1. Who collects, controls, and processes your personal data?
2. Why is personal data collected and what do we do with it?
3. What personal data do we collect about you and how?
4. Do we share personal data about you with others?
5. How long do we keep your data?
6. What rights do you have related to your personal data and how can you use them?
7. How do we keep your data safe?
Koa Health Digital Solutions LLC, a company registered in the United States (“US”) with its registered address at 75 State Street, Boston, MA 02109, United States of America, is the data controller of the data collected in the Perspectives app, which is used to improve our own services.
The product, Perspectives BDD, was developed by Koa and made available to clinical teams to use with their patients
You can contact Koa at privacy@koahealth.com for any privacy-related matter. The Data Protection Officer contact for Koa may be contacted at dpo@koahealth.com.
Please, read this document carefully. This document outlines the product’s functionality. If you are participating in the research treatment, you will be separately provided with information about that treatment.
The product collects personal data from you to create your account and uses your email address to enable you to log in and manage your account.
If you experience difficulty logging in or accessing the product, please contact the technical support desk through your therapist. They will be able to help you only with technical issues. Clinical queries should only be directed to your therapist.
The product is designed to help therapists support you with body dysmorphic disorder (BDD), a preoccupation (excessive worry) with perceived defects in appearance. CBT is an established psychological treatment for BDD, in which you identify problematic thoughts and behaviors that are part of your appearance concerns. During CBT treatment, you work on challenging those difficult thoughts and changing problematic behaviors that may be related to your symptoms. The product may only be used under the supervision and direction of your therapist.
Your treatment team must oversee your care, including tracking its effectiveness. To do this, they analyze outcome measures and demographic data based on the information you provide using the product. This data may also be used anonymously to help improve the product in the future.
To improve clinical effectiveness in this way, clinical psychologists and scientists consider information such as age, gender, ethnicity, outcome metrics, communication with therapists, how often and for how long patients use the Digital Therapy Tools. The clinical analysis is conducted using pseudo-anonymous data. In cases where the improvement may benefit the clinical psychology scientific community, anonymous data will be used for academic research.
The product helps you deliver therapy to your treatment patients, collecting their information and therapy progress through the modules. All collected data is only visible to you and your clinic.
As you use the app, data from sensors in your mobile phone may be collected to personalize and improve the treatment program. This may include data on sleep/wake patterns (e.g., noise level sampled from the microphone, storing only ambient noise level expressed in decibels; light level sampled from the light sensor, storing one value expressed in lux; and phone-unlock events). It may also include data on mobility, including accelerometer, steps, calories burnt, sedentary time, and certain pre-selected locations (with raw location information deleted and re-labeled with a descriptive label like “home” that you provide, or with a randomly generated label like “ghhu45”, to protect privacy). Additionally, phone usage information may be collected (for example, operating system version and device model, time and date when the application is opened or closed, time spent on each page visited, screen-on events, notification timing, etc).
Throughout your participation in the product, you will have opportunities to provide feedback on your experience using the app.
Additionally, your clinical team will provide you with more information about any other data collected during the treatment.
The information from this product will not be shared to anyone not involved directly in providing the app services or your clinical team. However, if we believe you are at serious risk of harming yourself or any other person, we are obligated to inform your clinical team to ensure safety. For example, they may recommend to you that you visit your local emergency room, or we may connect you with a suicide hotline or your local police.
Safety is monitored based on weekly self-report assessments completed via the app or email. If there is any concern about your safety, you will be automatically prompted to call a suicide hotline or 911. Additionally, your clinical team may follow up with you by phone within 24 hours. Please note that clinicians in real-time do not view these safety assessments, and therefore, they cannot replace the need to visit the emergency room or call 911 if you experience a clinical emergency.
All information we gather will be kept confidential and managed by your clinical team as per applicable laws on medical records in your jurisdiction.
We do not share your personal information with other Data Controllers unless we have your consent. We may share some of your personal data with service providers for specific activities such as hosting.
We may retain your personal data for different periods of time, depending on the type of data involved and the purposes of the processing, but generally, following these criteria:
The data protection laws give you a series of rights regarding the personal information that we manage about you. Specifically, the rights of access, rectification, erasure, limitation, objection, portability, as well as not being subject to automated decisions and to removing your consent at any time.
You can exercise these rights by contacting us at privacy@koahealth.com, using your name and surname to identify the right you wish to request. If you decide to exercise one of these rights through a representative, it will be necessary to provide with the request, the documentation that proves this condition.
If you believe your data privacy rights have been violated, you have the right to file a complaint with the Office for Civil Rights (OCR).
Koa is responsible for ensuring the security, integrity and confidentiality of your personal information. Therefore, as part of our commitment and in compliance with current legislation, we have adopted the most demanding and robust security measures and technical means to prevent their loss, misuse or access without your authorization.
We protect all communications between the website and the servers in line with best practice by using TLS for encryption and server authentication. We use ISO 27001 and SOC2 certified systems in order to protect your registration information including email and password. We store your personal data in an encrypted database.
Also, we promise to act quickly and responsibly in the event that the security of your data may be in danger, and to inform you if necessary.
What are cookies?
When you access our services, using a browser, we may use cookies, pixels, and other online tracking technologies (collectively referred to here as “cookies”). Cookies are widely used by online service providers in order (for example) for services to work and/or function, or to work more efficiently, as well as to provide reporting information.
Types of Cookies We Use
We only use essential cookies. These cookies are necessary for the website to work and cannot be switched off in our systems. They are usually set in response to actions made by you such as setting your privacy preferences, logging in, or filling in forms. Managing Cookies
Because we only use essential cookies, there is no option to disable them without affecting the website’s functioning. If you prefer, you can set your browser to block or alert you about these cookies, but some parts of the site may not work as intended.
If you have any questions about our use of cookies, you can contact us at privacy@koahealth.com.
Effective From: September 2025