Privacy Policy

Last Updated: Monday, November 24, 2025

Arkana is committed to maintaining your trust. We prioritize your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your information. By using Arkana, you are entrusting us with your personal information, and we are committed to handling your data responsibly and transparently.

Arkana Health, Inc. ("Arkana Health," "Arkana," "we," "us") owns and operates the www.arkanahealth.co website (the "Website"), the Arkana application, and associated services (collectively, the "Service"). Your access to and use of the Service are subject to this Privacy Policy, unless a different privacy policy is expressly provided.

This Privacy Policy describes the types of information we collect, how we use that information, how we protect it, your rights and choices, and how to contact us. This policy does not apply to third-party websites, apps, or services that may be linked through the Service, and we encourage you to review their privacy policies.

By creating an account, logging into your account, or otherwise using the Service, you acknowledge that you have read and understand the most recent version of this Privacy Policy. We may update this Privacy Policy from time to time to reflect changes in the Service, our data practices, or applicable law. When we make changes, we will update the "Last Updated" date at the top of the policy and, where required by law, provide additional notice or obtain your consent.

Limitation on Use by Underage Persons

The Service is not intended for use by individuals under eighteen (18) years of age. We do not knowingly collect personal information from individuals under eighteen (18). If you are a parent or guardian of an individual under eighteen (18) and believe we have collected personal information from that individual in a manner prohibited by law, please contact us at privacy@arkanahealth.co with the subject line "Underage Person – Data Removal." We will take steps required by applicable law to delete such information. Arkana is not responsible for any delay or failure to comply with a data removal request that is incomplete or incorrectly submitted.

We do not knowingly collect personal information from children under thirteen (13). If we learn that we have collected personal information from a child under thirteen (13) without appropriate consent, we will delete that information as required by applicable law.

Collection of Personal Information

The information we collect depends on how you use our Website and Service. We collect information directly from you, automatically, by inferring or generating data from other information, and from third parties.

Information You Provide

The information we collect that you provide to us includes:

Contact information, such as your name, email address, phone number, and billing and physical addresses.
User-generated data, such as photos, videos, documents, posts, user-generated messages, and other files you upload to the Service.
Payment information, such as your credit card details, financial account information, and other payment-related details (which may be processed by third-party payment processors on our behalf).

Sensitive Personal Information

Depending on your use of the Service and applicable law, we may collect information that could be considered "sensitive" personal information, including:

Account access information, such as a username or account number in combination with a password, security code, or access credentials.
Profile data, such as gender, date of birth, and ethnicity (where you choose to provide it and where permitted by law).
Biometric and image data, such as tongue images and related facial or oral images you upload, and derived measurements or features that may be used for analysis or identity verification, where permitted by law.
Health data, such as information about your wellness, health-related conditions, symptoms, habits, and activity in the Service (for example, responses to assessments, educational content you engage with, or other health-related information you choose to share through the Service).

We treat health-related information you provide as sensitive personal information and protect it as described in this Privacy Policy.

Automatically Collected Information

When you use the Service, we automatically collect certain information, including:

Device information and identifiers, including browser type, operating system, device type, IP address, mobile device ID, and other software and hardware identifiers (such as type, version, language, settings, and configuration).
Geolocation data, depending on your device and app settings, such as approximate location derived from your IP address or more precise location if you enable location services.
Communication with us, such as messages, prompt entries, emails, and other communications you send to us via the Service.
Diagnostic data, such as performance logs, error logs, and crash reports.
Usage data, such as logs of your activity on our Website and Service, including pages or screens viewed, features used, time spent, and links clicked.

Information We Create or Generate (Inferences)

We infer new information from data we collect, including using automated means to generate information about your likely preferences or other characteristics ("inferences"). For example, we may infer your general geographic location (such as city, state, and country) based on your IP address, or derive wellness-related insights from your assessments and activity in the Service.

When you are asked to provide personal information, you may decline. You may also use your web browser or device settings to limit certain types of automatic data collection. However, if you choose not to provide or allow information that is necessary for certain services or features, those services or features may not be available or may not function properly.

