1. This Policy applies to the Company’s processing of your personal data when you use the following services:


• Dr.AI Ring and its companion mobile application (App) and web services;
• Cloud data analytics and health management functions provided by the Company;
• Voice interaction, consultation, and notification functions provided by the Company;
• Customer service, technical support, events, surveys, and other matters directly related to the foregoing services.

2. Websites, applications, or services provided by third parties (even if they can be linked from or integrated with the Services) each have their own independent privacy policies. This Policy does not apply to such third parties, and the Company shall not be responsible for their acts.

Unless otherwise agreed, the terms used in this Policy are defined as follows:

1. Personal Data: data that can directly or indirectly identify a specific natural person, such as name, email, contact information, account information, device identifiers, and the like.
2. Health Data / Physiological Data: data related to your physiological condition, health status, or lifestyle habits, such as heart rate, HRV, sleep, respiratory rate, skin temperature trends, activity level, etc., which are generally classified as sensitive personal data under applicable laws and regulations.
3. De-identified Data: data in which the parts that can directly identify a specific individual have been removed or masked through reasonable technical and managerial measures, such that the data can no longer easily identify a specific individual.
4. Anonymized Data: data that, after processing, can no longer be restored or linked to a specific individual, and is therefore no longer classified as personal data under applicable laws.

For the purposes set forth in Article V of this Policy, the Company may collect and process the following categories of data. The actual data collected will depend on how you use the Services and the options you provide.


When you register or use the Services, the Company may collect:

• Name or nickname;
• Email address / phone number;
• Country / region;
• Gender / age;
• Login account and password (stored in a secure manner and not stored in plaintext);
• Device serial number, firmware version, operating system version, device model, and the like;
• Other basic data that you voluntarily provide and that is necessary for operation of the Services.

In principle, the Services will not require you to complete paper-based or online questionnaires. If, in the future, additional questionnaires are required for specific research or activities, the Company will separately explain the purpose and obtain your consent.


Through sensors and algorithms, Dr.AI Ring may continuously or periodically collect data during your wearing and use and may synchronize such data to the cloud, including:

• Heart Rate;
• Heart Rate Variability (HRV);
• Skin temperature trends;
• Sleep-related information (including total sleep time, sleep quality, sleep stages, sleep onset / wake-up time, number of nighttime awakenings, etc.);
• Respiratory Rate & Patterns analysis;
• Stress and relaxation indicators (including stress load and recovery status estimated based on HRV and other physiological signals);
• Activity and exercise information (step count, estimated calories, exercise intensity, sedentary time, etc.);
• Physiological trend status, abnormal detection and alert indicators (e.g., abnormal heart rate, abnormal skin temperature trends, etc.);
• Future newly added health-related measurement items (which will be announced and explained in due course prior to being added).

When using voice interaction, voice consultation, or other proactive input functions, you may verbally describe or input:

• Personal medical history and family medical history;
• Current medications, past medication history, and use of supplements/health products;
• Lifestyle habits such as smoking, alcohol consumption, betel nut chewing, caffeine intake, etc.;
• Work patterns, daily schedules, and sleep duration;
• Mood, sources of stress, and descriptions of physical discomfort;
• Other content related to health analysis.

The Company will record and process such information only when you proactively disclose or input it, for the purpose of providing personalized health feedback and recommendations.

Voice data generated during voice interactions may be temporarily stored in the form of audio recordings and/or text transcripts and used for speech recognition and understanding. After the purpose is achieved, such data will be processed and retained in accordance with Article X of this Policy.


To ensure secure and stable operation of the Services, the Company may automatically collect:

• IP address, browser type, and language settings;
• Mobile device model, operating system version, App version;
• Connection time, login / logout records;
• Usage behavior records (e.g., feature clicks, page views and dwell time, error logs);
• Identifiers and preference settings generated by cookies, SDKs, and similar technologies.

If you purchase Dr.AI Ring or paid services through the Company’s online channels, we may obtain:

• Order number, purchased items, amount, payment time;
• Payment status (successful / failed) and refund records;
• Transaction codes returned by the payment service provider or partially masked card number information (the Company will not directly store full credit card data).

