Privacy Policy

1. Data processing controller

The holder and controller of data processing for this website and application is IKI Health Group SL (hereinafter the Service ), domiciled at Plaza Progrés, number 8, CP 07570, Artá, Balearic Islands, Spain.

Email: hello@iki.health

NIF: B72819360

1.1 Definitions

For greater clarity in this policy, we make the following distinction:

  • Visitor: Person who browses our website without registering. Visitors are only subject to provisions related to browsing data, cookies and information they provide voluntarily through contact forms.
  • User:: Person who has registered on our platform or application and uses our services. Users are subject to all provisions of this privacy policy, including those relating to the processing of health data and other special categories of data.

Users are subject to all provisions of this privacy policy, including those relating to the processing of health data and other special categories of data.

1.2 Acceptance

Acceptance of the Service's Terms of Use and Privacy is a necessary condition for using our website.

These Terms of Use and Privacy regulate the collection, processing and use of your personal and non-personal information as a user of the Service, from the effective date shown in the header. Likewise, the conditions of use of the website and its functions are indicated

To process your personal data, the Service complies with current European legislation, in particular the General Data Protection Regulation (GDPR) (EU) 2016/679, as well as Organic Law 3/2018, of December 5, on Protection of Personal Data and guarantee of digital rights and other applicable regulations

2. Description and use of the Service

The Service is a tool designed to improve therapists' efficiency in their daily consultations through technology. Through the Service, you will be able to manage your clients with the tools and monitoring system designed by our team of professionals.

Currently, the Service operates mainly through our website. While in this policy we refer to mobile applications, it is possible that some functions or collection methods mentioned are not completely

Currently implemented. This policy describes both current practices and intended functionality as we continue to develop our service

The Service can be used by anyone who accesses it directly as a professional or, if they are a patient, on the recommendation of a healthcare professional. In these cases, users who use the Service through a link provided by their therapist must accept that their data is shared only with them so that they can monitor their progress.

In any case, the user knows and accepts that the Service and all content and information contained therein are solely informative in nature and do not constitute professional or personalized medical diagnosis or treatment.

The Service only allows registered users to access global and general recommendations for exercises and habits (for example, recipes) that may be compatible with their needs based on the responses provided, as well as available health literature.

Consequently, the user understands and accepts that, if they need medical attention, only their doctor or other health professional will be able to help them. You should not modify your treatment or care plan, medication or therapy based on information, advice or materials you receive through the Service or from our employees.

3. External links

The website may contain links to other websites.

However, we do not exercise any control over these sites or their contents, which are subject to their own terms and conditions. We also do not assume any association or responsibility for them, nor do we guarantee their technical availability, quality, reliability, accuracy or veracity.

4. Intellectual and industrial property

The content and information of the Service (including, but not limited to, trademarks, logos, data, texts, images or computer code), as well as any hardware or software used to provide said content and information, are property of the Service or used by it with the corresponding authorizations.

For this reason and by virtue of the provisions of national and European regulations on intellectual property, the modification, reproduction, duplication, copying, distribution, sale, resale and other forms of exploitation for commercial or equivalent purposes of the Service and its contents is prohibited

For any other use of the Service content you will need, prior and in writing, our consent or, where appropriate, that of the authors of the content

5. User content

You can contribute to the Service by sending us a message to our email address and through the contact forms available on the website or application (hereinafter "Content").

We may use your Content in different ways, such as: displaying it on the website, reformatting it, translating it into other languages, editing it for clarity, correcting errors, promoting it or distributing it, in accordance with the license indicated in the previous section

This means that the content remains yours, but the Service, thanks to that license to use, can: a) use, reproduce, modify, adapt, translate, distribute and publish the Content, create derivative works from it, exhibit it and display it throughout the world, by any known means and for any legitimate purpose; and b) use the name you submit in relation to that Content

However, the Service reserves the right not to publish content or information that is false or contrary to the rights of third parties

5.1 For therapists

  • You must provide us with the information necessary for your registration on the platform and your intranet, accessible through our website, ensuring that such information is accurate and updated

    You must not impersonate another company or mislead users about the nature of your activity.

