Ozempal Ozempal ← Back to Home

PRIVACY POLICY – OZEMPAL

Last Updated: January 9, 2026
Entity: Intelligent Product Artisans OÜ
Website: ozempal.com

1. GENERAL INFORMATION

This Privacy Policy explains how Intelligent Product Artisans OÜ (“we,” “us,” or “our”) collects, uses, and protects your personal data when you use the Ozempal platform. We are committed to transparency and the protection of your sensitive health and wellness information.

Data Controller: Intelligent Product Artisans OÜ
Registry Code: 17398018
Address: Tornimäe tn 5, 10145 Tallinn, Estonia
Email: [email protected]

2. DATA CATEGORIES AND COLLECTION

We collect only the data necessary to provide you with tracking and wellness insights.

A. Account & Identification Data

  • Authentication: Email address and hashed/encrypted password.
  • Profile: Display name or username, age, and biological sex (optional, used for metric calculations).

B. Health & Wellness Data (Special Category Data)

Because you manually log your progress, we process the following health-related information:

  • Medication Records: Dosage, injection dates/times, and injection site logs.
  • Physiological Metrics: Body weight, height, BMI calculations, and waist/body measurements.
  • Symptom & Side Effect Tracking: Manually logged data regarding physical sensations, mood, or energy levels.
  • Progress Media: Images uploaded for the purpose of tracking physical transformation.
  • Lifestyle Logs: Manually entered dietary notes, water intake, and activity levels.

C. Technical & Usage Data

  • Device Info: IP address, browser type, and operating system.
  • Usage Logs: Pages visited, time spent on features, and crash reports (to ensure platform stability).

3. PURPOSES AND LEGAL BASIS FOR PROCESSING

Under the GDPR, we process your data based on the following:

Data Category Purpose Legal Basis (GDPR)
Account Info Account creation and security. Performance of a Contract (Art. 6(1)(b))
Health Data To enable tracking, charting, and progress insights. Explicit Consent (Art. 9(2)(a))
Usage Data Security monitoring and debugging. Legitimate Interest (Art. 6(1)(f))
Email Service updates and support communications. Performance of a Contract (Art. 6(1)(b))

4. DATA RETENTION

We adhere to the principle of storage limitation:

  • Active Data: We keep your data as long as your account is active to provide you with your historical trends.
  • Account Deletion: If you choose to delete your account, all personal and health data is permanently purged from our active databases within 30 days.
  • Legal Exceptions: We may retain basic transactional or account records if required by Estonian law (e.g., for accounting/tax purposes).

5. RECIPIENTS AND DATA SHARING

We do not sell, rent, or trade your personal data. We only share data with essential sub-processors:

  • Infrastructure: Secure cloud hosting providers within the EEA (e.g., AWS or Google Cloud).
  • Analytics: Privacy-focused analytics tools to monitor site performance.
  • Support: Email service providers used to send password resets or support replies.

All third-party partners are strictly vetted and bound by Data Processing Agreements (DPAs).

6. YOUR DATA SUBJECT RIGHTS

As an EU-based user, you have the following rights:

  • Right to Access: Obtain a copy of your stored data.
  • Right to Erasure: Request the permanent deletion of your account and logs.
  • Right to Rectification: Update or correct any data you have entered.
  • Right to Withdraw Consent: You can stop our processing of health data at any time by deleting your logs or your account.
  • Right to Portability: Request an export of your data in a machine-readable format.

To exercise these rights, please contact [email protected].

7. DATA SECURITY

We implement robust technical and organizational measures, including:

  • AES-256 Encryption for sensitive data at rest.
  • TLS 1.3 for data in transit.
  • Regular security vulnerability scanning.
  • Strict "need-to-know" internal access controls.

8. SUPERVISORY AUTHORITY

If you believe your data is being handled improperly, you have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon):

  • Website: www.aki.ee
  • Address: Tatari 39, 10134 Tallinn, Estonia

9. CHANGES TO THIS POLICY

We may update this policy to reflect changes in our service or legal requirements. Significant changes will be communicated via email or a prominent notice on our platform.

Back to Home