Privacy Policy

Last Updated: April 8, 2026

1. Introduction

Avinasi AI ("we," "our," or "us") operates the BaRa mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

By using BaRa, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the App.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Account Information: Name, email address, and authentication credentials provided through Google OAuth or Apple Sign-In
• User ID: Unique identifier assigned by our internal authentication system via Google OAuth or Apple Sign-In
• Profile Information: Optional profile data you choose to provide, including gender and birth year (used to provide personalized health insights and AI responses).

2.2 Health Data

With your explicit consent, we collect and process health and wellness data from connected devices and services:

• Camera and Face Scan Data (rPPG): When you use our Face Scan feature, the App requires access to your device's camera. The App captures the light reflected from your face to extract facial blood flow information (Transdermal Optical Imaging). We do NOT record, save, or store any video or photographic images of your face. The extracted blood flow signal is temporarily processed to calculate health metrics and is immediately discarded from your device once the measurement is complete.
• Sleep Data: Sleep duration, sleep stages (REM, deep, light), sleep efficiency, sleep score
• Activity Data: Steps, active calories, distance, exercise sessions
• Heart Health: Resting heart rate, heart rate variability (HRV), heart rate trends
• Body Metrics: Body temperature, respiratory rate, oxygen saturation (if available)
• Wellness Scores: Strain index, immune index, training stress, respiratory health scores
• Device Connections: Information about connected health devices and services (Apple Health, Oura Ring, etc.)

2.3 Usage Data

• App Usage: Features accessed, session duration, interaction patterns
• Chat Messages: Questions and messages you send to our AI assistant
• Device Information: Device type, operating system, app version
• Log Data: IP address, access times, error logs

3. How We Use Your Information

3.1 Primary Purposes

• Health Analysis: To analyze your health data and provide personalized insights
• AI Assistant: To power our AI chat feature and respond to your health-related questions
• Trend Detection: To identify patterns and trends in your health metrics over time
• Recommendations: To generate personalized health and wellness recommendations

3.2 Service Operations

• To create and maintain your account
• To authenticate and verify your identity
• To provide customer support and respond to inquiries
• To improve and optimize the App's functionality
• To detect and prevent technical issues and security threats

3.3 Communications

• To send service-related notifications
• To notify you of important changes to the App or policies
• To send health insights and summaries (with your consent)

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We work with trusted third-party service providers who process data on our behalf:

• NuraLogix / DeepAffex: To power our Face Scan feature, we transmit anonymized facial blood flow signals (rPPG data, not actual video or images) to DeepAffex cloud servers operated by NuraLogix Corporation. They process this signal to generate your health metrics. NuraLogix does not receive any information that could identify who you are, and they are prohibited from using this data for any other purposes.
• Terra API: Health data integration from connected devices
• OpenAI / Anthropic (Claude AI): AI-powered health analysis, insight generation, and chat responses. We share your health metrics (such as sleep stages, heart rate, and steps) and chat messages to provide personalized recommendations. Your data is securely transmitted and is NOT used to train public AI models.
• Cloud Infrastructure: Data storage and hosting services

These providers are contractually obligated to protect your data and may only use it for the specific services they provide to us.

4.2 Health Data Sharing

We do NOT:

• Sell your health data to third parties
• Share your health data with advertisers
• Use your health data for marketing purposes
• Share identifiable health data with other users

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Requests from law enforcement or government authorities
• Protection of our rights, property, or safety
• Emergency situations involving danger of death or serious physical injury

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

5. Data Storage and Security

5.1 Security Measures

We implement industry-standard security measures to protect your data:

• End-to-end encryption for data transmission (HTTPS/TLS)
• Encrypted storage of sensitive health data
• Secure authentication via OAuth 2.0
• Regular security audits and vulnerability assessments
• Access controls and authentication requirements for our systems
• Monitoring and logging of system access

5.2 Data Location

Your data is stored on secure servers located in the United States. By using the App, you consent to the transfer of your information to the United States.

5.3 Data Retention

• Account Data: Retained for as long as your account is active
• Health Data: Retained to provide ongoing analysis and trends (typically 1-2 years of historical data)
• Chat History: Retained for 90 days unless you delete it earlier
• Deleted Data: Permanently and immediately removed upon account deletion from the App settings

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

• Access all personal and health data we have collected about you
• Request a copy of your data in a portable format (JSON/CSV)
• Review your data processing history

6.2 Correction and Deletion

• Correct: Update inaccurate account information in the App settings
• Delete: Request deletion of specific health data or your entire account
• Disconnect: Revoke access to connected health devices at any time

6.3 Opt-Out Rights

• Stop health data collection by disconnecting your devices
• Opt out of non-essential communications
• Disable specific App features that process your data

6.4 Exercising Your Rights

To exercise any of these rights, contact us at privacy@avinasi.ai. We will respond to your request within 30 days.

7. Children's Privacy

BaRa is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected data from a child under 18, we will delete it immediately.

8. International Users

If you are accessing the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States. Data protection laws in the United States may differ from those in your country.

8.1 GDPR Rights (European Users)

If you are in the European Economic Area, you have additional rights under GDPR:

• Right to object to processing
• Right to restriction of processing
• Right to lodge a complaint with a supervisory authority
• Right to withdraw consent at any time

9. Cookies and Tracking

The App uses minimal tracking technologies:

• Session Management: Secure tokens to maintain your logged-in state
• Analytics: Anonymized usage data to improve the App (you can opt out)
• Error Tracking: Crash reports and error logs (personal data is stripped)

We do NOT use third-party advertising cookies or cross-site tracking.

10. Third-Party Links

The App may contain links to third-party websites or services (e.g., health device manufacturer sites). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information (we don't sell data)
• Right to deletion
• Right to non-discrimination for exercising privacy rights

12. Data Breach Notification

In the event of a data breach that affects your personal or health information, we will notify you within 72 hours via email and in-app notification, along with steps you can take to protect yourself.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy in the App with a new "Last Updated" date
• Sending you an email notification
• Displaying an in-app notice on your next login

Continued use of the App after changes constitutes acceptance of the updated policy.

14. Medical Disclaimer

BaRa is NOT a medical device and does not provide medical advice. All health insights and recommendations are for informational and educational purposes only. Always consult with a qualified healthcare professional before making medical decisions. In case of a medical emergency, call emergency services immediately.