Theranica Privacy Policy

Effective date: July 7, 2025.

This privacy policy (“Privacy Policy”) governs how we, Theranica Bio-Electronics Ltd. (“Theranica,” “we,” “our” or “us”) use, collect and store Personal Information (defined below) we collect or receive from or about you (“User,” “you”) in connection with the following use cases:

(i) When you make use of the App
a. “Nerivio” https://play.google.com/store/apps/details?id=app.theranica.neriviomigra&hl=en, or
b. “Nerivio” https://apps.apple.com/us/app/nerivio/id1465862915

and any other mobile software application that we license (each individually, and collectively, the “App”).

  1. When you sign up for an account and during on-boarding
  2. When you make use of our Services through the App and Theranica’s device, e.g. Nerivio or Nerivio Infinity Device ("Nerivio Device")
  3. When you ask for a re-fill purchase of the Theranica’s device

(ii) When you make use of, or interact with, our websites www.theranica.com and www.nerivio.com (“Websites”)
a. When you browse or visit the Websites
b. When you subscribe to our distribution list(s)/newsletter(s)/blog
c. When we process your job application
d. When you contact us (e.g. customer support or request for information)
e. When we collect and process personal data in order to fulfill our pharmacovigilance obligations
f. When you obtain your prescription from a healthcare provider (“HCP”)
g. When you request information on how to obtain a Nerivio Device prescription

(iii) Other practices
a. When you attend a marketing event or exchange business cards with us and provide us with your Personal Information for marketing purposes
b. When we acquire your Personal Information from third-party sources (such as lead-generation companies)
c. When we use the Personal Information of our service providers, distributors, resellers, agents and/or partners
d. When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn, TikTok, YouTube)

Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory rights, including your rights to a remedy or means of enforcement.

Table of contents:

  1. Introduction
  2. What information we collect, why we collect it, and how it is used
  3. Period of storage of collected information
  4. How we share your Personal Information
  5. Additional information regarding transfers of Personal Information
  6. Your privacy rights
  7. Use by children
  8. How can I delete my account?
  9. Links to, and interaction with, Third-Party products
  10. Analytic Tools
  11. Specific provisions applicable under California privacy law
  12. Specific provisions under Washington State law
  13. Specific Provisions under Nevada law
  14. How to contact us

1. INTRODUCTION
The Website, the App and the Nerivio Device are individually and collectively referred to herein as the “Services.” We greatly respect your privacy, which is why we make every effort to provide Services that live up to recognized cybersecurity standards. Please read this Privacy Policy carefully so that you can fully understand our practices in relation to Personal Information. “Personal Information” means any information that can be used, alone or together with other information, to uniquely identify any living human being. Please note that this is a master privacy policy and some provisions only apply to individuals in certain jurisdictions (e.g., the legal basis table applies only to GDPR/UK-GDPR-protected individuals).

You are not legally obligated to provide us Personal Information; providing it is at your own free will. We reserve the right, at our discretion, to change this Privacy Policy at any time. Such a change will be effective ten (10) days following posting of the revised Privacy Policy on the Site. We will notify you of any material change either by email or when you next access the App.

TERMS OF USE AND EULA
This Privacy Policy forms part of our Terms of Use (available on www.theranica.com and www.nerivio.com under “Terms and Conditions”) and the App’s End User License Agreement (viewable within the App and accepted prior to first use).

2. WHAT INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED

Personal Information that we collect Why is the Personal Information collected and for what purposes? Legal basis (GDPR/UK-GDPR only, if applicable) Third parties with whom we share your Personal Information Consequences of not providing such Personal Information
When you make use of the App
When you sign up for an account and during on-boarding
· Full name
· Email address
· Phone number
· User password
· Date of birth
· Gender (Optional)
· Country
· Language
· Prescription information (Optional)
· Mobile phone details (type/OS version, UDID)
· Any other optional information you decide to provide/supply		 · To create an account.
· To authenticate you as a user of the App.
· To contact you in connection with technical support for the Services.
· We ask you to provide your country and your age in order to determine relevancy of applicable laws and regulations for the Services.
· We collect your language in order to determine and customize the App user interface language.
· To contact you in connection with our Services (e.g., verification messages).
· Your mobile phone details help us to determine appropriate technical characteristics and establish reliable server communication.		 Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (e.g. to create an account, to provide technical support and determine technical characteristics for reliable performance of the Services)
  
