Legal Documents

INTRODUCTION

Wizey.One ("we," "our," "us," or the "Company") is committed to protecting the privacy and security of your personal information and health data. This Privacy Policy explains in detail how we collect, use, share, and protect your information when you use our website (wizey.one), mobile application, API services, and related services (collectively, the "Services"). Our Services are designed to provide AI-powered analysis of medical test results and health-related recommendations. We understand the sensitive nature of health information and maintain strict compliance with applicable healthcare privacy laws and regulations, including:

We encourage you to read this Privacy Policy carefully to understand our practices regarding your information and how we treat it. We adhere to the principle of data minimization, collecting only the information necessary to provide our Services. We process sensitive health data only with your explicit consent, which you may withdraw at any time.

• The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations
• The General Data Protection Regulation (EU) 2016/679 (GDPR)
• The California Consumer Privacy Act (CCPA)
• State-specific healthcare privacy laws
• Other applicable international data protection laws

DEFINITIONS

To help you better understand this Privacy Policy, we use the following defined terms:

"Protected Health Information" (PHI):

Any individually identifiable health information that is created, received, maintained, or transmitted by healthcare providers, health plans, and healthcare clearinghouses that is transmitted by electronic media, maintained in electronic media, or transmitted or maintained in any other form or medium.

"Personal Data":

Any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

"Special Categories of Personal Data":

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a person's sex life or sexual orientation.

"Processing":

Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

"Data Controller":

The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

"Data Processor":

A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

"User," "you," or "your":

Any individual who uses our Services, including patients, healthcare providers, and other authorized users.

SCOPE OF THIS POLICY

This Privacy Policy applies to all personal information and health data collected through our Services, including:

• Information provided directly by users
• Information collected automatically through our Services
• Information received from third parties

INFORMATION WE COLLECT

You are responsible for ensuring the accuracy of the information you provide.

• Personal identification information (e.g., name, email address)
• Health-related information (e.g., medical history, test results) with your explicit consent
• Technical information (e.g., IP address, device information)
• Usage data (e.g., service interactions, preferences)

HOW WE USE YOUR INFORMATION

We use collected information for the following purposes:

• Providing and improving our Services
• Personalizing user experience
• Analyzing health data and providing recommendations with your consent
• Communicating with users
• Complying with legal obligations

LEGAL BASIS FOR PROCESSING

We process personal information based on the following legal grounds:

• Performance of a contract
• Explicit consent for health data
• Legitimate interests (e.g., service improvement)
• Compliance with legal obligations

DATA STORAGE AND SECURITY

While we take all reasonable steps to secure your data, no system is entirely immune to cyber threats.

• Encryption of data in transit and at rest (e.g., AES-256)
• Regular security audits and penetration testing
• Access controls and multi-factor authentication
• Incident response procedures

SHARING AND DISCLOSURE OF INFORMATION

We may share information only with:

• Service providers and partners bound by data protection agreements
• Legal authorities when required by law
• Affiliated companies under strict safeguards
• In connection with business transfers, with notice to users

YOUR RIGHTS AND CHOICES

You have the following rights regarding your data:

• Access and rectification
• Data portability
• Withdrawal of consent at any time
• Deletion of data
• Objection to processing

INTERNATIONAL DATA TRANSFERS

We assess the adequacy of data protection in receiving countries.

• Standard Contractual Clauses (SCCs) per GDPR
• Adequacy decisions by relevant authorities
• Binding corporate rules

DATA RETENTION

We retain data only as long as necessary:

• For the purposes for which it was collected
• To comply with legal obligations
• To resolve disputes

CHILDREN'S PRIVACY

Our Services are not directed to children under 16:

• We do not knowingly collect children's data
• Parental consent is required for users under 16, verified per applicable laws (e.g., COPPA, GDPR)
• Parents can request deletion of children's data

CHANGES TO THIS POLICY

Continued use of the Services constitutes acceptance of updates.

• Through our website
• Via email notification
• Through in-app notifications

CONTACT INFORMATION

For questions about this policy, contact us at:

• Email: [email protected]
• Address: Wizey.One, Dostyk, 180, Almaty, Kazakhstan

JURISDICTION-SPECIFIC PROVISIONS

Additional provisions for specific jurisdictions:

• California Consumer Privacy Act (CCPA) rights
• GDPR rights for EU residents
• Other regional data protection laws

INTRODUCTION AND ACCEPTANCE

Acceptance of Terms

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by these Terms. If you do not agree, you must not access or use our Services.

Modifications

Your continued use of the Services after such modifications constitutes your acceptance of the updated Terms.

