Thea Technology Inc. – Privacy Policy

Last Updated: May 1, 2026

1. Introduction

This Privacy Policy (our "Privacy Policy") supplements Thea Technology Inc.'s ("Company," "we," "us," and "our") Terms of Service and describes how Company and Medical Groups collect, use, maintain, protect, and disclose Personal Data about you through the use of the Services. By "Personal Data," we mean information that is personally identifiable to you.

Please read this Privacy Policy carefully to understand our policies and practices regarding your Personal Data and how we will treat it. If you do not agree with this Privacy Policy, your choice is not to use the Services. By accessing or using the Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time. Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates.

2. Protected Health Information

Please see the Medical Groups' Notice of Privacy Practices to understand how we protect, use and disclose your protected health information as defined under the Health Insurance Portability and Accountability Act of 1996 and related laws and regulations ("HIPAA"). If your Personal Data is protected health information, we treat the protected health information in accordance with HIPAA and the Notice of Privacy Practices. To the extent this Privacy Policy conflicts with our HIPAA obligations or the Notice of Privacy Practices, we comply with HIPAA obligations or the Notice of Privacy Practices.

3. Children Under the Age of 13 and Majority

The Services are not intended for children under the age of 13. Children under the age of 13 are strictly prohibited from using the Services. We do not knowingly collect Personal Data from persons who are under the age of 13. If you are under the age of 13, do not use or provide any information on the Services or on or through any of their features, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data from a child under the age of 13, we will delete that information. If you believe we might have any Personal Data from a child under the age of 13, please contact us at support@hellothea.ai.

If you access or use the Services, you represent and warrant that you are either at least 18 years old or otherwise have adequate authority and capacity to consent to use the Services under applicable state laws, federal laws or the authorization of a parent or legal guardian who agrees to be bound by the Terms and this Privacy Policy. If you are under 18 and lack sufficient authority to access or use the Services, do not use or provide any information on the Services.

4. Personal Data We Collect About You

We collect different types of Personal Data about you. This section is intended to describe the Personal Data that we may collect about you.

We collect the following types of Personal Data from and about Users of the Services:

  • Name, postal address, billing address, shipping address, e-mail address, mobile telephone number, driver's license (or other government identification) information, including number, photo, and other associated information, date of birth, credit or debit card number (for payment purposes only), and photos of you;
  • Products you are interested in or have purchased, your medical history, and health information;
  • Traffic data, location data, logs, referring/exit pages, date and time of your visit to the Services, error information, clickstream data, and other communication data and the resources that you access and use on the Services;
  • Your Internet connection, the equipment you use to access the Services, and usage details; and
  • Aggregated and anonymized usage patterns, browser settings and types, and device details and operating system information.

Facial Data:

We know that facial data is sensitive and we take it very seriously. Thea only collects and stores the analysis information presented to you in the application (analysis of your skin attributes) for each photo along with the photo itself for the purpose of allowing you to review your skincare progress and history over time and provide you recommendations for compatible skincare products. Like other Personal Data, this data is not shared with any third parties, is kept securely, and is removed upon account deletion or at your request.

Location Data:

We do not collect or use your precise geographic location unless you explicitly grant permission for such access. Location data will be used solely for the purpose of providing seasonal and weather-based skincare recommendations.

5. How We Collect Your Personal Data

We collect Personal Data:

  • Directly from you when you provide it to us, such as:
    • Information that you provide by filling in forms on the Services (this includes information provided at the time of registering to use the Services, using Medical Groups Provider consultation services, purchasing products, reporting a problem with the Services, or requesting further services), and your User Contributions (as described in Section 9);
    • Records and copies of your correspondence (including email addresses), if you contact us; and
    • Details of transactions you carry out through the Services and of the fulfillment of your requests (you may be required to provide financial information before placing a request through the Services).
  • Automatically as you navigate through the Services (information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies) – see additional detail in Section 6 below; and
  • From third parties, for example, our business partners.

6. Personal Data Collected Through Automatic Data Collection Technologies

As you navigate through and interact with the Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:

  • Details of your visits to the Services, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to the Services, error information, clickstream data, and other communication data and the resources that you access and use on the Services; and
  • Information about your computer, mobile device, and Internet connection, specifically your IP address, operating system, and browser type.

The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve the Services and to deliver a better and more personalized service by enabling us to:

  • Estimate our audience size and usage patterns;
  • Store information about your preferences, allowing us to customize the Services according to your individual interests; or
  • Recognize you when you return to the Services.

The technologies we use for this automatic data collection include, among others:

Cookies (or Browser Cookies):

A cookie is a small file placed on the hard drive of your computer or mobile device. On your computer or device, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting, you may be unable to access certain parts of the Services. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Services.

Pixels:

Pixels are transparent images embedded in a website, email, or ad, and which contain a link to an external server. When a User interacts with an email, navigates to our Services, or views an ad, the User's browser downloads the invisible image file. That action triggers a request from the pixel server, providing the server owner with knowledge of who downloaded the pixel as well as information like the operating system used, the type of browser used, the time the pixel was interacted with, the IP address, and more.

Google Analytics:

We use Google Analytics, a web analytics service provided by Google, Inc. ("Google") to collect certain information relating to your use of certain parts of the Services. Google Analytics uses cookies and other tracking technologies to help the Services analyze how users use the Services. You can find out more about how Google uses data when you visit the Services by visiting "How Google uses data when you use our partners' sites or apps", (located at www.google.com/policies/privacy/partners/). For more information regarding Google Analytics please visit Google's website, and pages that describe Google Analytics, such as www.google.com/analytics/learn/privacy.html.

