Privacy Policy
Effective date: May 21, 2026
Shanghai Yuhuan Technology Co., Ltd. (“we”, “us”, and/or “our”) operates the KapiHealth mobile application (the “Services”). This Privacy Policy (the “Policy”) describes how we collect, store, use, and share information through our Services.
We care about the protection and confidentiality of your information. We process your personal information only as described in this Policy. If you have any questions regarding this Policy, please contact us according to the information listed below under the Section “Contact Us”.
1. PERSONAL INFORMATION WE COLLECT
For the purpose of this Policy, “personal information” means any information relating to an identified or identifiable individual. In certain jurisdictions, this may be referred to as “personal data”. However, for the sake of consistency, this Policy will use the term “personal information” throughout to refer to such data. Anonymized information does not constitute personal information.
1.1. Information you provide
Through your use of the Services, you may provide us with the following information:
Account Data. This includes your phone number and verification code.
When you use our Service, you may create an account with your information to complete the registration and become our user. If you refuse to provide Account Data for registration and login, we may be unable to offer you our Services.
1.2. Information we collect from third parties
When you use our Services, we will collect your information from Apple HealthKit.
Workout and Activity Data: steps, active energy burned, stand hours, workout hours
Health Data: heart rate, resting heart rate, heart rate variability (HRV), blood oxygen saturation, menstruation (if applicable)
Other Metric Data: sleep analysis, respiratory rate, caffeine intake, environmental sound level.
Third-party Account Data: When you log in using your third-party platform account, such as Apple or Google, we will collect your account information to bind your KapiHealth account.
1.3. Information we collect automatically
We automatically log the following information about you, your network, your interactions over time with our Services and your order information:
Device and Network Data. This includes your IP address, device SN information, clipboard data.
1.4. Cookies and other similar technologies
We and our service providers may use cookies or similar technologies to collect the above data when you access our services. Cookies and other similar technologies are text files stored on your device that uniquely identify and store information generated during your access, and are used to save application settings, cache health data, support troubleshooting and performance analysis, and secure the service.
We will not use cookies for any purposes other than those described in this policy. You may manage or delete cookies according to your preferences. You can clear all cookies saved on your computer or mobile device. However, if you do so, you will need to manually change user settings each time you visit our services.
2. HOW WE USE YOUR INFORMATION
We will only use your personal information when the applicable laws allow us to. Our legal bases for collecting and using the personal information described in this Policy depend on the personal information we collect and the specific context in which we collect the information:
We need to perform a contract with you;
You have given us consent to do so;
In specific jurisdictions, processing your personal information is in our legitimate interests, including
providing, maintaining and marketing our Services;
detecting, preventing and enforcing violations of our Terms of Use including misuse of services, fraud, abuse, and other trust and safety protocols; and
protecting our legal rights and the rights of others.
We need to comply with our legal obligations under the applicable laws.
The purposes for which we process personal information, subject to applicable laws, and the legal basis on which we perform such processing, are as follows:
| Purpose | Type of Personal Information | Legal Basis |
|---|---|---|
| To provide you with functions related to user account management, such as account registration, account deletion, and account login | Account Data Third-party Account Data Device and Network Data | Performance of contract |
| To provide the core functionality of the Services which is providing health management services | Workout and Activity Data Health Data Other Metric Data Device and Network Data | Performance of contract |
| To monitor and protect the Services to ensure the normal operation of the Services you use, including preventing fraud, criminal activity, and misuse of our Services | Account Data Device and Network Data | Performance of contract & Legitimate interests |
| To comply with legal obligations, and defend against legal claims and disputes | Account Information Third-party Account Data Device and Network Data | Legal Obligations, Legitimate interests, Consent, where required by applicable laws |
3. HOW WE SHARE YOUR PERSONAL INFORMATION
In order to provide you with more comprehensive and high-quality Services, we will authorize our commercial partners to provide certain services to you. In such cases, we may share some of your personal information with our partners.
We will only share your personal information for lawful, legitimate, necessary, specific, and explicit purposes, and we will only share the personal information required to provide the Services. We will require our partners, through agreements, to retain data only for the necessary period and to implement adequate security measures to protect data security.
We will disclose personal information to the following categories of third parties for the purposes explained in this Policy:
Affiliates and corporate partners. We disclose the categories of personal information described above between and among our affiliates and related entities, for legitimate business purposes and the operation of the Services, in accordance with applicable laws.
Service providers and business partners. Third-party service providers who provide us with technology services (such as cloud storage services, cybersecurity providers, third-party account login services, and analytics services). These third parties will process your personal information on our behalf under relevant contracts.
Law enforcement agencies, public authorities or other judicial bodies and organizations. We disclose your personal information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process or request; enforce our Terms of Use and other terms, policies, and standards, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our users, a third party or the public as required or permitted by applicable laws (including exchanging information with other companies and organizations for the purposes of fraud protection).
Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, reorganization, partnership, asset sale or other transaction, we may disclose your Information as part of that transaction.
4. HOW WILL WE TRANSFER YOUR DATA AROUND THE WORLD
Your personal data may be processed or transferred outside the country or region where you reside.
We implement appropriate safeguards to ensure that your personal data remains protected in line with this Privacy Policy and applicable laws, and we only transfer your data abroad in compliance with applicable laws and legally recognized transfer mechanisms.
5. HOW WE SECURE YOUR INFORMATION
We place utmost importance on personal information security and implement stringent measures to protect user data. We have designated dedicated personnel responsible for personal information protection matters, having obtained ISO 27001 international certifications. We employ advanced security technologies including encrypted transmission and storage, access control, and HTTPS protocols.
