Privacy Policy
FOR HEAL SIMULATIONS SOFTWARE AND SERVICES
Effective Date: April 30, 2026
This Privacy Policy explains how Heal Simulations, operated by IOANNIS SIOKOS ("Heal Simulations," "Company," "we," "us," or "our"), collects, uses, stores, shares, and protects information in connection with our software, applications, games, simulations, educational tools, research tools, training tools, websites, documentation, support services, Meta Quest / Meta Horizon Store applications, Apple App Store applications, Google Play applications, and related digital products and services (collectively, the "Services").
This Privacy Policy is intended to comply with applicable privacy and data-protection laws, including the European Union General Data Protection Regulation ("GDPR"), and to support distribution of our applications through the Meta Horizon Store / Meta Quest Store, Apple App Store, and Google Play.
If you do not agree with this Privacy Policy, you must not use our Services.
1. WHO WE ARE
For purposes of applicable data-protection laws, the data controller is:
IOANNIS SIOKOS / Heal Simulations Email: legal@healsimulations.com
Where a specific product, platform, institution, app store, or separate agreement identifies another controller or processor relationship, that separate arrangement may apply.
2. SCOPE OF THIS PRIVACY POLICY
This Privacy Policy applies to all Services provided by Heal Simulations, including software that is:
(a) downloaded, installed, or accessed directly;
(b) distributed through the Meta Horizon Store, Meta Quest Store, Apple App Store, Google Play, or related platform services;
(c) used for educational, academic, research, simulation, demonstration, or evaluation purposes;
(d) used in connection with websites, support communications, documentation, beta tests, trials, or feedback programs; or
(e) linked to, distributed with, or otherwise referencing this Privacy Policy.
Some Services may have additional product-specific privacy notices. If a product-specific privacy notice conflicts with this Privacy Policy, the product-specific notice controls for that product.
3. INFORMATION WE MAY COLLECT
Depending on the Service used, we may collect the following categories of information.
3.1 Account and Contact Information
We may collect information such as:
(a) name;
(b) email address;
(c) username or display name;
(d) organization, school, institution, or company name;
(e) role, title, or department;
(f) country or region;
(g) support contact details; and
(h) communication preferences.
3.2 Store and Platform Information
If you access our Services through the Meta Horizon Store, Meta Quest Store, Apple App Store, Google Play, or related platform services, we may receive limited information from the relevant platform depending on your account settings, device settings, permissions, and the platform's policies.
This may include:
(a) platform user ID or platform-provided identifier;
(b) display name or username, where made available;
(c) entitlement, purchase, license, or subscription status;
(d) app installation or access status;
(e) platform-provided authentication information;
(f) device type;
(g) operating system;
(h) app launch, session, or usage information;
(i) crash, diagnostic, or performance information;
(j) in-app purchase or subscription status, where applicable; and
(k) other information made available through platform SDKs, APIs, developer tools, or app-store services, where permitted by platform policies and applicable law.
3.3 Device, Technical, and Usage Information
We may collect technical and usage information such as:
(a) device type;
(b) headset type, mobile device type, tablet type, or computer type;
(c) operating system;
(d) app version;
(e) build number;
(f) language settings;
(g) approximate region;
(h) session duration;
(i) feature usage;
(j) interaction events;
(k) performance data;
(l) crash logs;
(m) diagnostic logs;
(n) error reports;
(o) IP address;
(p) device identifiers or platform identifiers, where permitted; and
(q) information about how the Services are accessed, used, or configured.
3.4 Simulation, Training, and Progress Data
Depending on the Service, we may collect information related to simulation, training, or educational use, such as:
(a) progress through modules;
(b) completed activities;
(c) scores or performance indicators;
(d) interaction history;
(e) settings or preferences;
(f) session history;
(g) timestamps;
(h) selected scenarios;
(i) assessment results;
(j) user inputs within the simulation;
(k) attempts, errors, or completion data; and
(l) analytics related to learning, usability, testing, or product improvement.
Unless expressly stated otherwise in a separate written agreement, our Services are not intended to process real patient data, medical records, protected health information, or clinical decision-making data.
