My AlvoTriX 🛒 Get AlvoTriX

Privacy Policy

Last updated: March 14, 2026

1. Data Controller

Your personal data is controlled by: Rolaxit Innovation LTD (Company No. 15822417, registered at 20 Wenlock Road, London, N1 7GU, England), the sole data controller under GDPR. Rolaxit Innovation LTD is the contact for all data protection matters.

Data Protection Officer (DPO): privacy@alvotrix.com. You may contact the DPO for any privacy-related inquiry, data subject request, or complaint.

Rolaxit Innovation LTD handles all operations including technology, AI processing, data security, regulatory compliance, payment coordination, customer support, data breach notification, and DPIA compliance. You may exercise your data protection rights by contacting privacy@alvotrix.com.

2. Data We Collect

We collect the following categories of personal data:

CategoryData TypesPurpose
Account DataName, email, phone, password (hashed), payment details (via Stripe)Account management, billing, communication
Wearer ProfileName, age, gender, health conditions (optional), relationship to GuardianService personalization, AI baseline configuration
Biometric DataHeart rate (HR), HRV, SpO2, skin temperature, steps, calories, sleep stages, accelerometer, gyroscopeAI safety analysis, anomaly detection, health reports
Location DataGPS coordinates, geofence zones, location historyGeofence Guardian module, location alerts
Ambient DataAmbient noise level (dB — no audio recording)Anti-Bullying module environmental analysis
Usage DataDashboard activity, AI chat logs, report history, alert historyService delivery, product improvement
Technical DataIP address, browser type, device type, operating system, cookiesSecurity, analytics, website optimization

Sensitive data notice: Biometric data constitutes special category data under GDPR Article 9 and sensitive personal information under CCPA. We process this data exclusively based on your explicit consent (GDPR Art. 9(2)(a)) and for the provision of health-related services (Art. 9(2)(h)).

3. How We Collect Data

Data flows through the following chain: Wearable Device (smartwatch/band/ring) → Mobile App (phone/watch companion) → AlvoTriX Cloud (activare.alvotrix.com via encrypted API) → Guardian Dashboard (myalvotrix.com). All transmissions use TLS 1.3 encryption. Data at rest is encrypted with AES-256.

Website data is collected through: account registration forms, contact forms (via FormSubmit.co), cookies and tracking technologies (managed by Cookiebot), and Google Analytics (anonymized IP). We also use Facebook Pixel for marketing analytics (subject to your cookie consent).

4. Legal Basis for Processing

Under GDPR Article 6, we process personal data based on:

  • Consent (Art. 6(1)(a)): For biometric data processing, marketing communications, cookies, and AI profiling. You may withdraw consent at any time.
  • Contract performance (Art. 6(1)(b)): To provide the AlvoTriX monitoring service you subscribed to.
  • Legitimate interest (Art. 6(1)(f)): For fraud prevention, platform security, product improvement, and anonymous analytics.
  • Legal obligation (Art. 6(1)(c)): To comply with tax, accounting, and regulatory requirements.

For biometric (special category) data, the additional legal basis under GDPR Article 9(2)(a) is your explicit consent, obtained during account setup with a separate, clear affirmative action.

5. AI Processing & Automated Profiling

AlvoTriX uses AI and machine learning to analyze biometric data patterns. This constitutes automated profiling under GDPR Article 22. Our AI processes include: biometric baseline establishment per Wearer, anomaly detection across 8 Safety Modules (Fall Detector, Panic Button, HR Guardian, Activity Anomaly, Anti-Bullying, Sleep Safety, Health Crisis, Geofence Guardian), risk severity classification (low/medium/high/critical), automated alert triggering, and predictive health trend analysis for reports.

Your rights regarding AI decisions: You may request human review of any automated decision, obtain an explanation of the AI logic, object to specific profiling activities, and disable individual Safety Modules via your dashboard. No automated decision by AlvoTriX constitutes a legally binding or similarly significant decision — all alerts are informational and require human judgment.

6. Data Sharing & Third Parties

We do NOT sell, rent, trade, or share your personal or biometric data with any third party for their own purposes. This is an absolute commitment. Your data is used exclusively for delivering the AlvoTriX service.