Consent for the processing of your health data.		 3rd party platforms for the following purposes:


· Microsoft office 365 -Email communication
· Google and Apple password saving tools - Password saving assistance on the phone for the App
· Firebase Google - Notification service for mobile push notifications
· AWS - Server computational infrastructure and managed storage service
· Intercom – CRM and customer support service		 · Cannot create an account.
· Cannot authenticate you as a user of the App.
· Cannot contact you in connection with technical support for the Services.
· Cannot determine applicable laws and regulations to allow you to operate the Nerivio Device and provide you with our Services.
· Cannot determine appropriate language settings to operate the App.
· Cannot contact you in connection with our Services (e.g., to assist in a re-filling purchasing request with your pharmacy).
· Cannot determine appropriate technical characteristics, establish reliable server communication to provide reliable Services.
· Full name
· Email address		 · To send you marketing communications and personalize the content of our messages to you(e.g. by including your first name at the beginning of our messages). Consent 3rd party platforms for the following purposes:
  
· AWS – Storage and notifications.
· Firebase Google – Notification service for mobile push notifications.
· Intercom – CRM and customer support service, newsletter, in-app messages and email marketing.		 ·  Cannot send you marketing communications nor personalize the content of our messages to you (e.g. by including your first name at the beginning of our messages).
· Geolocation (foreground)
· Location – only Country and State		 · We collect coarse and fine location data to enable Bluetooth operation (as required by Android).
· To understand your location for research, environmental factors assessment and service development
· To apply the required local policy and rules.		 Consent 3rd party platforms for the following purposes:


· AWS - Server computational infrastructure and managed storage service
· Intercom – CRM and customer support service.
· Google BigQuery - Data warehouse for data analysis		 · Cannot enable Bluetooth operation (as required by Android).
· Cannot provide location-related services e.g. identify potential environmental factors (temperature, barometric pressure, humidity) that might affect your migraine attacks.
· Cannot apply localization features.
· Bluetooth · To communicate between the device and the app Consent (through your mobile device). 3rd party platforms for the following purposes:
· None		 · Cannot communicate between the device and the app
When you make use of our Services through the App and the Nerivio Device
· Voluntary information on the treatment and associated symptoms and triggers provided by you before, during and/or after treatment, including symptoms (pain level, nausea, aura, phonophobia, photophobia, allodynia and other symptoms for prodrome/aura/headache stages), other feedbacks and triggers that you provided in your answers to the diary questions.
· Your treatment information including treatment start and end time, intensity update, pause, resume, stop actions, device safety alerts (over-current protection, over-voltage protection & no-load), and geo-location of the treatment.
· Your smartphone and connected Nerivio Device details (model and OS version, Nerivio Device ID, FW version, App log files and other details).
· UI actions and operations performed by you via the App such as log-in, log-out, device connect and disconnect, use of in-App services and other user actions.
· Any other information you decide to provide/supply via The App, web forms, survey emails.		 · Your feedback and treatment data are collected in order to allow you to make use of the Services, register and/or record your migraine episodes and to create and keep track of your migraine diary.
· Smartphone & Nerivio Device data, treatment data, logs, and analytics, are collected in order to discover, investigate and improve technical issues in the Services for you and other users, develop new Services, to control and operate the Nerivio Device and provide you reliable technical support in connection with the Services.
· To create and publish de-identified clinical research based on statistical analysis of mass quantities of patients.
· To understand your preferences and feature requests in order to develop new features and products with the user needs in mind.		 Consent (for the use of your health data).
  
Performance of a contract to which the data subject is party.
  
