← Back to HealthGPT home

Privacy Policy

# 🛡️ 2Zone Therapy – Privacy Policy v5.1



**Effective Date:** 30 November 2025

**Last Updated:** 30 November 2025



---



## 1. Who We Are



We are **2Zone Therapy**, based in Israel.



This Privacy Policy explains how we collect, process, and protect your personal information when you use our services or visit our websites, in compliance with the **General Data Protection Regulation (GDPR)** and other applicable privacy laws.



**We own and operate the following sites:**



- [https://www.2ZoneTherapy.co.il](https://www.2ZoneTherapy.co.il)

- [http://www.iBellaBeauty.com](http://www.iBellaBeauty.com)

- [http://www.HealthProtocolToday.com](http://www.HealthProtocolToday.com)

- [http://www.2ZoneTherapy.com](http://www.2ZoneTherapy.com)

- [https://www.HealthGPT.co.il](https://www.HealthGPT.co.il)



---



## 2. Information We Collect



We collect information strictly necessary to provide and improve our wellness and AI-driven health-protocol services.



### 2.1 Personal Identification & Security Data

- **Personal Identification:** Name, email, secondary recovery email, IP address, and contact details.

- **Account Security Data:** Login history, failed attempts, device/browser info, and session data.

- **Account Security:** PassPhrases hashed (**Argon2/bcrypt**) for maximum security (as detailed in our Data Security Statement).



### 2.2 Health & Protocol Data

- **Reported Symptoms & Lifestyle:** Intake responses, reported symptoms, emotional indicators, and lifestyle data.

- **AI Interaction Logs:** Conversations with **ERRIC** and **HealthGPT**.

- **Generated Protocols:** Generated health protocols and progress reports.



### 2.3 Data Processing Engine (TEL) - NEW in v5.1

- **Unstructured Input:** We use the internal **TEL (Tracking Engine Logic)** system to parse and categorize unstructured messages you send to ERRIC (e.g., "I ate eggs for breakfast," "My blood pressure was 120/80").

- **Structured Metrics:** TEL converts this unstructured input into structured, time-stamped metrics (e.g., Fasting status, Blood Pressure readings) to automatically build charts and provide personalized advice.



### 2.4 Financial & Optional Data

- **Payment & GC Transactions:** Guidance Credit (GC) purchases, invoices, Stripe or PayPal confirmations. *(We do not store card data.)*

- **Optional Contributions:** Surveys, testimonials, or images voluntarily provided.



We **do not** collect national IDs, government identifiers, or biometric data.



---



## 3. Legal Bases for Processing (GDPR)



We process data under the following legal bases:



- **Contractual Necessity:** To deliver HealthGPT, ERRIC, the new TEL tracking features, and protocol generation.

- **Explicit Consent:** For wellness AI interactions and optional communications.

- **Legal Obligation:** For invoicing, tax, and anti-fraud compliance.

- **Legitimate Interests:** For service improvement, analytics, platform security, and the development/refinement of the TEL system (using anonymized data).



Membership plans (Silver, Gold, Platinum) are managed under **contractual necessity**, as defined in our [Terms & Conditions](../terms_conditions_v5.0.md).



---



## 4. Your GDPR Rights



You have the right to:



- Access and review your stored data

- Request correction of inaccuracies

- Request **permanent deletion** of personal and health data (“Right to Erasure”)

- Object to non-essential processing or marketing

- Request data portability

- Withdraw consent at any time without affecting past lawful processing



Requests may be made to **privacy@2zonetherapy.com** with identity verification.



---



## 5. Data Retention & Archiving



| Data Type | Retention Period | Notes |

|---|---|---|

| Active Account Data | As long as account remains active | Full functionality retained |

| Dormant Account (no login for 60 days) | Archived for 12 months | To allow reactivation |

| GC & Payment Records | 7 years | Required for tax and audit compliance |

| Deleted Accounts | Erased within 30 days of verified deletion request | Irreversible |

| Anonymized Metrics | Indefinite | Used only for aggregated analytics |



---



## 6. Data Deletion (Protocols & Logs)



You may request **complete deletion** of your ERRIC logs, protocols, and health data if closing your account, from the **Services** section of your dashboard.