3.5 User Content and Submitted Materials
If a Service allows you to submit, upload, create, or transmit content, we may collect the materials you provide, such as:
(a) text;
(b) notes;
(c) files;
(d) images;
(e) screenshots;
(f) recordings;
(g) feedback;
(h) bug reports;
(i) test data;
(j) research comments;
(k) support attachments; and
(l) other content voluntarily submitted by you.
You must not submit sensitive personal data, health data, patient data, confidential institutional data, or third-party personal data unless we have expressly authorized this in writing and you have a valid legal basis to do so.
3.6 Communications and Support Information
When you contact us, we may collect:
(a) your name;
(b) email address;
(c) message content;
(d) attachments;
(e) support history;
(f) bug reports;
(g) technical logs;
(h) troubleshooting information; and
(i) any other information you voluntarily provide.
3.7 Payment, Purchase, and Transaction Information
If you purchase paid Services, subscriptions, licenses, in-app purchases, or digital products, payment processing may be handled by Meta, Apple, Google, or another authorized payment processor connected to the applicable store.
We generally do not directly collect full payment card numbers.
We may receive limited transaction information, such as:
(a) purchase status;
(b) license status;
(c) order ID;
(d) subscription status;
(e) payment confirmation;
(f) refund status;
(g) billing country or region;
(h) tax or invoice information where required; and
(i) platform-provided transaction identifiers.
3.8 Website and Cookie Information
If we operate websites, web portals, documentation pages, or online support pages, we may collect information through cookies, logs, analytics tools, or similar technologies, such as:
(a) IP address;
(b) browser type;
(c) device type;
(d) pages visited;
(e) referring URLs;
(f) approximate location;
(g) time spent on pages;
(h) cookie identifiers; and
(i) website interaction data.
For users in the European Economic Area, United Kingdom, Switzerland, or other jurisdictions requiring consent, we will request prior opt-in consent before using non-essential cookies or similar tracking technologies, unless an exemption applies.
4. INFORMATION WE DO NOT INTEND TO COLLECT
Unless expressly stated in a product-specific privacy notice or separate written agreement, our Services are not intended to collect or process:
(a) real patient data;
(b) medical records;
(c) protected health information;
(d) clinical diagnosis information;
(e) treatment information;
(f) biometric data used for identification;
(g) children's personal data;
(h) government identification numbers;
(i) payment card numbers directly entered into our systems;
(j) highly sensitive institutional records; or
(k) data subject to special regulatory regimes unless expressly authorized.
If you believe such information has been submitted to us, contact us immediately at legal@healsimulations.com.
5. HOW WE USE INFORMATION
We may use information for the following purposes:
(a) to provide, operate, maintain, and improve the Services;
(b) to verify licenses, purchases, subscriptions, entitlements, or access rights;
(c) to enable app functionality;
(d) to provide simulation, training, educational, or research features;
(e) to save progress, preferences, settings, or app state;
(f) to provide customer support;
(g) to diagnose bugs, crashes, errors, or technical issues;
(h) to improve performance, usability, safety, and reliability;
(i) to develop new features, products, services, and updates;
(j) to analyze aggregated or de-identified usage trends;
(k) to communicate with users about updates, support, legal notices, or service changes;
(l) to respond to inquiries, requests, or complaints;
(m) to prevent fraud, misuse, security incidents, unauthorized access, or violations of our terms;
(n) to comply with legal, regulatory, tax, accounting, app-store, platform, and contractual obligations;
(o) to enforce our End User License Agreement, Terms, or other legal rights;
(p) to protect the rights, safety, property, and interests of Heal Simulations, users, and third parties; and
(q) for any other purpose disclosed at the time of collection or with your consent.
6. LEGAL BASES FOR PROCESSING UNDER GDPR
Where the GDPR applies, we process personal data based on one or more of the following legal bases.
6.1 Performance of a Contract
We process personal data where necessary to provide the Services, verify licenses, support app functionality, manage accounts, provide support, and comply with our contractual obligations.
6.2 Legitimate Interests
We process personal data where necessary for our legitimate interests, including:
(a) improving the Services;
(b) debugging and crash analysis;
(c) security and fraud prevention;
(d) product analytics;
(e) enforcing legal terms;
(f) responding to support requests;
(g) protecting intellectual property;
(h) maintaining business records; and
(i) developing and improving educational, research, simulation, and training tools.
We rely on legitimate interests only where those interests are not overridden by your fundamental rights and freedoms.