Legitimate interest (e.g. determine technical characteristics for reliable performance of the Services and to discover, investigate and improve technical issues in Services, develop new Services and provide reliable technical support in connection with the Services).		 3rd party platforms for the following purposes:
  
· Firebase Google- Notification service for mobile push notifications
· AWS - Server computational infrastructure and managed storage service
· Google BigQuery - Data warehouse for data analysis
· Intercom – CRM and customer support service
· Formsort – Forms and questionnaires service		 · Cannot allow you to make use of the Services (such as the migraine diary.
· Cannot register and/or record your migraine episodes.
· Cannot create and keep track of your migraine diary.
· Cannot discover, investigate and improve technical issues in the Services for you and other users, control and operate the Nerivio Device.
· Cannot develop new services and provide you reliable technical support in connection with the Services.
· Cannot create and publish de-identified clinical research based on statistical analysis of mass quantities of patients.
· Cannot include your user preferences and requests for features, services and product development.
When you ask for a re-fill purchase of the Nerivio Device or Nerivio Infinity Device
· Full name (optional)
· Contact details
· Re-fill request information – number of requested devices
· Medical insurance information (optional)		 · To facilitate and fulfill your re-fill request of the Nerivio Device with the relevant pharmacy.
· To send you informational emails about the re-fill request status.		 Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (e.g., in order to facilitate and fulfill your re-fill request of the Nerivio and send you information about the status of your request).
  
Consent for the processing of your health data.
  
Legitimate interest (e.g., to answer your queries and requests)		 3rd party platforms such as for the following purposes:
· Microsoft Office 365 – Email communication
· Firebase Google - Notification service for mobile push notifications
· AWS - Server computational infrastructure and managed storage service
· Google BigQuery - Data warehouse for data analysis
· Intercom – CRM and customer support service		 · Cannot facilitate and fulfill your re-fill request of the Nerivio Device with the relevant pharmacy or distributor
  
· Cannot send you informational emails about the re-fill request status
When you make use of, or interact with, our Websites
When you browse or visit our Websites
Information in log files:
Internet Protocol addresses (IP addresses)
  Browser type
Internet service provider (ISP)
Date and time stamp
Reference and output pages
clicked pages and
any other information that your browser sends to us.
   
For more information, please read Nerivio’s cookies policy and Theranica’s cookies policy		 · To review and improve the usage and operations of our Websites
· To analyze trends
· To administer the Websites
· To track users’ movement around the Websites		 Depending on the context, performance of a contract, Legitimate Interest (in order to provide you with the basic functionalities of our website), or Consent. For more information, please read Nerivio’ cookies policy and Theranica’s cookies policy
  
3rd party platforms for the following purposes:
  
· Formsort – Forms and questionnaires service		 · Certain Websites features may not be available
· Read more about the purposes of each cookie on Theranica’s Website https://theranica.com/cookies-policy/  and on Nerivio’s Website: https://nerivio.com/cookies-policy/
When you subscribe to our distribution list(s) / newsletter(s) / blog
· Full name
· Email address
· Whether you are a patient or a healthcare provider
· For healthcare providers: NPI, basic details of the practice and the clinic contact		 · To send you more information about Nerivo and Theranica.
· To send you Nerivo and Theranica updates and other materials related to migraine management and neuromodulation.		 Consent 3rd party platforms such as for the following purposes:
  
· Intercom – CRM, newsletters, customer support and marketing automations information
· ConvertFlow – Forms
· Formsort – Forms and questionnaires service		 · Cannot send you more information about Theranica
· Cannot send you Nerivo and Theranica updates and other materials related to migraine management and neuromodulation.
When we process your job application
· Full name
· Email address
· Phone number
· Email address
· Resume
· Any other information you decide to provide/supply		 · To process your job application
· To assess the candidate
· To communicate with you		 Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legitimate interest (e.g. to assess your job application)		 3rd party platforms such as for the following purposes:
· Microsoft office 365 - Email communication		 · Cannot process your job application
· Cannot assess your suitability
· Cannot communicate with you
When you contact us (e.g. customer support)
· Full name
· Email address
· Message: Inquiry/Complaint
· Any other information you decide to provide/supply		 · To process and answer questions
· To provide support (e.g., to solve problems)
· To customize your experience		 Performance of a contract to which the data subject is party.
Legitimate interest (e.g. provide support and answer your questions).		 · 3rd party platforms such as for the following purposes:
· Microsoft office 365 - Email communication
· Firebase Google - Notification service for mobile push notifications
· AWS - Server computational infrastructure and managed storage service
· Intercom – CRM, customer support service
· Atlassian Jira – CRM, technical support service		 · Cannot assist you and respond your query
· Cannot provide support
· Cannot customize your experience
· Contact details
· Phone number		 · To send you marketing communications