Personal Information Sources

We collect personal information about you from various sources, including:

You, when you provide information directly through the Service (for example, when you create an account, complete assessments, upload images, or communicate with us via chat, email, phone, or text).
Third parties you connect, such as account authenticators, single sign-on providers, or other services that you authorize to share information with us.
Cookies and other tracking technologies, as described in more detail below.
Third-party service providers, business and marketing partners, affiliates, analytics providers, ad network providers, and advertisers.
Government agencies or public records, where permitted by law.
Social media and content platforms, when you interact with us on those platforms or connect your account.

Tracking Technologies & Cookies

We use cookies, mobile analytics, and similar technologies to track activity on our Website and online services and to help collect data, including usage data, identifiers, and device information.

What Are Cookies and Similar Technologies?

Cookies are small text files placed by a website and stored by your browser on your device. These files hold a small amount of data, which may include unique identifiers. Other tracking technologies we may use include web beacons (also known as pixel tags, single-pixel GIFs, or clear GIFs), which are electronic images contained within a website, app, or email.

When your browser or device loads a webpage, newsletter, or email that contains a web beacon, it may transmit information to us or to our partners, such as the date and time you viewed the content, your IP address, or information about your device.

For the purposes of this Privacy Policy, cookies, beacons, and similar tracking technologies are collectively referred to as "Cookies."

You can configure your browser settings to refuse certain Cookies or to notify you when a Cookie is being set. However, if you do not accept certain Cookies, some portions of the Service may not function properly.

How We and Our Partners Use Cookies and Similar Technologies

We, and our analytics and advertising partners, use Cookies in our Website, app, and online services to:

Remember your preferences and selections;
Enhance the performance and functionality of our services;
Understand how you use our online services over time;
Analyze user activity on the Service, including which pages visitors engage with, how they navigate, and interactions with support and other features.

We do not use sensitive health-related data for advertising purposes. We do not perform automated decision-making that produces legal or similarly significant effects on you without your explicit consent.

Use of Personal Information

We may use personal information we collect for the purposes described in this Privacy Policy or as disclosed to you at the time of collection, including to:

Purpose of Use	Why	Personal Information Categories
Product and Service Delivery & Operations	To provide, operate, personalize, and improve the Service and our business. This includes remembering your device, confirming your location, establishing and maintaining your user profile on the Service, enabling security features (such as sending a verification code via SMS), providing troubleshooting and support, and facilitating any social or sharing features of the Service.	Identifiers and device information, contact information, demographic data, biometric and image data, payment information, content and files, geolocation data, usage data, inferences. May include sensitive information such as account access information, sensitive demographic data, contents of communications, biometric information, and health data, where permitted by law.
Advertising and Marketing	To promote Arkana Health, the Service, and products and services offered via the Service, including sending you direct marketing communications and personalizing them based on your information, where permitted by law.	Identifiers and device information, contact information, demographic data, usage data, and inferences. We do not use sensitive health-related data for advertising purposes.
Business Operations	To operate our business, such as billing, processing payments, accounting, administering your account, improving internal operations, securing our systems, detecting fraudulent or illegal activity, verifying your identity, and meeting our legal obligations.	Identifiers and device information, contact information, demographic data, biometric and image data, payment information, content and files, usage data, inferences. May include sensitive information such as government ID, biometric information for identification, health data, account access information, demographic data, and contents of communications.
Research and Development	To improve the Service and our business through research and development, and to develop, test, and refine new products, services, and features.	Identifiers and device information, contact information, demographic data, biometric and image data, payment information, content and files, geolocation data, usage data, inferences. May include sensitive information such as account access information, demographic data, contents of communications, biometric information, and health data, where permitted by law.
Customer Support	To provide you with customer support and respond to your requests, questions, and feedback.	Identifiers and device information, contact information, demographic data, content and files, payment information, geolocation data, usage data, inferences. May include sensitive information such as account access information, demographic data, contents of communications, biometric information, and health data.
Protection & Compliance	To comply with applicable laws, lawful requests, and legal processes, including responding to investigations, subpoenas, or requests from government authorities; to protect the rights, privacy, safety, or property of Arkana, you, or others; and to audit internal processes for compliance with legal and contractual requirements.	Identifiers and device information, contact information, demographic data, content and files, payment information, geolocation data, usage data, inferences. May include sensitive information such as account access information, demographic data, and contents of communications.

