General information
Shen.AI OÜ (hereinafter: “Shen.AI”, “us”, “our” or “we”) protects the privacy rights of our users (“users” or “you”). This Privacy Policy (hereinafter: “Policy”) lays out the general rules of our processing users’ data that you provide or we collect in connection with using any of our products or services e.g. our website, web services, newsletter, or software called Heart Monitor (we shall refer to all these as “Services”). We shall refer to all the data and other information you provide to us or we collect as “Data”, unless the particular provision points to a particular category or type of data. If any of such Data allow us to know your identity, they shall be treated as personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and Personal Data Protection Act of 12.12.2018, entry into force 15.01.2019 (RT I, 04.01.2019, 11).
Any Shen.AI’s processing of the Data is governed by this Privacy Policy, unless separate terms and conditions, content of consents or information clauses for a particular Service provide other rules. Not all of the Data processing rules described herein shall apply to your Data, as there may be differences in processing in respect of some of our Services (e.g. not all Services include processing data concerning health or social network features). Please do not install or use the Services if you have any doubts about our Policy or do not agree to this Privacy Policy.Definitions
For the purposes of this Privacy Policy:
Services – any products or services provided by Shen.AI, including our website, software, applications, and related functionalities.
Facial Images – still or moving images of a user’s face acquired via a device camera, which are processed solely in real time into anonymised structured biosignal data; no complete facial images in form of video are stored or further processed.
Biosignal Data – numerical health measurements (e.g., heart rate, breathing rate) extracted from facial videos. This data:
cannot recreate user’s face,
is not tied to the user's identity by default.
Facial Texture Analysis – temporary detection of skin color changes and micro-movements only to calculate health metrics (e.g., blood flow).
Personal Data – any Data relating to an identified or identifiable natural person, as defined in the GDPR and PDPA.Who is processing your personal data?
Shen.AI OÜ is an exclusive data controller. Our contact details:Estonia: Lõõtsa tn 8a, 11415 Tallinn; Poland: ul. Gwiaździsta 66, 54-413 Wrocław; E-mail: office@shen.ai To maintain the highest level of privacy we are supported by a professional Data Protection Specialist: Jarosław Wojcieszek, to be contacted at: dpo@shen.ai.
Why are we processing your Data?
Your Data shall be processed only for the following purposes:Provision and development of the Services
Analysis of health-related data and facial images (including skin texture and physiological signs) measured in real time via smartphone, tablet, or other camera-equipped device
Non-biomedical research for the development of Shen.AI technology used in such analyses
Performance of a contract
Delivering Services under agreed terms and conditions
Taking steps at your request (e.g., inquiries, comments, or questions) before entering into a contract, within pre-sales, or in customer service
Provision, maintenance and improvement of the Services
Ensuring access to Services
Understanding user preferences to enhance experience and benefits
Conducting statistical analysis of users’ preferences and behavior
Communication and marketing
Informing you about promotions, rewards, and upcoming events
Sharing news about products and services offered by us or selected partners
Other direct marketing activities
For the purpose of legitimate interests of the Controller that include the need to continually raise quality, functionality, and safety of our Services, increase accessibility availability and the number of users of our service and also establishment, exercise or defence of legal claimsWhat Data are we processing and how do we collect it?
Use of Services Requiring Health and Physiological Data
If you want to use the Heart Monitor software or other Services that are based on analysis data concerning health, facial skin texture, and other physiological signs measured in real-time with a smartphone, tablet, or any other device equipped with a camera (using Shen.AI technology), you need to register an account.
Due to that, you provide us and we process your basic contact details:
nick or name,
email address,
and additionally:
age,
gender,
ethnicity,
height,
weight,
and, if you want, other optional information available in the application.
The Heart Monitor software and other Services that are based on analysis of data as above additionally need your facial images acquired through a supported device camera for the purpose of analyzing your facial blood flow, vital signs, and other facial features.
Such Data is used to provide you with status measurements such as:
heart rate,
blood pressure,
heart rate variability (HRV),
other vital signs.
Those measurements are also analyzed in relation with the Data you provided to us during the account registration process.