  • If you provide us with information, documents, images, logos or brands to include on our website or the Service intranet, you declare that you own said elements and consent to their use by us for inclusion on our website
  • You must attend to all requests (both within and outside the Service) that people make to block, interrupt or cancel the subscription to communications that you send them through the Service, including the removal of that person from your mailing list or contacts
  • You must use the Service and its intranet, accessible through our website, in a reasonable and legal manner

6. Age

Regarding the use of the web, you declare that you are of legal age and have the necessary legal capacity to be bound by this agreement and use the Service in accordance with its terms and conditions, which you understand and acknowledge in full

In addition, you affirm that you have the consent and/or legal authorization of third parties whose data and photographs you share through the web, especially in the case of minors.

You declare that all information you provide to access the Service, before and during its use, is true, complete and accurate.

7. Data protection

7.1 Information collected

The personal and non-personal information collected will vary depending on whether you are a Visitor or User, and according to your use of the website and its functionalities.

Personal and non-personal information collected will reach us in four ways:

  1. That which is collected automatically
  2. That which is provided to us voluntarily
  3. That which is provided by third parties
  4. Application-specific data

7.1.1 Automatically collected data (applicable to Visitors and Users)

This information will consist of:

  • Information collected through cookies or similar mechanisms stored on your device, always with your consent. Check our Cookie Policy for more information.
  • The IP from which the connection is made, the type of device used and its characteristics, the version of the operating system, the type of browser, the language, the date, the country, the time of the request, the reference URL or the mobile network used, among others.
  • Data on the use of the site and the chatbot in the communication channels where it is located, possible errors detected during its use, such as pages not found or erroneous displays.
  • In addition, the Service uses Google Analytics, an analytical service provided by Google LLC domiciled in the United States, based at 1600 Amphitheater Parkway, Mountain View, California 94043. To provide these services, they use cookies that collect information, including the user's IP address, which will be transmitted, processed and stored by Google under the terms established on the website www.google.com. Including the possible transmission of such information to third parties for legal reasons or when such third parties process the information on behalf of Google.
  • In any case, you can disable Google Analytics cookies from here.

7.1.2 Data provided voluntarily

For Visitors, this information will consist of:

  • Information you may provide through contact forms or newsletter subscriptions
  • Information included in blog comments
  • Information provided when downloading content or guides

For Users (in addition to the above), it will also include:

  • Registration and profile information on the platform
  • Health and wellness information provided during service use
  • Data about health and plans
  • Information about physical activity, health metrics and symptom evolution
  • The information, personal or not, that may be contained in messages sent through the contact channels established by the Service, for example your name, email, phone number and comment, whether as a Professional or Patient.
  • The information, personal or not, that you provide us when downloading one of our contents or guides, such as your email.
  • The information, personal or not, that may be contained in comments on any of the blog articles, such as your name, email, website and message.
  • Personal or non-personal information required for your registration as a user in the app, such as your email, name and password (which is stored in encrypted form).
  • The information requested to fill out the good habits counseling form as a Patient and your registration as a User by your health Professional in the app, such as your name and surname, date of birth, gender, email, phone, weight, height, country, province, city, education level, profession, data related to your health, possible pain and its frequency and intensity, lifestyle habits, nutrition, physical exercise and rest.
  • The information requested to complete the registration form as a therapist, such as your name and surname, date of birth, gender, email, phone, weight, height, country, province, city, profession or number of patients.
  • The personal information necessary to subscribe to the newsletter, such as your email.
  • Health history, plan data and evolution in therapies that you may enter into the system.
  • Evaluation metrics and comments you provide about the plans and use of the app.