We use the following sub-processors, strictly limited to their operational purpose:

  • Stripe — Payment processing only. Stripe does not access biometric data.
  • Cloud infrastructure provider — Data hosting within EU/EEA. Encrypted at rest and in transit.
  • SMS gateway provider — Alert delivery only. No data storage beyond delivery.
  • FormSubmit.co — Contact form submissions only.
  • Google Analytics — Website analytics with anonymized IP (cookie consent required).
  • Facebook/Meta Pixel — Marketing analytics only (cookie consent required). No biometric data shared.
  • Cookiebot — Cookie consent management.
  • ipapi.co (Kloudend, Inc.) — IP-based geolocation for automatic language detection. IP address only, no storage beyond the request. Privacy policy: ipapi.co/privacy.
  • Google Fonts (Google LLC) — Font delivery service. IP address transmitted on page load. Privacy policy: policies.google.com/privacy. We are transitioning to self-hosted fonts to eliminate this transfer.

We may disclose data if required by law, court order, or regulatory authority. We will notify you unless legally prohibited.

7. Data Retention & Deletion

Active subscription: All data is retained on encrypted servers within the EU/EEA for the duration of your subscription.

After cancellation: ALL data is retained for exactly 30 calendar days to allow reactivation. After 30 days, ALL personal data, biometric data, GPS records, reports, chat history, alert history, and account information are permanently and irreversibly deleted from all servers and backup systems.

Immediate deletion: You may request immediate data deletion at any time by emailing privacy@alvotrix.com. Processed within 72 hours. Irreversible. Deletion confirmation certificate available on request.

Exceptions: Anonymized, aggregated statistical data (from which no individual can be identified) may be retained for product improvement. Financial transaction records are retained for 7 years as required by UK tax law.

A comprehensive Data Protection Impact Assessment (DPIA) has been conducted pursuant to GDPR Article 35, covering all processing activities involving biometric data, AI profiling, children's data, systematic monitoring, and location tracking. The DPIA summary is available to data subjects upon request; the full document is available to supervisory authorities.

8. Your Privacy Rights

Depending on your jurisdiction, you have the following rights:

  • Right of Access (GDPR Art. 15, CCPA §1798.100): Obtain a copy of all personal data we hold about you.
  • Right to Rectification (GDPR Art. 16): Correct inaccurate or incomplete data.
  • Right to Erasure (GDPR Art. 17, CCPA §1798.105): Request deletion of your personal data.
  • Right to Restrict Processing (GDPR Art. 18): Limit how we use your data.
  • Right to Data Portability (GDPR Art. 20): Receive your data in a structured, machine-readable format (JSON/CSV).
  • Right to Object (GDPR Art. 21): Object to processing based on legitimate interest or direct marketing.
  • Right to Withdraw Consent: Withdraw consent at any time without affecting prior lawful processing.
  • Right Not to Be Discriminated (CCPA §1798.125): We will not discriminate against you for exercising your rights.
  • Notification Obligation (Art. 19): We will inform each recipient to whom your data has been disclosed of any rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients upon request.

To exercise any right, email privacy@alvotrix.com. We respond within 30 days (GDPR) or 45 days (CCPA). Identity verification required. No fee is charged for exercising your rights. A reasonable administrative fee may be charged only for manifestly unfounded or excessive requests, in accordance with GDPR Article 12(5).

9. International Data Transfers

Your data is primarily stored within the EU/EEA. Where data is transferred outside the EU/EEA, we ensure protection through: EU Standard Contractual Clauses (SCCs), UK International Data Transfer Agreements (IDTAs) where applicable, and adequacy decisions (GDPR Art. 45). We do not transfer biometric data outside the EU/EEA under any circumstances.

10. Cookies & Tracking

We use cookies managed by Cookiebot (ID: 682881ac-4051-48c2-b148-7960577dd716). Categories: Necessary (session, language — no consent required), Statistics (Google Analytics — requires consent), Marketing (Facebook Pixel — requires consent). Manage preferences via the Cookie Settings link in the footer.

11. Children's Privacy

AlvoTriX may monitor minors as Wearers, but only with verified parental or legal guardian consent. We comply with: GDPR Article 8, UK DPA 2018 Section 9, US COPPA (under 13), and Brazilian LGPD Article 14. We do not knowingly collect data from children without parental consent. Unauthorized collection is deleted immediately.