6.3 Consent
We may process personal data based on your consent, including where required for:
(a) optional analytics;
(b) non-essential cookies;
(c) marketing communications;
(d) optional research participation;
(e) beta testing;
(f) certain platform permissions; or
(g) processing categories of data that require consent under applicable law.
You may withdraw consent at any time where processing is based on consent.
6.4 Legal Obligation
We may process personal data where necessary to comply with legal obligations, including tax, accounting, consumer protection, product safety, platform compliance, app-store compliance, law enforcement, regulatory, or court requirements.
6.5 Vital Interests or Public Interest
In rare cases, we may process personal data where necessary to protect vital interests or where required for a task carried out in the public interest, if applicable law permits or requires such processing.
7. META HORIZON STORE / META QUEST STORE APPS
If you use our Services through Meta Quest, Meta Horizon Store, Meta Quest Store, Meta Horizon OS, or related Meta services, the following additional terms apply.
7.1 Meta Platform Data
We may receive or process information made available through Meta developer tools, Platform SDKs, APIs, entitlement systems, or platform services, including information necessary to:
(a) verify that you are entitled to access the app;
(b) enable platform features;
(c) support app functionality;
(d) process achievements, leaderboards, multiplayer, avatars, matchmaking, cloud saves, in-app purchases, or similar features where used;
(e) diagnose app performance or crashes;
(f) comply with Meta developer requirements; and
(g) provide support and security.
7.2 Meta Policies
Our collection and use of Meta platform data is intended to comply with applicable Meta developer policies, including Meta's Developer Data Use Policy and applicable Meta Horizon Store requirements.
7.3 Data Use Checkup and Platform Permissions
Certain Meta Platform SDK features may require Meta review, permissions, or Data Use Checkup. We will use Meta platform data only for permitted purposes and only to the extent necessary for the relevant app features.
7.4 Meta's Own Processing
Meta may independently collect and process information about your use of Meta devices, accounts, stores, and platform services. Meta's processing is governed by Meta's own privacy policies and terms. We do not control Meta's independent data processing.
You should review Meta's privacy notices and device settings to understand how Meta collects, uses, shares, and controls data on Meta devices and platforms.
8. APPLE APP STORE APPS
If you use our Services through the Apple App Store, iOS, iPadOS, macOS, visionOS, Apple devices, Game Center, Sign in with Apple, StoreKit, or related Apple services, the following additional terms apply.
8.1 Apple Platform Data
We may receive or process information made available through Apple developer tools, Apple APIs, StoreKit, app receipt validation, subscription systems, crash reporting, analytics, or platform services, including information necessary to:
(a) verify purchases, licenses, subscriptions, or entitlements;
(b) enable app functionality;
(c) provide in-app purchases or subscriptions, where applicable;
(d) restore purchases, where applicable;
(e) support app functionality;
(f) diagnose app performance or crashes;
(g) comply with Apple App Store Review Guidelines and developer requirements; and
(h) provide support and security.
8.2 App Tracking Transparency and Advertising Identifiers
We do not access Apple's advertising identifier or track users across apps and websites owned by other companies unless we provide any required notice and obtain any required permission under Apple's App Tracking Transparency framework and applicable law.
8.3 Apple's Own Processing
Apple may independently collect and process information about your use of Apple devices, Apple accounts, the Apple App Store, payment systems, subscriptions, and platform services. Apple's processing is governed by Apple's own privacy policies and terms. We do not control Apple's independent data processing.
You should review Apple's privacy notices and device settings to understand how Apple collects, uses, shares, and controls data on Apple devices and services.
9. GOOGLE PLAY APPS
If you use our Services through Google Play, Android, Google Play Games Services, Google Play Billing, Google accounts, Google Play Console services, or related Google services, the following additional terms apply.
9.1 Google Platform Data
We may receive or process information made available through Google developer tools, Google Play services, Google Play Billing, Google Play Games Services, app signing, crash reporting, analytics, APIs, or platform services, including information necessary to:
(a) verify purchases, licenses, subscriptions, or entitlements;
(b) enable app functionality;
(c) provide in-app purchases or subscriptions, where applicable;
(d) restore purchases, where applicable;
(e) support app functionality;
(f) diagnose app performance or crashes;
(g) comply with Google Play Developer Program Policies and platform requirements; and
(h) provide support and security.
