Privacy Policy
Last Updated: February 13, 2026
Fisica ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our services.
1. Information We Collect
We collect information you provide directly to us and data generated through your use of our hardware and software.
A. Information Provided by You or Third Parties
Account and Profile Information: Email address, nickname (or name), profile photo, country of residence, and language settings.
Social Login Information: If you choose to log in via Google or Apple, we collect the unique identifier (ID) and email address provided by those platforms to ensure a secure account access environment.
Shipping and Contact Information (Hardware Orders): Full name, shipping address, and phone number. (Purpose: Strictly for hardware delivery, order tracking, and customer support communications)
Demographic and Physical Characteristics: Year of birth, height, and weight.
Financial Information: We collect payment-related information at the time of purchase.
Note: Fisica does not directly store your full credit card number or CVV. Payment processing is handled by secure, PCI-DSS compliant third-party processors (e.g., Apple App Store, Google Play Store, or authorized payment gateways).
B. Sensitive Information and Biometric Data (Separate Consent Required)
Important: The following data categories are considered "sensitive information" or "biometric" data. We process this data only after obtaining your separate and explicit consent during the measurement process.
Raw Measurement Data: Data captured by our proprietary sensors during the plantar pressure analysis process to evaluate weight distribution.
Visual Analysis Data: Image data captured for the purpose of assessing body structure, symmetry, and postural alignment.
Note: All visual data is encrypted and used solely for report generation. Access is strictly limited to authorized systems.Anatomical Landmark Data: Digital keypoints extracted from visual data to calculate body tilt and balance, including:
Facial Features: Keypoints of the eyes, nose, and mouth used to determine head position and tilt.
Structural Keypoints: Left and right points of the shoulders and pelvis used to assess postural symmetry and tilt.
C. Automatically Collected Information
Device information, IP address, and usage logs (standard items for global compliance).
2. Purpose of Using Information
We process your information for the following purposes:
Service Provision: Generating and providing comprehensive analysis reports (plantar pressure and vision analysis).
Order Fulfillment: Payment processing, subscription management, shipping of hardware devices, and providing delivery status updates.
Customer Support: Handling inquiries, returns, and refunds related to software services and hardware products.
Product Improvement: Algorithm refinement, enhancing sensor accuracy, and developing new features based on de-identified data.
Marketing and Communications (Optional):
Sending information about new features or products.
Providing promotional offers and discount events.
Offering personalized experiences through customized health insights.
3. Data Retention and Destruction
We retain your personal and health-related data (including biometric data) only for the period necessary to fulfill the purposes set out in this policy.
Account Deletion: If you choose to delete your account or withdraw from the Service, all your personal information, vision images, and anatomical landmark data will be immediately and permanently destroyed.
Transaction and Financial Records: To comply with legal audit and financial reporting obligations, we retain purchase and shipping records for the period required by relevant tax and commercial laws (typically 5–7 years, depending on the jurisdiction), even after service withdrawal.
Completion of Service and Maximum Retention: Even without an explicit withdrawal request, we will delete your data within three (3) years from the date the purpose of the service is achieved (e.g., the last measurement or report generation). This ensures you can track health progress over time while ensuring sensitive data is not stored indefinitely.
Security of Retained Data: All visual data is encrypted and used only for generating body analysis reports. Once analysis is complete, access is strictly limited to authorized systems to ensure maximum privacy during the retention period.
Marketing Data: Information collected for marketing purposes is kept until you withdraw your consent.
Method of Destruction:
Electronic Files: Permanent deletion using technical methods that make recovery impossible (e.g., secure erasure).
Paper Documents: Shredding or incineration (if applicable).
Legal Exceptions: Notwithstanding the above, certain data may be stored for a longer period if required by applicable laws (e.g., tax, commercial, or health regulations).
4. Third-Party Sharing
To provide services and fulfill orders, we may share certain information with trusted third-party service providers.
Payment Processors: Authorized payment gateways (PG) and app store providers (Apple/Google) to securely process your transactions.
Logistics and Shipping Partners: Local and international courier services to deliver physical hardware to your designated shipping address.
Cloud and Infrastructure: Providers like AWS for secure data storage.