AI and Model Development

We may use de-identified and aggregated information, including de-identified tongue images and related data, to develop, train, and improve algorithms, analytics, and AI models that power the Service. We do not use identifiable biometric or health information to train models for third-party advertising.

De-identified and/or Anonymized Data

We may de-identify your information by removing information that reasonably identifies you. We may use and share de-identified and/or anonymized data with third parties for lawful business purposes not prohibited by applicable law, including to analyze and improve the Service and to promote our business.

How We Share Your Personal Information

We may disclose personal information as described in this Privacy Policy, as necessary to provide the Service you have requested or authorized, or with your consent, as required by applicable law. This may include sharing information with:

Service Providers. Third parties and vendors that provide services on our behalf or help us operate the Service (for example, hosting, customer support, analytics, payment processing, email delivery, or security services).
Marketing and Advertising Partners. Third-party marketing and advertising partners for the advertising and marketing purposes described above (for example, to deliver permitted communications or measure their effectiveness). We do not use sensitive health data for advertising purposes.
Partners. Business partners with whom we collaborate or enable to collect information directly via the Service (for example, in connection with co-branded offerings).
Business and Marketing Partners. Third parties with whom we co-sponsor events or promotions, jointly offer products or services, or whose products or services may be of interest to you.
Linked Third-Party Services. If you log into the Service with, or link your Service account to, a social media or other third-party service, we may share your personal information with that third-party service. The third party's use of your information will be governed by its own privacy policy and your account settings with that third party.
Professional Advisors. Professional advisors, such as lawyers, auditors, bankers, and insurers, where necessary in the course of the professional services they provide to us.
Legal and Law Enforcement. Law enforcement, government authorities, and private parties, as we believe in good faith is necessary or appropriate for the protection and compliance purposes described above, such as to comply with legal obligations or protect the rights, property, and safety of Arkana, our users, or others.

We do not sell your personal information or share it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA").

Third-party analytics and advertising companies may collect personal information through our Website and apps, including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on that data, as described in the "Cookies" section of this Privacy Policy. These vendors may combine this data across multiple sites and services to improve analytics and for their own purposes. For example, we use Google Analytics to help us understand how users interact with our Website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.

Data Security

We implement technical and organizational safeguards designed to protect the personal information we collect. However, no security measures are perfect or impenetrable, and we cannot guarantee the security of your personal information.

You are responsible for maintaining the confidentiality of your account credentials and for any and all use of your account. To help us protect your personal information, we strongly suggest you:

Use a strong, unique password for your Arkana account;
Do not share your password with anyone; and
Avoid reusing passwords across different sites or services.

Your Rights and Choices

In this section, we describe the rights and choices available to users of the Service.

Access or Update Your Information

If you have registered for an account with us, you may review and update certain account information by logging into your account settings in the Service.

Privacy Settings

We may make certain privacy settings available in the Service that allow you to control how certain information is used or shared.

Opt-Out of Communications

You may choose to opt out of receiving certain communications (for example, newsletters or promotional emails) by following the opt-out or unsubscribe instructions at the bottom of those emails or by contacting us at privacy@arkanahealth.co. Please note that even if you opt out of marketing communications, you may continue to receive service-related and other non-marketing emails (for example, transactional or security-related messages).

Cookies

You may choose to remove or reject Cookies through your browser settings. Please follow the instructions in your browser or device settings to do so. If you disable Cookies, some features of the Service may not function properly.

Blocking Images / Clear GIFs

Most browsers and devices allow you to configure your device to prevent images from loading. To do this, follow the instructions in your browser or device settings. Blocking images may limit the use of certain tracking technologies in emails.

Advertising Choices

You may be able to limit the use of your information for interest-based advertising through tools such as:

Changing your web browser settings to block third-party Cookies;
Using privacy-focused browsers or ad-blocking browser plugins that block tracking technologies;
Using platform-specific settings:
- Google: https://adssettings.google.com/
- Facebook: https://www.facebook.com/about/ads
Opting out of interest-based ads from companies that participate in the following industry programs:
- Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
- Digital Advertising Alliance: http://optout.aboutads.info
- AppChoices mobile app: https://www.youradchoices.com/appchoices (to opt out of interest-based ads in mobile apps served by participating members of the Digital Advertising Alliance)
Using your mobile device settings to limit use of the advertising ID associated with your device.