Please be informed that the data mentioned above are processed only within your device and only during the software data analysis process to obtain the measurement results, and they are not stored longer or somewhere else.
Facial images captured by the device are limited to anonymised structured biosignal data and no complete facial images are stored on the device, on our servers, or by any third party, nor are they subjected to any processing beyond the real-time anonymisation described above.
Participation in Non-Medical Research
If you want to apply for participation in non-medical research aimed at the development of Shen.AI technology (research procedure for the development of artificial intelligence (AI) algorithms), we need your separate application and separate consent to participate in the research.
Shen.AI analyzes facial skin texture and vital physiological signs in real-time.
The technology applies remote photoplethysmography (rPPG) – a contactless optical measurement technique of recording skin blood pulsations at different vascular depths. The rPPG signal represents beat-to-beat pulsatile fluctuations in the intensity of light reflected from the skin. While these fluctuations remain invisible to the human eye, they can be detected by a simple camera. The captured signals are then analyzed computationally to estimate various cardiovascular parameters.
An advanced image stabilization algorithm guarantees the best performance and reliable facial texture extraction.
Our non-biomedical research aims to develop an AI model that is able to measure in real-time some vital parameters, including systolic and diastolic blood pressure based on a short video recording of the person’s face.
In order to carry out the above research, Shen.AI might, apart the information about gender, age, height, weight, additionally collect:
the values of blood pressure,
optionally, heart rate measured with a traditional blood pressure meter in three separate measurements,
a 16x32 pixel low-resolution set of textures of your face.
Such textures might be sent via telemetry to servers located in the European Union controlled by Shen.AI.
In addition, a single facial image might be collected in order to improve functioning of the product.
We shall process these data anonymously, i.e. we do not combine it and store with any other personal data regarding your identity, e.g. name, email address, even if you provided them to us when using the Heart Monitor software or registering an account in our other Services.
The detailed procedure of the research and instructions for obtaining the above-mentioned data shall be presented to you upon application to participate in the research.
Please be reminded that all abovementioned data concerning health, as special categories of personal data and your facial images shall always be processed under your explicit consent.
Newsletter and Customer Support
To subscribe to the newsletter, to request information or help from our support, pre-sales or customer service, you provide us with and we process only your:
nick or name,
email address.
Automatically Collected Data
Apart from the data mentioned above, further information shall be processed only as standard data collected from users of software or online services in accordance with the functions and technical specification of that software or services known to you, especially automatically from you, your device, and other services you are using.
Such Data can include:
hardware and hardware components type,
data and analytics about your use of our Services,
your device type and the operating system that you use,
broad geographic location (e.g. country or city-level location) based on your IP address,
qualitative and quantitative metrics of our Services’ performance on your device.
The abovementioned data collected automatically are necessary for us to operate the Services.
If you wish even such data not to be collected, you should not install or use our Services. If you already did, please refer to Information about your rights in Section 8 below.
Additionally, we can establish separate rules for collecting data as above, including the use of cookies or similar technologies, especially in a cookie policy for individual Services.
Typically, this data itself shall not be personal data, but it may be considered personal if it identifies you together with other information. In this case, we shall apply to them all the rules and legal basis for processing personal data set out in this Policy.
We may also receive some of your data from Social Network Services you participate in, especially when you connect to our Services using your account registered in some of such Social Network Services (e.g. Facebook).
Such data includes:
your username,
email,
avatar,
age,
gender.
We may receive some of your data from other third parties, in particular when you decide to connect the Services with other applications.
The data collected automatically, necessary to operate the Services or from Social Network Services, shall not be combined by us and processed together with the data concerning health from the non-medical research described above.
When we collect some of the data, you can provide us with your age but we cannot confirm that age from other sources.
Please remember that use of the Service is prohibited for users who are under 18 (eighteen) years old and if we learn that we had inadvertently gathered Data from a younger user, we will take reasonable measures to promptly erase such personal information from our records.Legal basis for personal data processing
All your personal data which are data concerning health, Shen.AI shall process only for the purposes identified above in Section Why are we processing your Data? and only under your explicit consent (Article 9.2 (a) GDPR).
