Privacy Policy

EasyHealth’s Privacy Policy is structured into fifteen focused sections—Data Collection; Use of Information; Sharing & Disclosure; Retention & Security; User Rights; International Transfers; and Legal & Compliance. It explains what personal and health data we collect, how we use and protect it, and your rights to access, correct, export, or delete that information. It outlines our safeguards under global privacy frameworks including GDPR, CCPA, and HIPAA-aligned standards, and describes how data flows between our systems, service providers, and secure infrastructure. It details how we notify users of breaches, manage consent, and handle international data transfers lawfully. Altogether, this Privacy Policy defines how EasyHealth collects, protects, and respects your personal and health information across all services, ensuring transparency, security, and user control at every stage.

Icon

Last Updated on October 5th, 2025

1. Introduction

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) values your trust and is committed to protecting your personal and health information. This Privacy Policy explains how we collect, use, store, and safeguard your data when you use our mobile application, website, or any related services. By using EasyHealth, you acknowledge that you have read and understood this policy and consent to our data practices consistent with applicable laws, including GDPR, CCPA, and HIPAA principles.


See full details below.

2. Information We Collect

We collect information to deliver, secure, and improve your experience. This includes:

  • Information you provide directly: Account details, contact info, and health metrics like blood pressure or glucose levels.

  • Information collected automatically: Device identifiers, IP address, app version, and interaction analytics.

  • Information from third parties: Data shared via Apple Health, Google Fit, or payment processors.

We do not collect information unrelated to app functionality, and we never sell personal or health data.

See full details below.

3. How We Use Your Information

Your information is used to operate and improve the Services, personalize your dashboard, analyze trends, and maintain secure performance. It also allows us to send feature updates, handle payments, respond to support requests, and meet legal or audit requirements. We process your data only for legitimate purposes, under consent or lawful necessity.


See full details below.

4. How We Share Your Information

We do not sell your data. We only share information when necessary to operate the app, including:


  • Service providers such as Supabase (for hosting) and Stripe (for payments).

  • Legal or regulatory authorities when required by law.

  • Business transfers in the event of a merger or acquisition, under equivalent protections.

  • With your explicit consent when exporting or sharing health data with others.


See full details below.

5. Data Retention

We retain personal and health data only as long as necessary to fulfill the purposes described in this policy. Account and health data are stored while your account remains active. Upon deletion, records are removed or anonymized, except where law requires retention (e.g., financial or tax compliance). Backup data is securely purged within 90 days.


See full details below.

6. Data Security

EasyHealth implements multi-layered security controls including TLS/HTTPS encryption, AES-256 data encryption at rest, access logging, firewalls, and continuous monitoring. Data is hosted on certified infrastructure compliant with ISO 27001 and SOC 2 standards. While no platform is 100% secure, we take extensive measures to minimize risk and protect your privacy.


See full details below.

7. Your Rights and Choices

Depending on your region, you may have rights to access, correct, export, or delete your personal and health data. You can also withdraw consent or opt out of communications. To exercise these rights, contact us at support@watlu.com and include your registered email address. We’ll respond within legally required timeframes.


See full details below.

8. Children’s Privacy

EasyHealth is not directed to children under 13 (or 16 where local law applies). We do not knowingly collect information from minors. If we become aware that data has been provided by a child, we will delete it promptly. Parents or guardians may contact support@watlu.com to request deletion of a child’s account.


See full details below.

9. International Data Transfers

Your data may be processed and stored in the United States or other regions where we or our service providers operate. Transfers are made under recognized legal mechanisms, including the EU–U.S. Data Privacy Framework and Standard Contractual Clauses (SCCs). These frameworks ensure equivalent data protection wherever your information is processed.


See full details below.

10. Third-Party Services and Links

EasyHealth may link to or integrate with third-party services such as Apple Health, Google Fit, or external websites. We are not responsible for their data handling practices, and their privacy policies govern any information you share with them. We recommend reviewing each third-party privacy policy before connecting or sharing data.


See full details below.

11. Cookies and Tracking Technologies

Our website may use cookies or similar technologies to enhance usability, track performance, and save preferences. We do not use cookies for advertising or behavioral tracking. You can adjust browser settings to limit or disable cookie storage. The mobile app itself does not rely on cookies for functionality.


See full details below.

12. Data Deletion, Export & Account Closure

You can delete your account or request data removal at any time by using the in-app delete option or contacting support@watlu.com. Once verified, we will permanently remove or anonymize your data within 30 days. You may also request a machine-readable export of your health data. Deletion is irreversible once processed.


See full details below.

13. Breach Notification Policy

If EasyHealth experiences a data breach that compromises your personal or health information, we will notify you promptly, and in all cases where legally required, within 72 hours of detection. Notifications will describe the nature of the incident, what information was affected, and recommended protective actions.


See full details below.

14. Legal Basis for Processing

We process your personal data based on:


  • Consent, when you voluntarily enter or sync health information;

  • Contractual necessity, to operate and deliver the Services;

  • Legitimate interests, for performance and fraud prevention; and

  • Legal obligations, to meet compliance, tax, or law enforcement requirements.


See full details below.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in law, security standards, or app functionality. Material updates will be communicated via email or in-app notification, and the “Last Updated” date will be revised. Continued use of EasyHealth after changes indicates your acceptance of the revised Policy.


See full details below.

16. Contact Information

For privacy or data inquiries, reach us at:


We will respond to all verified privacy requests and concerns promptly in accordance with applicable data protection laws.


See full details below.

Changes to this Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page, and the “Last Updated” date will be revised accordingly. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

1. Introduction

1.1 Purpose of This Privacy Policy

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) is committed to protecting your personal and health-related information with the highest level of care, transparency, and security. This Privacy Policy explains how we collect, use, process, store, and protect your personal information when you access or use our mobile application, website, or any related services (collectively, the “Services”).


Our mission is to empower individuals to track and understand their vitals—such as blood pressure, glucose, and cholesterol—without compromising privacy. We treat your Health Data with the same seriousness and protection we would apply to our own.


This document outlines our practices regarding your data and your rights in accordance with major privacy and data protection frameworks, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and HIPAA-aligned confidentiality standards.


1.2 Scope and Applicability

This Privacy Policy applies to all users of the EasyHealth app, website, and Services, regardless of geographic location.
It covers information collected directly from you, automatically through your device, or via third-party integrations such as Apple Health or Google Fit.


This policy does not apply to:

  • Third-party websites, apps, or services linked to or integrated with EasyHealth that maintain their own privacy practices;

  • Offline interactions or communications not facilitated through the EasyHealth platform; or

  • Aggregated, anonymized, or de-identified data that cannot reasonably identify an individual user.


When you use third-party platforms or integrations, their respective privacy policies and terms of service govern those interactions. We encourage you to review them carefully before connecting external accounts.


1.3 Our Commitment to Your Privacy

At EasyHealth, privacy is not an afterthought — it’s foundational to how we design our products.


We implement privacy-by-design principles throughout development, meaning data protection measures are embedded in every layer of the app architecture.


This includes:


  • Collecting only the minimum data necessary for app functionality;

  • Encrypting personal and health data both in transit and at rest;

  • Restricting access to authorized personnel bound by confidentiality obligations; and

  • Regularly reviewing our privacy and security controls to align with evolving legal standards and best practices.


