Anriwell Privacy Policy
Last Updated: [June 24, 2025]
Your Privacy Matters to Us
Thank you for choosing Anriwell. We are committed to protecting your privacy and ensuring the highest level of transparency and security in how we handle your personal information. Anriwell is a health and wellness platform that combines smart devices and mobile app services to help users better monitor and manage personal wellbeing.
This Privacy Policy describes how Anriwell (“we”, “us”, or “our”) collects, uses, stores, shares, and protects your Personal Data when you use our website, mobile application (the “App”), and connected devices and services (collectively, the “Services”).
We comply with applicable data protection laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant international standards.
If you have questions, please contact us at: privacy@anriwell.com
SUMMARY
• I. Key Definitions and Concepts
• II. Sources of Data We Collect
• III. Consent and Legal Basis
• IV. Use and Processing of Personal Data
• V. Data Retention
• VI. Data Transfers and Security
• VII. Your Rights and How to Exercise Them
• VIII. HomeCircle Feature and Family Access
• IX. Special Provisions (Research, SDK, etc.)
• X. Contact Us
I. KEY DEFINITIONS AND CONCEPTS
“Personal Data” refers to any information relating to an identified or identifiable natural person. This may include names, email addresses, device identifiers, or location data.
“Health Data””is a special category of Personal Data that includes information related to physical or mental health — such as heart rate, sleep patterns, blood pressure, and other wellness indicators collected through Anriwell devices or input by the user.
“Anonymized Data”means information that has been irreversibly de-identified so it can no longer be associated with a specific individual.
“Pseudonymized Data”means data where identifying information has been replaced with a pseudonym, allowing for potential re-identification only with additional information kept separately.
“Data Controller”refers to the lawful grounds for processing Personal Data under applicable laws (e.g., user consent, contractual necessity, legal obligation, legitimate interest).
“Legal Basis”refers to the lawful grounds for processing Personal Data under applicable laws (e.g., user consent, contractual necessity, legal obligation, legitimate interest).
II. SOURCES OF PERSONAL DATA WE COLLECT
We collect Personal Data through the following channels:
2.1. When You Use Our Mobile App
• Account Creation: We collect your name, email address, phone number (optional), gender, birth date, and password when you register.
• Health Profile Setup: You may enter height, weight, blood pressure, glucose levels, and other wellness information manually or automatically via connected devices.
2.2. When You Use Anriwell Devices
• When paired with the App, devices such as the Sleep Monitor or Blood Pressure Monitor collect real-time Health Data (e.g., heart rate, sleep duration, blood oxygen levels).
• This data is stored securely and visualized within the App for personal wellness tracking purposes.
2.3. When You Participate in HomeCircle
• If you are part of a HomeCircle group, we collect and store permissions data relating to shared access among caregivers, family members, or healthcare aides.
2.4. Through Customer Support Interactions
• When you contact us via email or support channels, we may collect your name, contact details, device usage history, and inquiry content to assist you.
•
2.5. Via Device and App Analytics
• We automatically collect technical data such as your IP address, device ID, operating system version, language preferences, crash logs, and usage patterns to help improve our Services.
2.6. From Third-Party SDKs (as applicable)
• Some third-party services integrated into the App (e.g., Google Maps, crash reporting tools) may collect certain technical identifiers. We ensure such services comply with data protection regulations and are disclosed transparently in our SDK section (see Section IX).
III. CONSENT AND LEGAL BASIS FOR PROCESSING
3.1. Consent Collection
We collect and process your Personal Data only where we have a lawful basis. These may include:
• Your explicit consent (e.g., for sharing data with third-party services or caregivers);
• Contractual necessity, such as creating your Anriwell account and delivering services;
• Compliance with legal obligations;
• Our legitimate interests, such as improving app functionality or ensuring security — unless those interests are overridden by your fundamental rights.
We obtain your consent in the following scenarios:
• When creating an account and agreeing to our Terms of Use;
• When enabling data sharing with family, caregivers, or third-party applications;
• When participating in product research or surveys;
• When accepting location-based or notification-based features;
• When enabling security features like two-factor authentication.
You may withdraw your consent at any time by modifying your settings in the App or contacting us at privacy@anriwell.com.
3.2. Consequences of Withholding Consent
If you choose not to provide certain data or withdraw consent, you may be unable to use specific features or services, such as personalized health tracking or HomeCircle sharing.
IV. USE AND PROCESSING OF PERSONAL DATA
We collect and process your Personal Data for the following purposes:
A. Provision of Core Services
| Purpose | Data Categories | Legal Basis | Retention |
| Account creation |
Name, email, password, date of birth, gender |
Contractual necessity |
Until account is deleted |
| Health data tracking and display |
Heart rate, blood pressure, sleep, oxygen, glucose, weight |
Contractual necessity |
Until account is deleted |
| Data visualization and reporting |
Wellness trends, timelines, PDF report generation |
Contractual necessity |
Until account is deleted |
| HomeCircle family sharing |
Permissions, access history, invited users |
Consent |
Until access is revoked or account deleted |
B. Optional Features
| Purpose | Data Categories | Legal Basis | Retention |
| Location-based services |
GPS coordinates, IP address |
Consent |
Until location access is disabled |
| Marketing communications |
Email, user behavior |
Consent or legitimate interest |
Until user unsubscribes |
| Participation in product research |
Survey responses, usage feedback |
Consent |
Until user opts out or account deleted |
| AI insights and trend analysis (future phase) |
Pseudonymized health data |
Legitimate interest |
Until account is deleted or anonymized |
C. Support and Compliance
| Purpose | Data Categories | Legal Basis | Retention |
| Customer support |
Account info, device logs, message content |
Contractual necessity |
Up to 10 years or until account is deleted |
| Fraud prevention and cybersecurity |
IP address, session data, suspicious behavior logs |
Legitimate interest |
1 year |
| Legal compliance (e.g., recalls, tax) |
Purchase history, transaction data |
Legal obligation |
Up to 10 years |
D. Pseudonymized and Anonymized Processing
We may use pseudonymized or anonymized data for:
• System optimization and algorithm training
• Internal analytics
• Public interest research and wellness statistics
Anonymized data is not considered Personal Data and may be retained indefinitely.
