Privacy Policy

1. INTRODUCTION

Welcome to Elitex. Our registered users share their identity, health data, and their wearable devices to improve their health & get access to their insurance benefits.

This Privacy Policy applies to Elitex App on Android and iOS devices.

2. DATA WE COLLECT

Personal Information:

At Elitex, we ask for the following personal information from users for account creation and validation purposes: name, work email, and phone number. We require this to validate if the user is an employee of our client businesses.

Health Data:

As a wellness and insurance company, we request access to users' health data, including BMI, height, weight, steps, activity, and sleep. We log this data to personalize the Elitex experience for our members and improve their health.

Wearable Devices:

Fitness tracking devices or mobile smartphones collect data to estimate a variety of metrics like your steps, distance traveled, and active minutes moved. Not every device tracks every one of these metrics. The data collected varies depending on the device you use. When your device syncs with our applications and software, data recorded on your device is transferred from your device or device app to our service.

When you pair your device to your account, you grant us access to your exercise or activity data from that device service. You can use your account settings and tools to withdraw this consent at any time by stopping use of a feature, removing our access to a third-party service, unpairing your device, or deleting your data or your account.

3. DATA ACCESS

At Elitex, we prioritize the privacy and security of your personal information. We only access, process, and share your data as necessary to deliver our services and benefits. Here's how your data may be accessed:

No Selling or Marketing Sharing

We do not sell, rent, or share your information with third parties for their own direct marketing purposes.

Employer and Insurance Partner Access

If you are enrolled in Elitex through a corporate wellness or insurance program, your employer and/or their insurance provider (our partner) may be given access to certain health and activity data. This access is strictly limited to the administration, monitoring, and improvement of your wellness and insurance benefits.

Access is granted only where:

  • There is a valid agreement between Elitex and your employer and/or their insurance provider, and
  • You have consented by registering for Elitex through that program.

Third-Party Service Providers

We may engage third-party vendors to support our platform (e.g., cloud hosting, analytics). These vendors only receive the minimum necessary data and are contractually required to:

  • Keep your data secure,
  • Process it solely for the purposes we specify,
  • Not use it for their own benefit or marketing.

Legal Disclosures

We may disclose your data where required by law (e.g., court orders or legal obligations), or to prevent fraud or serious harm.

Withdrawing Consent

You can withdraw consent at any time by changing your device permissions, unpairing your wearable, adjusting your account settings, or deleting your account. After withdrawal, data sharing with employers or insurance partners will cease, though previously shared data may remain in use for legitimate purposes unless deletion is specifically requested.

4. DATA SECURITY

At Elitex, we take the security and privacy of our users' data seriously. User information is stored on highly secure servers hosted by Google Cloud Platform (GCP) in Dammam, Saudi Arabic (KSA). Here's how we ensure the safety of our users' data:

  • Secure Infrastructure: Our servers are safeguarded by robust encryption protocols, ensuring that the data remains confidential and protected from unauthorized access.
  • Google Cloud Platform: GCP provides state-of-the-art security features, including network firewalls, data encryption at rest and in transit, and regular security audits and monitoring to detect and prevent potential threats.
  • PostgreSQL Database: Our user data is stored in a PostgreSQL database, known for its reliability, performance, and security features. We follow best practices for database security, including access control, data encryption, and regular backups to prevent data loss.
  • Compliance: We adhere to industry standards and all applicable data-protection regulations in the Kingdom of Saudi Arabia, including the Personal Data Protection Law (PDPL) and its executive regulations, to ensure the security and confidentiality of our users' data.
  • Continuous Monitoring and Updates: Our team regularly monitors our systems for any security vulnerabilities and applies updates and patches promptly to ensure ongoing protection.
  • Privacy Matters: We respect the privacy of our users and only collect and store data that is necessary for providing our services. We do not share personal information with third parties without consent.