· To send you more information about Theranica
  
· To send you Nerivio and Theranica updates, and other materials related to migraine management and neuromodulation		 Consent 3rd party platforms such as for the following purposes:
  
· Intercom – CRM, newsletters, customer support and marketing automations information		 · Cannot send you marketing communications
· Cannot send you more information about Theranica
· Cannot send you Theranica's updates, special deals and other materials
When we collect and processes personal data in order to fulfil our pharmacovigilance obligations (i.e. our obligation to monitor the safety of all of our products or our products for which clinical studies are conducted)
· Full name
· Email address
· Age
· Gender
· Weight and height.
· The starting and ending dates of the treatment
· Your medical history
· Details of the product that caused the side effects, such as the dose you received, the prescription and / or prescription ratio
· Any other information that related to your use of our product that cause the side effect		 · To monitor the safety of our products
· To monitor adverse events or other activities related to pharmacovigilance. This information is important for public health purposes and will be used for the detection, assessment, understanding and prevention of adverse effects or any other medicine-related problems.
· To answer the inquiry, follow up on such requests and maintain the information in a medical information database for reference.		 Processing is necessary to comply with our legal pharmacovigilance obligations; or
To respond to your inquiries based on legitimate interests.		 · Partners that help us conduct the pharmacovigilance studies.
· Health authorities
· Microsoft office 365 - Email communication		 · Cannot monitor the safety of our products
· Cannot monitor adverse events or other activities related to pharmacovigilance.
· Cannot answer an inquiry, follow up on such requests and maintain the information in a medical information database for reference.
When you obtain your prescription from a healthcare provider (HCP)
· Full name
· Email address
· Phone number
· Age group: adolescent/adult		 · To send you prescription information Legitimate interest (in order to comply with our contract with your healthcare provider and provide you with the services request from them). 3rd party platforms such as for the following purposes:
  
· Constant Contact – Newsletters, email marketing
· Intercom – CRM, newsletters, customer support and marketing automations information
· ConvertFlow - Forms		 · Cannot send you prescription information.
· Full name
· Email address
· Phone number		 · To send you marketing communications
  
· To send you more information about Theranica
· To send you Theranica's updates, special deals and other materials		 Consent (e.g. to send you marketing communications) 3rd party platforms such as for the following purposes:
  
· Constant Contact – Newsletters, email marketing
· Intercom – CRM, newsletters, customer support and marketing automations information
· ConvertFlow - Forms		 · Cannot send you marketing communications
· Cannot send you more information about Theranica
· Cannot send you Theranica's updates, special deals and other materials
When you request information on how to obtain a Nerivio prescription
· Full name
· Email address
· Age group: adolescent/adult
· Insurance plan
State		 · To send you personalized information on how to obtain a prescription Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Legitimate interest.		 3rd party platforms such as for the following purposes:
  
·  Intercom – CRM, newsletters, customer support and marketing automations information
· ConvertFlow – Forms
· Formsort – Forms and questionnaires service		 · Cannot send you personalized information on how to obtain a prescription.
· Full name
· Email address		 · To send you Nerivio and Theranica updates, and other materials related to migraine management and neuromodulation Consent (e.g. to send you marketing communications) 3rd party platforms such as for the following purposes:
  
· Intercom – CRM, newsletters, customer support and marketing automations information
· ConvertFlow – Forms
· Formsort – Forms and questionnaires service		 · Cannot send you marketing communications
· Cannot send you more information about Nerivio and Theranica
· Cannot send you Nerivio and Theranica updates, and other materials related to migraine management and neuromodulation
When you attend a marketing event or exchange business cards with us and provide us with your Personal Information for marketing purposes
· Full name
· Email address
· Company or institute of affiliation
· Position or role
· Any other information you decide to provide/supply		 · To establish a business connection
  
