Privacy Policy
Effective Date: September 9, 2025
Entity: Yaiks Incorporated (“Yaiks,” “we,” “us,” “our”)
Applies to: Springturn devices, apps, portals, and websites operated by Yaiks Incorporated.
This Privacy Policy explains how we process personal information, including health/medical information, when you use Springturn.
1. Key Commitments
1. Key Commitments
We collect only what is necessary to provide the Services.
We do not sell personal information.
We do not use health/medical information for third‑party targeted advertising.
We obtain explicit consent where required to process health/special‑category data (e.g., EU/UK GDPR) or consumer health data (e.g., U.S. state laws).
If we act for a clinic/covered entity, we will sign a Business Associate Agreement (BAA) (HIPAA) or DPA as applicable.
We collect only what is necessary to provide the Services.
We do not sell personal information.
We do not use health/medical information for third‑party targeted advertising.
We obtain explicit consent where required to process health/special‑category data (e.g., EU/UK GDPR) or consumer health data (e.g., U.S. state laws).
If we act for a clinic/covered entity, we will sign a Business Associate Agreement (BAA) (HIPAA) or DPA as applicable.
We collect only what is necessary to provide the Services.
We do not sell personal information.
We do not use health/medical information for third‑party targeted advertising.
We obtain explicit consent where required to process health/special‑category data (e.g., EU/UK GDPR) or consumer health data (e.g., U.S. state laws).
If we act for a clinic/covered entity, we will sign a Business Associate Agreement (BAA) (HIPAA) or DPA as applicable.
2. What We Collect
2. What We Collect
Depending on your use, we may process:
Identifiers & contact data: name, email, phone, shipping address, account IDs.
Usage & device data: app interactions, crash logs, device type/OS, IP address, timestamps, telemetry from Springturn Devices (for safety/quality).
Payment & order data: items purchased, transaction metadata (processed by payment processors; we do not store full card numbers).
Health/medical data (Springturn): neuromuscular measurement signals, test results, calibration and session metadata, clinician annotations, and information you or your clinic provide (e.g., age range, handedness, injury timelines), as supported by the product’s IFU.
Communications: support requests, survey responses, or research participation (optional)
Sources. You (directly), your clinic/organization, our devices and apps (automatically), and service providers (e.g., cloud hosting, error logging). Where permitted, we derive de‑identified or aggregated metrics for safety/quality and research.
3. Why We Use Data (Purposes)
3. Why We Use Data (Purposes)
Provide, secure, and improve the Services and devices.
Perform measurements and generate reports as described in labeling/IFU.
Maintain safety, quality, calibration, and cybersecurity; fulfill orders and provide support.
Comply with legal/regulatory obligations (e.g., complaint handling, adverse event reporting, and recalls).
Optional (consented) uses: research/validation studies, advanced analytics, and communications.
Use the Services only for their intended purposes and in compliance with law and labeling. You may not:
(a) reverse engineer, decompile, or bypass security controls;
(b) use the Services contrary to labeling/IFU;
(c) upload unlawful, infringing, or harmful content;
(d) interfere with security, availability, or device safety;
(e) use any automated scraping/crawling;
(f) collect or use data from the Services to develop, train, or improve AI/ML models without our prior written consent;
(g) remove or alter proprietary notices;
(h) use while driving or performing hazardous tasks.
4. Legal Bases
4. Legal Bases
Contract (to provide requested Services),
Consent (especially for health/special‑category data and certain analytics/communications),
Legitimate interests (e.g., securing and improving the Services; de‑identifying data),
Legal obligations (e.g., safety, accounting, product surveillance). Where EU/UK law applies, we process special‑category data only with explicit consent, for medical device safety/quality, or as otherwise permitted by law.
5. Sharing
5. Sharing
We share information only as needed with:
.Service providers/processors (cloud hosting, storage, support, error logging, email delivery, fulfillment).
Your organization/clinician (if your account is provisioned by a clinic or employer)
Affiliates & corporate transactions (merger, acquisition, reorganization).
Legal/regulatory (to comply with law, protect rights/safety).
We do not sell personal information and do not share health data for cross‑context behavioral advertising.
Vendors. Our current processor and SDK categories include: Supabase (hosting/auth), Google Analytics (GA4), Mixpanel, Amplitude (product analytics, consented where required); and on web properties only, Meta (Facebook/Instagram) Pixel, Google Ads/Conversion Linker, and TikTok Pixel for brand/traffic attribution. These web ad/attribution tools are not connected to in‑app health measurement data and are used only with appropriate consent and regional controls.
6. HIPAA & PHI
6. HIPAA & PHI
Yaiks is not a HIPAA covered entity. If we receive Protected Health Information (PHI) from or on behalf of a covered entity, we will act as a Business Associate under a BAA and use PHI only as permitted by that BAA.
