1. Information We Collect

1.1 Information You Provide Directly

When you use the Service, you may choose to provide information such as:

• Account information (e.g., email address or phone number, date of birth to verify eligibility, and a display name or username).
• Health and wellness information (e.g., endometriosis-related symptoms, pain logs, menstrual cycle information, medical history you choose to provide, medications, lifestyle information, and personal notes).
• Community content (e.g., posts, comments, and replies you submit in community forums).
• Communications (e.g., messages you send to us for support or feedback).

1.2 Information Collected Automatically

When you access or use the Service, we may automatically collect limited technical information for security and functionality, such as:

• Device and app information (e.g., device type, operating system version, app version, language settings).
• Log and diagnostic information (e.g., timestamps, basic events needed to maintain the Service, and error logs).
• Approximate location derived from your IP address (not precise GPS location).

No third-party analytics for now. At this time, we do not embed third-party analytics or advertising SDKs in the app to track you across other companies' apps or websites.

1.3 Information from Third Parties

If you choose to sign in using Apple Sign-In or Google Sign-In, we receive information from that provider (such as an identifier and an email address). We do not receive your Apple or Google password.

2. How We Use Information

We use information to:

• Provide, operate, and maintain the Service (including storing your logs and displaying your dashboards).
• Personalize your experience (including showing trends and insights based on your entries).
• Communicate with you about the Service (e.g., transactional messages, security notices, and support).
• Improve and develop the Service (including troubleshooting, debugging, and improving features).
• Protect the safety, integrity, and security of the Service (including detecting fraud and abuse).
• Comply with legal obligations and enforce our Terms of Service.

De-identified and aggregated data. We may create de-identified or aggregated information from data in the Service and use it for analytics, research, and product improvement. We take reasonable steps to help ensure de-identified data cannot reasonably be used to identify you.

3. How We Disclose Information

3.1 No Sale or Targeted Advertising Sharing

We do not sell your personal information. We also do not share your personal information for cross-context behavioral advertising ("targeted advertising") as those terms are defined under certain U.S. privacy laws.

3.2 Service Providers

We disclose information to vendors and service providers that process information on our behalf to help us operate the Service, such as cloud hosting providers.

Current core service providers include:

Service providers are required by contract to use information only to provide services to us and to protect it.

3.3 With Your Direction or Consent

We disclose information when you choose to share it, for example if you export your data, share a report with a provider, or post content in a community forum.

3.4 Legal, Safety, and Compliance

We may disclose information if we believe in good faith that disclosure is necessary to comply with law, respond to lawful requests, protect the safety of users, or protect our rights and property.

3.5 Business Transfers

If Endo360 is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to applicable law.

4. Data Retention and Deletion

We retain information for as long as necessary to provide the Service and for legitimate business and legal purposes.

Account deletion. You can delete your account through the in-app settings or by emailing [email protected]. When you request deletion, we will delete or de-identify your personal information, subject to applicable law and limited retention for legal, security, and fraud-prevention purposes.

Washington and Nevada residents: Please see the Consumer Health Data Privacy Policy for additional deletion rights for consumer health data.

5. Security

We use reasonable administrative, technical, and physical safeguards designed to protect information. However, no security measures are perfect and we cannot guarantee absolute security.

6. Health Breach Notification

If we experience a breach of unsecured identifiable health information that triggers the FTC's Health Breach Notification Rule or other applicable breach notification laws, we will provide required notices to affected individuals and regulators within the timelines required by law.

7. Your Privacy Choices and Rights

7.1 Access, Correction, Export, and Deletion

You can access and update certain information through your account settings. You may also request access to, correction of, export of, or deletion of your information by contacting [email protected].

7.2 Identity Verification

To protect you, we may need to verify your identity before fulfilling certain requests (such as access or deletion). Verification typically involves confirming control of the email address or phone number associated with your account and may require additional information. We will not ask for your password.

7.3 Communications Preferences

You may manage certain notifications through your device settings. You can opt out of non-essential marketing emails (if any) using the unsubscribe link in the email. You cannot opt out of important transactional or security communications.

7.4 California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"), such as the right to know, delete, and correct personal information, and the right to limit the use and disclosure of sensitive personal information, subject to exceptions.

We do not sell personal information or share personal information for targeted advertising. If you submit a request, we will respond consistent with applicable law.

To exercise California privacy rights, email [email protected] with "California Privacy Request" in the subject line.

8. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided personal information to us, please contact us at [email protected].

9. International Users and Data Location

The Service is currently designed for users in the United States, and information is stored and processed in the United States. If you access the Service from outside the United States, you understand that your information will be processed in the United States.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice in the app and/or by email, and we will update the "Last Updated" date above.

11. Contact Us

Endo360 LLC
Attn: Lucas Pejovic-Nezhat
835 Wilshire Blvd, Ste 500 #565
Los Angeles, CA 90017

Email:
[email protected] (privacy)
[email protected] (deletion)
[email protected] (security)
[email protected] (support)

Website: admin.endometriosis360.com