← Back to Home

Privacy Policy

Last updated: October 2, 2025

Controller: Salus Labs Inc. ("Salus," "we," "us," "our")

Contact: support@saluslabshq.com

Scope: This Policy explains how we collect, use, disclose, and protect personal data when you use https://doopapp.com (the "Website"), our mobile and desktop applications (the "Apps"), and related services, tools, widgets, SDKs, APIs, and software (collectively, the "Services" or "Platform"). By using the Platform, you agree to this Policy and our Terms of Use.

What We Collect

A) Data you provide

We collect information you submit when creating an account, using features, or contacting support, including but not limited to:

  • Account & Contact: name, email address.
  • Demographic: age, country/region, gender.
  • Health & Wellness (special category data): height, weight, eating habits or dietary restrictions, physical activity, self-reported stool details (e.g., frequency, texture, odor), and stool photos you upload.
  • User Content & Support Communications: messages, attachments, and other content you send us.

We process health/special-category data only with your explicit consent (where required). You can withdraw consent at any time as described in this Policy.

B) Data collected automatically

When you use the Platform, we automatically collect technical and usage information, including but not limited to:

  • Device/Technical: device type, operating system, app version, device identifiers, crash logs, diagnostics, performance data.
  • Usage: in-app actions, feature interactions, timestamps, session metadata.
  • Network: IP address (which may be used to derive a general location, such as country/region).

C) Data from third parties

We receive data from service providers acting on our behalf, including but not limited to:

  • Analytics & Diagnostics Providers (e.g., crash reporting, performance monitoring).
  • Authentication Services (if used for sign-in).
  • Cloud & Infrastructure Vendors that host and operate our Services as processors.

We require these providers to process personal data only under our instructions and with appropriate confidentiality and security safeguards.

How We Use AI/ML

We use artificial intelligence and machine-learning (AI/ML) models to analyze stool images and related inputs to generate in-app insights, scores, and recommendations. These outputs are informational only and not medical advice.

  • Inputs processed: stool photos and related health details you provide (e.g., frequency, texture), plus limited technical/usage signals needed to operate the feature.
  • Where processing occurs: on our servers and/or with vetted service providers acting as processors under contract.
  • Human involvement: we may use limited human review to improve model quality and safety (e.g., to verify labels), subject to strict confidentiality and access controls.
  • No solely automated decisions with legal or similarly significant effects. We do not make decisions that produce such effects without human involvement.
  • Model improvement: By default, we do not use your identifiable content to train foundation models. We may use de-identified or aggregated data for safety, research, and product improvement; we do not attempt to re-identify such data. Where local law requires, we will request separate consent before using your content for model training beyond providing the Services.

Data Processing (Purposes & Legal Bases)

Where the GDPR/UK GDPR applies, the legal bases are noted in [brackets].

  • Provide and secure the Services: create/manage accounts, core functionality, integrity and abuse prevention, authentication, troubleshooting, and security monitoring. [Contract; Legitimate interests; Legal obligation]
  • Analyze stool images using AI/ML to generate insights: process images and related inputs to produce reports and in-app features. [Explicit consent for special-category data; Contract]
  • Personalize & improve the product: usage analytics, A/B tests, feature development. [Legitimate interests; Consent where required]
  • Communicate with you: service messages, support responses, and—if you opt in—product updates or marketing. [Contract; Legitimate interests; Consent for marketing]
  • Compliance & enforcement: legal obligations, dispute resolution, fraud prevention. [Legal obligation; Legitimate interests]

Consent for special-category data. We process health data (including stool images) only with your explicit consent. Because AI analysis is a core function of the Services, withdrawing consent means you should stop using the relevant features and, if you want all future processing to cease, delete your account in the app. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. After account deletion (or as otherwise requested), we handle your data per Data Retention and Deletion Requests

De-identified / Aggregated Data

We may create and use de-identified and/or aggregated data for research, analytics, and product improvement, and we may share or license such data to third parties. We commit to: (i) not re-identify de-identified data; (ii) implement technical and organizational safeguards; and (iii) require recipients to do the same. De-identified data does not identify you.

Note for U.S. state privacy laws (e.g., CA/VA/CO/etc.): If we "sell" or "share" personal information (as defined by applicable law), you have the right to opt out. See Your Rights (Certain U.S. States, incl. CA) for choices.

