Eclipsia

Privacy Policy

How the Eclipsia app collects, uses, and protects your data.

Eclipsia is built on a simple principle: your relationship with light is yours. This policy explains, in plain terms, what data the Eclipsia app handles, why, where it lives, and the control you keep over it.

1Who we are

This app (“Eclipsia”, the “app”) is the companion application for the Eclipsia Band, a wrist-worn light-sensing wearable. The app is provided by Eclipsia, based in Coimbra, Portugal (“we”, “us”), in partnership with the Institute of Systems and Robotics (ISR) at the University of Coimbra as technical-scientific partner.

For matters concerning your data, contact us at info@eclipsia.ai.

The app is currently in a closed testing and clinical-pilot phase. It is not yet a commercial product. If you are taking part in the clinical study run with ULS Região de Leiria, the dedicated informed-consent document you signed is the authoritative agreement governing your study data; this policy describes the app’s data practices and is consistent with that consent.

2The app is not a medical device

Eclipsia is a general-wellness product. It does not diagnose, treat, cure, or prevent any disease, and it does not provide medical advice. Information shown in the app — including the Aura Score and light-exposure guidance — is informational and educational only. Always consult a qualified health professional for medical decisions.

3What data we collect

We collect only what the app needs to function and, where applicable, to support the clinical pilot. Depending on how you use the app, this may include:

  • Light and UV exposure data measured by the Eclipsia Band and received by the app over Bluetooth.
  • App activity such as your Aura Score history and responses to in-app questionnaires.
  • Approximate location, used only with your consent, to estimate the expected light available to you (sun position, daylight).
  • Profile information you provide, such as skin type, and account or participant-identification details used to sign in.
  • Technical data such as device model, operating-system version, app version, and crash diagnostics, used to keep the app working.

We do not collect more than the categories described here, and we do not sell your data to anyone. The app does not access your camera and does not collect any photos or other visual data.

4How we use your data

  • To operate the app and pair it with your Eclipsia Band.
  • To calculate and display your Aura Score and personalized light guidance.
  • To support the clinical pilot (for participants), including study analysis.
  • To maintain security and improve reliability and performance.
  • To produce aggregated, anonymized insights for scientific publication and product development — in a form that cannot identify you.

5Legal basis (GDPR)

We process personal data under the EU General Data Protection Regulation (Regulation (EU) 2016/679). Our legal bases are:

  • Your consent (Art. 6(1)(a); for health-related data, Art. 9(2)(a)).
  • Scientific research, for the clinical pilot (Art. 9(2)(j)).
  • Our legitimate interest in operating and securing the app (Art. 6(1)(f)), balanced against your rights.

6Where your data is stored, and who can access it

Data is pseudonymized: your identity is replaced with an identification code before it reaches us. Data sent from the app and Band is stored on servers we contract from Digital Ocean, located physically in the Netherlands (European Union), with encryption, in accordance with the GDPR.

For clinical-pilot participants, data is held at two separate levels:

ULS Região de Leiria (clinical site)Holds your directly identifiable data and the key linking your code to your identity. This key is never shared with us or with ISR.
Eclipsia & ISR CoimbraReceive only pseudonymized (coded) data. At no point do we receive data that directly identifies you.

We use Digital Ocean only as a hosting provider (a processor acting on our instructions). Any provider with access to data is bound to protect it to a standard consistent with this policy and the GDPR. Your data stays within the European Union.

7How long we keep it

For the clinical pilot, data is retained for 5 years after the study concludes, in line with good clinical-research practice and applicable legal obligations, after which it is securely deleted. Outside the pilot, we keep data only as long as needed for the purposes above or until you ask us to delete it.

8Your rights

Under the GDPR you have the right to access your data; to correct it; to have it erased; to restrict or object to processing; to data portability; and to withdraw your consent at any time without affecting prior processing. Withdrawing consent or leaving the study has no negative consequence for you.

To exercise any of these rights, contact info@eclipsia.ai. Pilot participants may also contact the study’s clinical investigator, Dr. Inês Bispo Leão, at inesbispoleao@gmail.com. You also have the right to lodge a complaint with the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD).

9Security

We apply technical and organizational measures including encryption in transit and at rest, pseudonymization, access controls, and EU-based hosting. No system is perfectly secure, but we work to protect your data proportionate to its sensitivity.

10Children

The app is not directed to, and is not intended for, anyone under 18. We do not knowingly collect data from minors. If you believe a minor has used the app, contact us and we will delete the data.

11Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected here with a new effective date, and where required we will seek your consent again.

12Contact

Questions about this policy or your data: info@eclipsia.ai
Eclipsia — Coimbra, Portugal

Effective date: 3 June 2026  ·  Version 1.0