‍Last Updated: December 15, 2025

‍

1. INTRODUCTION

At XHeal Corp., (collectively “XHEAL,” “us,” “we,” or “our”), we are committed to protecting your privacy and being transparent about how we collect, use, disclose, and safeguard Personal Data. “Personal Data” refers to information that identifies you or can reasonably be associated with you, as well as any information treated as “personal information” or “personal data” under applicable laws.

This Privacy Policy governs the Personal Data we collect from xHeal members and other individuals who interact with xHeal or use our Services, including when you visit our website, engage with our social media pages, use our mobile application, or access any related features, content, or functionality we make available (collectively, the “Services”).

This Privacy Policy does not apply to the privacy practices of third parties that we do not own, control, or operate. We are not responsible for the policies or conduct of any third party, and we do not control or endorse any third-party information, products, or services that may be offered, linked, or otherwise accessible through the Services.

For avoidance of doubt, we remain responsible for the data protection practices of our service providers and other processors that process Personal Data on our behalf in connection with the Services, in accordance with applicable data protection laws in your jurisdiction.

Please read this Privacy Policy carefully before you start to use the Services. By accessing and/or using the Services, you accept and agree to be bound and abide by this Privacy Policy, and our terms of use available at (the “Terms of Use”) incorporated herein by reference and to comply with all applicable laws, rules and regulations (collectively, “Applicable Law”). If you do not want to agree to this Privacy Policy, and the Terms of Use, you must not access or use the Services. 

Supplemental Notices. If you live in certain U.S. states, or you’re located in the European Economic Area, the United Kingdom, or Switzerland (together, “Europe”), additional privacy disclosures and rights may apply which can be found below.

Consumer Health Data Privacy Notice. In connection with the Services, XHeal may collect or use health-related information that qualifies as “Consumer Health Data” under applicable U.S. state laws. For more specifics on how we treat this information, please review our separate Consumer Health Data Privacy Notice.

2. HOW WE COLLECT PERSONAL DATA

We collect Personal Data about you from:

• From you, when you share information with us directly like filling out your profile, completing a questionnaire, or contacting customer support.
• From xHeal Chat, when you use the feature and exchange messages or receive responses (see Section 8).
• Automatically, through technologies used with the Services such as cookies, local storage, web beacons, and similar tools.
• From data providers, such as data licensors and information services, when we enrich or supplement the information we already have.
• From customers and partners, including specialists or other organizations that use or interact with our Services.
• From marketing and advertising partners, including joint marketing partners or vendors that help with promotions and may provide data about how you engage with our Services, ads, or communications.
• From social media and other third-party platforms, and from linked accounts/devices/features, if you interact with our social pages, post via the Services, sign in using a third-party service, or connect integrations to your xHeal account. When you share this information with us, or connect Third-Party Applications to your account, you agree that we may collect, use, disclose, process, and retain that information as described in this Privacy Policy.

3. WHAT PERSONAL DATA WE COLLECT

We may collect the following types of Personal Data:

• Contact details, such as your first and last name and email address;
• Profile data, such as username and password that you may establish to create a XHEAL account, as well as any photographs or information you choose to include in your XHEAL profile;
• Communications that we exchange with you, including when you contact us via email or mobile app with questions, feedback, or reviews;
• Wellness data, including but not limited to physiological metrics such as resting heart rate, respiratory rate, skin temperature and blood oxygen saturation level; acceleration; metadata on workouts and sleep; the type of physical activity you engage in and the duration of your activity; your physiological profile, including birthday, gender identity, weight, height; and details you choose to submit about your habits, diet, supplements and medications. We may use some of this information to customize your experience with us as part of our Services. Wellness data you import (like heart rate, sleep, blood oxygen, and respiratory rate) is stored and handled on your device by default. In the normal operation of the Services, we don’t access or store this imported information on our systems;
• Consumer health data, including but not limited to biomarkers, lab results, clinical notes, other health metrics. Please refer to the XHEAL Consumer Health Data Privacy Notice for more details. We do not use your consumer health data for marketing purposes, nor do we sell such data to third parties.
• Conversations that you participate in with the XHeal Chat, as described in Section 8 below;
• Payment and transactional data needed to complete your orders on the app or through the Services (including name, email address, payment card information, billing information) and your transaction history, although XHEAL does not have access to payment card numbers. Our payment processors will collect the financial information necessary to process your payments in accordance with the payment processor’s respective services agreement and privacy policy;
• Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them (e.g., the marketing emails that you open and the links within them that you click);
• Online activity data, such as pages or screens you view, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.