Our Commitment: We only share the minimum information necessary for these providers to perform their duties (e.g., sharing only name, address, and phone number with the courier).
5. Rights of Data Subjects
You have specific rights regarding your personal information under applicable laws (such as EU GDPR, California CCPA, and South Korea PIPA).
Right of Access: The right to request a copy of the personal information we hold, including your measurement history and analysis reports.
Right to Rectification: The right to request the correction of inaccurate personal information or the completion of incomplete data (e.g., year of birth, height, weight).
Right to Erasure ("Right to be Forgotten"): The right to request the deletion of personal information, including visual data captured for analysis and derived structural results.
Right to Data Portability: The right to request that your personal information and analysis results be transferred to you or another controller in a structured, commonly used, and machine-readable format.
Right to Restriction of or Objection to Processing: The right to restrict our processing of information or object to processing performed based on "legitimate interests".
Right to Withdraw Consent: We process sensitive biometric data such as vision images and body analysis data based on your explicit consent. You have the right to withdraw this consent at any time.
6. International Data Transfer
Fisica is headquartered in South Korea. By using our services, you acknowledge that your information may be transferred to and processed in South Korea and other countries where our cloud servers (e.g., AWS) are located. We implement Standard Contractual Clauses (SCCs) to ensure data protection.
7. Jurisdiction-Specific Notices
1. European Economic Area (EEA)
A. Data Protection Officer (DPO): For inquiries regarding our data processing, please contact our DPO.
Name: Heejung Kim
Email: privacy@carenco.kr
B. EEA Representative: We have appointed DataRep as our data protection representative in the European Union so that you can contact them directly in your country of residence. DataRep has local offices across all 27 EU member states, the UK, Norway, Iceland, and Switzerland, allowing customers to ask questions at any time.
Representative: DataRep
Email: digitalrequest@datarep.com
Note: Please ensure you include the phrase <Fisica> in the subject line of your email.Online Inquiry: www.datarep.com/data-request
C. Sensitive Information (Biometric): We process "special categories of personal data" (biometric data: vision images and body coordinates) based on your explicit consent (GDPR Article 9(2)(a)). You have the right to withdraw this consent at any time.
D. Contractual Necessity: The processing of your shipping and payment data is based on contractual necessity for order fulfillment (GDPR Article 6(1)(b)).
E. Compliance with the Digital Services Act (DSA): We comply with the European Union's Digital Services Act (DSA). Further details regarding service transparency and designated contact points can be found on the dedicated page below.
View Details: Go to Digital Services Act (DSA)
2. United States
A. Washington and Nevada Notice (Consumer Health Data Privacy): In accordance with the Washington My Health My Data Act (MHMDA) and similar laws in Nevada, Fisica provides the following notice regarding consumer health data (such as biometric landmark data and body analysis results).
Categories of Consumer Health Data Collected: Biometric data (anatomical landmarks) as described in Section 1, physical characteristics (weight, height), and health-related analysis results.
Purpose of Collection: We collect and use data solely for providing body analysis reports and improving evaluation algorithms.
No Third-Party Sharing: We do not share your consumer health data with third parties without your separate and explicit consent, except as necessary to provide the services you have requested.
Your Rights: You have the right to access your consumer health data, withdraw consent, and request full deletion. We will fulfill deletion requests within the statutory period.
B. Rights in Other U.S. States: Residents of these states have the following rights under respective state laws such as VCDPA (Virginia) and CPA (Colorado).
Right to Opt-Out: We do not sell your personal information for monetary consideration, nor do we use it for "targeted advertising" or "profiling" that produces legal effects.
Consent for Sensitive Data: We treat your biometric and health-related information as sensitive data. By using our service and providing explicit consent, you authorize us to process this data.
Right to Appeal: If we decline to take action on your request to exercise your rights, you may appeal our decision by contacting support@carenco.kr.
C. California Privacy Rights (CCPA/CPRA):
Right to Limit Use of Sensitive Personal Information: You have the right to limit the use of your sensitive personal information (biometric landmarks) to the extent necessary to perform the services. Fisica does not use such data for any other purpose.
Categories of Information: In the past 12 months, we have collected identifiers (email), physical characteristics, and biometric information.
No Sale or Sharing: We do not "sell" your personal information, nor do we "share" it for cross-context behavioral advertising.