We do not engage in data selling, behavioral advertising, or third-party profiling of your Health Data — ever.


1.4 Legal Basis for Data Processing

Depending on your location and the applicable laws, we may process your personal and Health Data under the following legal bases:


  • Consent: You have provided explicit consent to process your Health Data for tracking and analytics purposes;

  • Contractual necessity: Processing is required to provide the Services you request, such as maintaining your account or storing vitals;

  • Legitimate interests: To improve performance, enhance user experience, and ensure service reliability, provided such interests do not override your fundamental rights and freedoms; and

  • Legal obligation: To comply with applicable laws, accounting standards, or regulatory reporting requirements.


By using EasyHealth, you consent to our lawful processing of your data as described in this Privacy Policy.


1.5 Your Acknowledgment and Consent

By accessing, downloading, installing, or using EasyHealth, you expressly acknowledge that you have read, understood, and agreed to this Privacy Policy.


If you do not agree with any part of this Policy, you should immediately discontinue using our Services and delete your account through the in-app settings or by contacting support@watlu.com.


Continued use of EasyHealth after updates to this Privacy Policy are posted constitutes renewed consent to our data practices.


1.6 Updates to This Privacy Policy

We may modify or update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations.
When updates occur:


  • We will revise the “Last Updated” date at the top of this document;

  • Material changes will be communicated via in-app notice or email (if applicable); and

  • The revised version will take effect immediately upon posting unless stated otherwise.


We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.


1.7 Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, or wish to exercise your data rights (such as access, deletion, or correction), you can reach us at:


Email Contacts:


We will respond to all legitimate requests within the timeframes required by applicable privacy laws.

2. Information We Collect

2.1 Purpose of Definitions

For clarity and consistency, the following capitalized terms shall have the meanings set forth below when used throughout these Terms of Service (“Terms”), our Privacy Policy, or any supplemental policies, guidelines, or legal notices issued by EasyHealth. Where context requires, the singular includes the plural and vice versa.


2.2 Core Terms


“Services”
refers collectively to the EasyHealth: Vitals Tracker mobile application, companion website, digital dashboard, software modules, communication interfaces, and all related functionality, features, content, tools, and integrations offered or operated by EasyHealth. The term includes all updates, upgrades, maintenance releases, beta features, subscription or paid tiers, and support systems made available to users.


“User,” “you,” or “your”
means any natural person who downloads, accesses, registers for, interacts with, or otherwise uses the Services, whether through a mobile device, computer, browser, or other platform. In cases where an individual uses the Services on behalf of an organization or institution, “User” shall include both the individual and the represented entity.


“Account”
refers to the personal EasyHealth user profile created by or on behalf of you for accessing the Services. An Account may include identifying details (such as name, email address, and login credentials), subscription status, preferences, and historical health data. Each User is limited to one Account unless expressly authorized otherwise.


“Health Data”
means any vitals, wellness metrics, or manually entered measurements submitted through the Services, including but not limited to blood pressure, heart rate, blood glucose, cholesterol levels, weight, body-mass index, medication records, activity data, or related personal health indicators. Health Data is stored and processed solely for the purpose of providing visualizations, summaries, and insights within the EasyHealth platform. It does not constitute clinical records or medical diagnoses.


“Device Information”
means data automatically collected from the device used to access the Services, such as IP address, operating system, app version, device identifier, language settings, and usage statistics. Device Information helps maintain functionality, security, analytics, and app performance.


“Subscription” or “Plan”
refers to any paid or free access tier offered by EasyHealth, which may include premium features, additional storage, or extended metrics. All Subscriptions are subject to separate pricing terms, renewal rules, and cancellation procedures set forth at the time of purchase or within the app store from which the Services were obtained.


“Privacy Policy”
means the document entitled EasyHealth: Vitals Tracker Privacy Policy, which explains in detail how EasyHealth collects, stores, uses, shares, and protects User information. The Privacy Policy is incorporated by reference into these Terms.


“Content”
includes all text, graphics, charts, user interfaces, code, icons, images, videos, and other materials displayed or made available through the Services, whether produced by EasyHealth, its partners, or Users. Content is provided for informational purposes only.


“Third-Party Services”
refers to external platforms, tools, or integrations—such as payment processors, cloud providers, or authentication partners (e.g., Apple Sign In, Google Sign-In, Stripe, Supabase)—that assist in providing functionality. Each Third-Party Service operates under its own terms and privacy policies.


“Applicable Law”
means all laws, statutes, regulations, directives, and ordinances that govern your use of the Services, including data protection and consumer rights legislation (e.g., GDPR for EU users, CCPA for California residents).


2.3 Interpretation Guidelines

  • Headings and numbering are for convenience only and shall not affect interpretation.

  • References to “include,” “including,” or similar terms shall be interpreted as “including without limitation.”

  • In the event of any inconsistency between these Definitions and the Privacy Policy, the Definitions herein shall control for general interpretation, while the Privacy Policy shall govern the treatment of personal data.

3. How We Use Your Information

3.1 Purpose of Data Use

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) uses your personal and health information strictly to provide, maintain, and improve the Services you rely on. Every processing activity is purpose-limited, privacy-aligned, and either consent-based or lawfully necessary. We do not use your data for unrelated marketing or profiling.


Our primary purposes include:


  • Providing Core Functionality: Operating your EasyHealth account, syncing vitals, calculating averages and trends, and maintaining accurate historical data.

  • Personalization: Tailoring your dashboard and insights based on the metrics you track and your preferred units, goals, or reminders.

  • Analytics & Insights: Aggregating anonymized data to identify usage trends, feature performance, and app stability improvements.

  • Security & Fraud Prevention: Monitoring for suspicious login attempts, unauthorized access, and protecting accounts against misuse.

  • Communications: Sending service notifications, feature updates, maintenance alerts, and responding to your support inquiries.

  • Payments & Subscription Management: Processing and verifying subscription or one-time purchases through trusted third-party payment processors (e.g., Stripe, RevenueCat).

  • Compliance & Recordkeeping: Retaining minimal records required for tax, audit, or legal obligations under applicable laws.


3.2 Legal Bases for Processing

We process your personal and Health Data under one or more of the following lawful bases:


  1. Consent – When you explicitly provide or import Health Data, you consent to its use for health tracking, analytics, and personalized insights.

  2. Contractual Necessity – When processing is required to deliver Services you request (account creation, data storage, payment, or technical support).

  3. Legitimate Interests – To improve features, ensure reliability, and prevent fraud, provided such processing does not override your privacy rights.

  4. Legal Obligation – When retention or disclosure is necessary to meet regulatory, accounting, or audit requirements.


3.3 Use of Aggregated and Anonymized Data

We may aggregate or de-identify Health Data to generate statistical insights, such as average blood-pressure ranges across regions or app-usage metrics.


Once de-identified, such information no longer qualifies as personal data and may be used for research, performance analysis, or product development.
We ensure these datasets cannot be re-linked to you.


3.4 Communications and Notifications

We may contact you via email, in-app message, or push notification to:


  • Confirm registration or subscription status;

  • Provide updates on new features, releases, or bug fixes;

  • Notify you of policy changes or legal updates;

  • Respond to your customer-support requests.


You can control or opt out of non-essential notifications at any time within app settings or by contacting support@watlu.com.


