Privacy Policy

This Privacy Policy applies to the AViTA Toolbox mobile application and any related services operated by AViTA Corporation (collectively, the “Application”). AViTA Corporation is referred to in this Privacy Policy as “AViTA,” “we,” “us,” or “the Service Provider.”

This Privacy Policy explains what data the Application may process, how that data is used, how third-party services may be involved, and what choices and rights may be available to users under applicable privacy laws.

The Application is intended to support Bluetooth-enabled health measurement workflows and may provide AI-assisted interpretation of measurement values. The AI response is for informational data interpretation only and does not constitute medical diagnosis, medical advice, treatment recommendation, or emergency guidance.

1. Information We May Process

Depending on the features used, the Application may process the following categories of information:

Health measurement values: Measurement values received from supported Bluetooth devices or displayed in the Application, such as body temperature, blood pressure, heart rate, and SpO2. These values are processed to display measurement results and, when the AI analysis feature is used, to generate an AI-assisted interpretation.

Bluetooth device and connection information: Information needed to scan for, connect to, and communicate with supported Bluetooth devices, such as device names, service identifiers, signal status, connection state, and measurement-related communication data. On certain operating systems or platform versions, Bluetooth device scanning may require location-related permission. This permission is used only to enable Bluetooth device discovery and connection. The Application does not collect, store, track, or use your precise geographic location or GPS location for this purpose.

Anonymous authentication and security identifiers: The Application may use Firebase Anonymous Authentication and Firebase App Check. These services may generate anonymous identifiers, attestation tokens, or verification information to help secure requests, control usage, and protect the service from abuse.

Remote configuration and service settings: The Application may retrieve configuration values from Firebase Remote Config, such as AI model settings, feature enablement flags, usage limits, and system instructions.

Technical and service metadata: The Application or third-party service providers may process limited technical information necessary to operate the service, such as app version, operating system version, approximate request time, service endpoint, request success or failure status, model name, error category, and response length. We do not intentionally include health measurement values in production diagnostic logs.

2. AI Analysis Using Firebase AI Logic / Gemini

When the AI analysis feature is used, the Application sends the currently displayed measurement values to Google Firebase AI Logic / Gemini services to generate an objective interpretation of the provided data.

The AI analysis feature does not require users to provide names, phone numbers, email addresses, or other direct personal identifiers. However, the AI request may be associated with technical service information such as Firebase Anonymous Authentication identifiers, App Check verification, and request metadata necessary to provide and protect the service.

AViTA does not store the health measurement values submitted for AI analysis on its own servers, Firebase Database, or Firebase Analytics. The values are transmitted to the third-party AI service for the purpose of generating the response displayed within the Application.

Google Firebase and Gemini may process submitted prompts and generated responses according to Google’s applicable terms and privacy policies. Users should review Google’s terms and privacy documentation for information about Google’s processing practices.

AI-generated responses are not medical diagnoses, treatment recommendations, or emergency instructions. If the data appears abnormal, if the person feels unwell, or if values remain abnormal, qualified healthcare professionals should be consulted through proper medical channels.

3. How We Use Information

We use information processed through the Application for the following purposes:

To scan for, connect to, and communicate with supported Bluetooth health measurement devices.

To display measurement results in the Application.

To generate AI-assisted interpretation when the user actively uses the AI analysis feature.

To authenticate requests anonymously, verify app integrity, prevent misuse, and control usage of AI services.

To deliver service configuration, feature settings, and operational notices.

To comply with applicable legal obligations and protect the rights, safety, and security of users, AViTA, and third parties.

The Application does not use health measurement values for advertising, cross-context behavioral advertising, or product personalization.

4. Third-Party Services

The Application may use third-party services to provide app functionality and service security. These may include:

Google Firebase AI Logic / Gemini: Used to generate AI-assisted interpretations of provided measurement data.

Firebase Anonymous Authentication: Used to create an anonymous authentication state for service access, usage control, and security.

Firebase App Check: Used to help verify that requests come from a legitimate instance of the Application.

Firebase Remote Config: Used to deliver configuration values, such as AI model settings, feature flags, and usage limits.

We do not intend to use Google Analytics for Firebase or Firebase Crashlytics unless those services are separately integrated and disclosed. If additional third-party services are added, this Privacy Policy should be updated accordingly.

5. Data Sharing and Disclosure

We may share or disclose information as follows:

With third-party service providers that help operate the Application, including Google Firebase and Gemini, to the extent necessary to provide the relevant functionality.

When required by law, court order, subpoena, or similar legal process.

