Privacy Policy

This Privacy Policy explains how ZenoWell collects, uses, shares, transfers internationally, retains, and protects your Personal Data when you access or use our website (including e‑commerce), mobile application (the “App”), hardware device(s) (the “Device”), and related products and services (collectively, the “Services”), and describes your rights and choices.
1. Controller and Contact Details
The controller for the processing described in this Privacy Policy is:
  • Name: ZenoWell
  • Registration No.: 76940688
  • Registered Address: OFFICE UNIT B ON 9/F THOMSON COMMERCIAL BUILDING 8 THOMSON ROAD WAN CHAI HK
  • Privacy & Data Contact Email: info@zenowell.ai
  • Support Email: support@zenowell.ai
  • Phone: +49 331 76993050

2. Scope
This Privacy Policy applies when:
  1. you visit our website, browse content, place orders, make payments, receive deliveries, request returns/exchanges, and obtain after‑sales support;
  2. you install and use the App, create or use an account (if applicable), connect/control the Device, sync data, and use features;
  3. the Device and App generate operational data, logs, and diagnostics;
  4. you input, upload, or import health and wellness information;
  5. you communicate with us (e.g., email, phone, WhatsApp);
  6. you participate in promotions, surveys, reviews, or interact with marketing communications.
This Privacy Policy does not apply to third‑party products or services. Third parties’ practices are governed by their own privacy policies.

3. Definitions
  • “Personal Data” / “Personal Information” means information relating to an identified or identifiable natural person, or is otherwise considered personal data/personal information under applicable law.
  • Health Data” means information related to health or wellness, including data you input/upload/import and data collected or inferred via the Device or App.
  • “Device Data” means data generated by or about the Device and its operation (e.g., device identifiers, firmware versions, connection status, session records, operational logs).
  • “Usage Data” means data about how you use the website/App/Device (e.g., interactions, navigation, crash and performance data).
  • “Sensitive Data” / “Sensitive Personal Information” has the meaning given by applicable law. In certain jurisdictions, Health Data is considered sensitive/special category data.

4. Personal Data We Collect and Process
The categories depend on how you use the Services and which features are enabled.
4.1 Identity and Contact Data
Name, nickname, email address, phone number, shipping/billing address, country/region, postal code, language, and time zone.
4.2 Account Data (if applicable)
Account identifiers, login details, password (stored using hashing/encryption), preferences, consent records (e.g., marketing and cookie preferences), and security‑related records (e.g., suspicious login indicators).
4.3 Order and Transaction Data (E‑commerce)
Order details (items, quantities, amounts, currency, taxes, discounts, status), invoices and after‑sales records (returns/exchanges, warranty, complaints and outcomes), and delivery details.
4.4 Payment‑Related Data
Payments are handled by payment processors. We may receive necessary information from payment processors (e.g., data about your billing address and method of payment, such as bank details, credit, debit, or other payment card information, payment outcome, transaction identifiers, partial masked details, refund/chargeback status) and fraud/verification signals (where applicable).
4.5 Device and App Data
Device details (model, device identifiers such as serial number/device ID, hardware version, firmware version); App and OS details (app version, operating system version, language, time zone); connectivity and sync data (Bluetooth connection status, pairing status, sync status, error codes); diagnostics (performance logs, crash reports, error reports, signal quality); usage behavior (feature usage, session start/end times, usage frequency and interaction records).
4.6 Health and Wellness Data
We may process health and wellness data (subject to your use and device capability), including but not limited to heart rate, HRV, respiration/respiratory rate, sleep data, steps and activity metrics, mood and subjective wellbeing inputs, records you input/upload (e.g., symptoms, lifestyle info, surveys, notes), session data, and third‑party health data you choose to import or sync (if applicable).
4.7 Inferences and Insights
We may generate analyses, summaries, trends, scores, labels, recommendations, reminders, or other insights derived from Health Data, Device Data, and Usage Data.
4.8 Communications and Support Data
Content and attachments you provide (e.g., images/logs/screenshots), support tickets, service notes, and troubleshooting data.
4.9 Website Data, Cookies, and Similar Technologies
IP address, browser type, operating system, device identifiers; page views, clicks, dwell time, referrers; cookie identifiers, pixel events, and related analytics data (where applicable).

5. Sources of Personal Data
At ZenoWell, we strive to collect only the Personal Data that we need. We collect Personal Data from: you directly; automatically through the website/App/Device; service providers (e‑commerce, payment processing, shipping, cloud, support, security and analytics); and third‑party integrations you enable (if applicable).

6. Purposes of Processing
We process Personal Data to: provide and fulfill transactions; provide and maintain features; provide health and wellness features; deliver support and service communications; maintain security, risk management, and compliance; perform analytics and product improvement; and send marketing communications where permitted.

7. Legal Bases for Processing
Where required by applicable law, we rely on one or more of the following: contract; legitimate interests; consent; legal obligation; and vital/public interests (where permitted). We apply additional safeguards for Health Data and Sensitive Data.

8. Cookies and Similar Technologies
We may use cookies, pixels, and similar technologies for site operation, preference storage, analytics, and marketing measurement (where applicable and permitted). You can manage cookies through your browser settings. Restricting cookies may affect site functionality.