Cookies & Similar Technologies

We (and providers) may use cookies, SDKs, and similar technologies for functionality, analytics, and security. Where required, we'll request consent and provide controls.

Data Sharing

We do not sell your personal identifiers (e.g., name, email). We share personal data only as described below:

  • Service providers/processors (including but not limited to cloud hosting, analytics and diagnostics, crash reporting, customer support, email delivery, security monitoring, and AI/ML infrastructure or model-serving providers) — They act solely under our instructions, are bound by confidentiality and security obligations, and are not permitted to use your personal data for their own purposes or for unrelated advertising. We also restrict onward transfers that do not maintain equivalent protection.
  • Legal and safety — To comply with applicable law, respond to lawful requests, enforce our terms, protect our rights, users, or the public, and prevent fraud, abuse, or security incidents.
  • Business transfers — In connection with a merger, acquisition, financing, reorganization, or sale of assets. We will require the recipient to honor this Policy or provide notice and choices if practices materially change.

De-identified / Aggregated Data

We may collect, use, share, license, and/or sell de-identified, anonymized, or aggregated data derived from your use of the Services. This data does not identify you and may be used for research, analytics, model and product improvement, and other commercial purposes, including sharing with research partners, analytics providers, and commercial partners.

We commit to:

  • Not re-identify de-identified data;
  • Maintain technical and organizational safeguards to reduce re-identification risk; and
  • Require recipients to do the same and to use such data only for permitted purposes.

U.S. state privacy laws: Your rights to opt out of "sale" or "sharing" of personal information apply to personal data as defined by those laws. De-identified/aggregated data is not personal data under those laws. See Your Rights (Certain U.S. States, incl. CA) for your options.

International Transfers

We operate globally and may process your information in countries outside your place of residence (including the United States). These locations may have data-protection laws that differ from those in your jurisdiction.

EEA/UK/Switzerland transfers. When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been found to provide an adequate level of protection, we implement legally recognized safeguards, including:

  • EU Standard Contractual Clauses (SCCs) under GDPR Art. 46,
  • the UK Addendum or UK IDTA (as applicable), and
  • supplementary technical and organizational measures (e.g., encryption, access controls, data minimization) based on transfer risk assessments.

We also require our service providers and partners receiving such data to comply with these safeguards and prohibit onward transfers that do not maintain equivalent protection.

Other jurisdictions. Where local law requires specific transfer mechanisms or notices (e.g., Canada), we use appropriate contractual and organizational measures consistent with that law.

What this means for you. Your data may be processed in the United States and other countries to deliver the Services. We do not rely on blanket consent for cross-border transfers where another lawful mechanism is available; if consent is required by your local law, we will request it separately. You can contact us for copies of the SCCs or information about the applicable safeguards.

Data Retention

We retain personal and health-related information only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

General rule. While your account is active, we keep the data needed to operate the Services. If you close your account or withdraw consent (for processing that relies on consent), we delete or de-identify your personal and health-related data within ninety (90) days, unless a longer retention period is required or permitted by law (e.g., to prevent fraud or comply with tax, accounting, or regulatory obligations). If immediate deletion is not feasible (for example, due to backup systems), we will securely store and isolate the data from further processing until deletion is possible.

  • Personal Information (including but not limited to name, email address, country/region, gender, age). Retained while your account remains active. Deleted or de-identified within 90 days after account closure or consent withdrawal, unless retention is required or permitted by law.
  • Health Data (including but not limited to weight, height, eating habits or dietary restrictions, physical activity, stool photos, stool-related details, and analyses). Retained only as long as needed to deliver analyses and app functionality. Where feasible, we transform stool photos and related outputs into de-identified and/or aggregated data for product improvement and research; such data does not identify you, we do not attempt to re-identify it, and we may retain it for as long as needed for those purposes.
  • Technical Data (including but not limited to IP address, device identifiers, app logs, crash and diagnostics data, and usage metrics). Retained for security, fraud prevention, troubleshooting, and analytics for a period consistent with those purposes and our legal obligations. When no longer needed, we delete or de-identify this data.

Backups and archives. Residual copies may persist in encrypted backups for a limited period aligned with our backup rotation schedules; these copies are isolated from routine use and are deleted as the backups roll off.