7. How We Use Your Personal Data

We use your Personal Data for the business purposes described below:

  • Provide the Services to you;
  • Provide products and services to you, including personalized skincare recommendations;
  • Provide you with information you request from us;
  • Enforce our rights arising from contracts;
  • Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
  • Notify you about changes;
  • Provide you with newsletters, advertisements, and other promotional communications (with your consent);
  • Contact you in response to a request;
  • Fulfill any other purpose for which you provide it;
  • For any other purpose with your consent; and
  • Provide you with notices about your Account.

With your consent, we may also use your information to contact you about goods and services that may be of interest to you, including through newsletters. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications or by contacting us at support@hellothea.ai.

8. Use of Artificial Intelligence Technologies

Company utilizes Artificial Intelligence ("AI") technologies in various capacities to enhance and improve our user experiences and Service offerings, including skin analysis, personalized skincare recommendations, and telehealth support. While AI assists in many processes, critical decisions regarding your health care always involve human oversight from qualified healthcare professionals.

9. Disclosure of Your Personal Data

We do not share, sell, or otherwise disclose your Personal Data for purposes other than those outlined in this Privacy Policy.

We may disclose Personal Data that we collect or you provide as described in this Privacy Policy:

  • To service providers and other third parties we use to support our business (the services provided by these organizations include providing IT and infrastructure support services, and ordering, marketing, and payment processing services);
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Company about the Service Users are among the assets transferred;
  • To fulfill the purpose for which you provide it (for example, we may disclose your personal information to a health care provider);
  • For any other purpose disclosed by us when you provide the information; and
  • With your consent.

We may also disclose your Personal Data:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • To enforce or apply our Terms and other agreements, including for billing and collection purposes; and
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others (this includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

In addition, we may disclose aggregated information about our Users, and information that does not identify any individual, without restriction.

You also may provide information (hereinafter, "posted") to other users of the Services or third parties (collectively, "User Contributions"). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable.

If you are accessing our Services from outside the United States, you agree to the transfer of information to servers located in the U.S. in accordance with this Privacy Policy. We will make reasonable efforts to notify you of disclosures when legally permitted.

10. Choices About How We Use and Disclose Your Personal Data

We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Data for our advertising to you, and other targeted advertising. We strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:

Tracking Technologies and Advertising:

You can set your browser or operating system to refuse all or some cookies or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Services may then be inaccessible or not function properly. We do not permit advertising companies to collect data through our Services for ad targeting purposes.

Promotional Offers from Company:

If you do not wish to have your email address used by Company to promote our own products and services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from us or by contacting us at support@hellothea.ai. This opt-out does not apply to information provided to Company as a result of a Service purchase or your use of our Services.

Targeted Advertising:

To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties' collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.

We do not control the collection and use of your information collected by third parties as described in our Terms. These third parties may aggregate the information they collect with information from their other customers for their own purposes.

11. Your Rights Regarding Your Personal Data

You can review and change your Personal Data by logging into the Services and changing your Account information. You may also contact us at support@hellothea.ai regarding any of your rights under applicable state laws; any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible; or to delete your Account. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.

Account Deletion:

When you choose to delete your account, we will promptly remove your personally identifiable information (such as your name, address, email, skincare information, personal photos and analysis data) and other associated preferences. Some non-identifiable information may be retained for record-keeping and analytics purposes.

12. Do Not Track Signals

We currently do not use automated data collection technologies to track you across websites. We currently do not honor do-not-track signals that may be sent by some browsers.

Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they "do not track" your online activities. At this time, we do not honor such signals.

13. Data Security

Information transmitted over the Internet is not completely secure, but we do our best to protect your Personal Data. We use appropriate encryption on pages where sensitive information is transmitted and stored. The safety and security of your information also depends on you. Where you have chosen a password for the use of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure.

Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to the Services. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services or in your operating system.

14. How Your Personal Information is Collected

We collect most of this personal information directly from you—via our website, apps, and asynchronous provider consultations, as well as by text or email. See Section 5 (How We Collect Your Personal Data) and Section 6 (Personal Data Collected Through Automatic Data Collection Technologies) for further detail.

15. Why We Use Your Personal Information

We collect and/or share consumer personal information for the business purposes described in Section 7 (How We Use Your Personal Data) and Section 9 (Disclosure of Your Personal Data).

16. How Long Your Personal Information Will Be Kept

We will keep your personal information while you have an account with us or while we are providing Services to you. Thereafter, we will keep your personal information for as long as is necessary:

  • To respond to any questions, complaints or claims made by you or on your behalf;
  • To show that we treated you fairly; or
  • To keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. When it is no longer necessary to retain your personal information, we will delete or anonymize it.

17. Changes to Our Privacy Policy

We may change this Privacy Policy at any time. If we make material changes to how we treat our Users' Personal Data, we will notify you by email to the email address specified in your account and/or through a notice on the Services' home page and invite you to review (and accept, if necessary) the changes. The date this Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you and for periodically visiting the Services and reviewing this Privacy Policy to check for any changes.

18. Contact Us

If you have questions about this Privacy Policy or our privacy practices, you may contact us at:

Thea Technology Inc.

Email: support@hellothea.ai

Mailing Address: 13 E 30th St APT 5, New York, NY 10016

By using our Services, you agree to the terms of this Privacy Policy. Thank you for choosing Thea.