Scope: This Policy explains how we collect, use, disclose, and protect personal data when you use https://doopapp.com (the "Website"), our mobile and desktop applications (the "Apps"), and related services, tools, widgets, SDKs, APIs, and software (collectively, the "Services" or "Platform"). By using the Platform, you agree to this Policy and our Terms of Use.

What We Collect

A) Data you provide

We collect information you submit when creating an account, using features, or contacting support, including but not limited to:

• Account & Contact: name, email address.
• Demographic: age, country/region, gender.
• Health & Wellness (special category data): height, weight, eating habits or dietary restrictions, physical activity, self-reported stool details (e.g., frequency, texture, odor), and stool photos you upload.
• User Content & Support Communications: messages, attachments, and other content you send us.

We process health/special-category data only with your explicit consent (where required). You can withdraw consent at any time as described in this Policy.

B) Data collected automatically

When you use the Platform, we automatically collect technical and usage information, including but not limited to:

• Device/Technical: device type, operating system, app version, device identifiers, crash logs, diagnostics, performance data.
• Usage: in-app actions, feature interactions, timestamps, session metadata.
• Network: IP address (which may be used to derive a general location, such as country/region).

C) Data from third parties

We receive data from service providers acting on our behalf, including but not limited to:

• Analytics & Diagnostics Providers (e.g., crash reporting, performance monitoring).
• Authentication Services (if used for sign-in).
• Cloud & Infrastructure Vendors that host and operate our Services as processors.

We require these providers to process personal data only under our instructions and with appropriate confidentiality and security safeguards.

How We Use AI/ML

We use artificial intelligence and machine-learning (AI/ML) models to analyze stool images and related inputs to generate in-app insights, scores, and recommendations. These outputs are informational only and not medical advice.

• Inputs processed: stool photos and related health details you provide (e.g., frequency, texture), plus limited technical/usage signals needed to operate the feature.
• Where processing occurs: on our servers and/or with vetted service providers acting as processors under contract.
• Human involvement: we may use limited human review to improve model quality and safety (e.g., to verify labels), subject to strict confidentiality and access controls.
• No solely automated decisions with legal or similarly significant effects. We do not make decisions that produce such effects without human involvement.
• Model improvement: By default, we do not use your identifiable content to train foundation models. We may use de-identified or aggregated data for safety, research, and product improvement; we do not attempt to re-identify such data. Where local law requires, we will request separate consent before using your content for model training beyond providing the Services.

Data Processing (Purposes & Legal Bases)

Where the GDPR/UK GDPR applies, the legal bases are noted in [brackets].

• Provide and secure the Services: create/manage accounts, core functionality, integrity and abuse prevention, authentication, troubleshooting, and security monitoring. [Contract; Legitimate interests; Legal obligation]
• Analyze stool images using AI/ML to generate insights: process images and related inputs to produce reports and in-app features. [Explicit consent for special-category data; Contract]
• Personalize & improve the product: usage analytics, A/B tests, feature development. [Legitimate interests; Consent where required]
• Communicate with you: service messages, support responses, and—if you opt in—product updates or marketing. [Contract; Legitimate interests; Consent for marketing]
• Compliance & enforcement: legal obligations, dispute resolution, fraud prevention. [Legal obligation; Legitimate interests]

Consent for special-category data. We process health data (including stool images) only with your explicit consent. Because AI analysis is a core function of the Services, withdrawing consent means you should stop using the relevant features and, if you want all future processing to cease, delete your account in the app. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. After account deletion (or as otherwise requested), we handle your data per Data Retention and Deletion Requests.

De-identified / Aggregated Data

We may create and use de-identified and/or aggregated data for research, analytics, and product improvement, and we may share or license such data to third parties. We commit to: (i) not re-identify de-identified data; (ii) implement technical and organizational safeguards; and (iii) require recipients to do the same. De-identified data does not identify you.

Note for U.S. state privacy laws (e.g., CA/VA/CO/etc.): If we "sell" or "share" personal information (as defined by applicable law), you have the right to opt out. See Your Rights (Certain U.S. States, incl. CA) for choices.

Cookies & Similar Technologies

We (and providers) may use cookies, SDKs, and similar technologies for functionality, analytics, and security. Where required, we'll request consent and provide controls.