Yaiks is not a HIPAA covered entity. If we receive Protected Health Information (PHI) from or on behalf of a covered entity, we will act as a Business Associate under a BAA and use PHI only as permitted by that BAA.
Yaiks is not a HIPAA covered entity. If we receive Protected Health Information (PHI) from or on behalf of a covered entity, we will act as a Business Associate under a BAA and use PHI only as permitted by that BAA.
7. U.S. State Privacy Disclosures
7. U.S. State Privacy Disclosures
Residents of certain U.S. states (e.g., California (CCPA/CPRA), Colorado, Connecticut, Utah, Virginia) have rights to access, delete, correct, and opt out of certain processing.
California. We provide Right to Know/Delete/Correct and Do Not Sell/Share mechanisms. We do not sell personal information or share health data for cross‑context behavioral advertising.
- Washington & Nevada consumer health data laws. Where Springturn collects consumer health data in those states, we obtain consent and provide rights consistent with those laws (including the right to delete and to withdraw consent). We do not use geofencing around healthcare facilities in prohibited ways.How to exercise rights: see Section 12.
Residents of certain U.S. states (e.g., California (CCPA/CPRA), Colorado, Connecticut, Utah, Virginia) have rights to access, delete, correct, and opt out of certain processing.
California. We provide Right to Know/Delete/Correct and Do Not Sell/Share mechanisms. We do not sell personal information or share health data for cross‑context behavioral advertising.
- Washington & Nevada consumer health data laws. Where Springturn collects consumer health data in those states, we obtain consent and provide rights consistent with those laws (including the right to delete and to withdraw consent). We do not use geofencing around healthcare facilities in prohibited ways.How to exercise rights: see Section 12.
Residents of certain U.S. states (e.g., California (CCPA/CPRA), Colorado, Connecticut, Utah, Virginia) have rights to access, delete, correct, and opt out of certain processing.
California. We provide Right to Know/Delete/Correct and Do Not Sell/Share mechanisms. We do not sell personal information or share health data for cross‑context behavioral advertising.
- Washington & Nevada consumer health data laws. Where Springturn collects consumer health data in those states, we obtain consent and provide rights consistent with those laws (including the right to delete and to withdraw consent). We do not use geofencing around healthcare facilities in prohibited ways.How to exercise rights: see Section 12.
8. International (EU/EEA/UK) Notices
8. International (EU/EEA/UK) Notices
For users in the EEA/UK, you have GDPR rights (access, rectification, erasure, restriction, portability, objection, and withdrawal of consent). We may transfer data to the U.S. using appropriate safeguards (e.g., EU Standard Contractual Clauses/UK IDTA). Special‑category data is processed only under the conditions in Section 4.
9. Children
9. Children
Consumer features: 13+ (parental consent when required by law). Clinical features: adults or supervised minors via a clinic. We do not knowingly collect personal data from children under 13 without verifiable parental consent or a provider/organization acting as controller.
Consumer features: 13+ (parental consent when required by law). Clinical features: adults or supervised minors via a clinic. We do not knowingly collect personal data from children under 13 without verifiable parental consent or a provider/organization acting as controller.
Consumer features: 13+ (parental consent when required by law). Clinical features: adults or supervised minors via a clinic. We do not knowingly collect personal data from children under 13 without verifiable parental consent or a provider/organization acting as controller.
10. Data Retention
10. Data Retention
We retain data as long as reasonably necessary to provide the Services and meet legal, regulatory, and safety obligations (e.g., post‑market surveillance, complaint handling). If an organization controls your account, their retention rules may apply. We may retain de‑identified/aggregated data for analytics and safety.
11. Security
11. Security
We use administrative, technical, and physical safeguards appropriate to the nature of the data (e.g., encryption in transit and at rest where applicable, least‑privilege access, logging). No system is 100% secure
12. Your Choices & Rights
12. Your Choices & Rights
Access/Deletion/Correction/Portability. Submit a request via the in‑app form or email privacy@yaiks.com. We may verify identity and, if applicable, an authorized agent.
Consent management. Manage analytics/communications consent in app settings. You can withdraw consent at any time (this will not affect prior lawful processing).
Device permissions. Manage OS‑level permissions and reset advertising identifiers in your device settings.
Marketing. Opt out via unsubscribe links or in‑app toggles.
13. Changes
13. Changes
We may update this Policy. Material changes will be posted in‑app or on our sites with a new effective date.
17. Contact
17. Contact
Privacy Office – Yaiks Incorporated
privacy@yaiks.com
Support: support@springturn.com
Navigation
Legal
© 2025 by Springturn and Yaiks Inc. All rights reserved.