Actual payment information will be processed by partnered payment services or platforms (e.g., acquiring banks for credit cards, third-party payment providers, App Store / Google Play, etc.) in accordance with their respective privacy policies.


When you contact the Company via email, in-App customer service, online forms, or other channels, we may retain:

• The name and contact information you provide;
• Your inquiry content, the Company’s responses, and handling records;
• Relevant attachments, error screenshots, or log files.

The Company may collect your personal data through the following methods:

1. Data you proactively provide or input when registering, logging in, setting up your profile, or using service functions;
2. Data automatically generated and uploaded by device sensors and software when you use Dr.AI Ring, the App, or the website;
3. Information you proactively describe or input during voice interactions, text consultations, or feedback submissions;
4. Usage records generated through cookies, SDKs, or similar technologies when you browse or use the App/website;
5. Data obtained from third-party services approved by you when you expressly consent or authorize (e.g., if integrated in the future with Apple Health, Google Fit, Health Connect, etc.).

The Company will collect, process, and use your personal data in accordance with the Personal Data Protection Act and applicable laws and regulations, based on the following purposes and legal bases:

• Establishing and managing member accounts;
• Completing device pairing, data synchronization, and functional operation;
• Providing personalized dashboards, charts, and health indicator presentations;
• Notifying system updates, changes to terms, or service messages.

Legal bases:

• Performance of contractual obligations (the service contract between you and the Company);
• Circumstances under Article 15 and Article 19 of the Personal Data Protection Act;
• The Company’s legitimate interests, within a necessary scope.

• Calculating sleep quality, stress indicators, activity levels, and the like based on your physiological data and background information;
• Generating health trend analyses, identifying abnormal changes, and providing alerts;
• Providing lifestyle and action recommendations (e.g., schedule adjustments, exercise suggestions, etc.).

This part involves sensitive health data. The Company will use your explicit consent as the primary legal basis, and will process such data only during the period in which you have not withdrawn your consent.

• Responding to your inquiries or complaints;
• Providing technical support and troubleshooting;
• Proactively contacting you regarding service usage or changes to rights and interests.

Legal basis: Performance of contractual obligations and the Company’s legitimate interests in providing customer service.

• Conducting statistical analysis by using anonymized or de-identified methods;
• Evaluating and improving algorithm accuracy, system performance, and stability;
• Developing or testing new features and improving user experience.

For this purpose, the Company will use de-identified or anonymized data to the greatest extent possible, and will not use personally identifiable data for commercial sales or marketing unrelated to health.


If you agree to receive marketing information, the Company may use your contact data to provide:

• Product updates, promotional offers, feature explanations, or usage tips;
• Health management-related information or newsletters.

You may withdraw your consent at any time through an unsubscribe link or by contacting the Company. The Company will stop such marketing uses, but such withdrawal shall not affect the legality of processing prior to the withdrawal.

• Providing necessary data as requested by competent authorities or judicial authorities in accordance with legal procedures;
• Exercising, asserting, or defending civil, criminal, or other legal rights;
• Performing accounting, tax, or other statutory obligations.

1. From the time you begin using the Services until account termination or service discontinuation, plus a reasonable retention period thereafter;
2. The retention period required by law or necessary for exercising, asserting, or defending legal rights;
3. A reasonable period before you withdraw consent or before the purpose is achieved.

Your data may be processed and stored in the following regions:

• The Republic of China (Taiwan);
• Countries/regions where the Company or its outsourced service providers maintain servers or operational locations (for cross-border transfers, appropriate safeguards will be adopted in accordance with applicable laws and regulations).

To the extent necessary for the purposes stated above, the Company may provide or disclose your data to:

1. The Company and authorized employees: limited to those who require access for job duties and are bound by confidentiality obligations.

2. Third parties entrusted by the Company to process matters (data processors), such as:

• Cloud service and system hosting providers;
• Mobile push notification, SMS, or email delivery service providers;
• Customer service systems or analytics tool providers;
• Payment and logistics service providers (if online shopping is involved).

The above outsourced parties are bound by contract and must process your personal data in accordance with the Company’s instructions and applicable laws, and shall not exceed the scope of the entrusted purpose.

3. Competent authorities or judicial authorities with investigatory power: only when provided in compliance with legal procedures.
4. Other parties to whom you have given prior consent or instructions: for example, where you expressly request that data be shared with a specific medical institution, health management organization, or research program.