4. COOKIES AND SIMILAR TECHNOLOGIES

XHEAL uses cookies and similar technologies such as pixel tags, web beacons, clear GIFs, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser and tell us how and when you visit and use our Services, as well as to analyze trends, learn about our user base, and operate and improve our Services. Cookies are small pieces of data included on the Services (such as on a website or in an email) or placed on your computer, tablet, phone, or similar device when you use that device to visit our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). If you live in Europe, we will obtain your (opt-in) consent prior to deploying any cookies other than cookies which are regarded under European laws as being “strictly necessary” (i.e., Essential Cookies, as described below).

Cookie Usage and Type. XHEAL uses the following Cookies:

• Essential Cookies: Essential Cookies are required for providing you with features or Services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and Services unavailable.
• Functionality Cookies: Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (e.g., your region).
• Performance/Analytical Cookies: Performance/Analytical Cookies allow us to understand how users use our Services by collecting information on how often a user engages with a particular feature of the Services. We use these aggregated statistics internally to improve the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google, Inc. (“Google”) uses Cookies in connection with its Google Analytics services. For more information on how Google uses this information, click here.
• Marketing Cookies: Marketing Cookies collect data about your online activity and identify your interests so that we and our advertising partners can provide marketing that we believe is relevant to you. For more information, please see the section below titled “Interest-based advertisements.”

Online tracking opt-outs. There are a number of ways you can opt out of certain interest-based advertising and other online tracking activities, which we have summarized below.

• Blocking Cookies in your browser. Most browsers let you remove or reject Cookies, including Cookies used for interest-based advertising. To do this, follow the instructions in your browser settings. Many browsers accept Cookies by default until you change your settings. For more information about Cookies, including how to see what Cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.
• Blocking advertising ID use in your mobile device settings. Your mobile devices may offer settings that enable you to make choices about the collection, use, or transfer of your advertising ID associated with your mobile device for interest-based advertising purposes.
• Using privacy plug-ins or browsers. You can block our websites from setting Cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party Cookies/trackers. You can also opt out of Google Analytics by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout.

• Platform opt-out.
• Google (AdWords): adsettings.google.com;
• Microsoft (Bing): about.ads.microsoft.com/en-us/resources/policies/personalized-ads; and
• Facebook: www.facebook.com/about/ads.
• Advertising industry opt-out tools.
• Digital Advertising Alliance for Websites: https://optout.aboutads.info;
• Digital Advertising Alliance for Mobile Apps: https://youradchoices.com/appchoices; and
• Network Advertising Initiative: https://optout.networkadvertising.org/.

You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies:

Please note that some opt-out features are Cookie-based, meaning that when you use these opt-out features, an “opt-out” Cookie will be placed on your computer or other device indicating that you do not want to receive interest-based advertising from certain companies. If you delete your Cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.

Opting out of interest-based advertising does not mean that you will no longer receive online ads. It only means that such ads will no longer be tailored to your specific viewing habits or interests. You may continue to see ads on and about the Services.

5. HOW WE USE COLLECTED PERSONAL DATA

We process and use Personal Data for the following purposes:

Service delivery, including to:

• Provide, operate, improve, develop, understand, and personalize the Services and our business, including testing, research, analysis, and product development;
• Satisfy the reason you provided the information to us, including for delivery of the Services and responding to and fulfilling requests;
• Communicate with you about the Services, including Service announcements, updates, or offers;
• Provide support and assistance for the Services;
• Create and manage your account or other user profiles;
• Customize website content and communications based on your preferences; and
• Process subscriptions or other transactions.

Research and development. We may create and use aggregated data or de-identified Data from Personal Data we collect, for business improvement purposes, including to analyze the effectiveness of the Services, to improve and add features to the Services, and to analyze the general behavior and characteristics of users of the Services. 

Direct marketing and advertising. We may use data from the Personal Data we collect and certain data collected when you browse our website, to send you direct offers or other marketing messages or to advertise the Services or other XHEAL product offerings.

• Interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to advertise our Services. We and our advertising partners may use Cookies and similar technologies to collect information about your interaction over time across the web, our communications, and other online services, and may use that information to serve online ads. We comply with the Digital Advertising Alliance Self-Regulatory Principles for Online Behavioral Advertising. To learn more about the industry self-regulatory programs and other information and choices about interest-based ads, please see the section above entitled “Online tracking opt-outs.”

