Privacy Policy

Effective: February 27, 2025

This Privacy Policy describes how Impaq L.L.C-FZ (“we“, “us” or “our“) handles personal information that we collect through our website https://evaai.health/ (the “Site”), application for virtual reality devices (the “VR App”) and other online services (collectively, the “Service”).

Impaq L.L.C-FZ (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy covers the “personal information”, meaning information about an identified or identifiable individual that is collected through our Service.

By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service.

Depending on how you interact with us, the following may also apply to you:

• Some components or features of our Service may include additional privacy notices, such as an optional feature that uses your personal information in a unique way. The language of those terms and privacy notices supplement this Privacy Policy unless there is a conflict, in which case those additional terms and privacy notices will apply.
• You may follow links contained in our Service or provided to you by other users to third-party websites or products not operated by us. This Privacy Policy does not apply to third-party websites or products. We strongly suggest you review their privacy policies to understand how your personal information is used and stored by those third parties.
• Similar to the above point, you may use single sign-on (SSO) features to access our Service, such as through your social media accounts. That use may be subject to your SSO provider’s terms and privacy policies, and we encourage you to review them prior to using those features.

Please read the following carefully to understand our practices regarding your personal information. We also encourage you to review our Terms and Conditions here (https://evaai.health/terms-conditions/).

• Collection of personal information

We get information about you in a range of ways. We may collect or process the following personal information about you from what you provide us directly, what we receive from others, and personal information we may automatically collect when you interact with our Service.

• Information you provide to us

• Transactional data, such as information relating to your subscription plan or needed to complete your orders on or through the Service, including order numbers, subscription method and transaction history.
• Marketing data, such as your preferences for receiving our marketing communications.
• User-generated content, such as voice recordings.
• Relationship data, such as familial or other relationship to third parties whose personal information you may provide to us.
• Mood and feelings, physical health data based on your voluntary responses to surveys and questionnaires.
• Body dimensions that you choose to store in the tracking features of your VR device such as a Meta Quest.
• Payment information needed to complete transactions, including payment card information or bank account number. Note that your payment card information is processed directly by our third-party providers (see How we share your personal information, below).
• Survey and promotions data, including information you share when you choose to participate in a promotion or complete a survey. We recommend that you read any instructions, terms or rules applicable to the survey or promotion before participating.
• Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.

• Information from others

In certain circumstances, we may collect personal information about you from others. This may include the following:

• Public sources, such as government agencies, public records, social media platforms, and other publicly available sources.
• Data providers, such as information services and data licensors that provide demographic and other information.
• Our affiliate partners, such as our affiliate network provider and publishers, influencers, and promoters who participate in our paid affiliate programs.
• Marketing partners, such as joint marketing partners and event co-sponsors.
• Third-party services, such as social media services, that you use to log into, or otherwise link to, your Service account. This data may include your username, profile picture and other information associated with your account on that third-party service that is made available to us based on your account settings on that service.

• Information we automatically collect

Our Service may collect information from you automatically during your use which may include:

• Device data, such as your computer, mobile or headset’s operating system type and version, manufacturer and model, browser type, graphics processing unit, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including VR App identifiers and identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., Wi-Fi, LTE, 3G), and general location information such as city, state or geographic area.
• Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times and duration of access, and whether you have opened our emails or clicked links within them.
• Interaction data, such as information about the content, features, length and frequency of EvaAI taken on the VR App.
• Technical system information, such as crash logs which may contain your user ID, device ID, IP address, local computer file path, feature quality, and use of that feature.