9.2 Google Play Data Safety
We aim to ensure that our data practices are accurately reflected in any Google Play Data Safety disclosures for each applicable app.
Data practices may vary by product, version, region, device, permissions, and optional features.
9.3 Google's Own Processing
Google may independently collect and process information about your use of Android devices, Google accounts, Google Play, Google Play Billing, Google Play Games Services, and related platform services. Google's processing is governed by Google's own privacy policies and terms. We do not control Google's independent data processing.
You should review Google's privacy notices and device settings to understand how Google collects, uses, shares, and controls data on Google devices and services.
10. ANALYTICS, CRASH REPORTING, AND DIAGNOSTICS
We may use analytics, crash reporting, diagnostics, or logging tools to understand how the Services perform and to improve reliability.
These tools may collect:
(a) crash reports;
(b) error logs;
(c) device information;
(d) operating system information;
(e) app version;
(f) session duration;
(g) performance metrics;
(h) feature usage;
(i) approximate region;
(j) technical identifiers; and
(k) diagnostic events.
Where required by law or platform policy, we will request consent before using optional analytics or non-essential tracking technologies.
We do not use analytics data to make medical, clinical, legal, financial, or similarly significant decisions about users.
11. ARTIFICIAL INTELLIGENCE, AUTOMATION, AND MODEL TRAINING
Some Services may include AI-assisted, automated, adaptive, or simulation-based functionality.
Unless expressly stated otherwise in a product-specific notice or separate written agreement:
(a) we do not use real patient data for AI training;
(b) we do not intend users to upload medical records, patient data, or sensitive clinical information;
(c) we do not make automated decisions that produce legal or similarly significant effects about users;
(d) we may use aggregated, anonymized, or de-identified technical and usage data to improve the Services; and
(e) we may use Feedback, bug reports, testing results, and non-confidential suggestions to improve products and features.
If a specific Service uses AI features in a way that materially affects privacy, we may provide additional product-specific information.
12. HOW WE SHARE INFORMATION
We do not sell personal data.
We may share information in the following circumstances.
12.1 Service Providers
We may share information with service providers that help us operate the Services, such as:
(a) hosting providers;
(b) cloud service providers;
(c) analytics providers;
(d) crash reporting providers;
(e) payment processors;
(f) customer support tools;
(g) email providers;
(h) security providers;
(i) development tools;
(j) app stores and platform providers; and
(k) professional advisers.
Service providers are authorized to process information only as needed to provide services to us and must protect information according to applicable legal and contractual obligations.
Where appropriate, product-specific notices, service-provider lists, or documentation may identify specific service providers used by a particular Service.
12.2 Meta, Apple, and Google Store Services
If you access our Services through the Meta Horizon Store, Meta Quest Store, Apple App Store, Google Play, or related platform services, we may share or receive information as necessary to:
(a) verify purchases, licenses, subscriptions, or entitlements;
(b) enable app functionality;
(c) process refunds, restore purchases, or resolve access issues where applicable;
(d) comply with Meta, Apple, or Google developer policies and store requirements;
(e) provide updates;
(f) investigate abuse, fraud, security incidents, or technical issues; or
(g) respond to store review, compliance, safety, legal, or platform requirements.
12.3 Institutions, Employers, or Organizations
If you access the Services through an institution, school, university, employer, research organization, enterprise customer, or similar organization, that organization may receive information about your use of the Services where permitted by law and the applicable agreement.
Such information may include:
(a) account status;
(b) license status;
(c) participation records;
(d) progress;
(e) completion data;
(f) assessment or training results;
(g) usage statistics; and
(h) support or administrative information.
12.4 Legal and Safety Reasons
We may disclose information where we believe it is necessary to:
(a) comply with law, regulation, court order, subpoena, legal process, or governmental request;
(b) enforce our agreements;
(c) protect our rights, intellectual property, safety, or property;
(d) detect, prevent, or investigate fraud, abuse, security incidents, or technical issues;
(e) protect users or third parties; or
(f) respond to lawful requests by public authorities.
12.5 Business Transfers
We may transfer information in connection with a merger, acquisition, financing, restructuring, sale of assets, incorporation, transfer of business, bankruptcy, or similar transaction.
