Privacy Policy

www.curenatural.com Effective date: 1st September 2025

1. Introduction & Scope

This Privacy Policy explains how CureNatural collects, uses, discloses, and safeguards information about individuals who access or use the Services. It applies worldwide, to information collected online through the Site and App and offline where expressly referenced (e.g., consultation forms you send to us). It does not apply to third-party websites, storefronts, or products we link to, which are governed by their own privacy terms. By using the Services, you agree to the practices described here.

2. Who We Are & How to Contact Us

CureNatural LLC is a U.S. company providing Ayurveda-based educational content and wellness guidance. For privacy questions, rights requests, or appeals:
  • Email: support (at) curenatural.com
If an EU/UK representative is required in the future, we will update this Policy with their contact details.

3. Key Definitions

  • Personal Information / Personal Data (PI/PD): Information that identifies or can reasonably be linked to an individual.
  • Sensitive Data: Includes health-related information, and—in the EU/UK—“special category data.”
  • Consumer Health Data (CHD): Health-related data regulated by certain U.S. state laws (e.g., Washington, Nevada).
  • Processing: Any operation performed on PI/PD (collection, storage, use, disclosure, etc.).
  • Sell / Share (US state laws): Providing PI/PD for monetary value (sell) or for cross-context behavioral advertising (share).
  • Service Providers / Processors: Vendors that process PI/PD for us under contract.

4. Relationship to Terms; Not Medical Care; HIPAA Status

This Policy is incorporated into our Terms & Conditions. The Services provide Ayurveda-based educational content and wellness guidance; they do not provide medical diagnosis or treatment and are not an Electronic Medical Record (EMR). CureNatural is not a HIPAA “covered entity” or “business associate.” Information you share with us is governed by this Privacy Policy, not the HIPAA Privacy or Security Rules. If you ask a clinician to send records to us, that clinician may require a HIPAA authorization addressed to them; once we receive your information, we handle it under this Policy.

5. What We Collect

Depending on how you use the Services, we may collect the following categories:
  1. Account & Contact Data – name, email; optional phone and mailing address. B. Transaction & Subscription Data – purchase history (courses, App subscriptions, PDF plan purchases); limited payment metadata from Stripe/Apple/Google (we do not store full card numbers). C. Assessment & Wellness Inputs (Sensitive) – your body-constitution assessment responses and wellness inputs (e.g., digestion, sleep, skin dryness, general symptom patterns), preferences, and goals you choose to provide. D. Consultation Materials (Sensitive & Optional) – information you elect to share for consultations (e.g., allergies, chronic conditions, supplements/medications, family history) to tailor general Ayurveda suggestions; you may provide minimal or no health details and still use other parts of the Services. E. Device & Usage Data – IP address, device identifiers, operating system and App version, crash/error logs, session duration, pages/screens viewed, clickstream and in-app events. F. Communications & Feedback – messages to support, survey responses, ratings/reviews, marketing preferences. G. In-App Content Choices – saved plans, foods/herbs you select, AI feature toggles (when enabled). H. Cookies/SDK Signals – identifiers and event data set via cookies, pixels, mobile SDKs (see Section 12).
We do not knowingly collect precise geolocation, biometric identifiers, or government-issued IDs through the Services.

6. Sources of Information

  • Directly from you (account registration, assessments, consultation forms, emails with support).
  • Automatically from devices (cookies/SDKs, logs).
  • From transactions (Stripe/Apple/Google confirm payment status).
  • From your settings/permissions (notifications; OS-level privacy choices). We do not purchase data from data brokers.

7. How We Use Information (Purposes)

We process PI/PD to:
  1. Operate and provide the Services (personalized Ayurveda plans, App functionality, course delivery, downloadable PDF plans).
  2. Process orders and payments; administer subscriptions and receipts.
  3. Provide support; manage rescheduling/cancellations; respond to inquiries.
  4. Improve quality, performance, and reliability; conduct debugging and analytics; prevent misuse and fraud.
  5. Send required service communications; with your consent where required, send optional marketing.
  6. Maintain security, enforce Terms, and comply with legal obligations.
  7. Create de-identified or aggregated insights that do not identify you (see Section 15).
We do not use your health inputs for interest-based advertising.

