Privacy Policy
Last Updated: April 18, 2025
I. INTRODUCTION
Denali Digital Bilişim Limited Şirketi (“Denali Digital”, “Company”, ”we”, “us”, or “our”), takes your privacy seriously. This Privacy Policy (the “Policy”) explains our data protection commitment and practices and describes the types of information we may process when you use our website(s) and/or install and use the PULCA health monitoring application for mobile devices (”the App”, “our App”).
When we refer to personal data (or personal information), we mean any information of any kind relating to a natural person who can be identified, directly or indirectly, in particular by reference to such data or to an identification number (“Personal Data”).
Our Privacy Policy applies to all users and others who access the App (”Users”), our websites, and/or persons whose Personal Data we may process as a result of our business activities. We also refer to such persons by “you” in the text. The reference to the App and the Website(s) is the “Services”.
For the purposes of the General Data Protection Regulation (EU) 2016/679 and applicable national legislation implementing the GDPR and, if applicable, the UK Data Protection Act 2018 and the UK GDPR (hereinafter collectively the “GDPR”), we are the data controller, unless otherwise stated. We compiled this Privacy Policy and adjusted our processes towards Personal Data in compliance with GDPR as the highest standard for the protection of our users' personal data rights.
PLEASE READ THE FOLLOWING PRIVACY POLICY FOR INFORMATION REGARDING THE WAYS YOUR PERSONAL INFORMATION MAY BE PROCESSED CAREFULLY.
II. SCOPE
This Privacy Policy applies to Personal Data obtained through our App, website(s), or when you otherwise interact with us.
Our App and website may contain links to other websites not under our control. We are not responsible for other websites' information practices or content. You should always review the policies of third-party products and services to make sure you are comfortable with how they collect and use your information.
III. INFORMATION WE PROCESS
We prioritize your privacy and seek to process data in encrypted, anonymized, pseudonymized, or aggregated forms whenever possible. However, some information we process may qualify as Personal Data under applicable data protection laws.
1. Information That You Submit
You may provide personal information directly when using the App. This data is necessary to perform our services. Without it, we cannot deliver the App's full functionality. The following categories may be processed:
General Information: gender, date of birth or age, weight, height.
Contact Information: email address (if provided), name (if entered), and technical identifiers (when using Apple/Google login or third-party contact forms).
Biometric and Health Information:
Heart rate
Blood pressure (estimated)
Stress level
Oxygen saturation (if available)
Physical activity level
Sleep-related metrics These values are derived using Shen.ai's SDK via on-device or encrypted cloud processing.
These values are derived using Shen.AI's SDK via on-device or encrypted cloud processing.
Vital Signs Video Measurement with Shen.AI:
During the vital-signs video measurement conducted by Shen.AI within this mobile application, images of your face will only be processed locally on your device. Such processing ensures that personal biometric data is not stored on the device, nor transmitted or stored externally, thereby safeguarding your privacy. The results of these video-based vital-sign measurements may constitute health data under GDPR. The processing of such health data is contingent upon your explicit consent. Absence of consent may restrict access to certain functionalities within the application. You retain the right to withdraw consent at any point, in accordance with GDPR provisions.
All facial images and biometric data processed by Shen.AI remain on your device and are not transmitted or stored externally. Data is processed in anonymized form and secured using industry-standard encryption methods. No biometric images are retained after measurement.
Pulca using Shen.AI is an informational tool and is not a substitute for professional medical judgment. Always consult with healthcare professionals for medical advice before making medical decisions.
All measurements and health data are stored locally on your device and are not transmitted unless you create a PULCA account, in which case, we may store such data securely to provide cloud sync and dashboard access.
Camera Access: Required for real-time facial scanning to estimate health indicators. Scans are processed on-device and not stored.
Apple Health Integration: If you connect Apple Health, we may import:
Weight
Height
Heart Rate
Heart Rate Variability
Sleep data
Activity and workout data
Date of Birth
Gender
Other Apple Health supported metrics
You can withdraw access at any time via your device settings.
Feedback and Support Requests: Any information you submit when contacting us (such as support requests, survey answers, etc.) may be collected and stored securely.