7.1.3 Data provided by third parties:

  • That provided by messaging channels, chatbots or similar services, such as Chatfuel. In this case, Chatfuel may collect the messages you send in some cases. In addition, if you click on buttons or links in the chatbot, the IP address may be collected if the web link you are directed to is recorded. You can find more information about how Chatfuel handles your data in Messenger's Privacy Policies.
  • That provided by social networks or similar services that use the Service.
  • Data shared by health providers who have registered you as a patient in the system, which may include basic health information and therapeutic needs

7.1.4 Application-specific data (applicable only to Users)

When using our applications, we collect and process health-related data, including:

  • General health metrics
  • Information about exercise and physical activity
  • Pain levels and symptoms
  • Sleep quality data
  • Weight, glucose and other biometric measurements
  • Health data synchronized from third-party services such as Google Fit or Apple Health

This health data is collected with the primary objective of showing it to you and your health professionals through our user interface. We store this information securely in our database to enable historical tracking and progress monitoring.

Special note about health data: Since health data is considered a special category of personal data under the GDPR, we take additional steps to protect this information. By using our service, you explicitly consent to the collection and processing of your health data for the specific purposes described in this policy. We are working on implementing more detailed consent mechanisms in future updates of our

7.2 Rights

Both Visitors and Users have the rights detailed below, although the scope of these may vary depending on the volume and type of data processed:

We inform you that completing the forms is voluntary. However, if the mandatory fields (marked as required or with an asterisk) are not filled in, the use of some site functions will not be possible or will be limited.

The personal data you provide will be incorporated and processed in files owned by the Service, in order to address your requests.

In accordance with the GDPR and Spanish data protection regulations, you can exercise the following rights:

  • Right of access: You have the right to obtain confirmation about whether we are processing your personal data and, if so, to access it.
  • Right of rectification: You have the right to request the rectification of inaccurate data or to complete incomplete data.
  • Right of erasure (right to be forgotten): You have the right to request the deletion of your personal data when, among other reasons, it is no longer necessary for the purposes for which it was collected.
  • Right to restriction of processing: You have the right to request the restriction of processing your data under certain circumstances.
  • Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and to transmit it to another controller.
  • Right to object: You have the right to object to the processing of your data under certain circumstances and for reasons related to your particular situation.
  • Right not to be subject to individual automated decisions: You have the right not to be subject to a decision based solely on automated processing that produces legal effects on you or similarly significantly affects you.

Important note about consent: For Visitors, consent will be requested mainly for the use of non-essential cookies and sending commercial communications. For Users, additional explicit consent will be requested for the processing of special categories of data (such as health data) during the registration process. Currently, acceptance of our Terms and Privacy Policy can be indicated by a single action (such as clicking "Register" or other similar buttons) on our platforms. We are working to implement more detailed consent options, especially for the processing of special categories of data. Until such implementation is available, by registering as a User, you acknowledge that you have read and accept this Privacy Policy and the processing activities described herein.

You can exercise these rights at any time by sending an email to:

You can exercise these rights at any time by sending an email to: hello@iki.health or by mail to the address: Plaza Progrés, número 8, CP 07570, Artá, Balearic Islands, Spain .

In both cases you must identify yourself with your name and surname, and perhaps with a copy of your ID or identity document, if necessary.

If you have given your consent for a specific purpose, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

In addition, if you consider that there is a problem with the way we are handling your data, you can direct your complaints to the corresponding data protection authority, in this case the Spanish Data Protection Agency (www.aepd.es).

7.3 Use of Data

The Service will use the collected data to:

For Visitors:

  • Allow navigation through the website
  • Respond to information requests
  • Send commercial communications (only with explicit consent)
  • Generate anonymous usage statistics
  • Ensure the security of the website

For Users (in addition to the above):

