Privacy Policy

Last Updated: June 17, 2026

Pilot Notice (Nigeria, May 2026): TheHyWing is in a closed Nigerian pilot. Personal and health data collected during the pilot is processed only for the purposes listed below, retained only as long as needed, and never sold. We are registering as a Data Controller of Major Importance with the Nigeria Data Protection Commission (NDPC). For any privacy question contact privacy@thehywing.com.

1. Introduction

TheHyWing ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, WhatsApp bot, and related services (collectively, the "Service"). TheHyWing is a climate-risk intelligence and preventive health platform that protects human health and livelihoods across multiple climate stressors. We operate globally and comply with applicable data protection laws in all jurisdictions where we serve users.

2. Data Controller

TheHyWing is the data controller responsible for your personal data. For data protection inquiries:

3. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

2.2 Automatically Collected Information

3. How We Use Your Information

We use the collected information for:

3a. Why an Account and These Details Are Required

TheHyWing is a personalized safety and preventive-health service, not a general information app. The protection it provides — heat-strain and climate-risk scoring, hydration plans, symptom triage, doctor teleconsultations, safety-buddy check-ins, and employer/team safety features — cannot be delivered anonymously. Each of these is calculated against your own occupation, health vulnerability, and location, and is tied to a secure account.

For this reason we require an account and certain personal details to function. We rely on the following bases:

You may withdraw consent or delete your account at any time (Settings → Consents, or email privacy@thehywing.com).

4. Health Information Protection

We take the protection of your health information seriously:

4.1 Health Connect (Android) Disclosure

On Android, TheHyWing integrates with Health Connect to read selected wearable measurements only after you grant permission. We request read-only access and do not write any records to Health Connect.

Health Connect data types we request (read-only):

Why we access these data types: to compute your personalized physiological strain signal (heat/cold body stress), generate preventive actions, trigger high-risk alerts, and improve clinician decision-support during authorized consultations.

Minimum scope commitment: we request only the Health Connect data types required for the user-facing safety and preventive-health features described above. We do not request unrelated Health Connect permissions.

Sharing and limited use: Health Connect data is not sold and is not used for advertising, credit scoring, lending, or data brokerage. We only share health data with parties you authorize (for example, licensed clinicians in your consultation flow), or when legally required.

Your control: you can revoke Health Connect permissions anytime in Android Settings → Health Connect → App permissions → TheHyWing, and you can request deletion of your stored data from within the app (Settings → Consents) or by emailing privacy@thehywing.com.

5. Information Sharing and Disclosure

We do not sell your personal information. We share data only in these circumstances:

5a. Artificial Intelligence (AI) Transparency

AI Disclosure: TheHyWing uses AI (OpenAI GPT models) for symptom assessment, daily health tips, work schedule safety guidance, and personalized agricultural recommendations (Farm Intel).

Limitations: AI outputs are informational only — not medical diagnosis, prescription, or treatment. AI-generated agricultural guidance is advisory and does not guarantee crop yields or livestock outcomes. AI results are not reviewed by a clinician or agronomist in real-time. The AI may produce inaccurate results. Always consult qualified professionals. In emergencies, contact your local emergency services.

6. Data Security

We implement industry-standard security measures:

7. Your Rights

Depending on your jurisdiction, you have the following rights:

To exercise any right, email privacy@thehywing.com. We respond within 30 days.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide services. Health records may be retained for longer periods to comply with medical record-keeping requirements.

9. Children's Privacy

TheHyWing is not intended for users under 18 years of age. We do not knowingly collect information from children under 18.

10. Data Breach Notification

In the event of a breach posing a risk to your rights, we will notify the relevant supervisory authority within 72 hours (GDPR/NDPA) and notify affected users without undue delay. Our breach response process includes:

11. International Data Transfers

Your data may be processed in countries other than your own. We use the following sub-processors:

Sub-ProcessorPurposeLocationData Shared
RenderCloud hosting (API & database)United StatesAll application data (encrypted at rest)
OpenAIAI symptom assessment & farm adviceUnited StatesAnonymised symptom text only (no PII)
Expo (EAS)Push notification deliveryUnited StatesDevice push tokens & notification content
Meta (WhatsApp)WhatsApp bot messagingUnited StatesPhone number & message content
PaystackPayment processing (PCI DSS)NigeriaPayment data only
WeatherAPI / Open-MeteoWeather dataUK / EUGPS coordinates only
BrevoEmail deliveryEUEmail address & notification content
NetlifyLanding page hostingUnited StatesNo personal data (static site)

We ensure appropriate safeguards for cross-border transfers including Standard Contractual Clauses (SCCs), Data Processing Agreements (DPAs) with each sub-processor, and encryption of all data in transit (TLS 1.2+) and at rest (AES-256). PHI (Protected Health Information) is encrypted before leaving our application layer and is never sent to sub-processors in plaintext.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Jurisdiction-Specific Provisions

EEA (GDPR): Data portability, right to object, lodge complaints with your local DPA. USA (CCPA): Right to know, delete, opt out — we do not sell data. Nigeria (NDPA 2023): Consent-based processing, breach notification, correction/deletion. India (DPDP 2023): Consent management, data erasure, representative nomination.

14. Contact Us

For privacy questions or data requests:

Data Protection Officer: privacy@thehywing.com
General Support: support@thehywing.com
Website: thehywing.com


© 2025-2026 TheHyWing. All rights reserved.