8. Legal Bases (EU/UK) & Our Compliance Framework

Where the GDPR/UK-GDPR applies, we rely on the following bases:
  • Contract: To deliver Services you request (accounts, subscriptions, courses, support).
  • Consent: For processing health data and for non-essential cookies/SDKs; for certain marketing.
  • Legitimate Interests: To secure the Services, prevent fraud, and improve features—balanced against your rights and expectations. You may withdraw consent at any time (see Section 20). We implement data-protection-by-design, assess high-risk features via DPIA where appropriate, and maintain records of processing.

9. Sensitive Health Data & Global Consent Approach

Voluntary: Health data is collected only when you choose to provide it (e.g., assessment answers, consultation forms). Purpose-limited: We process health data solely to generate and update Ayurveda-based wellness plans, provide related features, and support you. Consent Controls:
  • EU/UK: We obtain explicit consent before collecting or using health data; you can withdraw consent in the App or by contacting us.
  • S. Consumer Health Data (selected states): We present clear notices and obtain consent for collection and disclosures to processors; we do not sell CHD (see Section 19). If you withdraw consent, certain personalization features may no longer function; your account and non-sensitive features may remain available.

10. AI Features & Automated Processing

If you enable AI features (e.g., rotating recipe ideas), your inputs may be processed by CureNatural and contracted vendors to generate suggestions.
  • Scope: AI outputs are for educational/wellness purposes; they may be incomplete or unsuitable; you must independently evaluate them.
  • Vendors: We contract vendors as processors/service providers, restrict secondary use, and prohibit use of your inputs for the vendor’s own marketing.
  • Model Improvement: Where feasible, we offer a setting to prevent your inputs from being used to improve general models.
  • No Solely Automated Legal Effects: We do not make decisions producing legal or similarly significant effects solely by automated means.

11. Payments & App Stores

Purchases of courses are processed by Stripe; App subscriptions are managed by Apple App Store or Google Play. These providers receive the minimum necessary payment metadata to complete the transaction and may act as independent controllers for their own processing. We do not store full card numbers. Refunds and cancellations are handled in accordance with our Terms and applicable store policies.

12. Cookies, Mobile SDKs & Similar Technologies

We use cookies and SDKs to operate the Services, perform analytics, remember preferences, and improve reliability.
  • EU/UK: We obtain consent for non-essential cookies/SDKs and provide granular controls via our banner.
  • Global: You can control cookies in your browser and adjust mobile OS permissions.
  • GPC / Do Not Track: We honor legally recognized Global Privacy Control (GPC) signals for any “sale/share” should such functionality be introduced; traditional DNT lacks a standard response. Details of specific tools and lifespans appear in our Cookie/Tracking Notice, which forms part of this Policy.

13. Disclosures of Personal Information

We disclose PI/PD only as described below and subject to appropriate contractual and security safeguards:
  1. Service Providers / Processors – hosting, cloud storage, analytics, security monitoring, customer support, email/SMS delivery, crash reporting, and (when enabled) cloud AI. B. Payments & App Stores – Stripe, Apple, and Google process transactions and manage subscriptions. C. Legal & Safety – to comply with law, respond to lawful requests, protect rights, safety, and security (including fraud prevention and abuse investigation). D. Business Transfers – in connection with a merger, acquisition, or sale of assets, subject to continuity of protections. E. At Your Direction – when you export or share a plan or connect an integration you choose.
We maintain a record of our main categories of processors and will provide a summary on request.

14. Third-Party Links & Affiliate Relationships

The Services may present links to third-party merchants and resources. Purchases via affiliate/referral links occur directly with those merchants under their terms and privacy policies. We do not control third-party practices and are not responsible for their handling of your information. Review third-party privacy policies before transacting.

15. De-Identified & Aggregated Data

We may create de-identified or aggregated datasets for analytics, quality improvement, or research and product development. We take reasonable steps to minimize the risk of re-identification and do not attempt to re-identify de-identified data unless necessary to test and maintain de-identification safeguards.

16. International Data Transfers & Safeguards

We are U.S.-based. When transferring PI/PD from the EU/UK or other jurisdictions with cross-border rules, we rely on appropriate safeguards (e.g., Standard Contractual Clauses plus UK Addendum and supplementary measures) and assess onward transfers. Copies of relevant safeguards may be requested (redactions may apply to protect confidential terms).