Data Sharing

We do not sell your personal identifiers (e.g., name, email). We share personal data only as described below:

• Service providers/processors (including but not limited to cloud hosting, analytics and diagnostics, crash reporting, customer support, email delivery, security monitoring, and AI/ML infrastructure or model-serving providers) — They act solely under our instructions, are bound by confidentiality and security obligations, and are not permitted to use your personal data for their own purposes or for unrelated advertising. We also restrict onward transfers that do not maintain equivalent protection.
• Legal and safety — To comply with applicable law, respond to lawful requests, enforce our terms, protect our rights, users, or the public, and prevent fraud, abuse, or security incidents.
• Business transfers — In connection with a merger, acquisition, financing, reorganization, or sale of assets. We will require the recipient to honor this Policy or provide notice and choices if practices materially change.

De-identified / Aggregated Data (Additional Detail)

We may collect, use, share, license, and/or sell de-identified, anonymized, or aggregated data derived from your use of the Services. This data does not identify you and may be used for research, analytics, model and product improvement, and other commercial purposes, including sharing with research partners, analytics providers, and commercial partners.

We commit to:

• Not re-identify de-identified data;
• Maintain technical and organizational safeguards to reduce re-identification risk; and
• Require recipients to do the same and to use such data only for permitted purposes.

U.S. state privacy laws: Your rights to opt out of "sale" or "sharing" of personal information apply to personal data as defined by those laws. De-identified/aggregated data is not personal data under those laws. See Your Rights (Certain U.S. States, incl. CA) for your options.

International Transfers

We operate globally and may process your information in countries outside your place of residence (including the United States). These locations may have data-protection laws that differ from those in your jurisdiction.

EEA/UK/Switzerland transfers. When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been found to provide an adequate level of protection, we implement legally recognized safeguards, including:

• EU Standard Contractual Clauses (SCCs) under GDPR Art. 46,
• the UK Addendum or UK IDTA (as applicable), and
• supplementary technical and organizational measures (e.g., encryption, access controls, data minimization) based on transfer risk assessments.

We also require our service providers and partners receiving such data to comply with these safeguards and prohibit onward transfers that do not maintain equivalent protection.

Other jurisdictions. Where local law requires specific transfer mechanisms or notices (e.g., Canada), we use appropriate contractual and organizational measures consistent with that law.

What this means for you. Your data may be processed in the United States and other countries to deliver the Services. We do not rely on blanket consent for cross-border transfers where another lawful mechanism is available; if consent is required by your local law, we will request it separately. You can contact us for copies of the SCCs or information about the applicable safeguards.

Data Retention

We retain personal and health-related information only for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

General rule. While your account is active, we keep the data needed to operate the Services. If you close your account or withdraw consent (for processing that relies on consent), we delete or de-identify your personal and health-related data within ninety (90) days, unless a longer retention period is required or permitted by law (e.g., to prevent fraud or comply with tax, accounting, or regulatory obligations). If immediate deletion is not feasible (for example, due to backup systems), we will securely store and isolate the data from further processing until deletion is possible.

• Personal Information (including but not limited to name, email address, country/region, gender, age). Retained while your account remains active. Deleted or de-identified within 90 days after account closure or consent withdrawal, unless retention is required or permitted by law.
• Health Data (including but not limited to weight, height, eating habits or dietary restrictions, physical activity, stool photos, stool-related details, and analyses). Retained only as long as needed to deliver analyses and app functionality. Where feasible, we transform stool photos and related outputs into de-identified and/or aggregated data for product improvement and research; such data does not identify you, we do not attempt to re-identify it, and we may retain it for as long as needed for those purposes.
• Technical Data (including but not limited to IP address, device identifiers, app logs, crash and diagnostics data, and usage metrics). Retained for security, fraud prevention, troubleshooting, and analytics for a period consistent with those purposes and our legal obligations. When no longer needed, we delete or de-identify this data.

Backups and archives. Residual copies may persist in encrypted backups for a limited period aligned with our backup rotation schedules; these copies are isolated from routine use and are deleted as the backups roll off.

Deletion Requests

You may request deletion of your personal and health-related data at any time by:

• Adjusting your privacy settings and opting out of the use of our Services in the app, or
• Contact us via email at support@saluslabshq.com.