• Cookies and other technologies (applicable for the Site)

Some of the automatic collection described above is facilitated by the following technologies:

• Cookies, which are small text files that websites store on user devices and that allow web servers to record users’ web browsing activities and remember their submissions, preferences, and login status as they navigate a site. Cookies used on our sites include both “session cookies” that are deleted when a session ends, “persistent cookies” that remain longer, “first party” cookies that we place and “third party” cookies that our third-party business partners and service providers place.
• Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data on your device outside of your browser in connection with specific applications.
• Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email address was accessed or opened, or that certain content was viewed or clicked.
• Software development kits (SDKs), or third-party computer code, that may be used for a variety of purposes, including to provide us with analytics regarding the use of our applications, to integrate with social media, add features or functionality to our applications, or to facilitate online advertising. SDKs may enable third parties to collect information directly from our applications.

• Data about others

We may offer features that help users invite their friends or contacts to use the Service, and we may collect contact details about these invitees so we can deliver their invitations. Please do not refer someone to us or share their contact details with us unless you have their permission to do so.

2. Use of personal information

We may use your personal information in the following ways:

• To provide our Service

• provide, operate and improve the Service and our business;
• facilitate your invitations to friends who you want to invite to join the Service;
• communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
• understand your needs and interests, and personalize your experience with the Service and our communications; and
• provide support for the Service, and respond to your requests, questions and feedback.

1. Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business.
2. Marketing and advertising. We, our service providers and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes: 

• to maintain and improve the quality of our Service, including to perform research and development, understand user trends, and, in a limited way, understand the effectiveness of our marketing and advertising such as recording a sales conversion. For example, we use Google Analytics for this purpose. You can learn more about Google Analytics and how to prevent the use of Google Analytics relating to your use of our sites here: https://tools.google.com/dlpage/gaoptout?hl=en.; 
• to provide you with information about new products and services, promotions, and other opportunities that we believe may be of interest to you, whether offered by us or third-party partners, and to personalize, measure, and improve such offers;
• to personalize the advertisements you receive about our Service through third-party platforms, on other websites and apps.

1. Compliance and protection. We may use your personal information to:

• comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
• protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
• audit our internal processes for compliance with legal and contractual requirements or our internal policies;
• enforce the terms and conditions that govern the Service; and
• prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.

1. Aggregated, anonymous, and de-identified data. We may create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business. De-Identified data is not personal information and is not subject to this Privacy Policy.

3. Sharing of personal information

We may disclose your personal information with the following categories of third parties:

• Affiliates. We may share your personal information with any member of our business group, which includes our subsidiaries and our affiliates for any of the purposes described in this Privacy Policy. If Impaq L.L.C.-FZ, including any of our subsidiaries, brands, or affiliates, is involved in a merger, acquisition, asset sale, or other corporate combination, your personal information may be transferred to the acquiring or surviving entity. If such transfer results in a material change to the use of your personal information, we will provide notice before your personal information is transferred or becomes subject to a different privacy policy.
• Service providers.  Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, marketing, consumer research and analytics).
• Third party advertising platforms. We work with third party platforms who provide us with analytics and advertising services. This includes helping us understand how users interact with our Service serving advertisements on our behalf to those who may be interested, and measuring the performance of those advertisements.
• Business and marketing partners. Third parties with whom we co-sponsor events or promotions, with whom we jointly offer products or services, or whose products or services may be of interest to you.
• Linked third-party services. If you log into the Service with, or otherwise link your Service account to, social media or other third-party service, we may share your personal information with that third-party service. The third party’s use of the shared information will be governed by its privacy policy and the settings associated with your account with the third-party service.
• Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
• Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

4. Data security and retention

The security of your personal information is important to us. We follow generally accepted standards, practices, and procedures to protect the personal information submitted to us, both during transmission and once it is received. We maintain appropriate technical, administrative and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, disclosure or misuse.

No security can be fully guaranteed, though. If you have an account with us and you suspect unauthorized use of your account or its credentials, you should contact us immediately using the contact information in Section 8 below or contact us directly at hello@impaq.io. 

We will keep your personal information for as long as needed to perform our obligations to you, or for as long as legally permitted. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). For example, we keep your account information for as long as your account exists so that you may access it.