3.5 Research and Development

With anonymized or aggregated data, we may perform statistical analyses to identify general wellness trends, improve accuracy of health insights, or enhance user experience.
We do not conduct medical research using identifiable Health Data without explicit written consent.


3.6 Data Retention Periods

We retain your information only as long as necessary to fulfill the purposes described above or as legally required.
Upon account deletion or data-removal request, we permanently erase or anonymize associated Health Data, except where retention is mandated by tax, security, or compliance obligations.


3.7 No Automated Decision-Making

EasyHealth does not engage in automated decision-making or profiling that could produce legal or significant effects on you.
All analytics and recommendations are informational and intended for personal tracking—not diagnostic or medical decision-making.


3.8 Ethical and Privacy-by-Design Use

Our processing adheres to strict internal governance controls, regular audits, and access-limiting practices.


Only authorized personnel operating under confidentiality agreements may access limited data to maintain or improve the system.
Every data-handling operation is logged, reviewed, and aligned with privacy-by-design standards.

4. How We Share Your Information

4.1 Overview

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) does not sell, rent, or trade personal or health data to third parties under any circumstance.


We only share your information in limited, clearly defined cases necessary to operate, secure, or comply with legal obligations related to the Services.
All third-party recipients are bound by strict contractual data protection requirements and are only permitted to use the information for the specific purpose for which it was shared.


4.2 Service Providers and Infrastructure Partners

To deliver and maintain a reliable, secure platform, we rely on vetted third-party service providers that perform limited functions on our behalf. These include:


  • Data Hosting & Storage:
    We use Supabase, a secure, cloud-based hosting platform, for database storage and server management. Supabase encrypts data both in transit and at rest using industry-standard protocols (TLS, AES-256).

  • Payment Processing:
    Payments and subscriptions are handled through trusted third-party processors such as Stripe and RevenueCat.
    These providers manage all financial data in accordance with PCI DSS Level 1 compliance standards. EasyHealth does not store or access your credit-card numbers or full payment credentials.

  • Analytics & Crash Reporting:
    Limited technical data (such as crash logs or anonymous session analytics) may be shared with providers like Sentry, Firebase, or equivalent tools to ensure app stability, diagnose bugs, and improve usability.


Each service provider is contractually required to handle your data securely, process it only under our documented instructions, and delete it once services are fulfilled.


4.3 Legal and Regulatory Disclosures

We may disclose personal information if required to do so by law, subpoena, or government request, or when we believe in good faith that disclosure is necessary to:


  • Comply with a legal obligation or regulatory inquiry;

  • Enforce our Terms of Service or other agreements;

  • Protect against suspected fraud, security threats, or abusive behavior;

  • Defend against legal claims or protect our legal rights; or

  • Safeguard the rights, safety, or property of EasyHealth, our users, or the public.


Any disclosure under this section is handled narrowly and with the minimum amount of information legally necessary to fulfill the request.


4.4 Business Transfers and Corporate Events

In the event of a merger, acquisition, reorganization, asset sale, or similar business transaction involving EasyHealth, your information may be transferred to a successor or acquiring entity.


If such a transfer occurs, your data will remain protected under equivalent or stronger privacy standards, and you will be notified of any material change in control or policy via in-app message or email.

You may request deletion of your account before or after such transition, subject to applicable law.


4.5 With Your Explicit Consent

We will only share or export your health data with your explicit authorization. Examples include:


  • Exporting a report or summary to share with a healthcare provider;

  • Syncing with a third-party wellness platform at your request;

  • Connecting EasyHealth to an external app (e.g., Apple Health, Google Fit) under your manual approval.


You maintain full control over such integrations and can revoke consent at any time in the app’s settings.


4.6 Aggregated and De-Identified Data

We may share aggregated or anonymized datasets (e.g., average blood pressure trends, generalized usage statistics) with partners, researchers, or analytics providers for performance benchmarking or health insight development.


These datasets cannot identify you and contain no personal or linked Health Data.


4.7 Safeguards and Contractual Protections

Every third-party recipient of your information must:


  • Operate under a signed Data Processing Agreement (DPA) or equivalent contractual terms;

  • Adhere to confidentiality and security requirements that meet or exceed our internal policies;

  • Comply with all applicable data protection laws, including GDPR, CCPA, and HIPAA-aligned principles;

  • Notify EasyHealth of any suspected breach or misuse involving your information.


We routinely audit vendors and integrations to ensure ongoing compliance.


4.8 International Data Transfers

Your data may be processed or stored in jurisdictions outside your home country (e.g., the United States or European Economic Area).
Where cross-border transfers occur, EasyHealth ensures adequate safeguards—such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms—are implemented to maintain the same level of protection as in your jurisdiction.

5. Data Retention

5.1 Overview

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) retains personal and health information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, to comply with legal or accounting requirements, or to enforce our contractual obligations. We believe in data minimization, ensuring that your information is never stored longer than it needs to be.


We maintain clear retention schedules for each data category and securely delete or anonymize data when it is no longer required.


5.2 Active Account Retention

  • Personal Data: Your account information (such as name, email, and settings) is retained for the duration of your active account.

  • Health Data: All vitals, metrics, and wellness entries you record remain securely stored while your account is active, allowing you to view trends and historical data.

  • Subscription and Transaction Records: If you make purchases or subscribe to a plan, minimal payment and transaction metadata are retained in accordance with applicable financial and tax laws.


If you stop using EasyHealth but do not formally delete your account, we may retain your data for a limited period before marking it inactive and scheduling it for deletion.


5.3 Account Deletion and Data Removal

When you delete your EasyHealth account through the app or by contacting support@watlu.com, we will:


  1. Immediately deactivate your account;

  2. Erase or anonymize all personal and Health Data from our active systems;

  3. Purge backups and redundant storage copies within 90 days;

  4. Retain only minimal, legally required records (e.g., tax receipts, payment confirmations) for audit and compliance purposes.


Once deletion is complete, your data cannot be recovered. Any residual information remaining in temporary logs or cached storage is overwritten through our automated data hygiene processes.


5.4 Legal and Regulatory Retention

Certain data may be retained beyond account deletion when required by law, such as:


  • Financial and transactional data retained for up to 7 years under tax or accounting regulations;

  • System logs retained for security and fraud prevention;

  • Legal correspondence or consent records maintained for compliance or dispute resolution purposes.


After these mandatory retention periods expire, the data is irreversibly deleted or anonymized.


5.5 Backup and Disaster Recovery Systems

To maintain service reliability and integrity, EasyHealth maintains encrypted system backups.
These backups may temporarily contain deleted user data but are automatically purged and rewritten within 90 days through a secure, rolling backup cycle.
All backup storage is encrypted at rest and access is restricted to authorized personnel only.


5.6 Anonymization and Aggregation

In some cases, we may anonymize certain Health Data for statistical, research, or operational purposes.
Once anonymized, the information is no longer personally identifiable and may be retained indefinitely for aggregate analytics, feature optimization, or product improvement.


5.7 User Requests for Deletion or Access

You may request full data deletion or export at any time by contacting support@watlu.com.


We will confirm receipt of your request, verify your identity, and complete the action within the time required by applicable privacy laws (typically within 30 days).

Please note that deletion requests may affect your ability to use EasyHealth’s Services if critical account data are removed.