When you request a newsletter service, we will provide you with it based on your consent (Article 6.1 (a) GDPR). The Data for the purpose identified in statement Performance of a contract, Shen.AI shall process as being necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Article 6.1 (b) GDPR). Shen.AI shall process the other Data for the purposes identified in statements Provision and development of the Services and Provision, maintenance, and improvement of the Services and as being necessary for the purposes of the legitimate interests pursued by us (Article 6.1 (f) GDPR). Our legitimate interests include the need to continually raise quality, functionality, and safety of our Services, increase accessibility of our service for persons participating in our non-biomedical researches or using our Services and also establishment, exercise or defence of legal claims (9.2 (f) GDPR).
Shen.AI may also process the data that is required for meeting requirements of legal regulations.
Who may access your Data?
Within our organization, your Data shall be disclosed only to our personnel on must-know basis for carrying out their work and shall be subject to strict security rules. We may disclose your Data to our affiliates (companies controlled by Shen.AI) and their personnel. We do not have other recipients of your personal data. Shen.AI shall not transfer any personal data to a third country (outside EU) or international organization. We may use third parties to collect and process personal data on our behalf and in accordance with our instructions. If such third parties collect data outside the EU, the personal data shall be immediately transferred to Shen.AI and shall be processed by Shen.AI only within the territory of the EU. The third party as above shall not have access to them, data shall not be transferred or given back to them outside the EU in any way.
How long do we store your personal data?
We shall store your personal data in respect to the particular Services only within the Services period, unless the special terms and conditions for those Services set forth otherwise. If any personal data shall be processed within our non-biomedical research for development of our technology the period for which the personal data shall be stored shall be determined by the research and development period defined in the research procedure.
We shall retain personal data for no longer than is necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by applicable law or justified by a legitimate legal interest (e.g. establishment, exercise, or defense of legal claims) or until withdrawal of your consent if processing is based on your consent or until a justified objection to processing based on a legitimate interest. No Data shall be processed if you have withdrawn your consent for particular processing or expressed any objection to such processing. In such an event, the period for which the personal data shall be stored ends and data shall be erased or anonymized.
Information about your rights
Users whose personal data are processed by Shen.AI have the following rights:
to request access to your data,
to request that your data are corrected,
to request the restriction of your data,
to request that your data are erased,
to request that your data are transferred,
to not be subject to automated decision-making, including profiling, to file an objection to the processing of your data,
to withdraw consent at any time (without affecting the legality of the processing performed on the basis of consent before its withdrawal),
to file a complaint with respect to data processing with Estonian Data Protection Inspectorate (e-mail: info@aki.ee) or Data Protection Inspectorate in any other EU member state.
Should you have any queries, comments, or requests concerning your rights as above, please contact the data controller at data@shen.ai.
In order to speed up the procedure of examining the request, you may clarify your demand, e.g. by indicating what you wish to delete or change, or you do not want to receive news or other commercial information. In the absence of an unequivocal statement as to the scope of personal data to be erased, Shen.AI may contact you in order to confirm details of your request.
The data processed for the purposes of the application is provided voluntarily but is necessary for the provision of the services by the application. If you do not accept processing of your Data, you should cease using the Services. If you object to processing of your Data, request the Data to be erased, or request that we stop processing your Data, as a result you may not be (depending on the type of Data and the type of Services) able to use the Services. If you file an objection to the processing of data or withdraw your consent to processing of certain Data, you may not be able to use the full functionality of the Services or even may not be able to use the Services at all.
If you consider your rights to be violated or your personal data processing rules infringed, you are entitled to file a complaint with respect to data processing with Estonian Data Protection Inspectorate (e-mail: info@aki.ee) or Data Protection Inspectorate in any other EU member state.. Personal data breach incidents and requests regarding your data should be reported to Shen.AI at data@shen.ai.
We may update this Privacy Policy when required by any changes to the conditions of data processing. Any changes will be communicated via our website and, where appropriate, by direct notification.