  • Provide access to the platform and its functionalities
  • Manage your account and profile
  • Process health data to offer personalized recommendations
  • Allow your healthcare professional to monitor your progress
  • Other purposes detailed below:
  • Manage and update the service (the legal basis is our legitimate interest in maintaining and improving the service).
  • Respond to your requests (the legal basis is our legitimate interest in addressing and resolving our users' inquiries).
  • Send you our newsletter by email (the legal basis is your consent).
  • You can unsubscribe from the received email or by contacting us. However, you cannot unsubscribe from certain messages, such as those related to the security of your data or the terms and conditions of the Service.
  • Create, process, manage, and update user accounts (the legal basis is your consent or the contractual relationship, as applicable).
  • Create, process, manage, and update therapist accounts (the legal basis is your consent or the contractual relationship, as applicable).
  • As a Patient, to offer you through our app personalized reports with exercise, diet, and lifestyle guidelines along with your personal guide, IKI, as well as musical recommendations depending on the case (the legal basis is your consent).
  • As a Patient, to access our academy in the app to get access to new content and knowledge (the legal basis is your consent).
  • Monitor the evolution of pain in users registered in the Service by prescription of an authorized therapist therein, as well as your activity calendar (the legal basis is your consent).
  • Maintain the security of the Service, investigate illegal activities, enforce our terms and conditions, and collaborate with law enforcement agencies in the context of their investigations (the legal basis is our legitimate interest in ensuring and maintaining the security of the Service and its users).
  • Process and store health-related information to offer personalized recommendations and allow your healthcare professional to monitor your progress (the legal basis is your explicit consent for this special category of data).
  • Allow therapists to manage their patients' information, advice, intake plans, and exercise plans (the legal basis is the contractual relationship with the therapist and the consent of the patients).
  • Analyze usage patterns to improve our services and user experience (the legal basis is our legitimate interest in improving the service).
  • Likewise, the Service may use users' personal and non-personal information in the form of aggregated and anonymous data to show to third parties, for example, in the preparation of a final report after the testing phase. It may also share statistics and demographic information about users and their use of the Service with third parties. None of this will allow those third parties to identify you personally. You accept and understand that some of this aggregated and anonymous data could be used in the future for training artificial intelligence models. The Service does not use automated individual decisions that produce legal effects on you or significantly affect you in a similar way.

7.3.1 In emails and contact forms

The website has TLS encryption that allows the user to securely send their personal data through standard contact forms. The personal data collected will be subject to automated processing and incorporated into the corresponding record of processing activities for which the Service is responsible.

In that sense:

  • We will receive your IP, which will be used to verify the origin of the message in order to offer you appropriate recommendations (for example, display the information in the correct language) and to detect possible irregularities (for example, attempts of cyberattacks on the Service), as well as data related to your Internet Service Provider (ISP).
  • Likewise, you can provide us with your information via email.

7.3.2 In social networks

We have profiles on some of the main social networks on the Internet, with the Service being responsible for the processing of data published on them (for example, photos uploaded by the Service in which people's faces appear).

This data will be treated in accordance with the corporate policies of each social network. Therefore, as long as the law does not prohibit it, we may inform our followers by any means that the social network allows about our activities or offers, as well as provide personalized customer service.

In no case do we extract data from social networks, unless the user's consent is previously and expressly obtained for it.

When, due to the very nature of social networks, the exercise of your rights depends on the modification of your profile, we will help and advise you to the best of our ability.

7.4 Data retention

Below, we indicate how long data processed by the Service is stored:

  • Dissociated and anonymous data: They will be stored without a specific deletion period, since being completely anonymized they do not allow the identification of physical persons and, therefore, are not subject to the temporal limitations of the GDPR.
  • General personal data of users: They will be stored for the minimum time necessary for the provision of the service and may be kept for up to 5 years after the relationship with the user ends, according to article 1964 of the Spanish Civil Code (prescription period for personal actions without special term), always subject to periodic necessity reviews.
  • Social media data: User data uploaded by the Service to social media pages and profiles will be stored from the moment the user gives their consent until they withdraw it, proceeding to their deletion within a maximum period of 30 days from the withdrawal of consent.
  • Job candidate data: Data from candidates for a job offer, if not selected, will be stored for a maximum of two years to be able to incorporate them into future calls, provided that the candidate has given their express consent for this purpose. After this period, the data will be deleted or anonymized.
  • Health data: Health data and related information will be stored for the time necessary for the provision of the service and, subsequently, for an additional period of 5 years, in accordance with Law 41/2002, basic regulation of patient autonomy and rights and obligations regarding information and clinical documentation, modified by subsequent provisions until 2025. These periods may be longer in case of ongoing health treatments or specific legal requirements.
  • We implement periodic review processes of stored data to ensure that they are not kept longer than necessary. We use automated tools to ensure the deletion or anonymization of data when established deadlines are reached.