5.8 Compliance with Data Minimization Principles

We continuously audit our systems to ensure compliance with data minimization, storage limitation, and purpose limitation principles under GDPR Article 5 and similar global standards.
No personal data is retained “just in case” — every record has a defined purpose, lifespan, and deletion schedule.

6. Data Security

6.1 Our Commitment to Protecting Your Information

At EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”), safeguarding your personal and health information is a core operational priority. We implement multi-layered security controls designed to prevent unauthorized access, disclosure, alteration, or destruction of your data.


Our infrastructure, internal policies, and third-party integrations are built to exceed standard consumer security expectations and align with globally recognized frameworks, including ISO 27001, SOC 2, GDPR, and HIPAA security principles.


We continuously assess and upgrade our defenses to adapt to new threats and maintain user trust.


6.2 Encryption and Data Protection

To protect data confidentiality and integrity, EasyHealth uses industry-leading encryption protocols across all transmission and storage layers:


  • In Transit: All data transmitted between your device and our servers is protected using Transport Layer Security (TLS 1.2+), ensuring end-to-end HTTPS encryption and preventing interception or tampering.

  • At Rest: Sensitive data, including health metrics and personal identifiers, are encrypted using AES-256 encryption — the same standard used by banks and government systems.

  • Password Protection: User passwords are securely hashed and salted using strong cryptographic algorithms.

  • Key Management: Encryption keys are stored and rotated securely through managed infrastructure, with restricted administrative access.


We never store plaintext passwords, credit card numbers, or unencrypted health metrics on any system.


6.3 Infrastructure Security

Our servers and databases are hosted on certified cloud infrastructure providers compliant with ISO 27001, SOC 2 Type II, and GDPR-aligned controls. These data centers include:


  • 24/7 physical security monitoring and biometric access controls;

  • Fire suppression systems, power redundancy, and disaster recovery protocols;

  • Segmented networks with advanced firewalls and intrusion detection systems;

  • Automated patching, system hardening, and continuous vulnerability scans.


EasyHealth partners with Supabase as its primary database and hosting provider, leveraging built-in security controls, encrypted connections, and role-based access layers.


6.4 Application-Level Security

At the application level, EasyHealth enforces strict security policies, including:


  • Authentication Controls: Secure login with session tokens and timed expirations;

  • Access Management: Role-based permissions for authorized personnel, enforced through identity verification and least-privilege access models;

  • Input Validation: Protection against SQL injection, cross-site scripting (XSS), and other common vulnerabilities;

  • Continuous Testing: Routine penetration testing and static code analysis during development cycles.


Our security engineers regularly audit code and infrastructure to identify and mitigate potential vulnerabilities before release.


6.5 Continuous Monitoring and Incident Detection

EasyHealth operates continuous system logging and anomaly detection to identify unusual patterns that may indicate security incidents.
We monitor:


  • API access attempts and authentication logs;

  • Suspicious network behavior;

  • Administrative access activity; and

  • System health and uptime metrics.


Detected anomalies are automatically flagged for human review by our security team.


6.6 Breach Prevention and Response Protocol

While no platform can guarantee absolute security, EasyHealth maintains a documented incident response plan to handle potential data breaches swiftly and responsibly.

If a breach affecting your personal or health information occurs, we will:


  1. Immediately isolate affected systems and investigate the incident;

  2. Notify relevant authorities (if required by law);

  3. Inform impacted users within the time period required under applicable regulations (e.g., within 72 hours under GDPR);

  4. Provide clear guidance on protective measures you can take; and

  5. Implement corrective security updates to prevent recurrence.


6.7 Staff Access and Confidentiality

Access to personal or Health Data is strictly limited to authorized employees and contractors who require it to perform their duties.
All such individuals are bound by confidentiality agreements and undergo security training to ensure proper handling of sensitive data.
Any violation of our internal security or privacy standards results in disciplinary action or termination.


6.8 Third-Party Security Compliance

Before integrating with any third-party service provider (e.g., Supabase, Stripe, RevenueCat), EasyHealth conducts due diligence to ensure they meet or exceed our security and privacy expectations.
We require all vendors to:


  • Comply with industry security certifications (ISO 27001, SOC 2, PCI DSS, or equivalent);

  • Encrypt user data and maintain strict access controls;

  • Promptly disclose any security incidents affecting user data.


We review vendor compliance regularly through contractual audits and re-certification cycles.


6.9 User Responsibilities

While EasyHealth implements robust security controls, user actions also play an important role in protecting data.
We strongly encourage you to:


  • Use strong, unique passwords for your EasyHealth account;

  • Keep your device software updated;

  • Avoid sharing login credentials or screenshots of private data;

  • Log out when using shared devices.


Your awareness and safe digital practices help maintain the security of your data and our community.


6.10 Continuous Improvement

EasyHealth treats data security as a living process. We continuously test, audit, and enhance our systems to align with evolving cybersecurity standards and emerging privacy regulations.


We partner with independent security professionals and maintain proactive vulnerability disclosure channels to strengthen our defenses.

7. Your Rights and Choices

7.1 Overview

At EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”), we believe that control over your personal and health information belongs to you.
Depending on your region, data protection laws such as the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and similar global privacy frameworks may grant you specific rights regarding how your information is collected, processed, and retained.


We are committed to honoring these rights for all users, regardless of location, to promote transparency, autonomy, and accountability.


7.2 Your Rights Under Data Protection Laws

You may exercise the following rights, subject to applicable legal conditions and verification of your identity:


a. Right to Access

You have the right to request a copy of the personal and health information we hold about you. This includes data you have provided directly (e.g., vitals, profile info) and data generated during your use of the app (e.g., logs, device identifiers).

Upon request, we will provide this information in a clear and accessible format, typically within 30 days.


b. Right to Correction (Rectification)

If any of your information is inaccurate, incomplete, or outdated, you may request correction or update.
In most cases, you can edit your details directly within the app settings. If not, you can contact us at support@watlu.com for manual correction.


c. Right to Deletion (Right to Be Forgotten)

You can request that we delete your personal and Health Data at any time. Upon verification, we will remove or anonymize your data from all active systems, backups, and logs within our standard retention window (see Section 5: Data Retention).
Certain minimal information may be retained if legally required (e.g., tax, fraud-prevention, or compliance records).


d. Right to Data Portability

You may request a digital export of your personal or health information in a machine-readable format (e.g., JSON or CSV) to share or migrate your data elsewhere.
We will provide this securely upon verification of your identity.


e. Right to Withdraw Consent

If our processing is based on your consent (for example, syncing Health Data or connecting third-party integrations), you can withdraw that consent at any time through the app’s settings or by contacting us.
Withdrawal will not affect lawful processing conducted prior to withdrawal.


f. Right to Restrict or Object to Processing

In some regions, you have the right to object to certain processing activities, such as analytics or non-essential data retention, or to request temporary suspension of processing under review.


g. Right to Opt Out of Marketing or Non-Essential Communications

You can opt out of promotional or non-critical communications by selecting unsubscribe in emails or adjusting your preferences in the app settings.


Essential notifications related to security, legal updates, or service performance cannot be disabled, as they are required for continued use of the app.