Deleted data is **lost forever** and cannot be recovered under any circumstances.



**Verification Process:**

1. Submit a deletion request in your dashboard.

2. Confirm your **Secret PassPhrase**.

3. Verify via security codes sent to both registered emails.

4. Final confirmation using both tokens and your PassPhrase.



⚠ **Once confirmed:** - All related data (logs, protocols, chat history, **and TEL-generated metrics**) are **permanently erased**.

- This process cannot be reversed.

- A deletion receipt will be emailed for your records.



This triple-verification system protects against accidental or unauthorised deletion.



---



## 7. HealthGPT & ERRIC Addendum



- **Purpose:** AI-generated content is for **educational and wellness support** only. It does not diagnose or prescribe medication.

- **Emergency Use:** HealthGPT and ERRIC are **not emergency medical tools**. In urgent cases, contact local emergency services.

- **Data Handling:** AI logs are encrypted, anonymised for analytics, and deleted upon verified request.

- **Reseller / Practitioner Access:** Only allowed with explicit, time-limited client consent.



---



## 8. Account Security & PassPhrase Recovery



We use **zero-knowledge encryption**:



- Your **Secret PassPhrase** is encrypted and never stored in plain text.

- We **cannot recover** forgotten passphrases without user verification.

- Recovery requires a verified email and/or WhatsApp code.

- Abuse controls limit resets to **3 attempts per 24 hours**, with temporary lockout after repeated failures.



---



## 9. Cookies & Analytics



We use cookies to:



- Maintain secure login sessions

- Analyse site usage and performance

- Remember language and preference settings



If you are a **Free User**, third-party advertising cookies or similar technologies may be used **only with your consent** to deliver and measure ads. Pay-As-You-Go and Members (Silver/Gold/Platinum) do not receive third-party advertising and therefore no third-party advertising cookies are used for those accounts.



You may disable cookies entirely, though some features may be limited.



---



## 10. Advertising & Membership



We operate on a simple principle — you choose between **Free with Ads** or **Paid without Ads**.



- **Free Users:** Free accounts are supported by advertising.

  You may select which ad categories you prefer to see (for example: Wellness & Supplements, Fitness, Healthy Food, Technology, Lifestyle).

  If you do not choose, general non-personalised ads will be shown automatically.

  These ads may come from third-party partners, but we **do not sell your personal data**, and all ad delivery is handled under strict data-processing contracts.



- **Withdrawing Ad Consent:** You can withdraw your consent to advertising at any time.

  However, if you withdraw consent while on a Free plan, you will need to upgrade to a **Paid Ad-Free Membership** (currently USD $20 per month) to continue using the service.

  This ensures we can operate fairly while giving you full control over your experience.



- **Pay-As-You-Go & Members (Silver, Gold, Platinum):** These accounts already operate without third-party advertising.

  They may occasionally see promotions for our own products and services only.



- **Consent & Control:** You can review or change your ad preferences or upgrade to the Ad-Free plan at any time in your dashboard under **“Ad Preferences.”** Your advertising choices are stored securely and can be updated or deleted whenever you wish.



---



## 11. Children’s Privacy



Our services are **not intended for users under 16**.



We delete any such data upon discovery.



---



## 12. Policy Updates



We may update this Privacy Policy periodically.



Significant updates will be announced via email and dashboard notifications.



Continued use after notice implies acceptance of the new version.



---



## 13. Contact & Data Protection Officer (DPO)



**2Zone Therapy – Data Protection Officer** Email: **privacy@2zonetherapy.com** Emergency Contact: **erric@healthgpt.co.il**