The Company will not sell or provide your personal health data to any insurance company, advertiser, or third party unrelated to the Services for purposes such as premium assessment, risk pricing, or advertising placement.


Your personal data may be processed by automated or non-automated means, including but not limited to:

• Collection, recording, classification, storage, editing, correction, copying;
• Transmission, searching, sorting, statistics, de-identification, or anonymization;
• Generating analytical reports, health indicators, and alerts;
• Interfacing with third-party systems within the scope of your authorization.

Integration with Third-Party Health and Fitness Services (if introduced in the future)
If you choose to connect Dr.AI Ring with third-party health platforms (such as Apple Health, Google Fit, Health Connect, etc.), the Company will receive or transmit data within the scope you authorize. You may withdraw authorization at any time through settings in the third-party service or in the Services; however, data already transmitted prior to withdrawal will be handled in accordance with the privacy policies of each party.

1. Cloud and International Data Transfers
To provide stable and secure cloud services, the Company may store data on overseas servers or engage multinational cloud service providers for processing. When conducting cross-border transfers, the Company will adopt reasonable technical and organizational measures in accordance with applicable personal data protection laws and regulations to maintain data confidentiality and integrity.
2. Third-Party Websites and Links
The Services may provide links to other websites or services (such as official social media, partner event pages, etc.). The privacy practices of such third parties are outside the scope of this Policy. You are advised to read their privacy policies carefully before use.

1. The Company may use cookies, SDKs, or similar technologies in the website and App in order to:


• Remember your login status and preference settings;
• Analyze service usage and traffic;
• Improve functionality performance and user experience.

2. If the Company in the future introduces third-party analytics or marketing cookies on the website, the Company will provide clear notice and a choice mechanism in an appropriate location, and will obtain your consent in accordance with applicable laws and regulations.
3. You may restrict or delete cookies through browser or device settings; however, certain functions may not operate properly or your user experience may be limited as a result.

To protect your personal data and health data, the Company adopts technical and organizational security measures consistent with industry practices, including but not limited to:

• Encrypted transmission: encrypting network transmission through protocols such as HTTPS/TLS;
• Database encryption and access controls: encrypting or de-identifying sensitive data, and implementing strict permission controls and access logs;
• Multi-layer protection architecture: firewalls, intrusion detection, and abnormal behavior monitoring;
• Regular security testing and audits: including vulnerability scanning and necessary penetration testing;
• Personnel training and internal policies: restricting access to authorized personnel only within a necessary scope, who are bound by confidentiality obligations.

However, you understand that any information transmitted over networks or stored in the cloud cannot be guaranteed to be absolutely risk-free. You must properly manage your account, password, and data stored on your mobile phone, must not share them with third parties, and must log out of your account after use.

In principle, the Services are not intended for children or adolescents under the age of 18, and the Company will not knowingly collect personal data of persons under 18.

If you are a user under the age of 18, you may use the Services only after your legal representative (parent or guardian) has consented and accompanied you in reading this Policy. If your legal representative does not agree to this Policy, you must immediately stop using the Services and notify the Company.

If the Company discovers that it has collected data of a minor without the legal representative’s consent, the Company will delete such data or stop processing it as soon as it becomes aware.

1. In order to reflect adjustments to service content, changes in laws and regulations, or technical and security needs, the Company may revise this Policy from time to time.
2. If the revision constitutes a material change affecting your rights and interests, the Company will notify you by reasonable means such as in-App notices, website announcements, or email.
3. After this Policy is updated, if you continue to use the Services, you will be deemed to have read, understood, and agreed to the revised content. If you do not agree to the revised content, please stop using the Services and request deletion of your account and related data in accordance with the foregoing provisions.

If you have any questions, comments, requests, or complaints regarding this Policy or the Company’s personal data processing practices, please contact us:

德煌生醫科技股份有限公司（Intowell Biomedical Technology, Inc.）
📧 Email: service@draiai.com
📍 Address: 4F., No. 88, Chang’an W. Rd., Datong Dist., Taipei City, Taiwan

The Company will make reasonable efforts to respond and properly handle your inquiry within a reasonable period.