12.6 With Consent
We may share information with your consent or at your direction.
13. INTERNATIONAL DATA TRANSFERS
Personal data is primarily processed in the European Economic Area where reasonably practicable.
Personal data may also be transferred to or accessed from countries outside your country of residence, including the United States, in connection with cloud hosting, analytics, crash reporting, customer support, platform services, app-store services, payment-related services, and services provided by Meta, Apple, Google, or other service providers.
Where required by law, we use appropriate safeguards for international data transfers, such as:
(a) European Commission Standard Contractual Clauses;
(b) United Kingdom international data-transfer mechanisms, where applicable;
(c) adequacy decisions;
(d) contractual safeguards;
(e) technical and organizational protections;
(f) transfer impact assessments, where required; or
(g) other lawful transfer mechanisms.
You may obtain a copy of the safeguards we use for international transfers by contacting us at:
14. DATA RETENTION
We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
Retention periods may depend on:
(a) the type of data;
(b) the Service used;
(c) account status;
(d) license or subscription status;
(e) legal, tax, accounting, or audit obligations;
(f) support needs;
(g) dispute resolution;
(h) security requirements;
(i) platform requirements; and
(j) whether the data is aggregated, anonymized, or de-identified.
Unless a different period is stated in a product-specific notice or required by law, typical retention periods may include:
(a) account and license records: for the duration of the user relationship and up to six (6) years afterward where needed for legal, accounting, audit, or dispute purposes;
(b) transaction, tax, invoice, and payment-related records: up to ten (10) years where required or permitted by applicable tax, accounting, or legal obligations;
(c) support communications: up to three (3) years after the support request is resolved, unless longer retention is needed for legal, security, or dispute purposes;
(d) crash logs, diagnostic logs, and technical error reports: generally up to twelve (12) months, unless longer retention is needed to investigate security, reliability, or product issues;
(e) analytics and usage data linked to an identifier: generally up to twenty-four (24) months, unless anonymized, aggregated, or retained for a shorter or longer period stated in a product-specific notice;
(f) beta testing, research, and evaluation data: for the duration of the test, research, or evaluation period and a reasonable period afterward for analysis, product improvement, legal, or evidentiary purposes;
(g) marketing contact data: until you unsubscribe, withdraw consent, object to processing, or the data is no longer needed; and
(h) legal records: as long as necessary to establish, exercise, or defend legal claims.
When personal data is no longer needed, we will delete, anonymize, or securely retain it where permitted by law.
15. DATA SECURITY
We use reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, disclosure, or destruction.
These measures may include:
(a) access controls;
(b) encryption where appropriate;
(c) secure development practices;
(d) logging and monitoring;
(e) restricted access to personal data;
(f) secure hosting providers;
(g) account protection measures;
(h) vulnerability management;
(i) backup and recovery practices; and
(j) confidentiality obligations.
No method of transmission or storage is completely secure. We cannot guarantee absolute security.
16. PERSONAL DATA BREACHES
If we become aware of a personal data breach, we will assess the nature, scope, and potential impact of the breach.
Where required by applicable law, we will notify the relevant supervisory authority without undue delay and, where legally required, within applicable statutory deadlines.
If a personal data breach is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay where required by applicable law.
We may also notify affected users through email, in-app notices, website notices, platform notices, or other reasonable means, depending on the circumstances and applicable legal requirements.
17. YOUR PRIVACY RIGHTS
Depending on your location and applicable law, you may have rights regarding your personal data.
These may include the right to:
(a) request access to your personal data;
(b) request correction of inaccurate or incomplete personal data;
(c) request deletion of personal data;
(d) request restriction of processing;
(e) object to processing;
(f) request data portability;
(g) withdraw consent where processing is based on consent;
(h) object to direct marketing;
(i) lodge a complaint with a data-protection authority; and
(j) request information about how we process your personal data.
To exercise your rights, contact us at:
We may need to verify your identity before responding to your request.
18. RIGHTS FOR USERS IN THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under applicable data-protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, and the Swiss Federal Act on Data Protection (FADP).
You may have the right to:
(a) access your personal data;
(b) rectify inaccurate personal data;
(c) erase personal data;
(d) restrict processing;
(e) object to processing based on legitimate interests;
(f) receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller;
(g) withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
(h) object to direct marketing; and
(i) lodge a complaint with the data-protection supervisory authority in your country of residence, place of work, or place of the alleged infringement.
