Privacy policy.

Privacy Policy for Dua AI
Effective Date: 4/23/2025

At Dua Health LLC (together with our affiliates, “Dua AI”, “we”, “our” or “us”), we respect your privacy and are committed to protecting any information we collect from or about you. This Privacy Policy describes how we collect, use, and protect Personal Data when you interact with our AI-powered services, website, and related applications (collectively, the “Services”).

This Privacy Policy applies only to the data we collect through our consumer-facing experiences, including your use of Dua AI as a life coach and wellness assistant.

This policy does not apply to data processed on behalf of institutional clients, such as through enterprise licensing or API integrations, which are governed by separate agreements.

For information about how we use de-identified and aggregated interaction data to improve the underlying AI models and your choices regarding that use, please contact hello@duahealth.co.

1. Personal Data We Collect

We collect personal data relating to you (“Personal Data”) in the following ways:

1. Personal Data You Provide

We collect Personal Data directly from you when you create an account or interact with us through the Services, including:

• Account Information: If you create an account, we may collect your name, email address, password, date of birth, and other contact or identifying information, including payment details and transaction history where applicable (“Account Information”).
  
  

• User Content: We collect the content you input into Dua AI, including prompts, messages, uploaded files (e.g., documents, images, audio), and any other material you choose to share (“User Content”).
  Note: Please do not include protected health information (PHI), personally identifiable information (PII), or sensitive medical or financial details in your interactions with Dua AI.
  
  

• Communication Information: If you reach out to us via email, web forms, or social media, we may collect your name, contact information, and the contents of your communication (“Communication Information”).
  
  

• Other Information You Provide: We may collect data you submit during surveys, feedback forms, event registrations, or identity verification processes (“Other Provided Information”).
  
  

b. Personal Data from Use of the Services

We collect certain information automatically when you use or interact with Dua AI (“Technical Information”), such as:

• Log Data: Details like your IP address, browser type, date and time of access, and interactions with the Services.
  
  

• Usage Data: This includes which features you use, the prompts you interact with, the duration of sessions, country, time zone, and app behavior patterns.
  
  

• Device Information: Device type, operating system, browser type, device identifiers, and connection type.
  
  

• Location Information: We may infer your general location (e.g., city, state) via IP address for fraud prevention, account security, and improved user experience. You can also optionally enable precise location access via device settings.
  
  

• Cookies and Similar Technologies: We use cookies and similar technologies to manage sessions, maintain preferences, enhance performance, and collect usage analytics. For more details, see our [Cookie Policy].
  
  

c. Information from Other Sources

We may receive data from third-party partners for security (e.g., fraud detection) and marketing purposes. We may also use publicly available information for model improvement and research. This does not include personally identifiable data.

2. How We Use Personal Data

We use Personal Data for the following purposes:

• To operate and maintain our Services: This includes delivering responses through Dua AI, supporting user interactions, managing your account, and providing customer support.
  
  

• To improve and develop Dua AI: We use aggregated and de-identified data to research, build, and enhance features of Dua AI. This may include refining AI model performance, identifying bugs, or improving response accuracy and safety.
  
  

• To communicate with you: We may send you account notifications, service updates, administrative messages, or information about new features or offerings. You can opt out of non-essential emails at any time.
  
  

• To prevent misuse or harm: We monitor usage to detect and prevent fraud, abuse, and unauthorized access, and to ensure the security and integrity of our Services.
  
  

• To comply with laws and enforce rights: We may use or disclose Personal Data to comply with legal obligations, enforce our Terms of Use, or protect the rights, safety, or privacy of users, Dua AI, or others.

We may also aggregate or de-identify your Personal Data to ensure it no longer identifies you. We use this de-identified data to understand usage trends, improve our models, and conduct internal research. We will not attempt to re-identify de-identified data unless legally required.

Important: Dua AI may use your interaction data (e.g., prompts and responses) to improve service quality and language model performance. If you do not want your content to be used for these purposes, please contact hello@duahealth.co to request an opt-out.

3. Disclosure of Personal Data

We may disclose your Personal Data under the following circumstances:

a. Vendors and Service Providers

We share Personal Data with trusted vendors and service providers that support the operation of Dua AI. These may include providers of:

• Hosting and cloud infrastructure
  
  

• Customer support systems
  
  

• Web and app analytics
  
  

• Email and communication tools
  
  

• Security monitoring
  
  

• Payment processing (if applicable)
  
  

These third parties process Personal Data strictly on our instructions and only for the purpose of performing services on our behalf.

b. Business Transfers

If Dua AI is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets (a “Transaction”), your Personal Data may be disclosed during due diligence and may be transferred to a successor entity as part of the Transaction.

c. Legal Compliance and Protection

We may share Personal Data with government authorities, law enforcement, or other third parties if we believe, in good faith, that disclosure is necessary to:

• Comply with a legal obligation or law enforcement request
  
  

• Protect our rights, users, employees, or the public
  
  

• Investigate suspected fraud, abuse, or policy violations
  
  

• Enforce our Terms of Use
  
  

• Protect against legal liability or harm to others
  
  

d. Affiliates

We may share your Personal Data with our parent company, subsidiaries, or other affiliates under common ownership. These affiliates will use the data only in accordance with this Privacy Policy.

e. Organizational or Business Accounts

If you use Dua AI under a business or organizational account, limited account data (e.g., your email address) may be shared with the account administrator to facilitate user management and compliance. This is relevant if Dua AI is later offered through employer or institutional accounts.

f. User-Directed Sharing

Some features may allow you to share content with others (e.g., sharing a conversation via a link or exporting responses). When you choose to share information with third-party platforms or users, that data is subject to their privacy policies and terms. Dua AI is not responsible for how third parties handle your information.