5. Your privacy rights

We believe that you should have control of your personal information. To that end we provide the following rights to make requests regarding your personal information. You may make these requests by contacting hello@impaq.io or in some cases using features within the Service:

• Access. You have the right to know what personal information we collect about you and how we use it. This Privacy Policy serves to inform you about that collection and use. If we have personal information about you, you may also request a copy of that information.
• Correction. You have the right to request the correction of your inaccurate personal information.
• Portability. You may request an export of your personal information in a structured and machine readable format such as a .csv or .pdf. Where feasible, we can send that export to a third party you identify.
• Deletion. You have the right to request, under certain circumstances, the deletion of your personal information that we collect.
• Restriction. You have the right to request that we restrict the use of your personal information in certain circumstances. Please note that in some cases we may not be able to place a restriction due to the use being necessary for Service functionality or delivery of the Service.
• No retaliation or discrimination. You have the right not to receive discriminatory or retaliatory treatment for making a request.

Upon receiving your request, we may ask for additional information from you in order to verify the request or confirm how you would like to proceed. We endeavor to respond to a verifiable request without undue delay. If we require an extended amount of time, we will inform you using the email associated with your account or the email you used to make the request.

Your rights are not absolute, and exceptions may apply. These exceptions can arise from different factors including our legal obligations, the rights of others, your or another’s safety, and our ability to bring or defend against legal claims. Additionally, we will not fulfill your request if you do not provide sufficient information to verify your identity or to verify that a third party making the request is authorized to act as your representative.

Some US jurisdictions provide residents with certain rights with respect to their personal information as defined under applicable law. These rights are subject to the specific laws of that jurisdiction and that certain other rights might apply. Please review our Supplemental Notices, including our Privacy Notice for California, and our Privacy Notice for Virginia, Connecticut, Colorado, Utah, and Nevada for more information on rights and terms specific to your location or place of residence.

6. Children’s privacy

We are committed to protecting and respecting children’s privacy. Our Service is generally intended for individuals at least 18 years old and we do not intentionally collect personal information from individuals under 18 years old. 

If you are a parent or guardian and you are aware that a child under age 18 has provided us with their personal information without parental consent, please contact us at hello@impaq.io and we will take steps to remove that personal information from our servers.

7. Changes

This Privacy Policy is effective as of the date posted at the top. We may update this Privacy Policy from time to time to reflect Service changes, make corrections, improve clarity, reflect changes in our privacy practices, or as required by applicable laws. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acceptance of the modified Privacy Policy.

8. Contact us

We want to hear from you if you have questions, concerns, or requests regarding this Privacy Policy. You can reach us by emailing hello@impaq.io.  

9. Supplemental notices

Depending on your jurisdiction, you have additional rights that apply to you under your jurisdiction’s privacy laws. We provide the supplemental information in this section in our efforts to comply with those additional privacy laws and inform you about your rights. If you do not see your jurisdiction below please do not interpret that to mean that we do not respect your privacy and we encourage you to still contact us using the contact details above with your questions or concerns. Please note that your personal information will be stored within the US. 

If you have any questions, complaints, or requests about our privacy notices, you can contact us at hello@impaq.io. We will get back to you within 45 days after we confirm who you are. Sometimes, we might not be able to help if we cannot verify your identity correctly or if there are certain exceptions that apply.

• Privacy Notice for California

We include this section for residents of California in order to comply with the California Consumer Privacy Act of 2018, and its amendment, the California Privacy Rights Act of 2020 (together, the “CCPA”). This section is intended to comply with the CCPA by supplementing the information provided elsewhere in the Privacy Policy.

Categories of personal information. The CCPA includes categories of personal information that businesses like us are required to identify to you which of them we may collect from you. 

We are not a data broker and do not sell your personal information to third parties for payment. However, as with many online companies, we partner with third parties to manage our advertising on other platforms. For that purpose, we may disclose limited personal information to third parties for our cross-context behavioral and targeted advertising purposes. 