7.3 How to Exercise Your Rights

To exercise any of these rights, contact us using one of the following methods:


  • Email: support@watlu.com

  • Include your registered account email and specify the nature of your request (e.g., “Data Access Request,” “Account Deletion,” “Consent Withdrawal”).


We will respond to all verified requests within the legally required timeframe (typically within 30 days, or up to 60 days for complex requests).


For security, we may need to verify your identity before processing your request, and we will inform you if additional information is required.


7.4 Appeals and Complaints

If you believe we have not adequately addressed your privacy concerns, you may have the right to contact a supervisory authority or data protection regulator in your jurisdiction.


For users in the European Union, this is typically your national Data Protection Authority (DPA).


For California residents, you can reach out to the California Privacy Protection Agency (CPPA).


You can also contact our internal privacy team at legal@watlu.com for further escalation or mediation before pursuing formal complaint channels.


7.5 No Discrimination

EasyHealth will never discriminate, deny service, or alter pricing based on your exercise of privacy rights.


Your decision to delete or export your data will not affect your ability to use EasyHealth unless that data is essential for core functionality (e.g., authentication, storage, or subscription access).


7.6 Data Access Transparency

We maintain internal logs of all user privacy requests to ensure accountability and traceability.


When you make a rights request, we document our response timeline, verification steps, and final resolution to demonstrate compliance with data protection regulations.


7.7 Regional-Specific Disclosures

  • European Union (GDPR):
    Processing is based on consent, contract, or legitimate interest. You have full access, portability, and deletion rights.

  • California (CCPA/CPRA):
    You can request to know, delete, or opt out of data sharing (though we do not sell data).

  • Canada (PIPEDA):
    We process data transparently, with your consent and full access to correction or deletion.

  • Other Jurisdictions:
    Users in other regions enjoy equivalent privacy rights, which we honor under the highest applicable standard.


7.8 Contact for Privacy Rights

All privacy-related requests, questions, or concerns can be directed to:


Privacy & Data Protection Team
EasyHealth: Vitals Tracker
Email: support@watlu.com
Legal Contact: legal@watlu.com


We take every inquiry seriously and strive to resolve all matters in good faith and within the timelines required by applicable laws.

8. International Data Transfers

8.1 Overview

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) is based in the United States but serves users globally. As a result, your personal and health information may be transferred to, stored, or processed in countries other than your own, including the United States, the European Economic Area (EEA), and other jurisdictions where our partners or service providers operate.


We take strong, legally recognized measures to ensure your information remains secure and protected, regardless of where it is processed.


8.2 Data Transfer Safeguards

Whenever your information is transferred across borders, we implement appropriate legal and technical safeguards consistent with international privacy standards. These include:


  • Standard Contractual Clauses (SCCs): For users in the EEA, United Kingdom, or Switzerland, we rely on the European Commission’s approved SCCs to lawfully transfer personal data to countries outside the EEA.

  • Equivalent Legal Mechanisms: In jurisdictions outside Europe, we adopt comparable frameworks or local legal instruments ensuring a similar level of protection.

  • Data Encryption: All transfers occur through encrypted channels (TLS 1.2+), and sensitive data is stored using AES-256 encryption.

  • Vendor Compliance: Every third-party processor (e.g., Supabase, Stripe, RevenueCat) must demonstrate compliance with ISO 27001, SOC 2 Type II, or an equivalent international security certification.


We maintain contractual agreements with all service providers to restrict their data use solely to the purposes defined by EasyHealth and this Privacy Policy.


8.3 Hosting and Storage Locations

Your data may be stored on secure cloud servers located in:


  • The United States, for core application hosting and account management;

  • The European Union, for regional data handling and redundancy;

  • Other approved jurisdictions offering equal or higher data protection standards.


All servers operate under strict access controls and data residency requirements consistent with global privacy laws.


8.4 Transfers Initiated by You

If you choose to share or export your data (for example, sending a report to a healthcare provider or connecting your EasyHealth account with Apple Health or Google Fit), this constitutes a user-initiated transfer.


You acknowledge that such sharing may involve the transmission of your personal or Health Data to third parties, and their handling of that data will be governed by their respective privacy policies.


8.5 Cross-Border Health Data Protections

Health-related information receives heightened protection. When such data is transferred internationally, we apply additional layers of control:


  • Explicit Consent: Transfers of Health Data are based on your voluntary and informed consent.

  • Access Limitation: Only encrypted and essential health records are transmitted; unnecessary identifiers are stripped wherever possible.

  • Audit Logging: All cross-border health data transfers are logged and periodically reviewed for compliance.


8.6 Your Rights Regarding Transfers

You have the right to:


  • Request details on the countries where your personal data is stored or processed;

  • Obtain a copy of the Standard Contractual Clauses or equivalent safeguards used in your case;

  • Object to transfers if you believe your information is not adequately protected.


Requests can be sent to support@watlu.com or legal@watlu.com, and we will respond within applicable legal timeframes.


8.7 Continuous Oversight and Compliance

EasyHealth continuously monitors legal and regulatory developments related to cross-border data transfers.


If international data transfer mechanisms are updated, invalidated, or replaced (for example, changes to the EU-U.S. Data Privacy Framework), we will promptly adjust our practices to remain fully compliant and maintain uninterrupted protection for your information.


8.8 Withdrawal and Deletion

You can request deletion of your data at any time, including data held on servers outside your jurisdiction.


Once your account is deleted, all associated data—including international copies or backups—will be removed or anonymized within the retention window defined in Section 5: Data Retention.

9. International Data Transfers

9.1 Overview

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) provides services globally. To deliver the app’s features reliably and securely, your personal and health information may be processed, stored, or transmitted in countries outside your place of residence, including the United States, the European Economic Area (EEA), and other regions where our infrastructure partners or vendors operate.


Regardless of where your data is processed, we maintain the same level of protection, security, and legal safeguards described in this Privacy Policy.


9.2 Legal Mechanisms for International Transfers

When your data moves across borders, we implement recognized legal transfer mechanisms that ensure your privacy rights remain protected under international standards. These mechanisms include:


  • EU–U.S. Data Privacy Framework:
    For data transferred from the EEA, United Kingdom, or Switzerland to the United States, we rely on the EU–U.S. Data Privacy Framework, the UK Extension, and the Swiss–U.S. Data Privacy Framework where applicable. These frameworks certify that participating U.S. organizations provide data protection equivalent to that under EU law.

  • Standard Contractual Clauses (SCCs):
    Where required or when partners are not certified under the Data Privacy Framework, we use the European Commission’s Standard Contractual Clauses (2021/914/EU) and the UK International Data Transfer Addendum to lawfully transfer data. These SCCs impose legally binding obligations on the recipients to maintain privacy and security standards consistent with EU and UK law.

  • Equivalent Safeguards in Other Jurisdictions:
    For regions not covered by the frameworks above, EasyHealth adopts comparable international data transfer mechanisms to ensure the same level of protection wherever your information is processed.


9.3 Technical and Organizational Safeguards

To protect your information during and after transfer, we employ a combination of technical and organizational safeguards, including:


  • End-to-end encryption using TLS 1.2+ during data transmission;

  • AES-256 encryption for data at rest;

  • Strict access control and key-management procedures;

  • Regular audits of vendor compliance and certification status;

  • Continuous network and anomaly monitoring to detect unauthorized access attempts.