Compliance and protection, including to:

• Protect against or deter fraudulent, illegal, or harmful actions and maintain the safety, security, and integrity of our Services;
• Comply with or enforce our legal or contractual obligations, resolve disputes, and enforce our Terms of Use;
• Audit our internal processes for compliance with legal and contractual requirements and internal policies;
• Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); and
• Respond to law enforcement requests and as required or permitted by applicable law, court order, or governmental regulations.

6. HOW WE SHARE PERSONAL DATA

We may share your Personal Data with:

• Service providers, such as payment processors, cloud hosting and other technology and communications providers, our third-party Large Language Model (“LLM”) partner that power XHEAL (as described in Section 8 below);
• Advertising partners that may collect information on our website through Cookies and other automated technologies, including for the interest-based advertising purposes described above.
• Authorities and others, including law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with the law or legal process;
• Business transferees, such as acquirers and other relevant participants in business transactions (or diligence or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, XHEAL);

7. HOW YOU MAY SHARE PERSONAL DATA THROUGH THE SERVICES

Depending on how you use the Services, you may share Personal Data with:

• Third-party social media platforms, or linked accounts, devices, or features, when you choose to connect your account on those services with your XHEAL account or post content to social media;

8. XHEAL CHAT & THIRD-PARTY ARTIFICIAL INTELLIGENCE TECHNOLOGY

XHeal Chat

xHeal Chat is a generative AI feature designed to help you make sense of your health data and take action. You can use xHeal Chat to ask questions about your labs, vitals, symptoms, routines, and goals; generate personalized next steps and reminders; and get plain-language explanations that connect what you’re seeing across your medical, fitness, nutrition, mental and lifestyle data. xHeal Chat works best when you use it like a coach: “What should I focus on this week?” “What might be driving my flare-ups?” “Which labs am I missing for a complete picture?”.

xHeal Chat uses third-party AI technology provided by our large language model (“LLM”) partner. The responses you receive are generated based on your prompts and the relevant xHeal data you choose to use with the feature. For example, if you ask a nutrition-related question, xHeal Chat may provide practical suggestions and an action plan based on the nutrition signals available in your xHeal profile (such as logged meals/macros where available, goals you set, activity patterns, and relevant health markers), presented in a way that’s easy to understand.

We require our LLM partner to use xHeal data only to generate responses for you and to follow a zero-retention / zero-training approach for the data we send, meaning the LLM partner will not store your personal data or use it to train its models. Where feasible, we share de-identified signals with the LLM partner and minimize the data sent to what’s needed to answer your question.

Please do not share identifying information (such as your full name, address, or phone number) in xHeal Chat.

xHeal may store your chat history so you can review prior conversations and pick up where you left off. If you return to a topic, we may share limited context from earlier chats with our LLM partner to improve continuity and provide better answers. You can delete your xHeal Chat history at any time within the app (by opening your chat history and deleting individual conversations) or by contacting support to request deletion.

Consistent with our privacy principles, xHeal personnel access personal data only when necessary to provide support and maintain/improve the Services. This may include reviewing limited xHeal Chat interactions for quality, safety, troubleshooting, and product improvement. If xHeal Chat recommends contacting Support and you choose to submit a support request, our support team will have access only to the information needed to help you, typically the specific conversation or excerpt you choose to share.

9. YOUR CHOICES

Access, update, correct, opt-out, or delete. When you log in to your account, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request access to or a full deletion of your account and corresponding data by contacting privacy@xheal.ai. You will be asked to complete a verification form in connection with such access or deletion requests to ensure that you have the authority to access or delete your account. We may need to retain certain Personal Data in our records, as well as aggregated data or de-identified data derived from or incorporating your Personal Data that does not identify you after you update or delete it.

Push notifications and device permissions. You can change your settings related to push notifications and device permissions through the settings on your mobile device.

Geolocation data. You may allow or disallow XHEAL to collect geolocation data by enabling or disabling location services on your mobile device. If you decline to grant XHEAL access to this data, we will not be able to provide certain Services, capabilities, or features to you.

Marketing communications. You can opt-out of marketing-related emails and other communications by following the opt-out or unsubscribe instructions contained in the marketing-related message. You cannot opt-out of receiving certain non-marketing emails regarding the Services.

Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we summarize in the “Online tracking opt-outs” section above.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to online services. The Services do not currently support “Do Not Track” requests or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

10. DATA SECURITY AND RETENTION OF PERSONAL DATA

We maintain a range of physical, technical, administrative, and organizational safeguards intended to protect the Personal Data we collect and store. Although we take reasonable steps to secure your account and Personal Data, no security program can eliminate all risk, and we cannot warrant or guarantee the absolute security of your Personal Data.