Here is a list of personal information types that we may collect from you:

• • Identifiers: unique personal identifier, online identifier;
  • Internet or other similar network activity: browsing history, information on how you interact with our website;
  • Geolocation data: approximate location based on information like IP address;

• Conversation data: audio recordings.

Please note that because of the overlapping nature of certain categories identified above, some of the personal information we collect may be reasonably classified under multiple categories. Please also note that some of this personal information may be covered by federal laws like HIPAA.

Use of personal information. We may use your personal information in the ways described in Section 2 of this Privacy Policy.

Use of sensitive personal information. We use sensitive personal information for the same purposes listed above except for personalizing ads.

Retention. We will keep your personal information for as long as needed to perform our obligations to you, or for as long as legally permitted. The criteria used to determine our retention periods include: 

• the length of time we have an ongoing relationship with you; 
• whether there is a legal obligation to which we are subject; 
• and whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations). 

Your California privacy rights. The CCPA provides California residents with rights to receive certain disclosures regarding the collection, use, and disclosure of personal information and sensitive personal information. These disclosures are provided in Sections 1-3 and the chart in Section 9(a) above. If you are a California resident, you have the following rights under California law in relation to your personal information, subject to certain exceptions. We will respond to your verifiable request within 45 days.

• Right to know and access. You have the right to know what personal information we collect, use, disclose, and sell and/or share, as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.
• Right to delete. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the personal information that we collect about you.
• Right to correct inaccurate personal information. You have the right to request the correction of inaccurate personal information.
• Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.
• Right to opt out of sale and/or sharing. You have the right to opt-out of the sale and/or sharing of your personal information by a business. 
• Right to limit use and disclosure. You have the right to limit the use or disclosure of your sensitive personal information to only the uses necessary for us to provide services to you. We will not use or disclose your sensitive personal information after you have exercised your right unless you subsequently provide consent for the use of your sensitive personal information for additional purposes.
• Sharing with third parties for their own direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes. However, California residents additionally have the right to request information regarding such practices under California’s “Shine the Light” law. If you are a California resident and would like to inquire further, please email hello@impaq.io.

• Privacy Notice for Virginia, Connecticut, Colorado, Utah, and Nevada

We include this section for residents of other US states with privacy laws that may impact them. These privacy laws include the Virginia Consumer Data Privacy Act (“VCDPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), the Colorado Privacy Act (“CPA”), and the Nevada Privacy Law (“NPL”). This section is intended to comply with these laws by supplementing the information provided elsewhere in the Privacy Policy.

Collection of personal information. We may collect the personal information described in Section 1. Please note that some of this personal information will be considered sensitive under your state’s legal definition which can vary across different states. The personal information we may collect depending on how you use our Service includes physical, mental health information and information about sexual orientation or gender identity.

Use of personal information. We may collect, use, or disclose personal information about US state residents for purposes listed in Section 2 of our Privacy Policy. We use sensitive personal information for the same purposes except for personalizing ads.

Disclosure of personal information. We may disclose your personal information to the categories of service providers and third parties identified in Section 3 of this Privacy Policy, and in ways that are described in that section.

Your privacy rights. We generally provide the privacy rights described in Section 5 above to you regardless of your location. Your state may afford you additional privacy rights as noted below. To exercise your right, see the contact information in Section 8 or follow the instructions below for specific state rights. We will respond to your verifiable request within the time limit afforded under applicable law. Exceptions may still apply as described in Section 5.

• Residents of Colorado, Connecticut, Virginia, and Utah have the right to opt out of targeted advertising and sales. If you are a resident of these states, you may opt out by emailing us at hello@impaq.io.
• For users in Colorado, Connecticut and Virginia, you may opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. While you may still make this request, we do not currently use profiling in this manner.
• Nevada provides its residents a limited right to opt out of the sale of personal information. Please know that we do not trigger this requirement because we do not sell your personal information for payment.