Tesigo ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our mobile application.
1. Information We Collect
1.1 Personal Information You Provide
- Phone Number: Used for account authentication via SMS verification
- Name: To personalize your experience
- Profile Picture: Optional, to customize your profile
- Health Information: Including skin health objectives, treatment plans, and behavior codes provided by your healthcare provider
1.2 Conversation Data
- Chat Messages: Text conversations you have with our AI assistant
- Health-Related Information: Any health concerns, symptoms, or questions you share during conversations
1.3 Automatically Collected Information
- Device Information: Device type, operating system, app version
- Usage Data: How you interact with the app, features used, navigation patterns
- Push Notification Tokens: To send you important notifications
- Error and Performance Data: Crash reports and app performance metrics
1.4 Shopping Information
- Cart Data: Products you browse and add to your cart within the app
- Note: When you proceed to checkout, you are redirected to an external Shopify store where checkout data is collected by Shopify directly, not by us
2. How We Use Your Information
We use your information to:
- Provide personalized AI-powered health recommendations
- Process and respond to your conversations with our AI assistant
- Authenticate your identity and secure your account
- Send important notifications about your treatment plans
- Improve our app's performance and user experience
- Provide customer support
- Analyze usage patterns to enhance our services
- Facilitate product browsing and redirect to Shopify for secure checkout
3. Third-Party AI Services
IMPORTANT: Your conversations are processed using artificial intelligence technology.
3.1 OpenAI
We use OpenAI's GPT-4o model to power our AI conversational assistant. When you chat with our assistant:
- What data is sent: Your conversation messages, health objectives, and relevant profile information are sent to OpenAI through our secure backend servers
- Why we share this data: To generate personalized, intelligent responses to your health-related questions
- OpenAI's data handling: OpenAI processes your data according to their privacy policy. We use OpenAI's API services, and your data is not used to train OpenAI's models
- Data security: All data transmitted to OpenAI is encrypted and sent through our secure backend API
For more information about OpenAI's data practices, visit: https://openai.com/privacy
4. Other Third-Party Services
4.1 Microsoft Clarity (Analytics)
- Purpose: To understand how users interact with our app and improve user experience
- Data collected: Session recordings, interaction patterns, navigation flows, anonymized usage statistics
- Privacy: Clarity collects aggregated analytics data. No personally identifiable health information is intentionally shared
4.2 Sentry (Error Tracking)
- Purpose: To detect and fix technical issues and crashes
- Data collected: Error logs, crash reports, device information, and some contextual user data
- Note: Sentry may collect IP addresses and user context to help us debug issues
- Privacy: We configure Sentry to minimize personal data collection, but some technical data is necessary for error resolution
4.3 Shopify (E-commerce)
- Purpose: To complete product purchases through external checkout
- Data sharing: We do NOT send your personal data to Shopify. When you proceed to checkout, you are redirected to Shopify's checkout page (theskinplan.es)
- What Shopify collects: Once redirected, Shopify collects checkout and payment information directly from you according to their own privacy policy
- Privacy: We do not store or have access to your payment information. All transactions are processed directly by Shopify (PCI-DSS compliant)
4.4 Expo Push Notifications
- Purpose: To send you important notifications about your treatment plans and messages from your healthcare provider
- Data collected: Device push notification tokens
- Privacy: We only send notifications relevant to your healthcare and app usage
5. Data Retention
- Account Data: Retained as long as your account is active
- Conversation History: Stored to provide continuity in your healthcare journey and improve recommendations
- Analytics Data: Retained for up to 24 months
- Error Logs: Retained for up to 90 days
- Deleted Account Data: Permanently deleted within 30 days of account deletion request
6. Data Security
We implement industry-standard security measures to protect your data:
- Encryption: All data transmitted between your device and our servers uses HTTPS/TLS encryption
- Secure Storage: Authentication tokens are stored securely using encrypted device storage
- Access Controls: Limited employee access to personal data, granted only when necessary
- Regular Security Audits: Ongoing monitoring and security assessments
7. Your Privacy Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Update or correct your personal information
- Deletion: Request deletion of your account and associated data
- Opt-Out: Disable analytics or revoke AI data sharing consent (note: this may limit app functionality)
- Data Portability: Request your data in a portable format
To exercise these rights, contact us at: privacy@tesigo.com
8. Children's Privacy
Our app is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
9. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including the United States where OpenAI's servers are located. We ensure appropriate safeguards are in place for such transfers.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- Displaying a prominent notice in the app
- Requesting renewed consent if required
- Updating the "Last Updated" date at the top of this policy
Continued use of the app after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices:
Email: privacy@tesigo.com
Website: https://tesigo.com/privacy
Address: [Your company address]
For data protection inquiries in the EU, you may also contact our Data Protection Officer at: dpo@tesigo.com
12. Legal Compliance
We comply with applicable data protection laws, including:
- General Data Protection Regulation (GDPR) for EU users
- California Consumer Privacy Act (CCPA) for California residents
- Health Insurance Portability and Accountability Act (HIPAA) guidelines where applicable
By using Tesigo, you acknowledge that you have read and understood this Privacy Policy and consent to our data practices as described herein.