Version 1.1
EmoDTx is owned and operated by EMOBOT, a French Company, SIRET 912457512, RCS Paris, with its registered office at 15 rue des Halles, 75001 Paris, France (“EMOBOT,” “we,” or “our”).
This Privacy Policy (the “Policy”) outlines how your personal data and Protected Health Information (PHI) are collected, used, and protected. The terms “you,” “your,” “user,” and “users” refer to individuals using EmoDTx, including patients located in the United States.
This Policy complies with:
The General Data Protection Regulation (GDPR – Regulation EU 2016/679), and
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and itsimplementing regulations.
IMPORTANT: If you are a U.S. patient, EmoDTx and EMOBOT are subject to HIPAA and act as a Business Associate to your healthcare provider. This means your health information will be handled according to HIPAA’s strict privacy and security requirements.
Disclaimer: EmoDTx is not a medical device and is not intended to diagnose, treat, ormonitor any health condition. It is a patient digital self-management support tool. Yourprovider is not automatically notified of any changes in your condition through this app.
We collect the following types of data:
First and Last Name
Age
Gender
Email address (for notifications)
Phone number (optional)
Self-monitored mood logs
Activities and events you enter
Time zone and general location
Device information
Language
Any other information linked to your health condition or care that is entered or generated within the platform
Under HIPAA, this is considered Protected Health Information (PHI) when it can be linked to you directly or indirectly.
IMPORTANT: Mood assessments in EmoDTx are processed either partially or entirely on your device. EmoDTx does not collect or store any user images, photographs, or audio recordings in raw formats. This data is always encrypted.
Native user actions (e.g., logins, activity logs)
Device type, operating system, and app version
We collect and process your information in order to:
Deliver and operate the EmoDTx Software
Support your care team with insights into your condition
Provide feedback and notifications related to your mood and activity
Improve and refine our product based on user interaction (with anonymized data)
Conduct internal research or collaborations (with de-identified data)
Note: EmoDTx does not generate real-time clinical alerts. If you notice changes in your emotional well-being or mood, it is your responsibility to inform your healthcare provider. In the event of an emergency or suicidal thoughts, contact emergency services (e.g., 911 or 988 in the U.S.).
We process your data:
With your explicit consent
To support your healthcare provider’s treatment activities
As part of our contractual obligations
For internal operational and security needs
In line with legitimate interests or public health research (using anonymized data)
IMPORTANT: Any use of your data for purposes beyond self-management via EmoDTx, operations, or permitted internal research (e.g., participation in published studies) will require your explicit written authorization.
Your data may be used or disclosed for:
Providing user support and platform functionality
Informing your healthcare provider (if integrated)
Internal quality improvement and analytics
Scientific research (only in de-identified or anonymized form)
IMPORTANT: We do not sell or use your PHI for advertising or marketing. Any use beyond what HIPAA permits requires your written authorization.
Important: EmoDTx does not replace clinical care. It supports mood self-monitoring, and your provider will only have access to your data temporarily if you explicitly share it with them.
When working with U.S. healthcare providers, EMOBOT operates as a Business Associate under HIPAA. We sign Business Associate Agreements (BAAs) with providers to ensure:
PHI is accessed only for authorized purposes
Security safeguards meet HIPAA standards
Any breach or misuse is reported in accordance with U.S. law
PHI is not disclosed except as allowed by law or contract
Your personal and health data are securely stored on Amazon Web Services (AWS) Health DataHosting-certified servers.
AWS provides HIPAA-eligible cloud infrastructure, and EMOBOT configures this environment with:
○ Encryption at rest and in transit
○ Access control and role-based permissions
○ Secure backup, logging, and intrusion detection
IMPORTANT: Our data hosting complies with HIPAA and GDPR, and only authorized
EMOBOT personnel may access sensitive data.
7. Security of Your Personal Health Information
We maintain robust safeguards to protect your PHI:
● Administrative controls: internal training, access policies, and audits
● Technical safeguards: encryption, secure protocols (HTTPS), firewalls, and daily
authentication resets
● Physical security: enforced access policies at our facilities
Despite these eorts, no digital system can be guaranteed 100% secure. We are committed to promptly responding to any security incident or data breach.
8. Data Retention and Deletion
We retain your personal data for up to 10 years, unless:
● You request deletion earlier
● It is required to comply with legal obligations
To request deletion of your data, contact:
📧 Samuel Lerman – dpo@emobot.fr
9. Your Rights (HIPAA and GDPR)
As a U.S. patient, you have the following HIPAA rights:
● Access your PHI
● Request corrections of incorrect data
● Receive a list of certain disclosures (accounting of disclosures)
● Restrict certain uses or sharing of your PHI
● File a complaint with the U.S. Department of Health and Human Services
Under GDPR, you also have rights to:
● Object to processing
● Request portability
● Lodge a complaint with a supervisory authority (e.g., CNIL in France)
All requests should be directed to:
📧 Samuel Lerman – dpo@emobot.fr
10. Breach Notification (HIPAA)
In the event of a data breach involving your PHI, we will:
● Notify you within 60 calendar days
● Notify the relevant healthcare provider(s)
● Notify the U.S. Department of Health and Human Services when required
11. Changes to This Policy
We may update this Policy from time to time. You will be informed of material changes directly in EmoDTx. Continued use of the platform requires acceptance of the updated policy.
For any questions or to exercise your rights, please contact:
Samuel Lerman
dpo@emobot.fr
Consent Statement
By signing below (or by confirming in the app), you acknowledge that you have read and understood how EmoDTx collects, uses, stores, and protects your personal data and Protected Health Information (PHI).
You also acknowledge that EmoDTx does not replace professional mental health treatment, does not issue clinical alerts, and should not be relied upon for emergency situations. In such cases, contact your provider or emergency services.
You voluntarily give your informed consent to participate in the use of EmoDTx as a digital therapeutic tool, and you authorize EMOBOT to use and disclose your PHI in accordance with this Privacy Policy and applicable laws (HIPAA and GDPR).
Consent Revocation
You may withdraw your consent at any time by contacting dpo@emobot.fr. Withdrawal will not affect data already processed but will stop future data collection.