These safeguards ensure that your data remains confidential and protected against interception or misuse throughout international transfer operations.


9.4 Hosting and Service Locations

Your information may be processed and securely stored in:


  • The United States (primary hosting region for account and service data);

  • The European Union (redundancy and backup for EU users);

  • Other approved jurisdictions providing equivalent privacy protections under data transfer frameworks or SCCs.


All providers used for data storage and processing are vetted for compliance with ISO 27001, SOC 2 Type II, and GDPR requirements.


9.5 Your Rights in Relation to Cross-Border Transfers

You retain all rights provided under applicable privacy laws, including the ability to:


  • Request details of where your personal and health data are stored or processed;

  • Obtain a copy of the Standard Contractual Clauses or equivalent safeguards used for your data transfer;

  • Object to transfers in certain cases or request deletion of your data from international systems.


To exercise these rights, contact support@watlu.com or legal@watlu.com with your registered email address. We will respond within the legally required timeframes.


9.6 Ongoing Compliance and Updates

EasyHealth actively monitors global developments in privacy regulation and will update its transfer mechanisms if any framework (such as the EU–U.S. Data Privacy Framework or SCCs) is amended, replaced, or invalidated.
If such changes materially affect how your data is protected, we will notify users by email or in-app notice before implementing updates.

10. Third-Party Services and Links

10.1 Overview

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) may integrate with or link to third-party services that support essential app functionality — such as health data synchronization, subscription management, payment processing, analytics, or external content display.


While these integrations enhance your experience, EasyHealth does not control and is not responsible for the privacy or data handling practices of any third party. When you interact with an external service, that service’s own privacy policy governs the use of your information.


10.2 Health and Fitness Integrations

With your explicit consent, EasyHealth may connect with third-party health and wellness platforms, including but not limited to:


  • Apple Health (iOS)

  • Google Fit (Android)


When you enable such connections, EasyHealth only receives the specific health metrics you authorize — for example, heart rate, step count, or glucose readings.
You can revoke these permissions at any time directly through Apple Health or Google Fit settings.


Important: EasyHealth does not modify, re-share, or re-sell health data obtained from these sources. Once imported, data are processed solely for your personal tracking, insights, and visualization purposes, consistent with Section 3 (“How We Use Your Information”).


10.3 Payment Processors

If you purchase a subscription or a premium feature, payment is handled securely through trusted third-party processors such as:


  • Stripe, Inc. – for web-based or direct payments;

  • RevenueCat, Inc. – for in-app subscription management;

  • Google Play Billing or Apple In-App Purchases, depending on your device platform.


These providers manage all financial details in compliance with PCI DSS Level 1 standards and never share your full credit-card information with EasyHealth.


We only receive non-sensitive transaction metadata (e.g., subscription status, transaction ID, or purchase date) for account management and billing support.


10.4 Hosting and Infrastructure Providers

EasyHealth’s core infrastructure is powered by Supabase, a secure cloud platform responsible for hosting, database management, and authentication.


Supabase operates under ISO 27001 and SOC 2 Type II certifications and complies with modern encryption and access control standards.

While Supabase acts as a data processor on our behalf, EasyHealth remains the data controller responsible for how your personal and Health Data are used under this Privacy Policy.


10.5 Analytics, Monitoring, and Error Reporting

To ensure app performance, reliability, and crash prevention, EasyHealth may use limited technical integrations such as:

  • Sentry (error tracking and diagnostics);

  • Firebase Analytics (aggregated performance and event data).


These tools collect only non-identifiable technical information such as app version, device type, and crash logs.
They do not access or process your Health Data, account credentials, or personal identifiers.


10.6 External Links and Websites

Our app or website may include links to external resources, health references, or third-party informational pages.


These links are provided for convenience only. EasyHealth is not responsible for the privacy, security, or accuracy of any information or content found on those external sites.


We encourage you to review each website’s own privacy policy and terms of service before interacting or submitting personal information.


10.7 Third-Party Privacy Policies

When you use a third-party integration or click an external link, your relationship is directly with that provider.


We recommend reading their privacy policies carefully to understand how your data may be used or shared. Common examples include:

10.8 Liability Disclaimer

EasyHealth is not responsible for any loss, misuse, or unauthorized disclosure of information arising from your interactions with third-party platforms, even if accessed through our app.


Your decision to connect or share data with external services is entirely voluntary and governed by those services’ independent privacy and data-handling policies.


10.9 Revoking Access

You can disconnect any linked third-party account or integration at any time within EasyHealth settings or within the external provider’s settings (e.g., Apple Health or Google Fit).


Once revoked, no further data will be exchanged between EasyHealth and that service, and previously imported data will remain securely stored under our data retention policies.

11. Cookies and Tracking Technologies

11.1 Overview

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) may use cookies and similar tracking technologies on our website to enhance user experience, maintain session integrity, analyze performance, and remember preferences.


These technologies help us understand how visitors interact with our site so we can improve usability, reliability, and accessibility.

The mobile application itself does not rely on cookies for its core functionality and operates independently of browser-based tracking mechanisms.


11.2 What Cookies Are

Cookies are small text files stored on your device when you visit a website. They allow the site to recognize your browser and remember information such as login sessions, settings, or language preferences.
Other related technologies — like web beacons, pixels, local storage, and software development kits (SDKs) — may serve similar functions.


11.3 Types of Cookies We Use

EasyHealth uses only essential and performance-based cookies. We do not use cookies for behavioral advertising, cross-site tracking, or profiling.
The cookies we may use include:


  • Strictly Necessary Cookies – Required for site functionality, such as login session maintenance or form submissions.

  • Performance and Analytics Cookies – Used to monitor website traffic volumes, page loading times, and aggregated error data. These cookies help us optimize performance and stability.

  • Preference Cookies – Store your language or display settings so the site appears the same way on future visits.


All cookies we use are time-limited and expire automatically once their purpose is fulfilled.


11.4 Third-Party Analytics

We may use privacy-focused analytics tools, such as Plausible Analytics, Google Analytics 4, or equivalent services, to collect anonymous usage statistics.


These services help us understand aggregate trends (for example, which pages are most frequently accessed) but do not identify individual visitors or track them across unrelated websites.


Data collected through analytics cookies are anonymized before analysis and retained only for limited operational purposes.


11.5 Managing Cookies and Preferences

You can control or disable cookies at any time through your browser settings. Common options include:


  • Blocking all cookies;

  • Allowing only session cookies;

  • Deleting existing cookies when closing your browser;

  • Receiving alerts before a cookie is stored.


For instructions, consult your browser’s help section (e.g., Chrome, Safari, Edge, Firefox).
Please note that disabling certain cookies may affect some website features such as persistent login or saved preferences, but will never affect app functionality.


11.6 Mobile App Behavior

The EasyHealth mobile app does not use browser cookies or third-party ad tracking.


Instead, it relies on local device storage to securely save user settings, tokens, and health data required for offline functionality.
No tracking pixels, ad identifiers, or behavioral advertising tools are embedded within the app.


11.7 Consent and Legal Basis

For visitors from regions covered by the EU ePrivacy Directive or GDPR, non-essential cookies are used only after you grant explicit consent through the banner or settings presented upon first visit.
Essential cookies — those required to deliver the website — are exempt from consent under Article 5(3) of the ePrivacy Directive.


