Tinnitaid

Privacy Policy

Who We Are

Our website address is: https://tinnitaid.com. Tinnitaid is dedicated to helping individuals manage tinnitus symptoms through our TRT (Tinnitus Retraining Therapy) app. The creating team of the app does not hold any responsibility on how the app is used. Please consult your doctor. This app is not a medical device. Though, we use the latest tinnitus research to give you the best relief you can find. By using the app, you accept the above policy statements.

Comments

When visitors leave comments on the site, we collect the data shown in the comments form, along with the visitor’s IP address and browser user agent string to help detect spam. An anonymized string created from your email address (a hash) may be provided to the Gravatar service to check if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. Once your comment is approved, your profile picture will be visible to the public alongside your comment.

Media

If you upload images to the website, please avoid including embedded location data (EXIF GPS). Visitors can download and extract any location data from images uploaded to the website.

Cookies

If you leave a comment on our site, you may choose to save your name, email address, and website in cookies for your convenience. These cookies will last for one year, so you don’t have to re-enter your information when you leave another comment.

When you visit our login page, we set a temporary cookie to determine if your browser accepts cookies. This cookie does not contain any personal data and is discarded when you close your browser.

When you log in, we also set up cookies to save your login information and screen display preferences. Login cookies last for two days, while screen options cookies last for a year. Selecting “Remember Me” will keep you logged in for two weeks. Upon logging out, login cookies are removed.

If you edit or publish an article, an additional cookie will be stored in your browser, which simply records the post ID of the edited article. It expires after one day.

Embedded Content from Other Websites

Articles on our site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has directly visited the other website. These sites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interactions with that embedded content, especially if you have an account and are logged into that site.

Who We Share Your Data With

If you request a password reset, your IP address will be included in the reset email to help verify the request.

How Long We Retain Your Data

If you leave a comment, the comment and its metadata are retained indefinitely. This helps us recognize and approve follow-up comments automatically without needing manual moderation.

For users who register on our website (if applicable), we store the personal information provided in their user profile. All registered users can view, edit, or delete their personal information at any time (except for their username). Website administrators can also view and edit that information.

What Rights You Have Over Your Data

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you provided to us. You can also request that we erase any personal data we hold about you, except for data we are required to retain for administrative, legal, or security purposes.

Where Your Data is Sent

Visitor comments may be checked through an automated spam detection service to ensure the safety and security of our website community.

GDPR

We use Google Analytics to track the usage of the app. Please be aware of their compliance with GDPR before using the app.By using the app you agree to the above statement.

PERSONAL DATA PROCESSING POLICY

Last updated: October 1, 2025

The protection of your personal data is our priority and the foundation of the trust relationship we aim to establish with you. Please take a moment to carefully read this Personal Data Processing Policy (“Policy”).

With this Policy, we inform you about how we collect and process your personal data.

The Controller of your personal data is TafHub – Tinnitaid, VAT No. 143501276, GEMI No. 181595403000, operating as “TafHub”, which owns and manages the Website and the Tinnitaid mobile application (“Tinnitaid”, “Company”, “we”). You may contact us at [email protected].

1. Purpose of this Policy

This Policy sets out the terms and conditions followed by our Company for the protection of your personal data as Users of our Application. It describes the rules governing the collection and processing of your personal data and ensures the confidentiality of such information.

Our Company reserves the right to modify or update this Policy whenever deemed necessary. Any changes will take effect once publicly displayed in the Application.

This Policy applies exclusively to the Tinnitaid mobile application, available through our website and distributed via the App Store and Google Play (“Application”), through which users may use the sound frequency detection services and receive personalized sound-based relief sessions.

Users should note that the Application may contain links to third-party websites. Our Company bears no responsibility for the data protection practices, terms or content of such third-party websites.

If any provision of this Policy is deemed invalid, illegal or unenforceable, the remaining provisions shall remain in full force to the extent they do not conflict with the intent of this Policy.

2. Registration / Login

When registering and updating your user profile, you provide the following data:

  • Full name
  • Gender
  • Date of birth
  • Email address
  • Landline and/or mobile phone number
  • Security credentials (password)

Purpose: Creation and management of your user account, and provision of our Application services.

Legal basis: Article 6(1)(b) GDPR — processing necessary for the performance of a contract.

Retention: Five (5) years from the deletion of your account.

3. Contacting Our Company

When contacting us via the Application’s contact form, you provide:

  • Full name
  • Email address
  • Message content

An optional question about whether the enquiry concerns you or a family member is collected solely to provide a more personalized user experience.

Purpose: Responding to your messages and taking steps at your request prior to entering into a contract.

Legal basis: Article 6(1)(b) GDPR.

Retention: Five (5) years from the communication.