4. Data Retention

We retain your Personal Data only as long as necessary to provide Dua AI services and for other legitimate business purposes, including:

• Operating and maintaining the Services
  
  

• Resolving disputes or issues
  
  

• Ensuring safety and security
  
  

• Complying with applicable legal obligations
  
  

The specific duration for which data is retained depends on a number of factors, such as:

• Purpose of Processing: Whether we need to retain the data to deliver core functionality or support improvements.
  
  

• Nature of Data: The type, sensitivity, and volume of the information.
  
  

• Risk Exposure: The potential risk of harm from unauthorized access or misuse.
  
  

• Legal Requirements: Any applicable laws or obligations requiring specific retention periods.
  
  

Reminder: Do not enter personally identifiable information (PII), protected health information (PHI), or sensitive personal data into Dua AI. Conversations are not intended to be a secure or permanent record of personal information.

If you would like your data deleted sooner, or want to manage how long your content is retained, please email us at hello@duahealth.co with the subject line “Data Deletion Request.”

5. Your Rights and Choices

Depending on your location, you may have certain rights under data protection laws regarding how your Personal Data is collected, used, and retained. These rights may include:

• Right to Access: You may request a copy of the Personal Data we hold about you and how it is used.
  
  

• Right to Deletion: You may ask us to delete your Personal Data from our records.
  
  

• Right to Correction: You may request that we update or correct inaccurate or incomplete information.
  
  

• Right to Portability: You may request your Personal Data in a structured, commonly used, and machine-readable format, and transmit that data to another service provider.
  
  

• Right to Restrict Processing: You may limit how we use your Personal Data under certain circumstances.
  
  

• Right to Withdraw Consent: If we process your data based on your consent, you may withdraw that consent at any time.
  
  

• Right to Object: You may object to our use of your Personal Data for specific purposes, including direct marketing.
  
  

• Right to File a Complaint: You may file a complaint with your local data protection authority if you believe your privacy rights have been violated.
  
  

To exercise any of these rights, email hello@duahealth.co with the subject line: “Privacy Request”. We will respond within a reasonable timeframe and in accordance with applicable law.

Important Note on AI-Generated Content

Dua AI generates responses based on your inputs and generalized model training. While we aim to provide helpful and supportive answers, the outputs may not always be factually accurate, complete, or up-to-date.

If Dua AI has produced content that includes factually incorrect or sensitive information about you and you would like to request correction or deletion, please contact us. We will evaluate the request considering applicable legal obligations and the technical capabilities of our systems.

International Transfers

Dua AI operates from the United States. If you are located outside the U.S., your data may be transferred to and processed on servers located in jurisdictions with different data protection standards. Regardless of where your data is processed, we apply the same privacy and security principles outlined in this Policy.

6. Children’s Privacy

Dua AI is not directed to or intended for children under the age of 13. We do not knowingly collect or solicit Personal Data from children under 13. If you believe a child under 13 has provided us with Personal Data, please contact us immediately at hello@duahealth.co, and we will promptly investigate and delete the information as required.

If you are under 18, you may only use Dua AI with the consent and supervision of a parent or guardian.

7. Security

We implement commercially reasonable technical, administrative, and organizational safeguards to help protect your Personal Data from unauthorized access, disclosure, alteration, and destruction.

However, no method of digital transmission or storage is entirely secure. We encourage you to exercise caution and avoid submitting sensitive information, such as passwords or medical records, through the platform.

Please be aware:

• We are not responsible for unauthorized access that results from user actions (e.g., sharing passwords).
  
  

• We are not liable for breaches or access resulting from circumvention of our technical or administrative controls.
  

8. Additional U.S. State Disclosures

Certain U.S. state privacy laws, such as the California Consumer Privacy Act (CCPA), Colorado Privacy Act, Virginia Consumer Data Protection Act, and others, require us to provide additional disclosures regarding the Personal Data we collect and how we use and share it.

We collect the following categories of Personal Data: identifiers (such as name, email, IP address), user-generated content (such as text inputs and prompts), internet or device information (such as browser type, operating system, and session behavior), general location data (based on IP address), and communication data (such as support inquiries or feedback emails).

We use this information to:

• Provide and operate the Dua AI service

• Improve functionality and user experience

• Monitor for security, fraud, or abuse

• Communicate with users and respond to requests

• Comply with legal obligations

We may disclose Personal Data to service providers, affiliates, infrastructure vendors, analytics tools, and customer support platforms that assist us in operating Dua AI. These third parties are contractually bound to use the data only for the specific purposes outlined above.

Residents of certain states may have rights to:

• Access and request a copy of their Personal Data

• Request deletion of their Personal Data

• Opt out of the “sale” or “sharing” of Personal Data (note: Dua AI does not sell Personal Data)

• Correct inaccurate information

To exercise your rights under applicable state privacy laws, please contact us at hello@duahealth.co with the subject line: "Privacy Request – [Your State]".