· To send marketing communications		 Legitimate interest
  
Consent (e.g. to send you marketing communications)		 3rd party platforms such as for the following purposes:


· Microsoft office 365 – email communication
  
· Intercom – CRM, newsletters, customer support and marketing automations information
· ConvertFlow – Forms
· Formsort – Forms and questionnaires		 · Cannot establish a business connection
· Cannot send you marketing communications
When we acquire your Personal Information from third-party sources (such as lead-generation companies)
· Contact information · To establish a business connection/discussion
  
· To send marketing communications.		 Depending on the context, legitimate interest, pre-contractual discussions or consent 3rd party platforms such as for the following purposes:


· Microsoft office 365 – email communication
· Intercom – CRM, newsletters, customer support and marketing automations information
· ConvertFlow – Forms
· Formsort – Forms and questionnaires service		 · Cannot establish a business connection
· Cannot send you marketing communications
When we use the Personal Information of our service providers, distributors, resellers, agents and/or partners
· Full name
· Email address
· Company or institute/organization name
· Role/position
· Any other Information you decide to provide		 · To contact you
  
· To establish a relationship with our vendors and resellers
  
· To perform the applicable agreement		 Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Legitimate interest (e.g., to establish a relationship with our vendors and resellers)		 3rd party platforms such as for the following purposes:
  
· Microsoft office 365 – email communication		 · Cannot communicate with you
· Cannot establish a relationship
· Cannot perform the agreement
When you interact with us on our social media profiles (e.g., Facebook, Instagram, Twitter, LinkedIn,TikTok and Youtube)
· Full name
· Email address
· Company or institute/organization name
· Role/position
· Any other Information you decide to provide/supply		 · To reply and/or respond to your request or question
  
· To establish a first business connection/discussion		 Depending on the context, legitimate interest, processing is necessary in order to take steps at the request of the data subject prior to entering a contract; or consent. 3rd party platforms such as for the following purposes:
  
Microsoft office 365
· LinkedIn - Social media channels
· Facebook – Social media channels
· Twitter - Social media channels
· YouTube - Social media channels		 · Cannot reply or respond to your request.
· Cannot establish a business connection with you.

Finally, please note that some of the above mentioned Personal Information will be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes based on our legitimate interest. Personal Information may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may or will anonymize or de-identify your Personal Information. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them).

  1. PERIOD OF STORAGE OF COLLECTED INFORMATION
    Personal Information. Your Personal Information (as described above) will be retained for as long as reasonably necessary to fulfil the purposes we collected it for until we no longer need the information and proactively delete it, we de-identify it or until you send a valid deletion request. Inactive accounts are subject to deletion after 7 years. The users will be notified about deletion action based on the contact information on-records and reminded of the right to request the copy of the information before the deletion. Failure to respond within a period of 30 days after notification will be deemed as absence of objection and the account/data will be no longer available for use and individual processing. The treatment data that was collected by the mobile application will be identified and aggregated for the purposes of pharmacovigilance, medical research publications, and service improvement. In some circumstances we may store your Personal Information for longer periods of time in intermediate archives, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements (including, without limitation, pharmacovigilance legislation), or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings. We have an internal data retention policy to ensure that we do not retain your Personal Information perpetually. If you would like to receive additional information regarding the retention period, you can send us an email to support@nerivio.com.
    Cookies. The period of storage and collected information depends on the cookie. You may also control and delete these cookies through your browser settings. Some cookies (e.g. essential cookies) cannot be disabled. For more information, please consult our cookie policies https://theranica.com/cookies-policy/ and https://www.nerivio.com/legal/cookies-policy.

HOW WE PROTECT YOUR PERSONAL INFORMATION
Security. We have implemented appropriate technical, organizational and security measures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the information concerned. However, please note that we cannot guarantee that the information will not be exposed as a result of unauthorized penetration to our servers. Nevertheless, we make commercially reasonable efforts to make the collection and security of such information consistent with this Privacy Policy and all applicable laws and regulations. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.