11.8 Data Retention for Cookies

Cookies used by EasyHealth are stored for the minimum period necessary:


  • Session cookies expire when your browser is closed.

  • Performance and preference cookies typically last no longer than 12 months.

  • Analytics cookies, if used, are anonymized and retained for limited statistical use only.


11.9 No Advertising or Cross-Site Tracking

EasyHealth does not use cookies or third-party tracking scripts for:


  • Personalized or targeted advertising;

  • Remarketing or affiliate campaigns;

  • Profiling based on browsing history;

  • Sale of personal data to marketers.


Our cookie usage is confined solely to operational, analytical, and functional improvements.


11.10 Updates to Cookie Practices

We may occasionally update our cookie usage or analytics tools.
Any material change that affects how data are collected or stored will be reflected in this section, with an updated “Last Updated” date and notice on our website.


We encourage users to review this policy periodically to stay informed about our tracking and privacy practices.

12. Data Deletion, Export & Account Closure

12.1 Overview

You have full control over your data and account status within EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”).


We recognize that privacy includes the right to delete, export, or close your account at any time. This section explains the procedures, verification steps, timelines, and consequences of account deletion or data export requests.


12.2 Account Deletion Options

You can delete your EasyHealth account in two ways:


  1. In-App Deletion:
    Use the “Delete Account” option within the app’s account settings. This is the most direct and secure method.

  2. Support Request:
    Contact our team at support@watlu.com using your registered account email and specify “Account Deletion Request” in the subject line.


Once we verify your identity, deletion will proceed as outlined below.


12.3 Verification Process

To protect against unauthorized deletions, we require verification before processing your request.


Verification may involve confirming your email, device ID, or providing additional identifying details.


If we cannot verify your identity, we may be unable to fulfill the request to ensure your data remains secure.


12.4 Data Removal Timeline and Scope

Upon successful verification, we will:


  • Immediately deactivate your account and revoke all login credentials;

  • Permanently erase or anonymize all personal and Health Data from active databases;

  • Remove residual data from system logs and secondary services; and

  • Purge encrypted backups containing your data within 30 days of confirmation.


Once deletion is complete, your data will no longer be recoverable under any circumstance.


12.5 Exceptions and Legal Retention

Certain limited records may be retained after account deletion if required by law, such as:


  • Financial and payment data for tax, billing, or audit compliance (typically retained up to 7 years);

  • Fraud prevention and abuse logs;

  • Legal correspondence or dispute documentation.


These retained records are isolated, access-restricted, and never used for marketing, analytics, or personalization.


12.6 Data Export and Portability

You may request a machine-readable export of your personal and health data at any time by emailing support@watlu.com.


We provide exports in standardized formats such as JSON, CSV, or XML, allowing you to transfer your information to other apps or personal archives.

Export requests are fulfilled within 30 days of verification and include the data you directly provided or generated through app usage (e.g., health metrics, goals, and progress history).


12.7 Revocation of Access and Functionality

Once your account is deleted:


  • You will lose access to all EasyHealth data, reports, and historical metrics;

  • Linked services such as Apple Health, Google Fit, or payment processors will automatically disconnect;

  • Any shared reports or exported files previously generated will remain in your control but will no longer sync or update.


Deletion is permanent and irreversible. Reactivation requires creating a new account.


12.8 Confirmation of Deletion

You will receive an email confirmation once the deletion or export request has been completed.


For transparency, EasyHealth maintains a minimal internal record of request completion for audit and legal verification purposes (without retaining any deleted personal data).


12.9 Global Compliance Alignment

These rights are recognized under international privacy frameworks, including:


  • GDPR (Articles 15–20): Access, portability, and erasure rights for EU users;

  • CCPA/CPRA: Right to deletion and data portability for California residents;

  • HIPAA Principles: Respect for individual access and deletion of personal health data within lawful boundaries.


We apply these protections universally to all users, regardless of jurisdiction.


12.10 How to Contact Us

To delete your account, export your data, or inquire about the process, please contact:


EasyHealth Privacy Team
📧 support@watlu.com
Subject line: Data Deletion or Export Request


We aim to complete all verified requests within 30 days, or sooner where possible.

13. Breach Notification Policy

13.1 Overview

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) treats data security and transparency as critical obligations. In the unlikely event that we experience a security incident or data breach affecting your personal or health information, we are committed to responding swiftly, mitigating impact, and notifying affected users in accordance with applicable laws.
This policy outlines our procedures for identifying, managing, and communicating confirmed breaches.


13.2 Definition of a Data Breach

A data breach is defined as any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal or health information transmitted, stored, or otherwise processed by EasyHealth or its service providers.


Examples may include:


  • Unauthorized access to user databases or cloud storage;

  • Accidental exposure of Health Data through misconfiguration or system error;

  • Compromise of user credentials or tokens through a third-party attack;

  • Loss or theft of encrypted backup media;

  • Inadvertent disclosure of data to unintended recipients.


Incidents that do not involve access to personal or health data (such as minor app downtime or technical errors) are not considered breaches under this policy.


13.3 Detection and Assessment

EasyHealth maintains continuous system monitoring and automated alerting mechanisms to detect potential anomalies in real time.
Upon identification of a suspected incident:


  1. The issue is escalated immediately to our Security and Compliance Team;

  2. A risk assessment is conducted to determine whether personal or health data were exposed, altered, or accessed without authorization;

  3. We classify the event based on severity, scope, and affected data type; and

  4. All findings are documented in a Breach Response Log for audit and accountability purposes.


13.4 Containment and Mitigation

If a breach is confirmed, EasyHealth immediately initiates its incident response protocol, which includes:


  • Isolating affected systems to prevent further exposure;

  • Revoking or resetting compromised credentials or keys;

  • Engaging relevant third-party providers (e.g., Supabase, Stripe, RevenueCat) for containment;

  • Patching vulnerabilities or applying configuration corrections;

  • Conducting forensic analysis to determine root cause and scope.


Our goal is to restore secure operation as quickly as possible while preserving forensic evidence for investigation.


13.5 Notification Timeline

If a breach involves your personal or health data, we will notify you without undue delay, and in all legally mandated cases, within 72 hours of becoming aware of the breach, in accordance with:


  • GDPR Articles 33–34 (European users);

  • HIPAA Breach Notification Rule (U.S. health-related data);

  • CCPA/CPRA (California residents); and

  • Equivalent international or regional privacy laws.


Notifications will be issued via email, in-app alert, or public notice if direct communication is not feasible.


13.6 Contents of Notification

Our breach notification will include clear, actionable information, such as:


  1. A description of the nature and scope of the incident;

  2. The types of information involved (e.g., email, health metrics, or account credentials);

  3. The likely consequences and potential risks;

  4. Steps EasyHealth has taken or plans to take to mitigate harm; and

  5. Recommended actions you can take to protect yourself (e.g., password change, monitoring for suspicious activity).


Where appropriate, we will also provide updates as remediation progresses or new details become available.


13.7 Notification to Authorities

In addition to notifying affected users, EasyHealth will report qualifying breaches to relevant data protection authorities or regulators within the required legal timeframe.
For example:


  • Within 72 hours under GDPR for EU-based users;

  • Within 60 days under HIPAA for U.S. healthcare data incidents;

  • As otherwise required under local law or regulator guidance.