By completing a contact form or providing your email, you understand that you may receive messages from us relating to your enquiry.

4. Provision of Application Services (Health Data)

With your explicit consent, the Application collects audio data for Detection and Relief services. This data is processed to derive health-related information concerning your hearing.

Purpose:

  • To provide a personalized therapeutic experience.
  • To improve the effectiveness of our services through automated or non-automated processing, including AI-based systems.

Legal basis: Article 9(2)(a) GDPR — explicit consent.

Consent:
Provided through explicit positive action in the Application.
You may withdraw consent at any time by contacting us; this will end your use of the Application. Withdrawal does not affect prior lawful processing.

Retention:
As long as your account remains active. Upon deletion, your data is securely deleted or anonymized.

5. Payments

For payment processing, we collect:

  • Full name
  • Email address
  • User account details
  • Billing details
  • Credit/debit card details
  • Bank account details
  • Payment information

Purposes:

  • Performance of our contractual obligations
  • Provision and management of the paid service
  • Tax and billing compliance
  • Customer support and complaint resolution

Legal bases:

  • Article 6(1)(b) GDPR — contract performance
  • Article 6(1)(c) GDPR — legal obligation (tax legislation)

Retention:

  • Tax-related data: ten (10) years
  • All other transaction data: five (5) years

Provision of this data is required for the service contract. Without it, we cannot provide our services.

6. Improving Our Application and Services

We may process your personal data (via automated or non-automated means, including AI systems) for:

  • Improving Application performance and accuracy
  • Ensuring technical functionality
  • Enhancing user experience
  • Personalizing the service
  • Administrative and operational purposes
  • Client management
  • Supporting legal claims

Legal basis: Article 6(1)(f) GDPR — legitimate interests.

Retention: Five (5) years from collection.

7. Recipients of Your Data

7.1 Scientific/Research Recipients

Audio data may be shared exclusively for scientific or statistical purposes with collaborating entities or research institutions working on tinnitus, only after anonymization or pseudonymization.

7.2 Processors (on our behalf)

Your personal data may be shared with:

  • Providers of technical maintenance and IT infrastructure support
  • Prospective investors, lawyers, financial or professional advisors
  • Lawyers assisting with legal claims

All processing is carried out under our instructions and subject to confidentiality obligations.

7.3 Third-party recipients

  • Tax authorities: for obligations arising from tax laws
  • Financial institutions: for processing payments
  • Courts/Authorities: when legally required, and only to the extent mandated

8. Transfers Outside the EEA

We generally store your data within the EEA.

Where transfers to non-EEA countries occur without an adequacy decision, they are carried out using appropriate safeguards such as Standard Contractual Clauses.

You may request information or copies of such safeguards.

9. Security & Confidentiality

We implement appropriate technical, organizational, physical, electronic and procedural security measures to ensure the confidentiality, integrity and proper use of your data, in line with applicable laws and regulations.

Processing is performed only by authorized personnel or associates bound by strict confidentiality obligations.

10. Data Retention

We retain personal data for the periods specified above while processing purposes remain valid.

We may retain data beyond those periods only when:

  • Required by law
  • Needed for tax or audit purposes
  • Required for Company operation provided anonymization occurs
  • Necessary to defend legal claims

After the retention period, data is destroyed or deleted unless further retention is legally required.

11. Your Rights

As a data subject, you have the right to:

  • Access your personal data
  • Obtain information and copies
  • Request correction, deletion or portability
  • Request restriction or object to processing

Requests must be submitted via email or through the Application’s contact form.

We will respond within one month; if necessary, this may be extended by up to two months, depending on complexity and volume of requests. Any refusal will be justified.

We may request additional information to confirm your identity.

If you believe your rights have been violated, you may file a complaint with the Hellenic Data Protection Authority or another competent supervisory authority.

12. Your Responsibilities

By using the Application and providing your data, you confirm that the information you provide is true, accurate and complete. You must notify us of any changes.

Failure to comply, or providing false or incomplete information, entitles us to reject requests or terminate your user account without compensation.

By using the Application, you confirm you are over 16 years old.
Users under 16 must not use the Application or provide personal data without parental consent.

Our Company is not responsible for violations of this requirement when it cannot reasonably verify age or parental consent.

13. Jurisdiction & Applicable Law

Any dispute arising out of this Policy shall fall under the jurisdiction of the courts of Athens, and Greek law shall apply, excluding conflict-of-law rules.

If any provision is deemed unlawful or unenforceable, the remainder shall remain in full force.

14. Contact

For any information or requests regarding this Policy, you may contact us:

Brand Name: TafHub
Address: Kifisia, Attica, Greece
Telephone: [91858712]
Email: [email protected]