Last updated: March 2026 | Effective: March 2026
Dyagnosys Wellbeing FZCO ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of your mental health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our mental health assessment platform (the "Service").
We comply with: GDPR (EU), LGPD (Brazil), UAE PDPL, and other applicable data protection regulations.
Data Controller: Dyagnosys Wellbeing FZCO, registered in the United Arab Emirates with offices in Brasília, Brazil and Ras Al Khaimah, UAE.
Responses to GAD-7, PHQ-9, and other clinically-validated mental health questionnaires. This includes your answers, calculated scores, clinical interpretations, and historical assessment records.
On-device only: Facial expression analysis via MediaPipe, voice tone analysis via Web Audio API. Raw biometric data is processed locally on your device and never transmitted to our servers.
Name, email address, organization (for B2B users), profile preferences, and authentication credentials. Passwords are hashed using bcrypt and never stored in plain text.
Browser type, device type, IP address, access times, features used, and interaction patterns. Used for service improvement and security monitoring.
Billing address and payment history. Full card details are processed by Stripe and never stored on our servers.
We process your data for the following purposes:
Provide personalized mental health assessments and AI-powered insights
Monitor your wellbeing trends over time with historical data
Create and maintain your account, process payments, send notifications
Analyze usage patterns to improve features and develop new capabilities
Detect and prevent unauthorized access, abuse, and security threats
Comply with applicable laws, regulations, and legal processes
Privacy by Design: All biometric analysis happens on YOUR device.
On-Device Processing: Facial expression recognition (via MediaPipe) and voice analysis (via Web Audio API) run entirely in your browser. Raw video and audio are processed locally and never leave your device.
Derived Insights Only: We store only anonymized, aggregated insights (e.g., "elevated stress indicators detected on March 15") rather than raw biometric data, video recordings, or audio files.
Your Control: Biometric analysis is optional. You can disable it in your Account Settings at any time.
We do not sell your personal data. We share data only as follows:
If you access the Service through your employer, they receive only aggregated, anonymized reports. Your individual assessment results are never shared with employers.
We may disclose data if required by law, court order, or government request, or to protect our rights and safety.
Your data may be transferred to and processed in countries outside your residence, including the United Arab Emirates, Brazil, and the United States (for sub-processors).
We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for EU data subjects and equivalent legal mechanisms for other jurisdictions.
We implement industry-standard security measures:
No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
| Data Type | Retention Period |
|---|---|
| Assessment Data | Duration of account + 2 years, then anonymized |
| Biometric Insights | 2 years, then permanently deleted |
| Account Information | Duration of account + 30 days after deletion request |
| Payment Records | 7 years (legal/tax requirements) |
| Security Logs | 1 year |
You can request immediate deletion at any time via Account Settings or by contactingprivacy@dyagnosys.com.
Request a complete copy of your personal data
Correct inaccurate or incomplete data
Request permanent deletion of your data ("right to be forgotten")
Export your data in JSON or CSV format
Limit how we process your data
Object to processing for direct marketing
Withdraw consent at any time
File a complaint with your local DPA
To exercise these rights, visit your Account Settings or contact us at privacy@dyagnosys.com. We respond within 30 days.
We use the following technologies:
You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Service functionality.
The Service is not intended for children under 13. We do not knowingly collect personal data from children under 13.
Users aged 13-17 may use the Service only with verifiable parental or guardian consent. Parents/guardians must create and supervise these accounts.
If you access the Service through your employer or organization:
We may update this Privacy Policy periodically. Material changes will be communicated via email and in-app notification with at least 30 days notice. Your continued use after changes constitutes acceptance.
For privacy inquiries, data requests, or to exercise your rights:
Data Protection Officer
Email: privacy@dyagnosys.com
Response time: Within 30 days
Regional Offices
Brasília, Federal District, Brazil
Ras Al Khaimah, United Arab Emirates