9. How We Share Personal Data
9.1 Sharing with the entrusted processing party/service provider
We share Personal Data only as necessary and impose data protection obligations on relevant service providers. We may share with processors/service providers (e‑commerce, payments, shipping, cloud, support, communications, security/analytics) (collectively referred to as the “Service Providers”), with third‑party integrations at your direction, for legal requirements, and in connection with business transfers. The Service Providers are obligated to handle Personal Data consistent with this Privacy Policy and, according to our instructions, cannot use the personal data we share for their own purposes and must delete or return the personal data once they’ve fulfilled our request.
9.2 Sharing through integration with third parties (initiated by you)
If you enable synchronization or integration with third-party platforms, we will share necessary data within the scope of your authorization.
9.3 Legal requirements or protection of rights
We may disclose necessary information when required by law, judicial procedures, regulatory requirements, or to protect the rights and safety of us, you, or others.
9.4 Business changes
In transactions such as mergers, acquisitions, financing, restructuring, bankruptcy, or asset sales, personal information may be transferred, and protective measures will be taken in accordance with applicable legal requirements.
10. International Data Transfers
We provide Services globally. To deliver the Services, operate our business, provide support, and maintain security and compliance, your Personal Data may be accessed, processed, or stored outside your country/region of residence.
10.1 Locations of Processing and Storage
Our service environments may be deployed or operated in Europe and the United States. As a result, we store the Personal Data We Collect and Process as set forth in Article 4 in the United States. We may also use service providers that operate in other countries/regions.
When we transfer your information outside of EU, EEA and Switzerland, we ensure it benefits from an adequate or essential equivalent level of data protection. Regardless of where your personal data is stored, we maintain and will cause service provider to maintain the same high level of protection and safeguarding measures.
10.2 Transfer Safeguards
Where applicable law imposes requirements for international transfers, we implement appropriate safeguards, which may include standard contractual clauses or other contractual protections, supplementary measures (e.g., encryption, access controls, minimization, audits), and limiting cross‑border access to what is necessary.
10.3 Exercising Rights
You may contact us using the details in the “Contact Us” section regarding international transfers and to exercise your rights.

11. Data Retention
We retain Personal Data only as long as necessary for the purposes described in this Privacy Policy, taking into account legal obligations, dispute resolution, and security requirements. Unless a longer retention period is required by applicable law or necessary to establish, exercise, or defend legal claims, we typically apply the following retention periods:
  1. Order, financial, and tax records (including invoices, payment confirmations, refunds/chargebacks): 5 (five) years.
  2. Account data: Retained for no more than 5 (five) years after the last update to the data. After you delete your account or request deletion, core identifiers and profile data are typically deleted or de-identified / anonymized within 30 (thirty) days, except where minimal necessary records are retained for compliance, fraud prevention, security, and dispute handling.
  3. Health Data and session history (including heart rate, HRV, respiration, sleep, mood, steps, and related inferences/insights): Retained for no more than 6 (six) months after the last consent is given.
  • In-App Deletion of Health/Session History: You may delete some or all of your health or session history within the App. This action will also trigger corresponding handling of server-side data. We will delete such data or de-identify / anonymize it so that it can no longer be reasonably linked to you, within a reasonable timeframe.
  • Account deletion / deletion request: We typically delete or de-identify / anonymize relevant Health Data within 30 (thirty) days, unless legal requirements or technical constraints apply.
  1. Logs, diagnostics, and security records (e.g., crash logs, performance logs, security audit logs): 6 (six) months after the completion of the relevant event. We may retain relevant records longer where necessary for incident response, fraud investigations, or disputes.
  2. Customer support communications and ticket records: 2 (two) years. Where linked to a transaction/warranty dispute, they may be retained with the related transaction records.
  3. Marketing subscription status and marketing communication records: retained until you unsubscribe/withdraw consent; after unsubscribing we typically retain suppression/compliance records for 2 (two) years.
  4. Backups: deletion may be delayed until backup rotation completes; backups are typically overwritten within 6 (six) months. Access is restricted and protected until deletion occurs.
12. Your Rights and Choices
Your rights vary by jurisdiction. Where required by applicable law, we provide rights such as access, correction, deletion, restriction, objection, portability (where applicable), withdrawal of consent, marketing opt‑out, and certain opt‑out/choice rights regarding targeted advertising, “sale”/“sharing” (as defined by applicable laws), and specific processing of sensitive/health data (where applicable).
How to exercise rights:
  • Mail: OFFICE UNIT B ON 9/F THOMSON COMMERCIAL BUILDING 8 THOMSON ROAD WAN CHAI HK
We may verify your identity. Where permitted, requests submitted by authorized agents may require proof of authorization.

13. Children
The Services are not intended for children, which we consider to be an individual under the age of 16 or the equivalent age as specified by law in your jurisdiction. If you believe a child has provided Personal Data to us, contact us and we will handle the matter in accordance with applicable law. If we learn that a childʼs personal data was collected without appropriate authorization, it will be deleted as soon as possible.
14. Automated Processing
We may use automated processing to analyze Health Data, Device Data, and Usage Data to generate insights, summaries, and personalized feature presentation. Where required by applicable law, you may submit rights requests regarding such processing.

15. Security
We use reasonable and appropriate technical and organizational measures to protect the security of Personal Data against unauthorized or unlawful processing and against accidental loss, destruction or damage, including but not limited to adopting access controls, encrypted transmission, audit logging, backups, and security management procedures. No system can be guaranteed 100% secure.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version applies as of its effective date.

17. Contact Us
If you have questions about this Privacy Policy or privacy practices including where a third-party service provider is acting on our behalf, or you would like to contact our data protection officer, you can contact us at:
We take your privacy questions seriously. A dedicated team reviews your inquiry to determine how best to respond to your question or concern. When there is a material change to this Privacy Policy, we will post a notice at least seven days in advance of doing so and contact you directly about the change if we have your data on file.
You may at any time — including if you are not satisfied with our response — refer your complaint to the applicable regulator.