Legal

Consumer Health Data Privacy

Last updated

This policy applies to "consumer health data" that Edden Internet Private Limited ("Rox," "we," "us") collects through the Rox app and talktorox.com. It describes the categories we collect, where it comes from, why we collect it, what we share, who we share it with, and how you can exercise your rights.

Categories of consumer health data we collect

  • Health conditions you describe or that we infer, including conditions such as POTS, ME/CFS, fibromyalgia, and Long COVID.

  • Symptoms, flares, energy levels, sleep, and pacing information you share.

  • Medications, treatments, and care details you choose to share.

  • Bodily and biometric metrics from connected devices you authorize, such as heart rate, heart rate variability, sleep, and activity from Apple Health or Whoop.

  • Inferences we draw about your health status from the above in order to provide features such as pacing insights and recovery scoring.

Sources of this data

  • Directly from you, through your conversations with Rox and information you log in the app.

  • From devices and platforms you choose to connect, such as Apple Health (HealthKit), Whoop, Garmin, Oura or any other source of wearable.

  • Inferences we generate from the data above.

Why we collect and use it

We collect and use consumer health data to provide the Service you requested: to power your conversations with the Rox companion, personalize its support, and generate the pacing and recovery features you use. We do not use it for advertising, and we do not sell it.

Categories of consumer health data we share

We share consumer health data only with service providers (processors) that help us run the Service, and only as needed for them to perform that work. We do not share consumer health data with third parties for their own purposes, and we do not sell it. We may disclose it where required by law.

Categories of third parties, and specific affiliates, we share it with

  • AI processing providers that generate Rox's responses: Anthropic, PBC; OpenAI, LLC (a subsidiary of OpenAI Group PBC); and Google LLC (Gemini).

  • Cloud hosting and storage providers: Amazon Web Services, Inc. (AWS); Google LLC (Google Cloud); and Supabase, Inc.

  • Authentication provider: Firebase Authentication, a service of Google LLC.

  • Affiliates: We do not share consumer health data with affiliates.

We do not share consumer health data with data brokers or advertising networks.

Your rights

You have the right to:

  • Confirm whether we collect, share, or sell your consumer health data, and access that data.

  • Obtain a list of the third parties and affiliates with whom we have shared your consumer health data, including how to contact them.

  • Withdraw your consent to our collection and sharing of your consumer health data.

  • Have your consumer health data deleted, including from our backups within the time the law allows, and we will pass deletion requests to our processors and any third parties.

We will respond within 45 days, with one extension where reasonably necessary, and we will not charge you for requests up to twice per year. We will not require you to create a new account to make a request.

How to exercise your rights

Submit a request by emailing founders@talktorox.com, or by using the in-app controls. You can also delete your account and its data directly in the app.

Appeals

If we deny your request, you may appeal by emailing founders@talktorox.com with the word "Appeal" in the subject line. We will respond to your appeal in writing within 45 days. If we deny the appeal, you may contact the Washington State Attorney General by filing a complaint at https://www.atg.wa.gov/file-complaint

Contact

Edden Internet Private Limited F 1321 Rajhans Synfonia, Abhwa Chowk, Vesu, Surat 395007, India founders@talktorox.com