• Email notification
• Platform notifications
• Website announcements

DEFINITIONS

Key Terms

• "Services" refers to all products, services, content, features, technologies, or functions offered by Wizey.One.
• "User" means any individual or entity that accesses or uses the Services.
• "Healthcare Provider" means any licensed medical professional or healthcare institution using our Services.
• "Content" includes all text, data, information, software, graphics, photographs, and other materials.
• "User Content" means any content submitted, posted, or transmitted by users.

SERVICE DESCRIPTION

Core Services

Wizey.One provides:

• AI-powered analysis of medical test results
• Health insights and recommendations
• Data storage and management
• Healthcare provider tools
• API integration capabilities

Service Limitations

Our Services:

• Are not a substitute for professional medical advice
• Do not provide medical diagnosis
• Do not constitute a doctor-patient relationship
• Are for informational purposes only
• May have temporary interruptions for maintenance or unforeseen events

ELIGIBILITY AND REGISTRATION

Basic Requirements

To use our Services, you must:

• Be at least 18 years old
• Have legal capacity to enter into contracts
• Provide accurate registration information
• Maintain current contact information
• Comply with applicable laws

Healthcare Provider Requirements

Healthcare providers must:

• Maintain valid professional licenses
• Provide proof of credentials
• Update professional information
• Comply with medical regulations
• Maintain appropriate insurance

Account Security

You are responsible for:

• Maintaining account confidentiality
• All activities under your account
• Notifying us of unauthorized access
• Securing access credentials
• Regular password updates

USER OBLIGATIONS

General Obligations

Users must:

• Provide accurate and complete information
• Use Services appropriately
• Maintain account security
• Report suspicious activity
• Comply with all applicable laws

Healthcare Provider Obligations

Healthcare providers must:

• Maintain professional standards
• Protect patient privacy
• Obtain necessary consents
• Document patient interactions
• Follow medical protocols

Content Guidelines

Users agree to:

• Post appropriate content
• Respect intellectual property
• Maintain accuracy
• Avoid misleading information
• Follow community standards

MEDICAL DISCLAIMER

Not Medical Advice

IMPORTANT: Our Services do not provide medical diagnoses or professional medical advice. AI-powered analysis is for informational purposes only and must be interpreted by a qualified healthcare provider. We are not responsible for any decisions made based on our analysis.

• Do not substitute for professional care
• Should not be used in emergencies
• Are for informational purposes only
• Require professional interpretation

Healthcare Decisions

Users should:

• Consult healthcare providers
• Verify all information
• Consider multiple sources
• Make informed decisions
• Seek emergency care when needed

INTELLECTUAL PROPERTY

Ownership

We retain all rights to:

• Platform technology
• Algorithms and analytics
• User interface design
• Branding and trademarks
• Service improvements

License Grant

Users receive:

• Limited use license
• Non-transferable rights
• Non-exclusive access
• Revocable permissions
• Personal use rights

Restrictions

Users may not:

• Copy or modify Services
• Reverse engineer code
• Extract algorithms
• Resell or sublicense
• Create derivative works

SUBSCRIPTION AND PAYMENTS

Pricing Plans

We offer:

• Individual subscriptions
• Professional plans
• Enterprise solutions
• Custom packages
• Trial periods

Payment Terms

Users agree to:

• Pay fees when due
• Maintain valid payment methods
• Update billing information
• Accept automatic renewals
• Pay applicable taxes

Refunds

Our refund policy:

• 30-day satisfaction guarantee
• Pro-rated refunds
• Service credit options
• Dispute resolution
• Processing timeframes

DATA USE AND PRIVACY

Data Collection

We collect:

• Account information
• Usage data
• Medical test results
• Payment details
• Communication records

Data Protection

We implement:

• Security measures
• Privacy controls
• Access restrictions
• Encryption protocols
• Backup systems

Data Rights

Users maintain:

• Access rights
• Correction rights
• Deletion rights
• Portability rights
• Privacy choices

PROHIBITED ACTIVITIES

General Prohibitions

Users may not:

• Violate laws or regulations
• Infringe others' rights
• Transmit harmful code
• Interfere with Services
• Abuse platform resources

Content Restrictions

Prohibited content includes:

• Illegal material
• Harmful content
• False information
• Spam or solicitation
• Unauthorized advertising

Technical Restrictions

Users may not:

• Hack or breach security
• Overload systems
• Scrape data
• Modify headers
• Bypass restrictions

TERMINATION

Termination by User

Users may terminate by:

• Canceling subscription
• Deleting account
• Providing written notice
• Completing exit survey
• Requesting data export

Termination by Wizey.One

We may terminate or suspend access at our discretion for:

• Violation of these Terms
• Payment default
• Fraudulent activity
• Legal requirements
• Protection of our interests

Effects of Termination

Upon termination:

• Access rights cease
• Data retention applies per legal requirements
• Fees are settled
• Certain obligations continue
• Records are archived

LIABILITY AND DISCLAIMERS

Warranty Disclaimer

Services are provided "AS IS":

• No warranties of merchantability or fitness
• No guarantees of accuracy
• No performance promises
• No availability commitments
• No uninterrupted service guarantee

Limitation of Liability

Our maximum liability is limited to the amount paid by you for the Services in the past 12 months, unless prohibited by law.