Our server systems undergo rigorous security hardening and upgrades. Employees are subject to the principle of least privilege and receive comprehensive confidentiality training. The company has established cybersecurity emergency response protocols, conducts regular drills, and ensures timely incident response and user notification when necessary.
We also remind users to remain vigilant about network environment risks, recommending the use of strong passwords and exercising caution when sharing personal information. We are committed to continuously enhancing security safeguards. However, users should also strengthen self-protection awareness and provide personal information only when absolutely necessary.
6. HOW DO WE RETAIN YOUR PERSONAL INFORMATION
We adhere to retention policies for the personal information we collect to ensure that it is not retained longer than necessary for the intended purpose.
If you deactivate your account, delete personal information, or the retention period is expired, we will delete or anonymize your personal information, except in the following cases:
Compliance with legal requirements regarding data retention according to the applicable laws.
Extension of the period for financial, audit, dispute resolution, or other legitimate purposes.
When assessing how long your personal information is retained, we consider criteria such as: (i) the nature of the personal information and the activities involved; (ii) when and for how long you use the Services; and (iii) our legitimate interests and our legal obligations.
7. YOUR RIGHTS AND CHOICES
Subject to applicable law and depending on where you reside, you may have some rights regarding your personal information, as described below. If you have any other requests relating to the access of your personal information, please contact us using the contact details listed in the Section “Contact Us”.
Data Access and right to obtain a copy
You may have the right to know what personal information we process about you, including the categories of personal information, the business or commercial purposes for collection, the categories of third parties to whom we disclose it and other information according to the applicable law.
You may have the right to access and obtain a copy of your personal information in accordance with the applicable laws. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
Data Correction
You may have the right to request that we correct inaccurate personal information that we retain about you, subject to certain exceptions.
Data Deletion
You have the right to delete your account and erase your personal information. Upon deleting your account, all your personal information will be deleted. Additionally, you may also request deletion of the personal information you provide by contacting us. If some of your personal information cannot be deleted, we will inform you of the reasons for not taking action.
Please note that we reserve the right to retain some of your personal information where there are valid grounds for us to do so under applicable laws.
Withdrawal of Consent
Where we process your personal information on the basis of your consent, you may withdraw your consent by contacting us. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Objection to the Processing
Subject to applicable laws, you may object to the processing of your personal information based on our legitimate interests where there are grounds relating to your particular situation by contacting us. Please note that we may have an overriding legitimate interest to keep processing your personal information, but we will let you know where this is the case.
Restriction to the Processing
If you would like to restrict our processing of your personal information, you may contact us. You have the right to restrict the processing of your data where one of the following applies:
the processing is unlawful and you oppose the erasure of relevant personal information;
for the purpose of establishment, exercise or defense of legal claims, you request us to retain your personal information that we were supposed to delete;
your objection regarding the accuracy of your personal information is pending our verification;
your request to object to the processing of your personal information is pending our verification.
Data Portability
Data portability is the ability to obtain some of your information in a format you can move from one service provider to another (for instance, when you transfer your mobile phone number to another carrier). Depending on the context, this applies to some of your information, but not to all of your information. Should you request it, we will provide you with an electronic file of the available information.
Lodge a complaint with your local data protection authority
Subject to applicable data protection laws, you may have the right to submit your complaint to the local data protection authority where you reside if you consider that the processing of your personal information infringes any applicable data protection laws.
Not to be subject to automated decision-making
You shall have the right not to be subject to automated decision-making, which will affect you to a substantial degree. You also have the right to review your personal data used for automated decision-making, to question the results, to be informed of the reasons of the resulting decision, and to be informed of what actions you can take to secure a different decision.
Other Rights
Depending on your jurisdiction, you may be entitled to additional rights in relation to your personal information. If you would like to contact us to exercise one or more of these rights, to ask a question about these rights or any other provision of this Policy or about our processing of your personal information, or to file a complaint about how we process your personal information, you may use the contact details provided in Section “Contact Us” below.
When submitting a right request, please specify the scope and basis of your request and provide us with the necessary information to verify your identity. We may contact you to confirm your identity in order to handle your request. We will typically respond to your request no later than the timeframe required by applicable laws.
8. USE BY MINORS
We understand the importance of protecting minors' privacy. Our Services are not directed at, marketed to, or intended for minors. In particular, minors under the age of 16 are not permitted to register for our Services.
We do not knowingly collect, use, sell, share or disclose the personal data of minors. If we collect the personal data of minors on an occasional basis, we will delete the relevant information as soon as possible after verification. If you find that we have collected the personal data of minors during your usage of our products and services, please contact us through the contact information published in this Policy. Upon receipt of your notice, we will verify it in a timely manner and delete relevant information after verification.
9. CHANGES TO THIS PRIVACY POLICY
The Services and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Policy. We recommend that you regularly check the latest version of this Policy in the APP. If there are any substantial changes to this Policy, depending on the nature of such changes, we will notify you in advance through pop-ups, push notifications, and other appropriate means.
10. CONTACT US
For more information about your data subject rights, or how we process your personal information, please contact us by using the information below.
Controller: Shanghai Yuhuan Technology Co., Ltd.
Data Protection Officer: Kapi Health Privacy Team
Address: Unit 6-54, 6/F, No. 1900 Hongmei Road, Xuhui District, Shanghai, China.
Contact Details: ivanli@sensetime.com