When we believe in good faith that disclosure is necessary to protect our rights, protect user safety or the safety of others, investigate fraud, prevent abuse, or respond to a government request.

In connection with a business transaction, such as a merger, acquisition, reorganization, or sale of assets, subject to appropriate safeguards where required by law.

We do not sell personal information for money, and we do not use health measurement values for cross-context behavioral advertising.

6. Cookies, SDKs, and Similar Technologies

The Application is a mobile application and does not rely on traditional website cookies in the same way as a browser-based website. However, the Application and its third-party SDKs may use mobile SDK technologies, tokens, identifiers, or similar mechanisms to provide functionality, verify app integrity, secure requests, and deliver service configuration.

Where required by applicable law, consent will be obtained before using non-essential tracking technologies. The Application does not use advertising tracking technologies unless separately disclosed.

7. Data Retention

AViTA does not store the health measurement values submitted for AI analysis on its own servers, Firebase Database, or Firebase Analytics.

Measurement values may remain temporarily visible in the Application interface as part of normal app operation. The user may clear the displayed measurement values within the Application where the relevant function is provided, or stop further processing by not using the AI analysis feature.

Anonymous authentication identifiers, App Check verification data, Remote Config records, service logs, and security-related metadata may be retained by the relevant third-party providers according to their own retention practices and applicable law.

Information required for legal compliance, security, fraud prevention, dispute resolution, or enforcement of rights may be retained for as long as necessary or required by law.

Users may contact us to request deletion of personal data that AViTA controls, subject to legal obligations and technical limitations.

8. International Data Transfers

The Application and its third-party service providers may process data in countries other than the country where the user resides. Data protection laws in those countries may differ from local laws.

Where applicable law requires safeguards for international transfers, AViTA or its service providers will use appropriate mechanisms, such as Standard Contractual Clauses approved by the European Commission, adequacy decisions, other legally recognized transfer mechanisms, or consent where legally permitted and required.

9. User Rights and Choices

Depending on the user’s location and applicable law, users may have the right to request access to, correction of, deletion of, restriction of, or portability of personal data. Users may also have the right to object to certain processing or withdraw consent where processing is based on consent.

To exercise privacy rights or ask questions about privacy practices, contact AViTA at app_rd@avita.com.tw.

Users can stop further collection of information from the mobile device by uninstalling the Application. Uninstalling the Application does not automatically delete information that has already been transmitted to AViTA or third-party service providers.

10. California Privacy Rights

If you are a California resident, you may have rights under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), including the right to know what personal information is collected, the right to request deletion, the right to correct inaccurate personal information, the right to opt out of sale or sharing, the right to limit certain uses of sensitive personal information, and the right not to be discriminated against for exercising these rights.

AViTA does not sell personal information for money and does not knowingly share personal information for cross-context behavioral advertising through the Application.

To exercise California privacy rights, contact AViTA at app_rd@avita.com.tw.

11. Children

The Application is not directed to children under 16 years of age, or such higher age as may be required by applicable law. AViTA does not knowingly solicit personal data from children or market the Application to children.

If a child has provided personal data through the Application, a parent or legal guardian may contact AViTA at app_rd@avita.com.tw to request appropriate action.

Where required by applicable law, users under the age of digital consent must use the Application only with consent and supervision from a parent or legal guardian.

12. Security

AViTA uses reasonable administrative, technical, and organizational safeguards designed to protect information processed through the Application. The Application also uses Firebase App Check and related security mechanisms to help verify app integrity and reduce abuse of AI services.

No method of transmission or electronic storage is completely secure. AViTA cannot guarantee absolute security of information transmitted through the Application or processed by third-party services.

13. Data Breach Notification

If a data breach occurs that affects personal data controlled by AViTA, AViTA will notify affected individuals and/or regulators in accordance with applicable legal requirements.

14. Medical Disclaimer

The Application and AI analysis feature provide informational interpretation of supplied measurement data only. They do not constitute medical diagnosis, medical advice, treatment recommendation, or emergency guidance.

For any medical needs, physical discomfort, or persistently abnormal readings, users should consult qualified healthcare professionals through proper medical channels.

15. Changes to This Privacy Policy

AViTA may update this Privacy Policy from time to time. Material changes will be indicated by updating the effective date and, where required by law, by providing additional notice or seeking consent before the changes take effect.

This Privacy Policy is effective as of 2026-06-08.

16. Contact Us

If you have questions about this Privacy Policy or privacy practices related to the Application, contact AViTA at app_rd@avita.com.tw.