COPPA Compliance (United States): For children under 13 in the United States, we comply with the Children's Online Privacy Protection Act (COPPA). We require verifiable parental consent through FTC-approved methods: (a) signed consent form submitted via email, (b) credit card verification, or (c) video conference verification. Parents and legal guardians have the right to: (i) review all personal information collected from their child, (ii) request deletion of their child's data at any time, (iii) refuse further collection or use of their child's information, and (iv) not be required to consent to collection beyond what is reasonably necessary. To exercise these rights, contact: privacy@alvotrix.com or by mail: Rolaxit Innovation LTD, 20 Wenlock Road, London, N1 7GU, United Kingdom. Phone: +44 (0) 20 3000 1234.

12. Data Security

We implement: encryption in transit (TLS 1.3) and at rest (AES-256), access controls and role-based authentication, regular security audits, intrusion detection systems, secure EU/EEA backups, employee confidentiality agreements, and incident response procedures compliant with GDPR Article 33 (72-hour breach notification).

13. Data Breach Notification

In the event of a breach: we notify the relevant supervisory authority within 72 hours (GDPR Art. 33), notify affected individuals without undue delay if high risk (GDPR Art. 34), and provide clear information about the breach nature, data affected, actions taken, and recommendations.

14. Jurisdiction-Specific Provisions

California (CCPA/CPRA): Right to know, delete, correct, opt out of sale/sharing. We do NOT sell personal information.

Right to Limit Use of Sensitive Personal Information: Under CPRA, you have the right to limit our use and disclosure of sensitive personal information (including biometrics and precise geolocation) to uses necessary to provide the AlvoTriX service. We do not use sensitive personal information for any purpose other than service delivery. Do Not Sell or Share: We do not sell or share your personal information as defined under CCPA/CPRA. Authorized Agent: You may designate an authorized agent to submit CCPA requests on your behalf by providing written authorization to privacy@alvotrix.com.

Biometric Privacy: We comply with the Illinois Biometric Information Privacy Act (BIPA), Texas CUBI Act, and Washington state biometric law. Written informed consent is obtained before biometric collection. Biometric data is never sold and is destroyed within 30 days of cancellation.

Brazil (LGPD): We process data under LGPD Art. 7 legal bases including consent (Art. 7(I)) and contract performance (Art. 7(V)). Our Encarregado (Data Protection Officer under LGPD) is contactable at privacy@alvotrix.com. Children's data is processed under Art. 14 with specific and prominent parental consent. International transfers comply with LGPD Art. 33 through standard contractual clauses approved by the ANPD and adequacy assessments. You may petition the Autoridade Nacional de Protecao de Dados (ANPD) at gov.br/anpd. Response timeframe: 15 days for simplified requests per Art. 18 §5.

Canada (PIPEDA): We comply with the Personal Information Protection and Electronic Documents Act and applicable provincial legislation including Quebec's Law 25. Our designated privacy accountability officer is reachable at privacy@alvotrix.com. We adhere to PIPEDA's 10 fair information principles including accountability, consent, limiting collection, limiting use, accuracy, safeguards, openness, individual access, challenging compliance, and purpose identification. You may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca. Cross-border transfers: your data may be processed in the EU/EEA; we ensure a comparable level of protection through contractual safeguards.

Australia (Privacy Act 1988 / APPs): We comply with the Australian Privacy Principles. APP 1: This privacy policy is freely accessible from our website. APP 5: We notify you of collection purposes at the time of collection. APP 6: We use data only for the primary purpose of service delivery. APP 8: Your data is primarily stored in the EU/EEA and may be processed by sub-processors in the United States (Stripe, Google Analytics). We ensure overseas recipients comply with obligations substantially similar to the APPs. APP 11: We maintain reasonable security safeguards. APP 12-13: You have the right to access and correct your data. Complaints may be lodged with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au. Response timeframe: 30 days.

Complaints: ICO (UK — ico.org.uk), CNIL (France), BfDI (Germany), your local EU/EEA authority, FTC or state AG (USA), ANPD (Brazil), OAIC (Australia).

15. Changes to This Policy

Material changes are communicated at least 30 days in advance via email and a prominent notice on the Platform.

16. Contact

Rolaxit Innovation LTD
20 Wenlock Road, London, N1 7GU, England
Company No. 15822417
DPO: privacy@alvotrix.com
General: legal@alvotrix.com
Web: www.alvotrix.com