A list of EEA supervisory authorities is available through the European Data Protection Board at edpb.europa.eu. Users in the United Kingdom may contact the Information Commissioner's Office (ICO) at ico.org.uk. Users in Switzerland may contact the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.
To exercise your rights, contact us at:
We will respond in accordance with applicable law and any statutory deadlines.
19. CALIFORNIA AND OTHER U.S. STATE PRIVACY RIGHTS
If applicable U.S. state privacy laws apply to our processing of your personal data, you may have additional rights, such as the right to:
(a) know what personal information we collect, use, disclose, or share;
(b) access personal information;
(c) correct inaccurate personal information;
(d) delete personal information;
(e) opt out of certain sharing or targeted advertising;
(f) limit use of sensitive personal information where applicable;
(g) receive a portable copy of personal information; and
(h) not be discriminated against for exercising privacy rights.
We do not sell personal data.
We do not share personal data for cross-context behavioral advertising unless disclosed in a product-specific notice and only where permitted by applicable law.
If our practices change in a way that requires additional notices or opt-out rights, we will update this Privacy Policy or provide additional notices.
20. CHILDREN'S PRIVACY
Our Services are not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13.
Where the GDPR, UK GDPR, Swiss FADP, or similar laws apply, our Services are not directed to children below the age at which they may lawfully consent to data processing in their country without parental authorization.
In Greece, our Services are not directed to children below the age of 15 without appropriate parental authorization where required by applicable law.
If any Service is intended for children, students, schools, or users below the applicable digital-consent age, we will provide any additional notices, permissions, parental-consent mechanisms, school-consent mechanisms, or product-specific privacy disclosures required by applicable law.
If you are a parent or guardian and believe that a child has provided us with personal data without appropriate authorization, contact us at:
If we learn that we have collected personal data from a child without appropriate consent or legal basis, we will delete it where required by law.
Some platforms, including Meta, Apple, and Google, may provide parental supervision, age ratings, youth account settings, family sharing, child account controls, or other age-related privacy features. Platform-level child and teen privacy controls are governed by the relevant platform's own policies and settings.
21. HEALTH, MEDICAL, AND SENSITIVE DATA
Our Services may involve educational, simulation, training, or research-related content. However, unless expressly stated otherwise in a separate written agreement, our Services are not intended to collect, process, store, or transmit real patient data, medical records, protected health information, or clinical data.
You must not upload or submit:
(a) real patient names;
(b) medical records;
(c) diagnosis information;
(d) treatment information;
(e) clinical images;
(f) hospital records;
(g) protected health information;
(h) biometric data used for identification;
(i) genetic data;
(j) health insurance data; or
(k) any other sensitive or regulated data
unless we have expressly authorized this in writing and an appropriate legal basis, data-processing agreement, and security arrangement are in place.
If you submit such data without authorization, you are responsible for ensuring that you have all necessary rights, permissions, consents, and legal bases.
22. MARKETING COMMUNICATIONS
We may send you service-related communications, such as support responses, legal notices, security alerts, product updates, or administrative messages.
We may send marketing communications only where permitted by law and, where required, with your consent.
You may opt out of marketing communications at any time by using the unsubscribe link in the communication or contacting us at:
Even if you opt out of marketing communications, we may still send non-marketing communications related to your use of the Services.
23. COOKIES AND SIMILAR TECHNOLOGIES
If we operate websites or online services, we may use cookies and similar technologies.
Cookies and similar technologies may be used for:
(a) essential website operation;
(b) security;
(c) remembering preferences;
(d) analytics;
(e) performance measurement;
(f) debugging;
(g) fraud prevention; and
(h) marketing, only where permitted by law.
For users in the European Economic Area, United Kingdom, Switzerland, or other jurisdictions requiring consent, we will request prior, opt-in consent before using non-essential cookies, analytics cookies, tracking pixels, advertising cookies, or similar non-essential technologies, unless an exemption applies.
Where required by law, users will be given a reasonable ability to accept, reject, or manage non-essential cookies and similar technologies.
You can also control cookies through your browser settings and, where available, through our cookie preference tools.