  1. HOW WE SHARE YOUR PERSONAL INFORMATION
    In addition to the recipients described above, we may share your information as follows:
    o With our business partners with whom we jointly offer products or services. We may also share Personal Information with other Theranica entities.
    o To the extent necessary, with regulators, to comply with all applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
    o We are also obliged to report certain pharmacovigilance and product relevant information to health authorities worldwide, in accordance with GDPR and other applicable laws
    o If, in the future, we sell or transfer some or all of our business or assets to a third party, we will (to the minimum extent required) disclose information to a potential or actual Third-Party purchaser of our business or assets. In the event that we are acquired by or merged with a Third-Party entity, or in the event of bankruptcy or a comparable event, we may transfer or assign Personal Information in connection with the foregoing events.
    o Where you have provided your consent to us sharing the Personal Information (e.g., where you provide us with marketing consents or opt-in to optional additional services or functionality); and
    o Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Information is disclosed.
  2. ADDITIONAL INFORMATION REGARDING TRANSFERS OF PERSONAL INFORMATION
    a. Storage: The personal information is stored by AWS managed service – Amazon Relational Database Service (Amazon RDS) with servers located in the United States. De-identified information is stored also by Google BigQuery - fully-managed, serverless data warehouse for data analysis with storage located in the United States. Intercom services and data are hosted at AWS facilities in the United States. AWS is self-certified under the EU-US Data Privacy Framework.
    b. Access from Israel: Access from Israel is covered by the European Commission’s Adequacy Decision regarding Israel, such decision has been recognized by the United Kingdom. You can read more here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.
    c. External transfers: Where we transfer your Personal Information outside of the UK and/or EU/EEA, for example to third parties who help provide our products and services, we will obtain contractual commitments from them to protect your Personal Information. When we engage in such transfers of personal information, we rely on i) Adequacy Decisions as adopted by European Commission (and adopted by the UK Information Commissioners Office) on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR) (for example, when we access from Israel), ii) Standard Contractual Clauses issued by the European Commission and/or the United Kingdom's Information Commissioners Office, or iii) the recipient's self-certification under the EU-US Data Privacy Framework and its UK Extension. We also continually monitor the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the GDPR and/or the UK GDPR.
    If you would like to receive additional information regarding transfers of personal data, you can send us an email to support@nerivio.com.
  3. YOUR PRIVACY RIGHTS
    You can assert your rights as a data subject with regard to your processed personal data at any time by contacting us using the contact details given below under Section 14. As the data subject, you have the right
    a. to request information about your data processed by us.  In particular, you can request information about the purposes of processing, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
    b. to immediately request the correction of incorrect data or the completion of your data stored by us;
    c. to demand the deletion of your data stored by us, unless such Personal Data is still necessary in relation with the purposes for which it was collected, your consent is not the legal basis for processing, there are other legitimate grounds to process your Personal Data, such as, the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
    d. to demand the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;
    e. to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller (“data portability”);
    f. to object to the processing, provided that the processing is based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. If it is not an objection to direct advertising, we ask you to explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing;
    g. to withdraw your consent once given to us (including before the GDPR came into force, i.e. before 25 May 2018) – i.e. your voluntary, informed and unequivocal declaration or other unambiguous confirmatory act indicating that you consent to the processing of the personal data concerned for one or more specific purposes – at any time, if you have given such consent. As a result, we may no longer continue the data processing that was based on this consent in the future; you have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular where the processing is necessary to comply with our legal and regulatory obligations. Please also note that withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal; and
    h. to complain to a data protection supervisory authority about the processing of your personal data in our company.
    m. You can exercise your rights by contacting us at the directions listed in https://www.nerivio.com/international-availability/. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfil your request. Please note that due to our legal obligations for pharmacovigilance legislation, we may not be able to erase or restrict processing of your personal data if processed for pharmacovigilance. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initial requested, we will address your request to the maximum extent possible, all in accordance with applicable law.