Upon receiving your request, we will delete or anonymize your personal and health-related data within ninety (90) days, unless retention is required by law or necessary for legitimate business purposes (e.g., preventing fraud, maintaining security).

Children

Our Services are not directed to children.

Age restrictions. Individuals under 16 in the EEA/UK and under 13 in the United States and elsewhere may not use the Platform, create an account, or provide personal data. Where local law sets a higher minimum age, we comply with that higher age.

No knowing collection. We do not knowingly collect personal data from children below the applicable age threshold, nor do we permit them to register.

Remediation. If we learn that we have collected personal data from such a child, we will promptly delete it and, where feasible, disable the associated account.

Contact. If you believe a child has provided us with personal data, please contact support@saluslabshq.com so we can take appropriate action.

Note (U.S.): We comply with the Children's Online Privacy Protection Act (COPPA) and do not seek to collect personal information from children under 13.

Legal Bases for Processing (EEA/UK)

Where the GDPR/UK GDPR applies, we process personal data only when we have a lawful basis under Art. 6 GDPR (and, for health data, Art. 9 GDPR).

Primary bases we rely on:

• Contract (Art. 6(1)(b)) – to create and manage your account, provide core features, and deliver the Services you request.
• Legitimate interests (Art. 6(1)(f)) – to secure and improve the Services, prevent fraud/abuse, perform analytics, and support customer service. We perform and document a balancing test, and you may object at any time (Art. 21).
• Consent (Art. 6(1)(a)) – for activities that require it (e.g., certain analytics/SDKs, marketing communications). You may withdraw consent at any time without affecting prior lawful processing (Art. 7(3)).
• Legal obligation (Art. 6(1)(c)) – to meet statutory requirements (e.g., accounting, tax, regulatory requests).
• Vital interests (Art. 6(1)(d)) – in rare cases to protect life or physical safety.
• Public interest/official authority (Art. 6(1)(e)) – only where applicable.

Special category (health) data: For health-related information (e.g., stool images, derived analyses), we rely on your explicit consent (Art. 9(2)(a)). You can withdraw this consent in the app or by contacting us as described in this Policy.

Controller note: The applicable legal basis may vary by processing activity and by your location. Where we act with service providers, they process data under our instructions as processors with appropriate contractual safeguards. We specify the applicable bases for key activities in the relevant sections of this Policy.

Your Rights (Certain U.S. States, incl. CA)

Residents of states with comprehensive privacy laws (e.g., CA, CO, CT, DE, IN, IA, KY, MD, MN, MT, NE, NH, NJ, OR, RI, TN, TX, UT, VA) may have rights to:

• Access, correct, delete, and portability;
• Opt out of sales, sharing for cross-context behavioral advertising, and targeted advertising;
• Limit the use/disclosure of sensitive personal information (where applicable).

How to exercise: Use in-app settings or email support@saluslabshq.com.

California Notice at Collection: We collect the categories listed in What We Collect for the purposes in Data Processing (Purposes & Legal Bases); retention is as in Data Retention; we do not collect or use data for purposes materially different from those listed without notice. We do not sell minors' data.

Security

We use reasonable technical and organizational measures (e.g., encryption in transit and at rest where appropriate, access controls, monitoring, OTP-based sign-in, and secure development practices). No method of transmission or storage is 100% secure. You're responsible for safeguarding your credentials and notifying us of any suspected misuse.

Automated Decision-Making & AI

We may use automated processing (including AI/ML-based analyses) to generate stool insights and in-app scores/recommendations. These outputs are informational only and not medical advice, and we do not engage in solely automated decision-making that produces legal or similarly significant effects without human involvement. See How We Use AI/ML and Your AI/ML Choices for details.

Intellectual Property

All content, trademarks, and services provided by DOOP are the property of Salus Labs Inc. and are protected by applicable intellectual property laws. You may not use our trademarks, logos, or proprietary information without our prior written consent.

Changes to This Policy

We may update this Policy from time to time. We will post updates with a new effective date, and when changes are material, we will provide additional notice as required by law.

How to contact us

Email: support@saluslabshq.com

Welcome to DOOP. These Terms and Conditions ("Terms") govern your access to and use of the DOOP application, website, and related services (collectively, the "Services") provided by Salus Labs Inc. ("Company," "we," "us," or "our"). By accessing or using our Services, you agree to be bound by these Terms. If you do not agree to these Terms, please do not use our Services.