Deletion Requests

You may request deletion of your personal and health-related data at any time by:

  • Adjusting your privacy settings and opting out of the use of our Services in the app, or
  • Contact us via email at support@saluslabshq.com.

Upon receiving your request, we will delete or anonymize your personal and health-related data within ninety (90) days, unless retention is required by law or necessary for legitimate business purposes (e.g., preventing fraud, maintaining security).

Children

Our Services are not directed to children.

Age restrictions. Individuals under 16 in the EEA/UK and under 13 in the United States and elsewhere may not use the Platform, create an account, or provide personal data. Where local law sets a higher minimum age, we comply with that higher age.

No knowing collection. We do not knowingly collect personal data from children below the applicable age threshold, nor do we permit them to register.

Remediation. If we learn that we have collected personal data from such a child, we will promptly delete it and, where feasible, disable the associated account.

Contact. If you believe a child has provided us with personal data, please contact support@saluslabshq.com so we can take appropriate action.

Note (U.S.): We comply with the Children's Online Privacy Protection Act (COPPA) and do not seek to collect personal information from children under 13.

Legal Bases for Processing (EEA/UK)

Where the GDPR/UK GDPR applies, we process personal data only when we have a lawful basis under Art. 6 GDPR (and, for health data, Art. 9 GDPR).

Primary bases we rely on:

  • Contract (Art. 6(1)(b)) – to create and manage your account, provide core features, and deliver the Services you request.
  • Legitimate interests (Art. 6(1)(f)) – to secure and improve the Services, prevent fraud/abuse, perform analytics, and support customer service. We perform and document a balancing test, and you may object at any time (Art. 21).
  • Consent (Art. 6(1)(a)) – for activities that require it (e.g., certain analytics/SDKs, marketing communications). You may withdraw consent at any time without affecting prior lawful processing (Art. 7(3)).
  • Legal obligation (Art. 6(1)(c)) – to meet statutory requirements (e.g., accounting, tax, regulatory requests).
  • Vital interests (Art. 6(1)(d)) – in rare cases to protect life or physical safety.
  • Public interest/official authority (Art. 6(1)(e)) – only where applicable.

Special category (health) data: For health-related information (e.g., stool images, derived analyses), we rely on your explicit consent (Art. 9(2)(a)). You can withdraw this consent in the app or by contacting us as described in this Policy.

Controller note: The applicable legal basis may vary by processing activity and by your location. Where we act with service providers, they process data under our instructions as processors with appropriate contractual safeguards. We specify the applicable bases for key activities in the relevant sections of this Policy.

Your Rights (Certain U.S. States, incl. CA)

Residents of states with comprehensive privacy laws (e.g., CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA) may have rights to:

  • Access, correct, delete, and portability;
  • Opt out of sales, sharing for cross-context behavioral advertising, and targeted advertising;
  • Limit the use/disclosure of sensitive personal information (where applicable).

How to exercise: Use in-app settings or email support@saluslabshq.com.

California Notice at Collection: We collect the categories listed in What We Collect for the purposes in Data Processing (Purposes & Legal Bases); retention is as in Data Retention; we do not collect or use data for purposes materially different from those listed without notice. We do not sell minors' data.

Security

We use reasonable technical and organizational measures (e.g., encryption in transit and at rest where appropriate, access controls, monitoring, OTP-based sign-in, and secure development practices). No method of transmission or storage is 100% secure. You're responsible for safeguarding your credentials and notifying us of any suspected misuse.

Automated Decision-Making & AI

We may use automated processing (including AI/ML-based analyses) to generate stool insights and in-app scores/recommendations. These outputs are informational only and not medical advice, and we do not engage in solely automated decision-making that produces legal or similarly significant effects without human involvement. See How We Use AI/ML and Your AI/ML Choices for details.

Intellectual Property

All content, trademarks, and services provided by DOOP are the property of Salus Labs Inc. and are protected by applicable intellectual property laws. You may not use our trademarks, logos, or proprietary information without our prior written consent.

Changes to This Policy

We may update this Policy from time to time. We will post updates with a new effective date, and when changes are material, we will provide additional notice as required by law.

How to contact us

Email: support@saluslabshq.com