology, Lifestyle).
If you do not choose, general non-personalised ads will be shown automatically.
These ads may come from third-party partners, but we **do not sell your personal data**, and all ad delivery is handled under strict data-processing contracts.
- **Withdrawing Ad Consent:**
You can withdraw your consent to advertising at any time.
However, if you withdraw consent while on a Free plan, you will need to upgrade to a **Paid Ad-Free Membership** (currently USD $20 per month) to continue using the service.
This ensures we can operate fairly while giving you full control over your experience.
- **Pay-As-You-Go & Members (Silver, Gold, Platinum):**
These accounts already operate without third-party advertising.
They may occasionally see promotions for our own products and services only.
- **Consent & Control:**
You can review or change your ad preferences or upgrade to the Ad-Free plan at any time in your dashboard under **“Ad Preferences.”**
Your advertising choices are stored securely and can be updated or deleted whenever you wish.
---
11. Children’s Privacy
Our services are **not intended for users under 16**.
We delete any such data upon discovery.
---
12. Policy Updates
We may update this Privacy Policy periodically.
Significant updates will be announced via email and dashboard notifications.
Continued use after notice implies acceptance of the new version.
---
13. Contact & Data Protection Officer (DPO)
**2Zone Therapy – Data Protection Officer**
Email: **privacy@2zonetherapy.com**
Emergency Contact: **erric@healthgpt.co.il**
---