17. Data Retention

We retain PI/PD only for as long as necessary for the purposes described in this Policy or as required by law. Typical periods include:
  • Account & Contact Data: while the account is active and for a reasonable period thereafter (e.g., to address inquiries and maintain records).
  • Assessment/Wellness Inputs: for the life of your subscription or active use; if inactive, deletion or de-identification after a defined period.
  • Consultation Materials: retained only as needed to prepare or maintain your wellness plan and then archived or deleted.
  • Transaction Records: retained as required for tax, audit, and legal compliance.
  • Logs & Security Data: retained for a limited period to ensure integrity and investigate incidents. When retention ends, we delete or de-identify data using commercially reasonable methods.

18. Security & Incident Response

We implement reasonable technical and organizational safeguards, including access controls, encryption in transit, least-privilege access, logging, and vendor security reviews. No system is perfectly secure. If we learn of a breach affecting your information, we will notify you and regulators as required by applicable law and take steps to mitigate harm.

19. “No Sale / No Share” & Advertising Stance (U.S. State Laws)

We do not sell your Personal Information and do not share it for cross-context behavioral advertising. If we ever introduce advertising that implicates “sale” or “sharing,” we will update this Policy, provide legally required opt-out mechanisms (including honoring GPC), and reflect the change in our cookie/SDK controls and in-app settings.

20. Your Privacy Choices & Controls

  • Access/Correction/Deletion: See Sections 21–22 for region-specific rights and how to exercise them.
  • Marketing: Opt out via unsubscribe links or App settings.
  • Cookie/SDK Preferences: Use our banner (EU/UK) and device/browser controls.
  • AI Settings: Toggle AI features and, where offered, opt out of model-improvement use.
  • Consent Withdrawal: Withdraw health-data consent at any time; some personalization may cease.

21. U.S. Privacy Rights (California & Similar Laws)

Residents of certain U.S. states (e.g., CA, CO, CT, UT, VA) may have rights to know/access, correct, delete, port, and limit use/disclosure of sensitive PI, and to appeal decisions. How to submit: Email support (at) curenatural.com (or use any in-app portal we provide). Indicate your state and the right you wish to exercise. We will verify identity and respond within statutory timelines. Authorized agents: You may use an authorized agent with proof of authority and verifiable information. Non-discrimination: We do not discriminate for exercising your rights. If we deny your request, you may appeal by replying to our decision; an internal review will be conducted and a response provided within the applicable timeframe.

22. U.S. Consumer Health Data (WA, NV and Similar)

For residents of states regulating Consumer Health Data (CHD):
  • What we collect: assessment responses and consultation details you voluntarily provide, used to generate Ayurveda-based wellness plans and App features.
  • Consent: we obtain consent for collection and for disclosures to processors; we do not sell CHD and do not use geofencing around healthcare facilities.
  • Your rights: access, deletion, withdrawal of consent, and appeal; methods mirror Section 21.
  • Contracts: we maintain contracts with CHD processors restricting secondary use and imposing security standards.

23. EU/UK GDPR Rights; Contacts

If the GDPR/UK-GDPR applies to you, you have the right to access, rectify, erase, restrict, object, and port your Personal Data, and to withdraw consent without affecting prior processing. You may also lodge a complaint with your supervisory authority. Submit requests via support (at) curenatural.com with sufficient detail for verification. If we appoint an EU/UK representative or data protection officer, we will post their details here.

24. Exercising Rights; Verification; Appeals

Submit requests to support (at) curenatural.com or via any in-app rights portal we provide. We will take steps to verify your identity (e.g., email confirmation; additional details for sensitive requests). If we cannot verify, we may request more information or deny the request as permitted by law. If we decline a request, we will provide reasons and instructions for appeal. Appeals are reviewed by personnel not involved in the initial decision.

25. Changes to This Policy; Contact & Miscellany

We may update this Policy to reflect changes in practices or law. When we do, we will revise the Effective Date and, where required, provide additional notice (e.g., banner, in-App notice, or email). Your continued use of the Services after the effective date constitutes acceptance of the updated Policy. Questions or concerns? Email: support (at) curenatural.com Accessibility: We will provide this Policy in alternative formats upon request. The controlling version is English; translations are provided for convenience only.

Download Your Health Reset

CureNatural Ayurveda Mobile App

Download now on:

Available on

Play Store

Available on

App Store

Ayurveda App
Ayurveda Mobile App
CureNatural White Logo

+1 866 AYR VEDA

support @ curenatural.com

Download Apple App

Download Google App

Menu

Support

Account

Dosha Test

Copyright © 2018-2025. CureNatural LLC All Right Reserved.