2. Information Processed Automatically
To optimize performance, understand usage patterns, and maintain app stability, we may automatically collect the following:
Device Details: device type, OS, language, IP address, mobile carrier, etc.
App Usage Events: session start/end, in-app interactions, custom actions (e.g., when a user completes a measurement or adds a note).
Crash Reports and Diagnostics: via Firebase Crashlytics and similar tools.
Cookies and Web Beacons: Used in limited capacities to optimize in-app functionality or support analytics features (never for third-party ads).
3. Information from Third Parties
We may collect data from trusted third parties, including:
App Stores (e.g., for analytics and crash diagnostics)
Payment processors (e.g., Stripe, Apple Pay — only limited metadata, not full card details)
Apple/Google/Facebook if you use social login
Partners like Shen.ai, for real-time biometric analysis (under strict privacy contracts)
We do not use your data for advertising, profiling, or resell.
Your data is never sold, and you may contact us at any time at support@denalidigital.co to request data deletion, correction, or download under your rights granted by GDPR or CCPA.
IV. THE LEGAL BASES AND PURPOSES OF PROCESSING YOUR PERSONAL DATA
Without first notifying you, we will not collect or use your Personal Data. We will handle your Personal Data using one or more of the following legal bases, depending on which features of our Services you use:
Contract: To fulfill our contractual obligations and provide the Services to you.
Consent: For example, after installing the App we may ask you to permit us to process your Personal Data.
We maintain a record of your consent status for biometric and health data processing. You may review or withdraw your consent at any time in the app's settings.
Vital Signs Video Measurement with Shen.AI
During the vital-signs video measurement conducted by Shen.AI within this mobile application, images of your face will only be processed locally on your device. Such processing ensures that personal biometric data is not stored on the device, nor transmitted or stored externally, thereby safeguarding your privacy. The results of these video-based vital-sign measurements may constitute health data under GDPR. The processing of such health data is contingent upon your explicit consent. Absence of consent may restrict access to certain functionalities within the application. You retain the right to withdraw consent at any point, in accordance with GDPR provisions.
Legitimate interest: For purposes such as improving security, functionality, and user experience.
Legal obligations: To comply with applicable laws and regulations.
Purpose of Processing
Purpose of Processing Legal Basis Example
To make our service available Contract Using health and technical data to provide services
To communicate with you and send you system messages Contract, Legitimate Interest Sending policy updates, system notifications, or billing info
To improve and test the App Consent, Legitimate Interest Analyze behavior and detect bugs
To provide personalized experience Consent, Contract Tailor content and features based on preferences
To send promotional communications Consent, Legitimate Interest Email or push about offers, surveys, or newsletters
To promote and market our App Consent Build advertising strategy without personally identifiable info
To enable interest-based advertising Consent Show relevant ads (never using health data)
For internal business purposes Consent, Legitimate Interest Research and development using anonymized data
To keep basic data after opt-out Legitimate Interest Prevent further unwanted processing
To verify your age Legal Obligation Age check to comply with restrictions
To comply with law Legal Obligation Fulfill government or legal authority requests
To enforce our terms and protect rights Legitimate Interest Investigate fraud or security incidents
To conduct HR activities Consent, Legitimate Interest If you are a job applicant, freelancer, or employee
If any processing purpose arises outside of this list and is not related to contractual performance or legitimate interests, we will request your explicit consent before proceeding.
V. SHARING OF YOUR INFORMATION
No biometric or health data processed by Shen.AI is shared with third parties. If any data is shared in anonymized form for research or analytics, it will not be personally identifiable.
We will only share your information with third parties in the ways described in this Privacy Policy. Without your permission, we do not share Personal Data with third parties for their marketing purposes (including direct marketing). We do not share identifiable health data with third parties for marketing and other purposes not related to providing you access to our Services. We will not rent or sell your Personal Data to any third parties.
We share your Personal Data only with our employees and contractors, agents, and auditors who need to know or otherwise access Personal Data according to their scope of professional responsibilities and who are bound in writing by confidentiality and other obligations sufficient to protect Personal Data under this Privacy Policy.
While integrating external services, we choose service providers that can assure they apply all necessary technical and organizational measures to protect users' personal data. However, we cannot guarantee the security of any information transmitted from us to any such processor due to technical accidents that may arise out of our reasonable control.