We keep Personal Data for the period reasonably necessary to fulfill the purposes outlined in this Privacy Policy, for as long as we have a legitimate business need to retain it, and/or for any longer period required or permitted by applicable law (including for tax, legal, accounting, or similar compliance purposes) whichever is longer.

11. SERVICES ARE NOT INTENDED FOR CHILDREN

If you have not reached the age at which you may legally consent to the sharing of personal data in your jurisdiction, you should not create an account, use the Services, or submit any Personal Data to us. If we become aware that we have collected Personal Data from an individual below the applicable age of consent, we will take reasonable steps to remove that information from our systems as promptly as practicable. If you believe a minor below the applicable age of consent may have provided us with Personal Data, please email us at privacy@xheal.ai.

12. CHANGES TO THIS PRIVACY POLICY

We regularly update and enhance the Services; therefore, we may revise this Privacy Policy from time to time. Any updates will be posted on the XHEAL website. If we make material changes, we will provide notice through the website, by email, and/or through other reasonable communication methods.

13. CONTACT US

If you have any questions or concerns regarding our privacy policy, please send us a detailed message to privacy@xheal.ai or at the mailing address below.

XHeal Corp., Attn: Legal Department, 25 SE 2ND AVE, SUITE 550, MIAMI, FL 33131

14. U.S. STATE-SPECIFIC PRIVACY NOTICE

If you are a resident of California, Colorado, Connecticut, Delaware (as of January 1, 2025), Iowa (as of January 1, 2025), Maryland (as of October 1, 2025), Minnesota (as of July 31, 2025), Montana, Nebraska (as of January 1, 2025), New Hampshire (as of January 1, 2025), New Jersey (as of January 15, 2025), Oregon, Tennessee (as of July 1, 2025), Texas, Utah, and Virginia, the law in your state may provide you with the following rights:

• Information: The Privacy Policy describes the types of Personal Data (including “Personal Information” as defined in applicable laws) we collect in the “What Personal Data We Collect ” section above and the sources through which we collect Personal Data in the “How We Collect Personal Data section above. We describe the purposes for which we use and share this data in the “How We Use Personal Data” section above and the “How We Share Personal Data” section above.
• Access: You can request a  copy of the Personal Data that we maintain about you.
• Deletion: You can ask to delete the Personal Data that we have collected from you.
• Correction: You can ask to correct inaccuracies in your Personal Data.
• Opt-out of sale and sharing of your Personal Data: You can ask to opt out of the selling or sharing of your Personal Data, the processing of your Personal Data for purposes of targeted advertising, and/or profiling in furtherance of decisions that produce legal or similarly significant effects, which you can exercise according to the instructions in the “Online tracking opt-outs” section of the Privacy Policy.
• Appeal: You may be permitted to appeal our decision, if we deny your request.

In addition, and as set forth below, California law requires us to identify, for the 12-month period prior to the date of this Privacy Policy, what information we may have “sold” or “shared” about you. For the 12-month period prior to the date of this Privacy Policy, XHEAL has not sold any Personal Data. We do not sell Personal Data. For the 12-month period prior to the date of this Privacy Policy, XHEAL has only shared Personal Data as described above. As we explain in this Privacy Policy, we use Cookies and other tracking technologies to analyze website and application traffic and use, and to facilitate advertising. To limit use of Cookies and other tracking technologies, please review the instructions provided in the “Online tracking opt-outs” section. You may also direct us to share your data, as described in the “How You Share Personal Data Through the Services” section of the Privacy Policy.

You are entitled to exercise the rights described above free from discrimination.

Exercising Your Rights. To exercise these rights, you can submit requests as follows:

• To request access to, correction of, or deletion of Personal Data collected via your use of the Services, please email us at privacy@xheal.ai.
• To learn how to opt-out of interest-based ads and other online tracking, see the “Online tracking opt-outs” section of the Privacy Policy.
• To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us. Where we ask for additional Personal Data to verify your identity, we will only use it to verify your identity or your authority to make the request on behalf of another consumer.
• Authorized agents: You can empower an “authorized agent” to submit requests on your behalf. Your authorized agent may submit requests in the same manner, although we may require the agent to present signed written permission to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.

Please note that we are only required to honor requests to know twice in a 12-month period.