We maintain formal documentation of all breach reports for compliance verification.


13.8 Third-Party Involvement

If the breach involves or originates from a third-party service provider (e.g., Supabase, Stripe, or Apple Health), EasyHealth coordinates directly with the vendor to:


  • Confirm the nature and scope of the incident;

  • Ensure containment measures are complete;

  • Obtain formal incident reports; and

  • Communicate accurate information to affected users and authorities.


All vendors under contract are required to maintain breach notification obligations consistent with our security and privacy standards.


13.9 Post-Incident Review and Prevention

After resolving any incident, EasyHealth performs a post-incident review to:


  • Identify root causes and systemic vulnerabilities;

  • Update policies, firewalls, and access controls;

  • Enhance detection and response tools;

  • Implement staff retraining where applicable.


Lessons learned are integrated into future updates of our Security Framework to strengthen resilience against similar events.


13.10 No Fee for Notifications

Users will never be charged for receiving notifications related to a security incident or data breach. All communications are delivered free of cost and in plain, accessible language.


13.11 User Cooperation

In the event of a breach, we may request that you take certain actions—such as resetting your password, reviewing recent activity, or verifying recent exports—to help secure your account. Your timely cooperation helps prevent further unauthorized use of your data.

14. Legal Basis for Processing

14.1 Overview

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) processes personal and health information only when there is a clear, lawful basis to do so.


Because we serve users globally, our data practices are designed to comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and equivalent international privacy laws.


This section outlines the specific legal bases under which we collect, store, analyze, and share your data.


14.2 Consent

We rely on your explicit consent for any processing involving health, biometric, or sensitive personal data.
This includes when you:


  • Manually enter or sync vitals, such as blood pressure, glucose, or cholesterol levels;

  • Authorize integrations with external apps such as Apple Health or Google Fit;

  • Agree to data collection through optional analytics or feedback programs;

  • Provide personal information in communications with our support team.


You may withdraw your consent at any time through the in-app privacy settings or by contacting support@watlu.com.
Withdrawal of consent will not affect the legality of any prior processing conducted before withdrawal.


14.3 Contractual Necessity

We process your personal data when it is necessary to perform a contract between you and EasyHealth, such as:


  • Creating, maintaining, or managing your account;

  • Providing core app features and personalized dashboards;

  • Processing payments and subscription management via Stripe or RevenueCat;

  • Delivering requested insights, metrics, or reports.


Without this data, we would be unable to provide the Services you have requested or purchased.


14.4 Legitimate Interests

We may process certain personal data under the lawful basis of legitimate interests, provided such processing does not override your fundamental rights or freedoms.


Examples include:


  • Improving app performance and reliability;

  • Detecting and preventing fraudulent or abusive use of the Services;

  • Conducting anonymized analytics and usage metrics to enhance product design;

  • Securing user accounts and systems against unauthorized access;

  • Managing business operations, such as audits, reporting, or compliance with corporate policies.


When we rely on legitimate interests, we always perform a documented balancing test to ensure the necessity and proportionality of the data processing relative to your privacy rights.


14.5 Legal Obligations

In some cases, EasyHealth is required to process or retain data to comply with applicable laws, regulations, or legal processes.
These obligations may include:


  • Retaining financial transaction records for tax and accounting compliance;

  • Providing information in response to lawful requests from law enforcement or regulators;

  • Meeting data retention or reporting requirements under health, consumer, or privacy laws;

  • Fulfilling our duties under GDPR Articles 5 and 30 and other applicable frameworks.


Such processing is limited strictly to what the law requires and will never extend to unrelated uses.


14.6 Special Categories of Data (Health Information)

Because EasyHealth processes Health Data voluntarily provided by users, we treat this category with heightened protection and process it only when one of the following applies:


  • You have provided explicit consent for the specific purpose of health tracking and analysis;

  • Processing is necessary to provide a personalized wellness service you requested;

  • Processing is anonymized or aggregated for legitimate interests such as research or system optimization;

  • Processing is required for legal claims or regulatory compliance (e.g., under HIPAA principles or similar frameworks).


We never use Health Data for automated decision-making or profiling that produces legal or discriminatory effects.


14.7 Withdrawal and Objection Rights

If you object to our reliance on legitimate interests or wish to withdraw consent, you can:


  • Disable relevant features within the app settings;

  • Email support@watlu.com with your registered email and request details; or

  • Submit a formal data rights request under Section 7: Your Rights and Choices.

We will honor all verified requests within the legal timeframes applicable in your jurisdiction.


14.8 Transparency in Processing

To ensure accountability, EasyHealth maintains internal documentation of all data processing activities, including:


  • The lawful basis relied upon for each category of data;

  • Retention periods and anonymization schedules;

  • Third-party processors involved and their respective roles;

  • Security and consent verification logs.


This documentation allows us to demonstrate compliance to supervisory authorities and maintain transparency with users.


14.9 Changes to Legal Basis

If our processing purposes or legal bases change, we will notify users before applying the new basis.
You will be given the option to review and, where applicable, re-consent before any additional data use occurs.

15. Changes to This Privacy Policy

15.1 Policy Updates

EasyHealth: Vitals Tracker (“EasyHealth,” “we,” “us,” or “our”) may modify or update this Privacy Policy from time to time to reflect:


  • Changes in applicable laws and regulations (such as GDPR, CCPA, or HIPAA principles);

  • Updates in our business practices, service features, or technical architecture;

  • Enhancements to data protection, encryption, and storage methods; or

  • Adjustments required by third-party service providers, including Supabase, Stripe, or app store policies.


All revisions will be published with an updated “Last Updated” date at the top of this document. The current version, as displayed in the app or on our official website, supersedes any prior versions.


15.2 Notice of Material Changes

If we make material changes—such as expanding data collection categories, modifying data-sharing practices, or introducing new integrations—we will notify users in advance through one or more of the following:


  • An in-app alert or banner notice within EasyHealth;

  • An email notification sent to your registered address;

  • A push notification for active users; or

  • An update notice posted on our official website.


We may also summarize key updates in plain language to help users easily understand what’s changed.


15.3 User Responsibility and Acceptance

It is your responsibility to review this Privacy Policy periodically. By continuing to access or use EasyHealth after updates are published, you:


  • Acknowledge that you have reviewed and understood the updated terms;

  • Consent to the continued processing of your personal and health data as described in the revised policy; and

  • Accept that your ongoing use constitutes a binding agreement to the new version.


If you disagree with any updates, you must stop using the Services and may delete your account under Section 12: Data Deletion, Export & Account Closure.


15.4 Archival and Historical Versions

EasyHealth maintains archived versions of prior Privacy Policies for compliance and transparency. You may request a copy of a previous version by emailing legal@watlu.com and specifying the effective date you wish to review.


15.5 Contact for Policy Questions

If you have any questions about this Privacy Policy, changes to it, or your rights under applicable data protection laws, you may contact us at:


Email: legal@watlu.com
Subject Line: Privacy Policy Inquiry

We review and respond to all inquiries within the timeframes required by law.

16. Contact Information

For privacy or data inquiries, reach us at:



We will respond to all verified privacy requests and concerns promptly in accordance with applicable data protection laws.

Changes to this Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page, and the “Last Updated” date will be revised accordingly. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

6. Data Security