Certain features of our Services allow you to make some of your measurements public, in which case it will become readily accessible to anyone. We urge you to consider the sensitivity of any data you share at your discretion.
We occasionally engage outside businesses to process your Personal Data on our behalf. These processors assist us in managing the Services, facilitate our communication with you, and carry out other related tasks. To complete these objectives, they may process specific Personal Data on our behalf, acting under our instructions and subject to demands of applicable data protection laws. To the degree applicable legislation requires, we will execute data processing agreements with our processors and maintain responsibility for their actions.
A full list of our processors and third-party service providers with details on what data is shared and the purpose is available upon request and may be updated as needed. Key services include Firebase (Google), Apple (App Store, Apple ID), Google Analytics, OneSignal, Meta (Facebook), TikTok, Unity, and others for analytics, push notifications, user authentication, or app functionality.
We never share personally identifiable health data for marketing purposes.
VI. HOW TO OPT-OUT FROM TRACKING IN THE APP
If you don't want third-party service providers to personalize ads based on your interests, you can:
Choose "Limit Ad Tracking" on your iOS device via Settings > Privacy > Advertising. More info: Apple Support
Disable tracking for PULCA App specifically within your iOS Settings.
Please note: even after opting out of interest-based ads, you may still receive contextual ads based on non-personal information like the content of other apps or services you're using.
PULCA does not collect or track precise location data.
VII. THIRD-PARTY WEBSITES AND SOCIAL MEDIA WIDGETS
Our Services may include links to third-party websites or services, or allow logins through third-party platforms. These third parties operate under their own privacy policies and we are not responsible for their content or data practices.
Our Services may also incorporate social media features (e.g., buttons for Facebook, Instagram, Twitter). These features may collect information such as your IP address or the pages you visit and may set a cookie. Your interactions with these features are governed by the privacy policy of the company providing them.
VIII. BUSINESS TRANSFERS, LEGAL REQUIREMENTS, AND PROTECTION OF RIGHTS
Neither Denali Digital nor Shen.AI shall be liable for any harm or loss arising from reliance on the informational results provided by the Shen.AI SDK. These results are not intended for medical diagnosis or treatment.
We may disclose your personal information under the following circumstances:
If required by law, subpoena, or legal process (including national security or law enforcement requests).
If we believe it's necessary to enforce our rights, protect your safety or others', investigate fraud, or enforce our agreements and policies.
If we are involved in a merger, acquisition, or sale of assets. We will notify users via the App if any such change affects the use of your personal data.
IX. AGGREGATED OR ANONYMIZED DATA
We may share aggregated or anonymized data (which does not directly identify you) with partners, academic researchers, or analytics services for the purposes of research, statistics, public reporting, or service improvement. All such uses are governed under our legitimate interest and do not include health data in identifiable form.
X. YOUR PRIVACY RIGHTS
[Detailed GDPR, CCPA, VCDPA, Nevada, and global rights section to follow as needed.]
You have the right to access, rectify, and delete your personal data, including any health or biometric information processed by Shen.AI. You may exercise these rights within the app or by contacting us at privacy@denalidigital.co. We are committed to responding promptly and securely to all verifiable requests.
XI. INTERNATIONAL TRANSFERS OF PERSONAL DATA
We work in the cross-border area and provide our App and Services to our users around the world.
We and third-party organizations that provide data processing technologies for the Services or our third-party advertising partners may transfer the processed information across borders and from your country or jurisdiction to other countries or jurisdictions worldwide.
If you are located in the European Union or other regions with laws governing data processing that may differ from U.S. law, please note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as in your jurisdiction. This means that your personal information can be transferred to a third country, a territory, or one or more specified sectors within that third country or to an international organization where data protection and confidentiality regulations may not provide the same level of personal data protection as your country does.
We try to ensure that the recipient of any personal data provides proper protection of the personal data received, in accordance with the current legislation on protecting such information. By agreeing with this Policy, you agree that we may transfer your personal data to any third country, a territory, or one or more specified sectors within that third country or to the international organization.
For users outside the EU/UK, local data privacy laws may apply. We strive to provide equivalent protection to all users, regardless of jurisdiction.
