Personalized demo

Privacy Policy

Last updated: March 20, 2025

Eight Investments JSC, a company registered in Bulgaria, UIC 206291447 (“we”, “Healee”, “us”), takes your privacy and the security of your information very seriously.

We are committed to protecting all your personal data, including confidential personal and health data.

Why do we process your personal data and who is responsible for it?

In order to comply with applicable data protection legislation (including, but not limited to, the General Data Protection Regulation (EU) 2016/679 (“GDPR”)), the company responsible for protecting your personal data, as the data controller, is Eight Investments JSC, UIC 206291447 (“the Company”, “we”, “us”).

Our services are provided through the Application, which is an online platform that allows healthcare and wellness professionals (“Health and Social Professionals”) to communicate with you (“Patient” or “Patients”) to provide you with remote health and medical assistance based on the medical history you report to the Health and Social Professionals (“Services”). For this purpose, the Application processes your data.

The Company is the controller for the data it processes in connection with the Application, namely data of visitors and users, including Health and Social Professionals.

When, as a registered user of the Application, you use a service, the Health and Social Professionals process your data according to their knowledge and professional qualifications. They are data controllers regarding the consultations and communications they perform with you, as they process patient data on their own legal basis—a contract with the Patient for the provision of remote health or medical assistance, determining the scope and type of data they process and how this is done. As data controllers, Health and Social Professionals bear full responsibility for the processing of your personal data. Our role in these relationships is as a data processor, and we are responsible to the extent defined by applicable law.

What personal data do we process?

Data you provide

When you use Healee, you register by creating your personal account in the Application and you will be required to provide an email address. Alternatively, you can log in using a social network account such as Google or Facebook.

In all cases, we do not have access to your email account data or your social network account data. The connection data we use solely for authentication is always stored encrypted on our servers (see “Where and how we store your data”).

Profile data

You may choose to add the following data to your profile:

  1. First and last name
  2. Year of birth
  3. Gender
  4. Hair and eye color
Health data

You may choose to enter various health and medical data into the Application.

Bank card information

This information is required when and if you decide to use a paid service through the Application.

The following rules apply to the data you provide:

  1. You can change, update, or delete any data you have entered in Healee, except for the email address you registered with. Once deleted, all data is permanently removed. This applies to all types of data listed above.
  2. We also do not have access to the images and messages you exchange with doctors. All such data is stored encrypted on our servers and, apart from you, only the doctors have access to it (see “Where and how we store your data”).
  3. Payments for services you use through the Application are made via a registered payment service provider, who collects and processes the information necessary to provide the payment service. They may make available to you a feature on their platform that allows certain card data to be saved for easier and faster future payments. Activating and using this feature is entirely up to you. We do not store credit or debit card information. Through the registered payment service provider’s platform, we have access to limited information about your payments solely to verify that the selected service in the Application has been paid for, for accounting and tax purposes.
Data we may collect

You have the option to allow us to import data from Apple HealthKit into the Application. If and when you do so, the following data you enter into Apple HealthKit will be automatically imported into Healee:

  1. Vital signs (body temperature, blood pressure, heart rate, respiratory rate, blood sugar)
  2. Height
  3. Weight

We will process the information we import from Apple HealthKit and display it in the Application in accordance with this Privacy Policy.

If you wish to upload a photo/recording to the Application, access to your device’s camera, microphone, or audio may be requested. This is only an option for which you will be explicitly asked for permission. If you grant the Application access to this data, its use will be limited solely to the time and performance of the specific action you desire (e.g., uploading a photo).

Children’s data

We do not process children’s data. The Application may be used by a guardian or parent exercising parental rights for the purpose of obtaining remote medical or social assistance for their child. In this case, the child’s data is processed based on the consent of the guardian/parent exercising parental control.

Data processing for statistical purposes

Healee reserves the right to process user data of the Application for the purpose of analyzing its usage, improving services, and developing new features in compliance with Article 9, paragraph 2, point (j) of the GDPR. Such processing is carried out only after the data has been anonymized and with the necessary technical and organizational security measures in place. In no case does Healee access personal and/or sensitive personal data that could identify a data subject, nor does it use such data for profiling.

Do we share your personal data with anyone?

