Privacy Policy

For DrPal

DRPAL GMBH (“DrPal,” “we,” “our,” or “us”) respects your privacy and is committed to protecting personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”), the UK GDPR where applicable, the Swiss Federal Act on Data Protection where applicable, and other relevant privacy laws. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use our website, mobile applications, AI-powered tools, and related services (collectively, the “Services”).

Effective Date: 17-04-2026

1. Introduction

Overview

DrPal GmbH (“DrPal,” “we,” “our,” or “us”) is committed to protecting your privacy and handling your data in compliance with applicable regulations including the GDPR, UK GDPR where applicable, Swiss FADP, and other international data‑protection laws.

This Privacy Policy describes how we collect, use, store, disclose, and protect your personal data when you access our website, mobile app, AI‑powered services, and all associated tools (“Services”).

2. Data We Collect

Personal Data You Provide

We may collect personal information that you voluntarily provide to us, such as:

• Name, email, phone number • Health-related data (symptoms, conditions, lifestyle inputs) • Payment information for premium or token-related services • Location if enabled

Automatically Collected Data

When you interact with our Services, we automatically collect:

• Device information (model, OS version, hardware identifiers) • IP address and geolocation • Usage statistics (pages visited, buttons clicked, time spent) • Log files and diagnostic data

AI Interaction Data

Our AI systems record user interactions, including text inputs, selected recommendations, and model feedback. This data may be anonymized and aggregated to enhance AI accuracy, personalize recommendations, and ensure medical-safety standards.

3. How We Use Data

We use your information to:

• Deliver, maintain, and improve our Services • Provide AI‑generated medical, nutritional, and wellness recommendations • Personalize your experience and adapt content to your needs • Facilitate referrals to healthcare providers (with consent) • Process token‑based transactions and in‑app purchases • Communicate updates, alerts, or promotional messages • Ensure compliance with regulatory obligations

4. Legal Basis for Processing

We process personal data under the following legal bases:

• **Consent** — when you voluntarily submit personal or health data • **Contractual necessity** — to provide purchased or subscribed services • **Legitimate interest** — improving AI models and enhancing platform security • **Legal obligation** — complying with requests from regulatory authorities

5. Data Sharing

We do not sell your personal data. We may share limited information with:

• Verified healthcare partners (only with explicit user consent) • AI service providers operating under strict confidentiality agreements • Analytics and research partners (anonymized and aggregated only) • Regulatory or legal authorities when required by law

6. Data Security

We utilize industry‑grade security including:

• End‑to‑end encryption for sensitive data • Role‑based access and authentication • Secure cloud infrastructure and continuous monitoring • Regular audits and penetration testing

While no system can be 100% secure, we implement rigorous measures consistent with global data‑protection standards.

7. Data Retention

We retain personal data only for as long as required to fulfill the purposes outlined in this Privacy Policy, or as mandated by applicable law. Retention periods may vary depending on the nature of your interactions with our Services, regulatory requirements, and the type of data involved.

After retention periods expire, data is securely deleted, anonymized, or removed from active systems in accordance with industry best practices.

8. International Data Transfers

Your data may be transferred and processed outside your country of residence, including in jurisdictions that may not offer the same level of data protection.

When transferring data internationally, we implement safeguards such as:

• Standard Contractual Clauses (SCCs) • Data Processing Agreements • Encryption and access controls

These measures ensure that your data remains protected regardless of where it is processed.

9. Cookies and Tracking Technologies

We use cookies, analytics tools, and similar tracking technologies to:

• Improve platform performance • Analyze usage trends • Enable personalized experience • Support authentication and security

You may manage cookie preferences through your browser settings. Disabling certain cookies may affect functionality of the Services.

10. Your Privacy Rights

Depending on your region, you may have the right to:

• Request access to your data • Request correction or deletion • Restrict or object to processing • Withdraw consent at any time • Request portability of your data

To exercise these rights, please contact us at: privacy@drpal.ai

11. Token & Blockchain Data

On‑Chain Information

When interacting with our token ecosystem, certain data may be permanently recorded on public blockchains, including transaction IDs, wallet addresses, and token activity. Blockchain data is immutable and cannot be altered or deleted.

Off‑Chain Wallet Associations

If you connect a wallet to DrPal Services, we may store off‑chain associations such as user preferences, payment confirmations, or identity verification (if required by law).

12. Third‑Party Services

Certain features of the Services rely on trusted third‑party providers such as:

• Cloud hosting platforms • AI model providers • Analytics tools • Payment processors • Healthcare partners

These third parties operate under binding agreements ensuring confidentiality and compliance with privacy laws. We recommend reviewing their respective privacy policies for additional details.

13. AI Model Training & Improvement

Anonymized Training Data

DrPal may use anonymized and aggregated interaction data to improve AI model performance, enhance medical reasoning, strengthen safety systems, and refine symptom‑analysis algorithms. Personal identifiers are removed prior to training.

Safety & Behavioral Monitoring

AI systems may analyze usage patterns to ensure safety, prevent misuse, detect harmful patterns, and improve recommendation accuracy. Only aggregated behavioral data is used for this purpose unless legally required otherwise.

14. Children’s Data

DrPal does not knowingly collect personal information from children under 13 (or the minimum legal age in your jurisdiction) without verified parental consent.

If we become aware that a child’s data was collected without authorization, we will:

• Immediately delete the data • Notify the parent or guardian • Restrict further access to Services

15. Changes to This Privacy Policy

We may revise this Privacy Policy to reflect changes in technology, regulatory requirements, or improvements to our Services.

When updated:

• A new “Effective Date” will be posted • Material updates may be communicated via email or app notification • Continued use of Services indicates acceptance of changes

16. Regulatory Compliance

Global Data Protection Standards

DrPal complies with major international data‑protection frameworks, including:

• GDPR (EU) • UK GDPR • Swiss FADP • PIPEDA (Canada) • CCPA/CPRA (California, where applicable)
Additional regional requirements may apply depending on your location.

17. Contact Information

For questions, data requests, or privacy concerns, you may contact us:

Email: privacy@drpal.ai

Address: DrPal GmbH Zürich, Switzerland

18. Effective Date

This Privacy Policy becomes effective on:

**17 April 2026**

The latest update to this document reflects improvements to transparency, AI‑related disclosures, and regulatory alignment with evolving data‑protection laws.