For the purposes of data processing, we recourse to the third-party services or the hosting organizations. We take your privacy seriously and, therefore, encrypt your personal data - if possible - before sending it to our service providers. Please note that we cooperate only with those service providers that have passed our security and reliability check. If applicable, we are party to data transfer agreements/data processing addendums or equivalent legal instruments with each of our service providers, and we will (i) keep each document up to date with current law and (ii) only engage in personally identifiable information transfers from safeguards area to outside safeguards area in accordance with such an agreement or an alternative means of transfer in compliance with data protection legislation. Where we transfer your Personal Data as described above, we will take steps to ensure that your Personal Data receive adequate security protection where it is processed, and your rights continue to be protected pursuant to the applicable data protection law, including through the use of Standard Contractual Clauses approved by the European Commission.
XII. RETENTION
We generally retain your personal information for as long as is necessary for performing the functional service of the App and to comply with our legal obligations. If you no longer want us to use your Personal Data that we physically access and store, you can either:
if you don't have a PULCA account, you can uninstall the App;
if you have a PULCA account, you can delete your data by deleting your account on the profile page or in account settings in the App; or
request that we erase your personal information and close your account.
Unless you demand us otherwise, if you have a PULCA account and don't delete it before uninstalling the App from your mobile device, we will retain your Personal Data for a period of 1 year in case you decide to re-activate the Services or re-install the App.
Even if you requested the erasure or deleted your account or the App, some data may still be stored for a certain time period (but no longer than the storage purpose requires) if the information is necessary to comply with legal obligations (taxation, accounting, audit), or in order to maintain safety and data backup settings, prevent fraud or other malicious acts, or keep your choices about privacy, for example, if you unsubscribed from our marketing communications.
XIII. SECURITY
The security of your personal information is highly important to us. Services we use to maintain the App follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Please note that our App is available for download via authorized App Store (Apple App Store) only; if you download a copy of our App via other sources, we cannot guarantee the availability, security and proper functioning of such a product. Your access to our Services via unauthorized means will be deemed improper and entails us to act correspondingly to cease unauthorized use.
All facial images and biometric data processed by Shen.AI remain on your device and are not transmitted or stored externally. Data is processed in anonymized form and secured using industry-standard encryption methods. No biometric images are retained after measurement.
We take reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the personal information.
We implement appropriate technical and organizational measures, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing. We seek your Personal Data to be encrypted with proper and strong encryption algorithms, including hashing where possible.
Please notice that by choosing and keeping your password carefully, not disclosing your password, and avoiding unauthorized access to your mobile device, you can help keep your information secure. Unfortunately, no method of transmission over the Internet or method of electronic storage is 100% secure. We do our best to protect your personal data, but we cannot guarantee its absolute security. In the event that your personal information is compromised as a breach of security, we will promptly notify you in compliance with applicable law. We will also take specific steps to address the breach as necessary in the given situation. These steps may include logging you out of all devices, resetting a password (sending you a temporary password to use), and carrying out other activities and actions that are deemed to be reasonably necessary.
If you suspect or become aware of any security incident within the Services, please let us know at support@denalidigital.co.
XIV. CHILDREN'S PRIVACY
General limitation. The Services are not intended for children and we do not knowingly collect or solicit any personal information from children under 13. If we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will erase that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at support@denalidigital.co.
If you are under the age of digital consent in your country (typically 16 in the EU/UK), you must obtain parental consent before using video measurement features. We do not knowingly collect biometric data from children without appropriate consent.
Limitations for users from the European Economic Area and the United Kingdom. The use of the Services by residents of EEA or the UK younger than 16 years old is prohibited. If you know that a person under 16 is using the Services, please contact us at support@denalidigital.co and we will take measures to delete such information and/or delete the child's account.
XV. CHANGES TO THE PRIVACY POLICY
This Privacy Policy is updated regularly.
Whenever we change this Privacy Policy, we will post those changes to this Privacy Policy and other places that we consider appropriate. Additional forms of notice of modifications or updates as appropriate under the circumstances may be provided to you.
XVI. HOW TO CONTACT US
If you have any questions about this Privacy Policy, please feel free to contact us via email at support@denalidigital.co.