You will need to exercise these choices on each device and browser where you wish to limit the use of your information. We cannot guarantee that all third parties we work with participate in the opt-out programs described above.

Do Not Track

Some Internet browsers may be configured to send "Do Not Track" signals to websites and online services. We currently do not respond to "Do Not Track" signals. To learn more about "Do Not Track," visit http://www.allaboutdnt.com.

Declining to Provide Information

We need to collect certain personal information to provide some services. If you do not provide information identified as required or mandatory, we may not be able to provide those services.

Linked Third-Party Platforms

If you choose to connect the Service to a social media account or other third-party platform, you may be able to use your settings with that third party to limit the information we receive. If you revoke our ability to access information from a third-party platform, that choice will not apply to information we have already received from that platform.

Additional Rights Under State Laws

If you are a resident of certain jurisdictions, such as California or Washington, you may have additional rights under applicable state law, including but not limited to:

Under CCPA/CPRA (California):

The right to know and access personal information.
The right to deletion of personal information, subject to certain exceptions.
The right to opt out of sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising).
The right to limit the use and disclosure of sensitive personal information, where applicable.
The right to non-discrimination for exercising your rights.

Under the Washington My Health My Data Act ("MHMD") and Other U.S. State Privacy Laws:

The right to understand health data uses and disclosures.
The right to review certain records of how health data has been shared, where applicable.
The right to control and revoke consent for certain secondary uses of health data, subject to legal and contractual obligations.

You may exercise these rights by emailing us at privacy@arkanahealth.co. We may require you to verify your identity before processing certain requests, as permitted by law.

Data Retention

We generally retain personal information for as long as necessary to provide the services and fulfill the transactions you have requested. We also retain information to:

Comply with legal obligations;
Satisfy tax, accounting, or reporting requirements;
Resolve disputes and enforce our agreements;
Prevent fraud and maintain security; and
Support other legitimate and lawful business purposes.

Because these needs vary based on the type of data and the context of our interactions, retention periods can vary.

For example, we generally:

Retain account information for as long as your account is active and for a reasonable period thereafter;
May retain certain log and transactional data for at least two (2) years (or longer where required) to comply with legal, tax, and security requirements; and
May retain de-identified or aggregated data without a specific time limit, as long as it does not reasonably identify you.

Jurisdictional Issues and Data Transfers

The Service is intended to be used only within specific states in the United States, as described in our Terms and Conditions. This Privacy Policy, and our collection, use, and disclosure of information about you, are governed by U.S. law.

We may process and store your personal information in locations outside of your state of residence, including in other parts of the United States. Where required by law, we take steps to help ensure that such transfers comply with applicable data protection laws and that your information remains protected.

Health Information and HIPAA

Arkana is not a health care provider, health plan, or health care clearinghouse, and in most cases, the information we collect is not "protected health information" ("PHI") under the U.S. Health Insurance Portability and Accountability Act ("HIPAA"). However, we treat health-related information you provide as sensitive personal information and protect it as described in this Privacy Policy.

If we act as a business associate to a HIPAA-covered entity, our use and disclosure of PHI will also be governed by our business associate agreement with that entity.

Privacy Policy Updates

We may supplement, revise, or modify this Privacy Policy from time to time to reflect changes in law, technology, or our practices. Material updates will be posted on this or a similar page of the Service and will be effective as of the "Last Updated" date. We may also notify you of material changes via email or in-app notices, where required by law.

In all cases, your continued use of the Service after the effective date of a modified Privacy Policy indicates your acknowledgment that the modified Privacy Policy applies to your interactions with the Service and our business. It is your responsibility to review this Privacy Policy periodically when accessing or using the Service.

Reaching Us

If you have any questions about this Privacy Policy or our privacy practices, or if you would like to exercise your rights, please contact us at:

Email: privacy@arkanahealth.co