D. Financial Compliance: Purchase records and shipping data are retained in accordance with state and local sales tax regulations.
3. Canada
A. Ten Fair Information Principles: Fisica complies with the ten fair information principles set out in PIPEDA.
Accountability: We have designated a Privacy Officer to ensure compliance.
Identifying Purposes: The reasons for collecting data are identified at or before the time of collection.
Consent: We obtain your meaningful consent before collecting sensitive biometric data.
Limiting Collection and Use: We only collect information necessary for the service and use it only for the purposes to which you have consented.
Safeguards: Your data is protected by security measures appropriate to the sensitivity of the information, such as encryption and access restrictions.
Openness and Individual Access: We are transparent about our privacy practices and provide access to your information upon request.
B. International Data Transfer: Your personal information, including sensitive body analysis data, is processed and stored on secure servers located in South Korea. We ensure that data transfer agreements provide a level of protection equivalent to Canadian privacy standards.
C. Quebec-Specific Rights: If you are a resident of Quebec, you have the following additional rights.
Right to Data Portability: The right to receive your personal information in a structured, commonly used technical format.
Right to De-indexing: The right to request, under certain conditions, that we stop disseminating your personal information or stop indexing hyperlinks that provide access to your data.
D. Taxes and Shipping: Transaction data is retained for 7 years in accordance with Canada Revenue Agency (CRA) requirements.
4. Singapore
A. Data Protection Officer (DPO): In accordance with the Personal Data Protection Act (PDPA), Fisica has appointed a Data Protection Officer.
Name: Heejung Kim
Email: privacy@carenco.kr
Operating Hours: Mon-Fri 10:00 AM - 5:00 PM
B. Transfer Limitation Obligation: We ensure that international data transfers (e.g., to Korean servers) are guaranteed at a level comparable to the protection standards under the PDPA.
C. Financial Records: Transaction data is retained for at least 5 years in accordance with Singapore statutes.
5. Australia
A. Australian Privacy Principles (APP):
Sensitive Information: We collect sensitive information (biometric data) only with your consent and where reasonably necessary for our functions.
Overseas Disclosure: We take reasonable steps to ensure that overseas recipients (Fisica HQ in Korea) do not breach the APPs.
Complaints: If you believe we have breached the APPs, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
6. South Korea
A. Summary of Personal Information Processing (Including Sensitive Data)
In accordance with the South Korean Personal Information Protection Act, a summary of matters regarding the processing of sensitive information is provided below.
| Category | Items Processed | Purpose of Collection and Use | Retention and Use Period |
|---|---|---|---|
| General Personal Information | Email address, year of birth, height, weight | User identification, basic physical data management | Until account deletion (or 3 years after last service use) |
| Sensitive Information | Plantar pressure sensor data, vision images, anatomical landmark data | Generating plantar pressure analysis and body pain prediction reports | Immediate destruction upon account deletion (or upon achievement of purpose) |
| Automatically Collected Information | Device info, IP address, service usage logs | Security, prevention of unauthorized use, service improvement | Upon service termination or according to log retention policy |
| Payment and Shipping Information | Name, shipping address, contact (phone number), payment/transaction records | Hardware order and shipping processing, in-app payment and subscription management, customer support (refunds and inquiries) | 5 years (Compliance with the Act on Consumer Protection in Electronic Commerce, etc.) |
B. Separate Consent for Sensitive Information
In accordance with Article 23 of the Personal Information Protection Act, Fisica obtains separate explicit consent for the processing of health-related data (sensitive information) such as plantar pressure data and body image coordinates, separate from general personal information. You have the right to refuse this consent, but refusal may limit your use of core services such as plantar pressure analysis and pain prediction.
C. Chief Privacy Officer (CPO) and Contact
We take overall responsibility for matters related to personal information processing and have designated a Chief Privacy Officer as follows to handle user complaints and damage relief.
Chief Privacy Officer (CPO): Byungwoo Jo
Contact: cpo@carenco.kr
8. Contact Us
If you have any questions regarding this Privacy Policy, please contact us at:
Email: privacy@carenco.kr
Address: B-108, 57 Oryundae-ro, Geumjeong-gu, Busan, Republic of Korea (46252)