Privacy Policy — Light Dosimeter
This Privacy Policy explains how Wearifi Inc (“Wearifi,” “we,” “us,” “our”) processes information when you use the Light Dosimeter mobile application (the “App”).
The App is provided for use in connection with a medical study and is typically made available to participants through a study sponsor (the “Study Sponsor”) and/or contract research organization (“CRO”) (together, the “Study Team”).
1) Who we are
Wearifi Inc
Address: 191 Waukegan Rd, Northfield, IL 60093, USA
Data Protection Officer: Jan-Kai Chang (CTO, Wearifi Inc.)
Privacy / GDPR contact email: devops@mywearifi.com
2) Study context and roles
The App is used to support a medical study. The Study Sponsor determines the purposes and means of processing participant data for study purposes.
For the purposes of applicable data protection laws (including GDPR), the Study Sponsor acts as the Data Controller, and Wearifi Inc. acts as the Data Processor.
If you were provided a study information sheet and/or study privacy notice by the Study Team, it may describe study-related processing in more detail, including legal bases and participant rights.
3) Information we process
A) Sensor data from the Wearifi Bluetooth device
The App collects and processes sensor data transmitted from your Wearifi Bluetooth device, along with related technical metadata needed to interpret and transmit the sensor data (for example, timestamps and device/app status fields).
B) Account and authentication data
The App uses accounts to authenticate access to the study environment. Participants typically do not self-register; accounts and credentials may be provisioned by the Study Team. The App stores authentication data (such as JWT tokens) securely in the iOS Keychain.
C) Device and app technical data (operational)
When the App communicates with our servers, we may process basic technical information such as IP address, request timestamps, and standard server logs to operate, secure, and troubleshoot the service.
D) Timezone setting (not location)
The App may process your device’s timezone setting (e.g., the system timezone identifier) to support correct display and interpretation of timestamps. The App does not use GPS or collect location data for this purpose.
4) Information we do not collect
Based on the current version of the App:
- Location/GPS: Not collected. The App does not use CoreLocation and does not request location permissions.
- Contacts, photos, microphone, camera: Not collected.
- Advertising identifiers or analytics identifiers: Not collected.
- Third-party analytics, advertising, or crash-reporting SDKs: Not integrated. The App uses Apple system frameworks (e.g., SwiftUI, UIKit, CoreBluetooth, UserNotifications, URLSession).
5) How we use information
We process the information described above to:
- Operate the App and study services (receive sensor data from the device, format it, and transmit/upload it to study infrastructure).
- Maintain reliability and security (authentication, preventing abuse, monitoring service performance, and troubleshooting).
- Provide technical support to the Study Team (for example, diagnosing upload issues or connectivity problems).
6) Where information is stored
On your device
- Parsed CSV files may be temporarily stored in the App sandbox while upload is pending.
- After upload succeeds, the App deletes the local CSV files. This deletion applies only to the local cached files on your device and does not affect data already uploaded to study systems.
- Authentication tokens (JWT) are stored in the iOS Keychain.
On our servers
- Uploaded CSVs are stored in Linode Object Storage in partitions such as user/device/modality.
- The service is hosted in the United States, in the Chicago, Illinois region.
7) How we share information
We do not sell personal information.
We may share or disclose information only as needed for the study and App operations, including:
- With the Study Team: sensor data and related operational information may be made available to authorized study personnel according to the study’s workflow and permissions.
- With service providers: we use infrastructure providers (for example, Linode compute and object storage) to host and store data. These providers process data on our behalf under contractual protections.
- For legal and safety reasons: we may disclose information if required by law or to protect rights, safety, and security.
8) International transfers
Because the App’s servers and storage are located in the United States, information processed through the App may be transferred to and processed in the United States even if you are located elsewhere. Where required, cross-border transfers are supported by appropriate contractual and organizational safeguards.
9) Retention
- On-device: temporary CSV files are retained until upload succeeds, then deleted from the device.
- Server-side: Uploaded study data is retained, archived, and deleted in accordance with the Data Controller’s documented instructions (including applicable study protocol requirements), and as needed for service operation, security, auditability, and legal or contractual obligations.
10) Security
We use reasonable administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration. No system is completely secure, and we cannot guarantee absolute security.
11) Your rights and how to make requests (EEA/UK, Canada, Turkey, Japan)
Your rights depend on your jurisdiction and the study context. Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, and/or portability, and to withdraw consent where processing is based on consent.
How to make a request
Because this App is used in a medical study, privacy requests should be directed to the Study Team / Study Sponsor (the Data Controller). You may also contact Wearifi (the Data Processor) at devops@mywearifi.com for questions about this policy or to route a request to the Study Team where appropriate.
EEA/UK users: You may also have the right to lodge a complaint with your local data protection authority (EEA) or the UK Information Commissioner’s Office (UK).
12) Children
The App is not intended for use by children unless they are enrolled as study participants under an appropriate protocol and with any required consents.
13) Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated version and update the “Last updated” date above.