1. Acceptance of Terms

By creating an account, downloading, installing, or using the Services, you acknowledge that you have read, understood, and agree to be bound by these Terms and our Privacy Policy. If you are using the Services on behalf of an organization, you represent and warrant that you have the authority to bind that organization to these Terms.

2. Eligibility

You must be at least 16 years old in the EEA/UK or 13 years old in the United States and other jurisdictions to use our Services. By using the Services, you represent and warrant that you meet the applicable age requirement and have the legal capacity to enter into these Terms.

3. Account Registration

To access certain features of the Services, you may need to create an account. You agree to provide accurate, current, and complete information during registration and to update such information to keep it accurate, current, and complete. You are responsible for safeguarding your account credentials and for all activities that occur under your account. You agree to notify us immediately of any unauthorized use of your account.

4. Use of Services

You agree to use the Services only for lawful purposes and in accordance with these Terms. You agree not to:

• Use the Services in any way that violates any applicable law or regulation;
• Use the Services to transmit any harmful, threatening, abusive, or otherwise objectionable content;
• Attempt to gain unauthorized access to any part of the Services or any systems or networks connected to the Services;
• Use any automated means to access the Services or collect any information from the Services;
• Interfere with or disrupt the Services or servers or networks connected to the Services;
• Reverse engineer, decompile, or disassemble any part of the Services;
• Remove, alter, or obscure any proprietary notices on the Services.

5. Health Disclaimer

The Services are for informational and educational purposes only and are not intended to be a substitute for professional medical advice, diagnosis, or treatment. The AI-generated insights, scores, and recommendations provided through the Services are not medical advice. Always seek the advice of your physician or other qualified health provider with any questions you may have regarding a medical condition. Never disregard professional medical advice or delay in seeking it because of something you have read or received through the Services.

6. Intellectual Property

The Services and all content, features, and functionality (including but not limited to all information, software, text, displays, images, video, and audio, and the design, selection, and arrangement thereof) are owned by the Company, its licensors, or other providers of such material and are protected by copyright, trademark, patent, trade secret, and other intellectual property or proprietary rights laws.

7. User Content

You retain ownership of any content you submit, post, or display through the Services ("User Content"). By submitting User Content, you grant us a worldwide, non-exclusive, royalty-free license to use, reproduce, modify, and display such content solely for the purpose of providing and improving the Services. You represent and warrant that you own or have the necessary rights to submit User Content and that it does not violate any third party's rights.

8. Termination

We may terminate or suspend your access to the Services immediately, without prior notice or liability, for any reason, including if you breach these Terms. Upon termination, your right to use the Services will cease immediately. You may also terminate your account at any time by deleting your account through the app or contacting us.

9. Disclaimer of Warranties

THE SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DO NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE, OR THAT ANY DEFECTS WILL BE CORRECTED.

10. Limitation of Liability

TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT SHALL THE COMPANY, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, OR LICENSORS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, USE, OR GOODWILL, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE SERVICES, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, EVEN IF WE HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

11. Indemnification

You agree to indemnify, defend, and hold harmless the Company and its affiliates, officers, directors, employees, agents, and licensors from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses, or fees (including reasonable attorneys' fees) arising out of or relating to your violation of these Terms or your use of the Services.

12. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict of law provisions. Any disputes arising out of or relating to these Terms or the Services shall be resolved exclusively in the state or federal courts located in Delaware.

13. Changes to Terms

We reserve the right to modify these Terms at any time. If we make material changes, we will notify you by posting the updated Terms on the Services with a new effective date. Your continued use of the Services after such changes constitutes your acceptance of the modified Terms.

14. Severability

If any provision of these Terms is held to be invalid or unenforceable, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions of these Terms shall remain in full force and effect.

15. Entire Agreement

These Terms, together with the Privacy Policy and any other legal notices published by us on the Services, constitute the entire agreement between you and the Company regarding your use of the Services and supersede all prior and contemporaneous agreements, proposals, or representations, written or oral.

16. Contact Information

If you have any questions about these Terms, please contact us at: support@saluslabshq.com