Information we may disclose to third parties
  1. To Health and Social Professionals so they can provide you with the services you have requested
  2. To directly related companies if we are legally required to do so as part of efforts to prevent fraud and reduce credit risk
  3. To competent tax and other government authorities, as well as to Company partners (e.g., a company conducting independent financial audits or lawyers for establishing, exercising, and defending legal claims)
Information you may share with third parties

If you wish, Healee allows you to partially or fully share your data with third parties by providing them with a special link leading to and displaying specific data you have shared. These third parties may be:

  1. Your personal doctor or any other doctor who is not part of the Platform and with whom you want to share data for consultative/diagnostic/therapeutic purposes
  2. Other people with whom you want to share part of your personal and/or health information. For example, users of a web forum dedicated to your health issue whom you want to ask for advice/opinion

You set the parameters for data sharing—exactly what type of information is included, for what period of time, and you bear full responsibility for this. For example, you may share all your health data entered in the last three months. You can deactivate data sharing at any time, thereby revoking access for all parties to whom you have sent it.

We do not share your phone number

We do not share your phone number with third parties for marketing or promotional purposes.

How may we use your data

  1. To facilitate Health and Social Professionals’ access to essential information related to the provision of their services when you have requested them
  2. To process your payments for services we have provided to you through the Platform
  3. To notify you if we change or update the software and related infrastructure
  4. To administer our systems and troubleshoot potential issues
  5. To inform you about new features that we believe may be useful to you
  6. For analysis and business intelligence purposes, product development, and system and metric improvement

Where and how do we store your data

We do not store your data on your device. All your personal data and health information are stored on secure servers in the USA, in accordance with the EU-U.S. Data Privacy Framework.

We do not store any credit or debit card information. This information is processed and stored by a payment service provider in accordance with GDPR regulations and payment instrument security standards.

All your data transmitted between your device and our servers is encrypted using Secure Socket Layer (SSL) cryptographic protocol technology.

All personal data that could potentially identify you, such as email address, images, and messages, is encrypted not only before transmission but also while stored or processed on our servers.

We retain your personal data for the period necessary to fulfill the purposes for which it was collected, unless the law requires longer retention.

What is the legal basis for processing your data?

We process your personal data for the purposes stated above based on your consent; you voluntarily download, use, and provide data to the Application.

Your explicit consent is also the basis for processing special categories of data, namely information about your health status. Although we do not see this information, as it is only accessible to you and your chosen Health and Social Professional, we process it encrypted through the Application so it can function and fulfill its purpose.

We also process anonymized data for analysis and business development, product development, and system and metric improvement based on our legitimate interest, namely to constantly improve and develop our products and services.

Transfer of personal data

The personal data you provide to the Application will be collected, processed, stored, disclosed, and destroyed in accordance with the applicable laws of Bulgaria and the EU, the Terms and Conditions, and this Privacy Policy.

This data may be stored on servers located outside your local jurisdiction.

Transfer of your data to countries outside the European Economic Area (EU, Norway, Iceland, and Liechtenstein) is carried out only with adequate data protection measures in place in accordance with Regulation (EU) 679/2016. The protection of your information remains with your data.

What are your rights?

Under the GDPR, you have the following rights:

  • Access your personal data;
  • Rectify inaccurate or incomplete data;
  • Erase data (“right to be forgotten”);
  • Restrict processing;
  • Data portability;
  • Object to processing;
  • The right to lodge a complaint with the Commission for Personal Data Protection (CPDP).

Changing the email with which you are registered on the Platform does not fall under any of the above categories and cannot be performed under any circumstances.

You can exercise the following rights directly in the Application:

  • Delete your data via “Settings”, “Delete your account”. Please note that deleting the Application from your device does not delete the data from your account
  • Correct your data by directly editing the information in your profile in the Application
  • Data portability via “Settings”, “Export”
  • Access to data is provided when you access your profile in the Application
  • Through the “Feedback” field, you can exercise any other of your rights

You can exercise your other data protection rights by contacting us at support@healee.com.Upon receiving your request, we will verify your identity to prevent unauthorized access to personal data. Requests are processed within one month of receipt, which may be extended by two more months in case of complexity or a large number of requests, in accordance with Article 12, paragraph 3 of the GDPR.

Please note that despite your right to submit a request to exercise your rights as a data subject, we, as a data controller, are not unconditionally obliged to fulfill it if there are legal grounds for retaining the data, in accordance with Article 17, paragraph 3 of the GDPR.

If the request cannot be fulfilled, you will be informed of the reasons for the refusal, as well as your right to lodge a complaint with a supervisory authority.

Your consent, which is the basis for processing your personal data, may be withdrawn at any time, without affecting the lawfulness of processing before its withdrawal. You can practically withdraw your consent by removing your data from the Application.

Your personal data is not subject to automated decision-making, including profiling.

You have the right to lodge a complaint regarding the way we process your data with the Commission for Personal Data Protection or you can contact us atsupport@healee.comfor more information about exercising your rights.

Changes to the Privacy Policy

We reserve the right to change this Privacy Policy at any time without notice. You will be notified of such changes upon your next login to the platform.