24. THIRD-PARTY PLATFORMS, LINKS, AND SERVICES
The Services may interact with Meta, Apple, and Google services, including Meta Horizon Store, Meta Quest Store, Meta Quest devices, Meta Horizon OS, Apple App Store, Apple devices, iOS, iPadOS, macOS, visionOS, Google Play, Android, and related platform services.
Meta, Apple, and Google may collect and process information under their own privacy policies, account settings, device settings, and platform terms. We do not control their independent data processing.
The Services may also contain links to third-party websites or services, such as documentation pages, support tools, hosting providers, email services, analytics providers, or payment-related services. We are not responsible for the privacy practices of third parties.
You should review the privacy notices of Meta, Apple, Google, and any applicable third-party services before using those services.
25. PUBLICATIONS, RESEARCH, AND USER-GENERATED MATERIALS
If you create publications, research papers, theses, reports, screenshots, videos, presentations, demonstrations, reviews, or other public materials involving the Services, you are responsible for ensuring that those materials do not disclose personal data, confidential data, patient data, sensitive data, or third-party data without a valid legal basis.
You must not publish private or sensitive information obtained through the Services unless you have all required rights, permissions, consents, and legal bases.
We may refer to publicly available publications that mention our Services, provided that we do not falsely imply endorsement where no endorsement exists.
26. AGGREGATED, ANONYMIZED, OR DE-IDENTIFIED DATA
We may create or use aggregated, anonymized, or de-identified information that does not reasonably identify an individual.
We may use such information for:
(a) analytics;
(b) research;
(c) product improvement;
(d) benchmarking;
(e) performance measurement;
(f) publications;
(g) marketing;
(h) investor materials;
(i) security;
(j) documentation; and
(k) commercial development.
Where information is anonymized, we will take reasonable steps designed to prevent re-identification, where required by applicable law.
27. DATA DELETION REQUESTS
You may request deletion of your personal data by contacting:
Please include enough information for us to identify the relevant data, such as:
(a) your name;
(b) email address;
(c) app or Service used;
(d) platform used;
(e) approximate date of use;
(f) Meta, Apple, Google, or other relevant platform identifier, if applicable and available; and
(g) description of the data you want deleted.
We will respond in accordance with applicable law.
We may retain certain information where necessary for:
(a) legal compliance;
(b) fraud prevention;
(c) security;
(d) dispute resolution;
(e) tax, accounting, or audit obligations;
(f) enforcement of agreements;
(g) platform compliance; or
(h) legitimate business records, where permitted by law.
If deletion requires action by Meta, Apple, Google, or another platform provider, you may also need to use that platform's privacy tools, account settings, device settings, or support channels.
28. ACCOUNT DELETION
If a Service allows you to create an account directly with Heal Simulations, you may request deletion of that account by contacting:
If you access the Services only through Meta, Apple, Google, or another platform account, deletion of your platform account must be handled through the relevant platform's account settings or support tools.
Deleting a Heal Simulations account, if available, may not automatically delete data held independently by Meta, Apple, Google, payment processors, app stores, institutions, or other third parties.
We may retain certain information after account deletion where required or permitted by law, including for legal compliance, security, fraud prevention, tax, accounting, dispute resolution, enforcement, or legitimate business record purposes.
29. DO NOT TRACK AND OPT-OUT SIGNALS
Some browsers or devices may transmit "Do Not Track" or similar signals.
Because there is no uniform industry standard for responding to these signals, our response may depend on the specific Service, browser, platform, or applicable legal requirement.
Where required by applicable law, we will honor legally recognized opt-out preference signals.
30. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time.
When we make material changes, we may notify you by reasonable means, such as:
(a) updating the effective date;
(b) posting the updated Privacy Policy on our website;
(c) providing notice through the Services;
(d) sending an email where appropriate;
(e) updating Meta Horizon Store, Meta Quest Store, Apple App Store, Google Play, or related platform notices where applicable; or
(f) providing product-specific notices.
Your continued use of the Services after an updated Privacy Policy becomes effective means that you acknowledge the updated Privacy Policy, except where applicable law requires additional notice or consent.
31. CONTACT US
For questions, requests, complaints, or privacy-related concerns, contact us at:
IOANNIS SIOKOS / Heal Simulations Email: legal@healsimulations.com
We will respond to privacy requests in accordance with applicable law.