Privacy Policy

1. Introduction

Rewind Health Pty Ltd ("Rewind", "we", "us", or "our") operates the Rewind platform, an AI-powered longevity and health optimisation service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and related services (collectively, the "Platform").

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Full name and email address
• Password (stored in hashed form)
• Date of birth
• Profile preferences and settings

2.2 Health-Related Information

To provide our longevity and health optimisation services, we may collect sensitive health information, including:

• Biomarker results from blood tests and other diagnostics
• Biological age calculations and related metrics
• Health questionnaire and intake form responses
• Wearable device data (e.g. activity, sleep, heart rate) that you choose to connect
• Medical history and health goals you provide
• Supplement and medication information you share

We treat all health-related information with the highest level of care and in accordance with applicable health privacy legislation, including the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2.3 Device and Usage Data

We automatically collect certain technical information, including:

• IP address and approximate location (country/region level)
• Browser type, operating system, and device identifiers
• Pages visited, features used, and time spent on the Platform
• Referring URLs and navigation patterns
• Crash reports and performance data

2.4 Cookies and Similar Technologies

We use cookies, pixels, and similar tracking technologies to operate the Platform, remember your preferences, and analyse usage patterns. For full details, please see our Cookie Policy.

2.5 Payment Information

When you subscribe to a paid plan, payment details are collected and processed by our third-party payment processor. We do not store full credit card numbers on our servers. We may retain a tokenised reference and the last four digits of your card for billing records.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Platform and our services
• Generate personalised health insights, biological age assessments, and recommendations
• Facilitate communication between you and your assigned clinicians
• Process transactions and manage your subscription
• Send service-related notifications and updates
• Respond to your enquiries and provide customer support
• Analyse usage patterns to improve user experience
• Detect, prevent, and address fraud, security issues, or technical problems
• Comply with legal obligations
• With your explicit consent, send marketing communications (you may opt out at any time)

4. Legal Basis for Processing

We process your personal information on the following legal grounds:

• Consent: Where you have given explicit consent, particularly for the collection and processing of sensitive health information.
• Contractual necessity: To perform our obligations under our terms of service and deliver the services you have requested.
• Legitimate interests: To improve our services, ensure platform security, and conduct analytics, where these interests are not overridden by your rights.
• Legal obligation: Where processing is required to comply with applicable laws or regulations.

5. Third-Party Sharing

We do not sell your personal information. We may share your information with the following categories of third parties, solely to the extent necessary to operate and improve the Platform:

• Cloud infrastructure providers: For secure data hosting and storage.
• Analytics services: To understand usage patterns and improve the Platform (data is aggregated or anonymised where possible).
• Payment processors: To process subscription payments securely.
• Healthcare professionals: Clinicians and practitioners who are part of your care team on the Platform, with your consent.
• Communication services: To deliver email notifications and support messages.
• Legal and regulatory authorities: Where required by law, court order, or governmental regulation.

All third-party service providers are contractually obligated to handle your data securely and only for the purposes we specify.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. After account deletion, we may retain certain data for a limited period to comply with legal obligations, resolve disputes, and enforce our agreements.

Health-related data is retained in accordance with applicable health records legislation and professional standards.

7. Data Security

We implement industry-standard technical and organisational measures to protect your information, including:

• Encryption of data in transit (TLS) and at rest (AES-256)
• Access controls and authentication mechanisms
• Regular security assessments and monitoring
• Staff training on data protection and privacy

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any breach in accordance with applicable notification requirements.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request that we delete your personal information, subject to legal retention requirements.
• Portability: Request a copy of your data in a structured, commonly used, and machine-readable format.
• Withdrawal of consent: Withdraw your consent to processing at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
• Restriction: Request that we restrict the processing of your information in certain circumstances.
• Objection: Object to the processing of your information where we rely on legitimate interests.

To exercise any of these rights, please contact us at privacy@rewind.health. We will respond within a reasonable timeframe and in accordance with applicable laws.

9. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@rewind.health.

10. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you reside. Our cloud infrastructure providers may store data in various jurisdictions. Where we transfer data internationally, we take reasonable steps to ensure that your information receives an adequate level of protection, including through contractual safeguards and compliance with applicable cross-border data transfer requirements.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on the Platform and updating the "Last updated" date. We encourage you to review this policy periodically. Your continued use of the Platform after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@rewind.health
• Entity: Rewind Health Pty Ltd

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.