JooL Privacy Policy
1. Who We Are
JooL is a digital health-tech platform operated by JooL Health Technologies B.V., headquartered in the Netherlands, with operations in the UK and US. Our platform is designed to support informal caregivers through AI-driven insights, personalized support, and medically-informed guidance.
2. Scope of this policy
This Privacy Policy applies to:
- Visitors to our website
- Users of the JooL mobile app and web platform
- Caregivers interacting with our CareBuddy AI Avatar
- Individuals whose data is provided by users (e.g., care recipients)
​This Policy complies with the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other applicable data protection laws in jurisdictions where we operate.
3. What Information We Collect
a. Personal Data You Provide:
- Account Registration: Name, email address, password
- Caregiver Profile: Gender, age range, caregiving experience
- Care Recipient Details (with consent): Age, condition, preferences
- Chat and Voice Logs: Questions and responses with CareBuddy
- Schedule and Journal Entries: Notes, appointments, reminders
- Surveys and Feedback: Voluntary questionnaires and ratings
b. Health and Sensitive Data:
Only with your explicit consent, we may process:
- Information on care routines
- Observations about well-being
- AI-generated symptom indicators or suggestions
c. Automatically Collected Data:
- Device and browser type
- IP address and general location
- Usage logs and activity on the platform
- App performance and crash reports
4. How We Use Your Data
We use your data to:
- Provide, personalize, and improve the JooL experience
- Enable AI-driven caregiving support via CareBuddy
- Maintain your care schedule, notes, and reminders
- Offer content recommendations and educational resources
- Conduct analytics to improve health outcomes and platform features
- Communicate with you (e.g., updates, support, product announcements)
- Ensure compliance with legal obligations
5. Legal Basis for Processing
Under GDPR, our lawful bases include:
- Consent (Art. 6(1)(a)): For sensitive health data and optional features
- Contract (Art. 6(1)(b)): To deliver the services you request
- Legal Obligation (Art. 6(1)(c)): For compliance with regulatory requirements
- Legitimate Interests (Art. 6(1)(f)): To improve the platform, prevent misuse, and analyze engagement
6. Sharing of Your Data
We do not sell your personal data. We may share it with:
- Authorized JooL personnel and contractors
- AI and analytics service providers under strict data processing agreements
- Hosting providers (e.g., Microsoft Azure Europe)
- Health researchers in de-identified and aggregated formats
- Authorities or regulators when required by law
7. Data Storage and International Transfers
Your data is securely stored on European servers (Azure Netherlands). If transferred outside the EU (e.g., for UK or US support services), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent measures.
8. Your Rights Under GDPR
You have the right to:
- Access your data
- Correct inaccurate or incomplete data
- Erase your data (“right to be forgotten”)
- Restrict or object to certain processing
- Withdraw consent at any time
- Data portability (receive a copy in structured format)
You can exercise your rights by contacting us at privacy@jool.health.
9. HIPAA Compliance (U.S. Users)
For users based in the United States, JooL complies with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the extent applicable. Although JooL is not a covered entity, we may operate as a Business Associate when handling Protected Health Information (PHI) on behalf of healthcare providers.
We apply administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of PHI. This includes:
- HIPAA-compliant data encryption (at rest and in transit)
- Strict access controls and audit trails
- Secure cloud hosting environments with Business Associate Agreements (BAAs)
- Policies for data breach notification and incident response
JooL only collects and processes PHI when it is necessary to deliver features or services and always with user consent or under a HIPAA-compliant framework. Users are encouraged to avoid inputting sensitive health data unless required and consent has been explicitly given.
For any questions regarding HIPAA or your rights under U.S. law, please contact us at privacy@jool.health.
10. Data Retention
We use your data to:
- Provide, personalize, and improve the JooL experience
- Enable AI-driven caregiving support via CareBuddy
- Maintain your care schedule, notes, and reminders
- Offer content recommendations and educational resources
- Conduct analytics to improve health outcomes and platform features
- Communicate with you (e.g., updates, support, product announcements)
- Ensure compliance with legal obligations
11. Security Measures
We use industry best practices to protect your data, including:
- End-to-end encryption for sensitive data
- Role-based access control for staff
- Regular security audits and penetration tests
- Use of CrowdStrike, Azure Defender, and Proofpoint for endpoint and cloud security
12. Children’s Privacy
JooL is not intended for children under the age of 16 unless supervised by a caregiver. We do not knowingly collect personal data from children without verifiable parental consent.
13. Third-Party Integrations
JooL may contain links to or integrate with third-party services (e.g., calendar tools, app stores). Their data practices are governed by their own privacy policies. We encourage you to review them separately.
14. AI and Automated Decision-Making
Our AI avatar (CareBuddy) may provide suggestions based on health-related algorithms. These outputs are informational only and not a substitute for professional medical advice. We do not make fully automated decisions that produce legal effects.
15. Changes to This Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via email or app notifications. Please review the policy periodically.
16. Contact Us
If you have questions, concerns, or requests related to your privacy:
JooL Health
Attn: Data Protection Officer
Email: privacy@jool.health
Address: Denneweg 60, 2514-CH, s' Gravenhage, The Netherlands
You also have the right to complain to your local Data Protection Authority (DPA).
​
Effective Date: 1 January 2024
Last Updated: 13 June 2025