7.5 Health data security

We implement specific security measures for health data that include:

  • End-to-end encryption during data transmission
  • Encrypted storage in our database
  • Strict access controls that limit who can consult health information
  • Regular security audits of our health data storage systems
  • Data minimization practices to collect only what is necessary
  • We do not use your health data for automated decisions, profiling or secondary purposes beyond its visualization by you and your authorized healthcare professionals.

7.6 International data transfers

Some of our service providers may be located outside the European Economic Area (EEA). We work to ensure that any international transfer complies with applicable data protection regulations. Currently, our data processing activities are carried out mainly within the European Union, with limited transfers outside this area.

In case our practices regarding international data transfers change significantly, we will update this policy accordingly.

8. Service providers and third parties

There are third parties that manage part of the Service.

The Service requires them to comply with these Terms of Use and Privacy Policy as applicable to them, and they must also have their own policies. However, the Service is not responsible for compliance with such policies.

Under certain circumstances, the Service may share, use, retain or disclose personal information to third parties, in a non-aggregated manner:

  • To provide the Service:

    Current providers that perform functions on our behalf include:

    • Web hosting providers
    • Analytics services
    • Email communication services
  • These providers may collect and have access to information necessary for the performance of their functions, but are not permitted to share or use the information for any other purpose.
  • The Service may be used on the recommendation of a healthcare professional. In that case, users who access the Service through a link provided by their therapist understand and accept that their data will be shared only with said therapist so that they can monitor their progress.
  • To cooperate with competent authorities: If we believe it is reasonably necessary to comply with any law, legal process or legitimate interest. In any case, we will only provide the strictly necessary information.

9. Liability

To the extent permitted by law, the Service is not responsible for: a) errors or omissions in the content; b) the unavailability of the website; c) the transmission of malicious programs in the content, despite having adopted all reasonable technological measures to prevent it; or d) the usefulness of the recommendations made by the Service on lifestyle and eating habits for your specific needs.

10. Modifications

The Service reserves the right to make the modifications it deems appropriate to its website and application without prior notice, being able to change, delete or add both the content and services provided as well as the way in which they are presented.

On the other hand, these terms and conditions may be modified at any time. The modifications will enter into force from the moment of their publication.

This privacy policy enters into force on May 7, 2025 and will remain in force except for any change in its provisions, which will be effective immediately after its publication on this page. We reserve the right to update or change our Privacy Policy at any time, so you should review it periodically.

11. Cookies

For information on how we use cookies, please consult our independent Cookies Policy.

12. Security Measures

The Service adopts all necessary technical and organizational measures to protect the security and integrity of personal and non-personal information collected, both against unauthorized access and against alteration, loss or accidental destruction.

These measures include, among others:

  • Data encryption in transit via TLS
  • Encryption of sensitive data at rest
  • Access controls and authentication mechanisms
  • Regular security evaluations and audits
  • Staff training in data security practices
  • Secure development practices for our applications
  • In any case, the Service cannot guarantee absolute security of the information collected, so you must collaborate and use common sense regarding the information you share at all times.

You understand and accept that, even after deletion, personal and non-personal information may remain visible in cache or if other users have copied or stored it.

12.1 Data breach notification

In case of a personal data breach that may pose a risk to your rights and freedoms, we will notify the corresponding supervisory authority within 72 hours of becoming aware of it, as required by the GDPR.

If the breach poses a high risk to your rights and freedoms, we will also notify you without undue delay, providing clear and simple information about the nature of the breach and the measures taken to address it.

13. Contact

If you have questions about these Terms of Use and Privacy, or wish to exercise your data protection rights, contact us at:

Email: hello@iki.health

Address: Plaza Progrés, número 8, CP 07570, Artá, Balearic Islands, Spain

 tracker