← Back to HealthGPT home
en/privacy_policy_v5.2.md
Terms & Conditions Privacy Policy Refund Policy Cookie & Ad Preference Policy Data Security Statement Membership Terms Suppliers & Partners Policy

Privacy Policy

# 🛡️ 2Zone Therapy – Privacy Policy v5.2

**Effective Date:** 30 November 2025  
**Last Updated:** 29 December 2025

---

## 1. Who We Are

We are **2Zone Therapy**, based in Israel.

This Privacy Policy explains how we collect, process, and protect your personal information when you use our services or visit our websites, in compliance with the **General Data Protection Regulation (GDPR)** and other applicable privacy laws.

**We own and operate the following sites:**

- https://www.2ZoneTherapy.co.il  
- http://www.iBellaBeauty.com  
- http://www.HealthProtocolToday.com  
- http://www.2ZoneTherapy.com  
- https://www.HealthGPT.co.il  

---

## 2. Information We Collect

We collect information strictly necessary to provide and improve our wellness and AI-driven health-protocol services.

### 2.1 Personal Identification & Security Data
- **Personal Identification:** Name, email, secondary recovery email, IP address, and contact details.
- **Account Security Data:** Login history, failed attempts, device/browser information, and session data.
- **Account Security:** Secret PassPhrases hashed using **Argon2 / bcrypt** for maximum security.

### 2.2 Health & Protocol Data
- **Reported Symptoms & Lifestyle:** Intake responses, reported symptoms, emotional indicators, and lifestyle data.
- **AI Interaction Logs:** Conversations with **ERRIC** and **HealthGPT**.
- **Generated Protocols:** Generated health protocols, summaries, and progress reports.

### 2.3 Mobile App Data & Microphone Usage

The **ERRIC Mobile** application may request access to your device microphone **only when you explicitly choose** to record a **Health Diary Voice Note**.

- **Purpose:** The microphone is used solely to capture Health Diary Voice Notes that you choose to record.
- **Optional:** Microphone access is **optional**. The application remains fully functional without microphone permission.
- **Security:** Voice notes are transferred securely to our servers using **encrypted HTTPS** connections.
- **User Control:** You may request deletion of your voice notes and related health data at any time.

### 2.4 Data Processing Engine (TEL) – NEW in v5.1
- **Unstructured Input:** We use the internal **TEL (Tracking Engine Logic)** system to parse and categorise unstructured messages sent to ERRIC (e.g. “I ate eggs for breakfast”, “My blood pressure was 120/80”).
- **Structured Metrics:** TEL converts unstructured input into structured, time-stamped health metrics to build charts and provide personalised insights.

### 2.5 Financial & Optional Data
- **Payment & GC Transactions:** Guidance Credit (GC) purchases, invoices, and Stripe or PayPal confirmations.  
  *(We do not store card or banking details.)*
- **Optional Contributions:** Surveys, testimonials, or images voluntarily provided by users.

We **do not** collect national ID numbers, government identifiers, or biometric identifiers.

---

## 3. Legal Bases for Processing (GDPR)

We process personal data under the following legal bases:

- **Contractual Necessity:** To deliver HealthGPT, ERRIC, TEL features, and health protocol generation.
- **Explicit Consent:** For wellness AI interactions and optional communications.
- **Legal Obligation:** For invoicing, taxation, and anti-fraud compliance.
- **Legitimate Interests:** Platform security, analytics, and service improvement using anonymised data.

Membership plans (Silver, Gold, Platinum) are governed by contractual necessity as defined in our Terms & Conditions.

---

## 4. Your GDPR Rights

You have the right to:

- Access your personal and health data
- Request correction of inaccurate information
- Request **permanent deletion** of personal and health data (Right to Erasure)
- Object to non-essential processing
- Request data portability
- Withdraw consent at any time

Requests may be submitted to **privacy@2zonetherapy.com** with identity verification.

---

## 5. Data Retention & Archiving

| Data Type | Retention Period | Notes |
|---|---|---|
| Active Account Data | While account is active | Full functionality |
| Dormant Accounts | Archived after 60 days | Retained 12 months |
| GC & Payment Records | 7 years | Legal compliance |
| Deleted Accounts | Erased within 30 days | Irreversible |
| Anonymised Metrics | Indefinite | Analytics only |

---

## 6. Data Deletion (Protocols & Logs)

Users may request **complete deletion** of ERRIC logs, protocols, voice notes, and health data via the dashboard.

**Verification Process:**
1. Deletion request submission
2. Secret PassPhrase confirmation
3. Verification codes sent to registered emails
4. Final confirmation

Once completed, deletion is **permanent and irreversible**.

---

## 7. HealthGPT & ERRIC Addendum

- **Purpose:** AI-generated content is for **educational and wellness support only**.
- **Medical Disclaimer:** No diagnosis or prescription is provided.
- **Emergency Use:** Not intended for emergency medical situations.
- **Data Handling:** Logs are encrypted, anonymised for analytics, and deleted upon verified request.
- **Third-Party Access:** Only with explicit, time-limited user consent.

---

## 8. Account Security & PassPhrase Recovery

We operate a **zero-knowledge security model**:

- PassPhrases are never stored in plain text
- Recovery requires verified identity
- Abuse controls limit reset attempts
- Temporary lockouts protect against misuse

---

## 9. Cookies & Analytics

We use cookies to:

- Maintain secure sessions
- Analyse performance
- Store language and preference settings

Advertising cookies are used **only with consent** for Free users. Paid members do not receive third-party ads.

---

## 10. Advertising & Membership

- **Free Users:** Supported by advertising (non-personalised unless consent is given)
- **Paid Members:** No third-party advertising
- **Consent Control:** Advertising preferences can be changed at any time in the dashboard

---

## 11. Children’s Privacy

Our services are **not intended for users under 16 years of age**.  
Any such data discovered will be deleted immediately.

---

## 12. Policy Updates

We may update this Privacy Policy periodically.  
Significant changes will be communicated via email or dashboard notification.

---

## 13. Contact & Data Protection Officer (DPO)

**2Zone Therapy – Data Protection Officer**  
Email: **privacy@2zonetherapy.com**  
Emergency Contact: **erric@healthgpt.co.il**
Tip: change language using ?lang=xx (example: ?type=terms&lang=fr). If a language folder doesn’t exist, it falls back to English.