GENERAL DATA PROTECTION REGULATION (GDPR) – EUROPEAN REPRESENTATIVE
Pursuant to Article 27 GDPR, Theranica has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
• by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
• by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

DATA PROTECTION OFFICER
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Theranica has designated Ofer Rosenbloom, Managing Partner of CyTECH International (www.cytechint.com) as Data Protection Officer. You can contact DPO regarding matters pertaining to the GDPR:
• ISRAEL Office: +972 (52) 422 5399 | USA Office: +1 (720) 419 8738 or https://www.cytechint.com/contact-us

  1. USE BY CHILDREN
    Certain aspects of the App are available to children under the age of 18. When we intend to process Personal Information from or about children, under the age of 18 (or, in the US, when we intend to process Personal Information from or about children under the age of 13), we will obtain consent from the parents/legal guardian to this Privacy Policy and to any data processing whose legal basis is consent in accordance with section 2 of the Privacy Policy, and as required under applicable law in each relevant jurisdiction. Depending on their level of maturity, minors shall be associated to the decisions taken as to the processing of their personal data through the App.
  2. HOW CAN I DELETE MY ACCOUNT?

[1] GDPR Article 15

[1] GDPR Article 16

[1] GDPR Article 17

[1] GDPR Article 18

[1] GDPR Article 20

[1] GDPR Article 21

[1] GDPR Article 7 (3)

[1] GDPR Article 77

Should you ever decide to delete your Account, you may do so by contacting our Customer support via our Website, the App or emailing support@nerivio.com. If you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account. However, please note that independently from the deletion of your Account, we may have to retain some information considering our legal retention obligations. In the same manner, you may have voluntarily shared information outside of the App (with your healthcare provider for instance), which will be retained by those recipients and under their responsibility.

  1. LINKS TO AND INTERACTION WITH THIRD-PARTY PRODUCTS
    The Websites may enable you to interact with or contain links to your Third-Party Account and other Third-Party Websites, mobile software applications and services that are not owned or controlled by us (each a “Third-Party Service”). We are not responsible for the privacy practices or the content of such Third-Party Services. Please be aware that Third-Party Services may collect Personal Information from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third-Party Service that you choose to use or interact with.

LOG FILES
We make use of log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser may send to us. We may use such information to analyze trends, administer the Website, track users’ movement around the Website, and gather demographic information.

  1. ANALYTIC TOOLS
    • Google Analytics. If you have given your consent, we use Google Analytics, a web analysis service of Google Ireland Ltd, Building Gordon House, 4 Barrow St, Dublin D04 E5W5, Ireland ("Google Ireland") on our websites to analyze your website behavior ("Google Analytics"). As part of the processing described below, personal data may also be transmitted to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Ireland and Google LLC are hereinafter jointly referred to as "Google". Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this Website. We use the information we get from Google Analytics to maintain and improve the Website and our products. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this Website is restricted by the Google Analytics Terms of Service, available at http://www.google.com/analytics/terms/us.html/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes Information specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. The data used by Google Analytics is your browser information, click path, date and time of visit, device information, downloads, Flash version, location information, IP address, JavaScript support, pages visited, purchase activity, referrer URL, usage data and widget interactions. We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA and thus anonymized. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
    Your personal data is processed on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. You may further prevent your Information from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.
    • Hotjar. The Websites use Hotjar, a service provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St. Julian's STJ 3141, Malta ("Hotjar"), in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see Hotjar’s privacy policy at https://www.hotjar.com/legal/policies/privacy.
    Your personal data is processed on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. You can further opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our Website and Hotjar’s use of tracking cookies on other websites on this link https://www.hotjar.com/legal/compliance/opt-out.
    • Meta Pixels and SDKs. Where you have consented, we use Facebook pixels or SDKs, which are tools that provide help to website owners and publishers, developers, advertisers, business partners (and their customers) and others integrate, use and exchange information with Facebook, as such the collection and use of information for ad targeting. In the European Union, these services are operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin D02, Ireland ("Meta Ireland"). Meta Ireland is a subsidiary of Meta Platforms, Inc, 1601 Willow Rd, Menlo Park, CA, USA ("Meta Platforms, Inc."). Meta Platforms, Inc. and Meta Ireland are hereinafter jointly referred to as "Meta". Please note that third parties, including Facebook, use cookies, web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services and targeted advertising. Facebook may also receive or collect information from the App and other apps and then use that information to provide measurement solutions and ad targeting and delivery. Facebook’s ability to use and share information is governed by the Facebook Tools Terms, available at: https://www.facebook.com/legal/technology_terms/.
    The information processed includes IP addresses, information about the web browser, the location of the page, the document, the referrer and the person using the website, the pixel ID and the Facebook cookie, all buttons that visitors to the website have clicked on, the labels of these buttons and all pages that were accessed as a result of these button clicks, information about the visit, form field values, device information and app events. For more information about the collection and use of data by Facebook, as well as your rights and options for protecting your privacy, please refer to Facebook's privacy policy: www.facebook.com/about/privacy/.
    Your personal data is processed on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. Furthermore, you can prevent your data from being used by Facebook Pixels and SDKs by exercising your choice through these mechanisms: http://www.aboutads.info/choices or http://www.youronlinechoices.eu/.