California Shine the Light. This Privacy Policy describes how we may share your Personal Data for marketing purposes. If you are a California resident, the Shine the Light law permits you to request and obtain from us once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us through the contact form on our website.

14A. New Trans-Atlantic Data Privacy Framework

The judgment in the Schrems II case issued by the European Court of Justice in 2020 found that Privacy Shield framework no longer provides adequate safeguards for the transfer of personal data to the United States from the EEA.

The US and the European Commission announced in 2022 an “agreement in principle” to develop a new Trans-Atlantic Data Privacy Framework (“Framework”). The Framework is intended to re-establish a legal mechanism for transfers of EU personal data to the U.S. after the Court of Justice of the European Union invalidated the EU-US Privacy Shield.

In the interim, to ensure that transfers of personal data from the EU to the US can occur in line with European data protection laws, XHeal will enter into the Standard Contractual Clauses with our vendors who process personal data, and with our customers upon request. These Standard Contractual Clauses legitimize the transfer of personal data from the EU to the US.

15. PRIVACY NOTICE FOR EUROPEAN RESIDENTS

If you are a resident of Europe, you may have additional rights under the General Data Protection Regulation (the “GDPR”) and other European data protection and e-privacy laws. To the extent of any conflict between the provisions set out in this Section 15, and any other provision in this Privacy Policy, the former shall control to the extent of such conflict.

Controller and European Representatives. XHeal Corp. will be the controller of your Personal Data processed in connection with the Services. Our contact information is as follows: 

• XHeal Corp. Attn: Data Protection Officer, 25 SE 2ND AVE, SUITE 550, MIAMI, FL 3313, 
• General Inquiries: support@xheal.ai
• Privacy Inquiries: privacy@xheal.ai
• Legal Inquiries: legal@xheal.ai
• Data Protection Officer: dpo@xheal.ai
• EU Representative: eu-representative@xheal.ai
• Phone: (833) 514-4187

Legal Bases for Processing. The “How We Use Personal Data” section above explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others but will depend on the type of Personal Data and the specific context in which we process it. However, the legal bases we typically rely on for each category of processing activity are set out below.

• Service delivery: Processing is necessary to perform our contract, or to take steps that you request prior to engaging our Services. Where we cannot process your Personal Data as required to operate the Services on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the products or Services you access and request.
• Research and development: These activities constitute our legitimate interests.
• Marketing and advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.
• Compliance and protection: From time to time, we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
• Consent: To the extent that wellness data that we collect is considered consumer health data or another special category of Personal Data subject to the GDPR, we will ask for your explicit consent to process this data. You can use your account settings and tools to withdraw your consent at any time, including by stopping use of a feature or deleting your data or your account. In addition, in some cases, such as when you direct us to share it, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, you have the right to withdraw it any time in the manner indicated at the time you give consent or in as listed in our Services.

We may use your Personal Data for reasons not described in this Privacy Policy where permitted by law and where the reason is compatible with the purpose for which we collected it. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the applicable legal basis.

Retention. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Solely automated decision-making. We do make decisions based solely on automated processing involving personal data, including profiling, which produce legal effects or similarly significantly affects you, including in connection with the personal data processing activities described under Section 8 above.

Data Subject Rights. You have certain rights with respect to your Personal Data, including:

• Access. You can request more information about the Personal Data we hold about you and request a copy of such Personal Data by emailing us at privacy@xheal.ai.
• Rectification. If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You can also correct some of this information directly by logging into your account.
• Erasure. You can request that we erase your Personal Data from our systems.
• Withdrawal of consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.
•  Portability. You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
• Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
• Restriction of processing. You can ask us to restrict further processing of your Personal Data.
• Right to file a complaint. You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority in the relevant European Economic Area member state, UK or Switzerland, as applicable, where you reside.
• Obtain a copy of any Standard Contractual Clauses or other international data transfer agreement we may use to transfer your personal data outside of Europe.

For more information about these rights, or to submit a request, please email eu-representative@xheal.ai or privacy@xheal.ai. Please note that in some circumstances, we may be allowed to wholly or partially decline your request in accordance with applicable data protection laws (including the GDPR), but in those circumstances, we will still respond to notify you of such a decision in accordance with the timescales under such laws. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

Processing of Personal Data in the United States. To provide the Services, we will process your Personal Data in the United States, where XHEAL is based. To the extent we transfer your Personal Data to the United States, we will do so in accordance with European data protections laws.

If you have any questions about this section or our data practices generally, please contact us at eu-representative@xheal.ai and privacy@xheal.ai.

‍