V. DATA RETENTION
5.1. Retention Periods
We retain your Personal Data only as long as necessary for the purposes outlined in this Policy, unless a longer retention period is required by law. When your data is no longer needed, we will delete it or anonymize it securely.
| Data Type | Retention |
| Account data |
Until account deletion |
| Health and device data |
Until deleted by user or account is closed |
| Customer support logs |
Up to 10 years |
| Legal and compliance records |
As required by applicable laws (e.g., 7–10 years) |
| Backup copies |
Retained temporarily for service continuity; not accessible for real-time changes |
5.2. Inactive Account Policy
If your account has been inactive for more than 3 years (i.e., no logins, no device use, and no interactions with app notifications), we may notify you via email and delete your account and associated data after 90 days of no response.
5.3. Data Shared with Third Parties
If you’ve chosen to share your data with a third-party application or caregiver, we cannot ensure its deletion on their side. You must contact the third party directly to manage that data.
VI. HOSTING, TRANSFER, AND SECURITY OF DATA
6.1. Data Hosting Location
Anriwell stores your Personal Data on secure servers located in the United States or other jurisdictions that offer adequate data protection as defined under applicable laws. Health-related data is hosted on platforms that implement industry-standard encryption, access controls, and regular audits.
6.2. International Data Transfers
If your Personal Data is transferred outside your country of residence (e.g., from the EU to the U.S.), we ensure that such transfers comply with applicable data protection laws through one or more of the following:
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules
• Adequacy decisions (where applicable)
6.3. Security Measures
We implement administrative, technical, and physical safeguards to protect your Personal Data, including:
• Data encryption in transit and at rest
• Role-based access control
• Routine security assessments and audits
• Privacy training for employees
• Incident response protocols in the event of data breaches
Despite these measures, no system is completely secure. If we detect a breach involving your Personal Data, we will notify you and relevant regulators in accordance with legal requirements.
VII. YOUR PRIVACY RIGHTS
Depending on your country of residence, you may have the following rights under GDPR, CCPA, and other applicable laws:
7.1. General Rights
| Right | Description |
| Access |
Request access to the Personal Data we hold about you |
| Correction |
Request correction of inaccurate or incomplete data |
| Deletion |
Request deletion of your Personal Data (“right to be forgotten”) |
| Restriction |
Request limited processing of your Personal Data |
| Portability |
Receive your Personal Data in a portable format or transmit it to another service |
| Objection |
Object to data processing based on legitimate interest, direct marketing, or profiling |
| Withdraw Consent |
Revoke consent for processing at any time without affecting prior lawful use |
To exercise any of the above rights, please email privacy@anriwell.com. We may require identity verification for your protection. Requests will be addressed within the legally required time frame.
7.2. California Residents (CCPA)
If you are a California resident, you may also:
• Opt out of the “sale” of your Personal Data (Anriwell does not sell your data in exchange for monetary compensation)
• Request details on the categories of Personal Data collected, shared, or disclosed
• Use an authorized agent to submit a privacy request on your behalf
To submit a request, contact us via privacy@anriwell.com and include "CCPA Request" in the subject line.
VIII. HOMECIRCLE: FAMILY AND CAREGIVER ACCESS
Anriwell’s HomeCircle feature allows users to share select health data with trusted family members, caregivers, or healthcare aides.
8.1. User Control
• The primary user may invite others to join their HomeCircle
• Access can be customized by the primary user (e.g., view-only, notifications, editing rights).
• Access can be revoked at any time via the App.
8.2. Caregiver Accountability
All HomeCircle participants are responsible for protecting the confidentiality of the shared data. Any misuse or unauthorized disclosure is strictly prohibited and may result in account suspension or legal action.
Anriwell does not independently verify the relationship between the primary user and HomeCircle participants; access is granted based on the user’s invitation and consent.
IX. THIRD-PARTY SERVICES AND SDK DISCLOSURES
Anriwell may incorporate third-party services (SDKs) into the App to enable certain features or improve functionality. These include:
| SDK | Purpose | Data Collected | Provider |
| Google Maps SDK |
Location-based services (e.g., movement tracking) |
IP, location, device info |
Google |
| Crashlytics/Bugly |
App crash detection and diagnostics |
Device ID, OS version, logs |
Google/Tencent |
| Analytics SDKs |
User behavior tracking (anonymized) |
App usage, screen flows |
Various |
| Cloud Messaging |
Push notifications |
Device token, OS info |
Firebase/Apple |
All SDKs used by Anriwell are evaluated for compliance with privacy laws. No third-party SDK may access Health Data unless specifically disclosed and consented to.
X. CONTACT INFORMATION
If you have questions, concerns, or wish to exercise your rights regarding your Personal Data, please contact our Data Protection Officer:
Anriwell Privacy Inquiry
Email: privacy@anriwell.com
Address: 2062 Business Center Dr Ste 125, Irvine, CA 92612, USA
Response time: We will respond to all legitimate requests within 30 calendar days.
If you are unsatisfied with our response, you may lodge a complaint with your local Data Protection Authority (DPA) or supervisory authority (e.g., the CNIL in France, the ICO in the UK, or the California Attorney General’s Office).