Privacy Policy
Last Updated: April 2, 2026
1. Introduction
TheHyWing ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, WhatsApp bot, and related services (collectively, the "Service"). TheHyWing is a climate-risk intelligence and preventive health platform that protects human health and livelihoods across multiple climate stressors. We operate globally and comply with applicable data protection laws in all jurisdictions where we serve users.
2. Data Controller
TheHyWing is the data controller responsible for your personal data. For data protection inquiries:
3. Information We Collect
2.1 Personal Information
We collect information that you provide directly to us, including:
- Account Information: Email address, password (encrypted), and profile details
- Health Information: Occupation, work environment, climate exposure data, hydration records, vital signs, health conditions
- Agriculture Information: Crop types, livestock types, farming details (work_details field) — used solely to personalize Farm Intel climate risk assessments
- Location Data: Geographic location for weather-based alerts and agro-ecological zone detection (with your permission)
- Device Information: Device type, operating system, unique device identifiers
2.2 Automatically Collected Information
- App usage data and analytics
- Log data (IP address, timestamps, error logs)
- Weather API data for your location
3. How We Use Your Information
We use the collected information for:
- Service Delivery: Providing climate risk alerts, health monitoring, agricultural risk intelligence (Farm Intel), and medical consultations
- Personalization: Customizing alerts based on your work environment, health profile, and specific crops/livestock
- Livelihood Protection: Generating crop risk assessments, livestock welfare alerts, pest/disease warnings, and planting calendar guidance personalized to what you grow
- Safety: Sending critical climate health warnings and emergency notifications
- Communication: Sending service updates, password resets, and consultation reminders
- Analytics: Improving app performance and user experience
- Legal Compliance: Meeting regulatory and security requirements
4. Health Information Protection
We take the protection of your health information seriously:
- All Protected Health Information (PHI) is encrypted at rest and in transit
- Access to health data is logged and monitored for compliance
- We implement HIPAA-aligned security practices
- Health data is only shared with licensed clinicians for consultations you authorize
5. Information Sharing and Disclosure
We do not sell your personal information. We share data only in these circumstances:
- Healthcare Providers: Licensed clinicians during authorized consultations
- Caregivers: Only those you explicitly authorize
- AI Processing (OpenAI): Symptom descriptions are sent to OpenAI's API for AI-assisted health guidance. OpenAI processes this data under a Data Processing Agreement and does not use it for model training. No personally identifiable information (name, email, phone) is sent — only symptom text and anonymized health context.
- Service Providers: WeatherAPI.com / Open-Meteo (GPS coordinates only), Brevo (email delivery), Paystack (payments, PCI DSS compliant), Expo/EAS (push notification tokens), Render (cloud hosting)
- Legal Requirements: When required by law or to protect rights and safety
- Emergency Situations: To prevent serious harm to you or others
5a. Artificial Intelligence (AI) Transparency
AI Disclosure: TheHyWing uses AI (OpenAI GPT models) for symptom assessment, daily health tips, work schedule safety guidance, and personalized agricultural recommendations (Farm Intel).
Limitations: AI outputs are informational only — not medical diagnosis, prescription, or treatment. AI-generated agricultural guidance is advisory and does not guarantee crop yields or livestock outcomes. AI results are not reviewed by a clinician or agronomist in real-time. The AI may produce inaccurate results. Always consult qualified professionals. In emergencies, contact your local emergency services.
6. Data Security
We implement industry-standard security measures:
- SSL/TLS encryption for all data transmission
- Encrypted database storage
- Secure authentication with JWT tokens
- Regular security audits and monitoring
- Access controls and audit logging
7. Your Rights
Depending on your jurisdiction, you have the following rights:
- Access: Request a copy of your personal data (GDPR, NDPA, CCPA, DPDP, POPIA)
- Rectification: Correct inaccurate or incomplete data (GDPR, NDPA, POPIA)
- Erasure / Deletion: Request deletion of your data (GDPR, NDPA, CCPA)
- Data Portability: Receive your data in machine-readable format (GDPR, DPDP)
- Restrict Processing: Limit how we use your data (GDPR, POPIA)
- Withdraw Consent: Revoke consent at any time (all jurisdictions)
- Non-Discrimination: Exercise rights without diminished service (CCPA)
To exercise any right, email privacy@thehywing.com. We respond within 30 days.
8. Data Retention
We retain your information for as long as your account is active or as needed to provide services. Health records may be retained for longer periods to comply with medical record-keeping requirements.
9. Children's Privacy
TheHyWing is not intended for users under 18 years of age. We do not knowingly collect information from children under 18.
10. Data Breach Notification
In the event of a breach posing a risk to your rights, we will notify the relevant supervisory authority within 72 hours (GDPR/NDPA) and notify affected users without undue delay.
11. International Data Transfers
Your data may be processed in countries other than your own. Our servers are hosted on Render (US-based). We ensure appropriate safeguards including Standard Contractual Clauses, Data Processing Agreements, and encryption.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.
13. Jurisdiction-Specific Provisions
EEA (GDPR): Data portability, right to object, lodge complaints with your local DPA. USA (CCPA): Right to know, delete, opt out — we do not sell data. Nigeria (NDPA 2023): Consent-based processing, breach notification, correction/deletion. India (DPDP 2023): Consent management, data erasure, representative nomination.
© 2025-2026 TheHyWing. All rights reserved.