Privacy Policy

Respire LYF ("Respire LYF," "we," "our," or "us") is committed to protecting the privacy and personal data of individuals who access or use our website, mobile application, and related services (collectively, the "Services").

This Privacy Policy explains in detail how Respire LYF collects, uses, processes, stores, shares, and protects personal data, and the rights available to users under applicable data protection laws.

Respire LYF is a wellness, awareness, and informational platform designed to help users observe patterns related to respiratory symptoms and contextual lifestyle or environmental factors. Respire LYF does not provide medical advice, diagnosis, treatment, or predictions, and is not a medical device. The Services are not intended to replace professional medical judgment.

Respire LYF processes personal data only where permitted by law. Depending on the context, processing is based on one or more of the following legal bases:

• Consent, where you have explicitly provided it
• Performance of a contract, where processing is necessary to provide the Services
• Compliance with legal obligations, where required by law
• Legitimate interests, where processing is necessary to operate, secure, and improve the Services, and where such interests are not overridden by your rights and freedoms

7.1 Consent Management & Withdrawal

Where processing of personal data is based on consent, Respire LYF obtains such consent through clear and affirmative user actions, such as during onboarding flows, in-app prompts, feature-specific settings, or other explicit user controls presented at the time data collection is enabled.

This applies in particular to:

• Optional wellness and respiratory-related data inputs
• Features involving signal or event detection (including cough or inhaler events)
• Analytics cookies, where required by applicable law

You may withdraw your consent at any time by adjusting the relevant settings within the Respire LYF application or by contacting us using the details provided in the Contact Information section of this Privacy Policy.

Upon withdrawal of consent:

• We will stop processing the relevant data for the purposes that relied on consent
• Previously collected data may be deleted or anonymised, unless retention is required for legal, security, or compliance purposes
• Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal

Please note that withdrawing consent may limit or disable certain features of the Services that rely on such data.

Respire LYF uses analytical and machine-learning techniques to:

• Identify trends and correlations across datasets
• Improve system performance and reliability
• Enhance informational insights provided to users

AI systems used by Respire LYF:

• Do not provide medical diagnoses
• Do not generate medical predictions
• Do not replace healthcare professionals
• Do not store individual identities within models

Respire LYF may transform personal data into anonymised and aggregated data using irreversible technical processes. Once anonymised, such data can no longer be used to identify individuals.

We may use anonymised and aggregated data for:

• Internal research and analysis
• Product development and innovation
• Machine-learning model training and evaluation
• System performance optimization
• Statistical and scientific analysis

This data cannot reasonably be re-identified and may be retained long-term for research and improvement purposes.

Personal data may be processed outside your country of residence. Where required, appropriate safeguards are applied in accordance with applicable data protection laws.

Where required under law, Respire LYF will appoint an authorized representative in the European Union or United Kingdom in accordance with Article 27 of the GDPR.

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing the Services, ensuring security, complying with legal obligations, and resolving disputes.

Retention periods vary depending on the type of data, its purpose, and applicable legal or regulatory requirements. We periodically review stored data and delete or anonymise it when it is no longer required.

Account-related personal data is generally retained for as long as an account remains active. If an account is deleted by the user, associated personal data is deleted or anonymised within a reasonable period, unless retention is required for legal, security, or compliance purposes.

In some cases, data may be deleted or anonymised following extended periods of inactivity, subject to operational and legal requirements. Retention decisions are based on factors such as data type, purpose of processing, user activity, and applicable legal obligations.

Depending on your jurisdiction, you may have certain rights regarding your personal data under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

These rights may include the right to:

• Access the personal data we hold about you
• Correct or update inaccurate or incomplete personal data
• Request deletion of your personal data, subject to legal and operational limitations
• Withdraw consent at any time where processing is based on consent
• Object to or restrict processing in certain circumstances
• Request data portability, where applicable, by receiving your data in a structured, commonly used format
• Opt out of certain data uses, where required by law

You may exercise your rights by contacting us using the details provided in the Contact Information section of this Privacy Policy. We may need to verify your identity before processing your request.

We will respond to valid requests within the timeframes required by applicable law.

If you believe that your personal data has been processed unlawfully, you may also have the right to lodge a complaint with a relevant data protection authority.

14.1 Exercising Your Rights – Process & Timing

When you contact us to exercise your privacy rights:

• Response timeframe: We aim to respond to verified requests within 30 days, or within the timeframe required by applicable law. Where permitted, this period may be extended if the request is complex or involves multiple data sets, and you will be informed of any extension.
• Identity verification: To protect your privacy and security, we may need to verify your identity before processing certain requests. Verification methods may include confirming account access, email ownership, or other reasonable checks appropriate to the nature of the request.
• Fees: Requests to exercise your privacy rights are free of charge in most cases. We may charge a reasonable fee or decline to act on a request only where permitted by law, such as for requests that are manifestly unfounded, excessive, or repetitive.

We implement reasonable technical and organizational safeguards, including:

• Encryption in transit
• Access controls and role-based permissions
• Secure infrastructure and monitoring
• Incident response procedures

No system can be guaranteed to be completely secure.

15.1 California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA).

Subject to applicable exceptions, these rights include:

• Right to Know: The right to request information about the categories and specific pieces of personal data we collect, use, disclose, or retain about you, as well as the purposes for such processing.
• Right to Delete: The right to request deletion of personal data we have collected about you, subject to legal and operational limitations.
• Right to Correct: The right to request correction of inaccurate personal data.
• Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of personal data for cross-context behavioral advertising. Respire LYF does not sell personal data and does not share personal data for targeted advertising.
• Right to Limit Use of Sensitive Personal Information: The right to limit the use and disclosure of sensitive personal information to purposes permitted by law. Respire LYF uses sensitive wellness-related data only to provide and operate the Services and does not use such data for advertising or profiling.
• Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.

You may exercise your California privacy rights by contacting us using the details provided in the Contact Information section. We may need to verify your identity before processing your request.

Respire LYF uses cookies and similar technologies on its website to ensure basic functionality and to understand how visitors interact with the site. Cookies are small text files stored on your device when you visit a website.

Cookies are not used to collect respiratory or health-related data, and analytics data collected through cookies is not used for medical, diagnostic, or treatment purposes.

17.1 Essential Cookies

We use essential cookies that are necessary for the website to function securely and correctly. These cookies support core features such as page navigation, security protections, session handling, and form submissions.

Essential cookies:

• Are required for the operation of the website
• Do not collect personal health information
• Are not used for analytics or advertising
• Do not track users across websites

Because these cookies are required for functionality, they cannot be disabled through our systems. Blocking them via browser settings may affect how the website functions.

17.2 Analytics Cookies (Optional)

With your consent, Respire LYF uses Google Analytics 4, including Firebase Analytics, to collect aggregated and anonymised information about website usage, such as page views, navigation patterns, and interaction events.

Analytics cookies:

• Are used only to understand and improve website performance and user experience
• Are not used for advertising, profiling, or health-related analysis
• Are used only where permitted by law and, where required, only after user consent

17.3 Cookie Settings & Managing Preferences

You can manage your cookie preferences at any time.

Where required by applicable law, Respire LYF provides a cookie consent mechanism that allows you to accept or reject analytics cookies and to change or withdraw your preferences at any time.

You may also manage cookies through your browser settings, including blocking or deleting cookies. Please note that disabling essential cookies through browser controls may affect the proper functioning of the website.

17.4 Google Analytics Opt-Out

You may opt out of Google Analytics tracking by installing Google's opt-out browser add-on: https://tools.google.com/dlpage/gaoptout