• Indirect, incidental, or consequential damages
• Lost profits or data
• Service interruptions

Force Majeure

We are not liable for failures due to:

• Natural disasters
• Technical failures beyond our control
• Government actions
• Network issues
• Cyberattacks

INDEMNIFICATION

User Indemnification

You agree to indemnify and hold us harmless from any claims arising from:

• Your violation of these Terms
• Your violation of applicable laws
• Your misuse of the Services
• Infringement of third-party rights
• Inaccurate data provided by you

Scope of Indemnification

Coverage includes:

• Legal fees
• Settlement costs
• Court expenses
• Investigation costs
• Related damages

Cooperation

You must:

• Provide prompt notice
• Cooperate in defense
• Maintain records
• Share information
• Support resolution

DISPUTE RESOLUTION

Informal Resolution

Initial steps:

• Direct communication
• Good faith negotiation
• Mediation option
• Management escalation
• Written documentation

Arbitration

If informal resolution fails:

• Binding arbitration in Almaty, Kazakhstan
• Selected neutral forum
• Cost sharing per agreement
• Confidential proceedings
• Limited appeals

Class Action Waiver

You waive rights to:

• Class actions
• Group litigation
• Representative suits
• Mass claims
• Consolidated proceedings

GENERAL PROVISIONS

Governing Law

These Terms are governed by the laws of Kazakhstan, excluding conflict of law principles.

Severability

If any provision is invalid:

• Remainder continues
• Modified to comply
• Interpreted fairly
• Replaced if needed
• Purpose maintained

Assignment

Rights and obligations:

• Non-transferable by users without consent
• Assignable by us with notice
• Subject to approval
• Include successors

Entire Agreement

These Terms constitute the complete agreement between you and us.

Contact Information

For legal notices: [email protected], Wizey.One, Dostyk, 180, Almaty, Kazakhstan

DATA COLLECTION AND PROCESSING OVERVIEW

Our processing activities include:

• AI-powered analysis of medical test results
• Health trend analysis and recommendations
• Service optimization and improvement
• Security and fraud prevention
• Regulatory compliance

LEGAL BASIS FOR PROCESSING

We process personal data under the following legal bases:

• Explicit consent for health data processing, revocable at any time
• Contractual necessity for service provision
• Legal obligations under healthcare regulations
• Legitimate interests for service improvement
• Public health purposes where applicable

DATA PROCESSING PROCEDURES

Our data processing procedures include:

• Initial data collection and verification
• Secure storage and encryption
• AI-powered analysis and processing
• Regular data quality assessments
• Automated and manual data updates

DATA SECURITY MEASURES

We notify you within 72 hours of any data breach, per GDPR.

• End-to-end encryption for all health data (e.g., AES-256)
• Multi-factor authentication for access
• Annual security audits and penetration testing
• Access control and monitoring
• Incident response procedures

DATA RETENTION AND DELETION

Data is returned or deleted at the controller's request unless legally required to retain.

• Compliance with medical record retention laws
• Secure data deletion procedures upon request or contract end
• Regular data minimization reviews
• Automated retention period management
• Data backup and recovery protocols

THIRD-PARTY PROCESSORS

We work with carefully selected processors who:

• Meet our strict security requirements
• Sign comprehensive data processing agreements
• Undergo regular compliance audits
• Require prior controller approval per GDPR
• Maintain adequate insurance coverage

INTERNATIONAL DATA TRANSFERS

For international data transfers, we ensure:

• Compliance with cross-border transfer regulations
• Implementation of Standard Contractual Clauses (SCCs)
• Assessment of receiving country adequacy
• Data localization where required
• Transfer impact assessments

DATA SUBJECT RIGHTS

We support the following data subject rights:

• Right to access and portability
• Right to rectification and erasure
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent

AUTOMATED DECISION MAKING

Regarding automated decision-making:

• Transparency about AI-powered analysis
• Human oversight of automated decisions
• Right to contest automated decisions
• Alternative assessment options
• Regular algorithm audits

DATA PROTECTION IMPACT ASSESSMENTS

We conduct DPIAs for:

• New processing activities
• Technology updates
• High-risk processing operations
• Large-scale data processing
• Sensitive data handling

LIABILITY

Controllers may audit our processes with 30 days' notice, at their expense.

• Direct damages caused by our negligence
• Amount paid under this agreement
• Excludes liability for controller-provided data inaccuracies