Social plugins
We have implemented social plugins from social networks so that you can share anything that is of interest to you with your colleagues and connections on social networks. Our websites may contain social plugins for external social networks such as twitter.com ("Twitter") and LinkedIn.com ("LinkedIn"). You can usually recognize the plugins by the respective logos.
Each time you visit our websites that contain a plugin, your browser establishes a direct connection to the servers of e.g. Twitter or LinkedIn. The servers of these third-party providers recognize which of our websites, applications or content you are currently visiting.
If you are a member of the respective social network, e.g. Twitter, and are logged in while visiting our websites, it assigns the information to your personal user account. When you interact with one of the plugins, e.g. by clicking the Like button, this information is transmitted directly to the social network via your browser and stored there in your personal user account. The information that you share from our websites is transmitted to social networks.
We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by the respective social network. Furthermore, we have no influence on the data that LinkedIn collects via the plugin, nor on the scope of the data that the social network collects. We also have no knowledge of the content of the data transmitted to the social network. For more information on data collection practices and your rights and preferences, please refer to the social networks' privacy policies.

  1. SPECIFIC PROVISIONS UNDER CALIFORNIA PRIVACY RIGHTS
    California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to support@nerivio.com. Please note that we are only required to respond to one request per customer each year.
    We do not track consumers over time and across Third-Party websites and therefore do not respond to Do Not Track signals. We do not allow third parties to collect personally identifiable information about an individual consumer’s online activities over time and across different websites when a consumer uses the Services.
    If you are a California resident under the age of 18 and a registered user, California Business and Professions Code Section 22581 permits you to remove content or Personal Information you have publicly posted. To remove, please send an email to support@nerivio.com. Please be aware that after removal you will not be able to restore removed content. In addition, such removal does not ensure complete or comprehensive removal of the content or Personal Information you have posted and that there may be circumstances in which the law does not require us to enable removal of content.
  2. SPECIFIC PROVISIONS UNDER WASHINGTON STATE LAW
    Some of the information we collect and use, may be considered 'Consumer Health Data' under Washington State's 'My Health, My Data' Law. If you are a Washington State consumer, please review our notice of privacy practices here https://www.nerivio.com/legal/theranica-washington-state-health-data-privacy-policy.
  3. SPECIFIC PROVISIONS UNDER NEVADA LAW
    Some of the information we collect and use, may be considered 'Consumer Health Data' under Nevada's Health Privacy Law. If you are a Nevada consumer, please review our notice of privacy practices here https://www.nerivio.com/legal/nevada-health-data-privacy-policy.
  4. CONTACT US
    If you have any questions, concerns, or complaints regarding our compliance with this notice and the Information protection laws, or if you wish to exercise your rights, we encourage you to first contact us at support@nerivio.com or via in-App communicator.
    The data controller is: Theranica Bio-Electronics Ltd., 4 Ha-Omanut St., Netanya 4250438, Israel
    Last updated: July 7, 2025