Privacy Policy

Last Updated: November 19, 2025

Effective Date: November 19, 2025

1. Introduction

Welcome to PurePath Health Intelligence (“PurePath,” “we,” “us,” or “our”). We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website (purepath.club) and services.

This policy complies with the General Data Protection Regulation (GDPR) and applicable data protection laws in the Gulf Cooperation Council (GCC) region, including Oman’s Personal Data Protection Law.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide to Us

When you use our services, we may collect the following information that you provide directly:

Contact Information:

  • Name (first and last name)
  • Email address
  • Phone number
  • Organization/company name
  • Job title and professional information

Account Information:

  • Username and password (if applicable)
  • Communication preferences
  • Any information you provide in forms, surveys, or inquiries

Genetic and Health Data (if using our platform):

  • Genetic test results and analysis
  • Health history and medical information
  • Lifestyle and wellness data
  • Self-reported health information

This health and genetic data is considered “special category data” under GDPR and is subject to enhanced protection measures.

2.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

Usage Information:

  • Pages visited and time spent on pages
  • Referring website and search terms used
  • Browser type and version
  • Device type (desktop, mobile, tablet)
  • Operating system
  • IP address and approximate geographic location

Cookies and Tracking Technologies:

We use cookies and similar technologies to enhance your experience. See Section 8 (Cookies Policy) for more details.

3. How We Use Your Information

We use your personal information for the following purposes:

Service Delivery:

  • Provide and maintain our genetic analysis, clinical decision support, and wellness platforms
  • Process and analyze genetic testing samples and results
  • Generate personalized health, nutrition, fitness, and mental wellness recommendations
  • Facilitate communication between you and healthcare professionals or experts

Business Operations:

  • Respond to your inquiries and provide customer support
  • Process transactions and manage your account
  • Send service-related announcements and updates
  • Improve and optimize our services and website

Legal and Compliance:

  • Comply with legal obligations and regulatory requirements
  • Protect our rights and prevent fraud or abuse
  • Enforce our terms and conditions

Marketing (with your consent):

  • Send you information about our products, services, and promotions
  • You can opt-out of marketing communications at any time

We only process special category data (genetic and health data) with your explicit consent and for the specific purposes outlined in our service agreements.

4. Legal Basis for Processing (GDPR Compliance)

Under GDPR, we process your personal data based on the following legal grounds:

Consent:

You have given explicit consent for processing your genetic and health data for specific purposes.

Contract Performance:

Processing is necessary to provide services you have requested or contracted for.

Legal Obligation:

Processing is required to comply with legal or regulatory requirements.

Legitimate Interests:

Processing is necessary for our legitimate business interests (e.g., improving services, fraud prevention), provided your rights and interests do not override these interests.

For genetic and health data, we rely primarily on your explicit consent, which you can withdraw at any time.

5. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information in the following circumstances:

Service Providers:

We work with trusted third-party service providers who assist us in operating our platform:

  • Genetic testing laboratories (for sample analysis)
  • Cloud hosting and data storage providers
  • Healthcare professionals and domain experts (for validation and consultation)
  • IT and security service providers

All service providers are contractually obligated to protect your data and use it only for specified purposes.

Healthcare Professionals:

If you use our services through a healthcare provider, wellness organization, or employer, we may share relevant information with authorized professionals overseeing your care or wellness program.

Legal Requirements:

We may disclose your information if required by law, regulation, legal process, or governmental request, or to:

  • Protect the rights, property, or safety of PurePath, our users, or the public
  • Enforce our terms and conditions
  • Respond to claims of violation of third-party rights

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

With Your Consent:

We may share information for other purposes with your explicit consent.

6. Data Security

We take the security of your personal and genetic data extremely seriously and implement industry-standard security measures:

Technical Measures:

  • Encryption of data in transit (TLS/SSL) and at rest (AES-256)
  • Secure, access-controlled data centers
  • Regular security audits and vulnerability assessments
  • Multi-factor authentication for account access
  • Secure backup and disaster recovery procedures

Organizational Measures:

  • Employee training on data protection and privacy
  • Strict access controls (need-to-know basis)
  • Confidentiality agreements with employees and contractors
  • Incident response and breach notification procedures

Healthcare Compliance:

  • HIPAA-ready architecture for health data protection
  • CAP/CLIA compliance for genetic testing operations
  • ISO 27001 security standards (in progress)

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the highest standards.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

Account and Contact Information:

Retained for the duration of your account plus 7 years after account closure (for legal and regulatory compliance).

Genetic and Health Data:

Retained for as long as you maintain an active account or as required by healthcare regulations. You may request deletion at any time (see Section 9: Your Rights).

Usage and Analytics Data:

Typically retained for 2 years, then aggregated or anonymized.

Marketing Communications:

Retained until you opt-out or request deletion.

Legal and Compliance Records:

Retained as required by applicable laws and regulations (typically 7-10 years).

When data is no longer needed, we securely delete or anonymize it so it can no longer identify you.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience and analyze site usage.

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us recognize you and remember your preferences.

Types of Cookies We Use:

Essential Cookies (Always Active):

Required for the website to function properly (e.g., security, authentication). These cannot be disabled.

Analytics Cookies:

Help us understand how visitors use our site (e.g., Google Analytics). We use this data to improve our website and services.

Functional Cookies:

Remember your preferences and settings (e.g., language, region).

Marketing Cookies (Optional):

Track your activity across websites to deliver relevant advertisements. These require your consent.

Managing Cookies:

You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

To opt-out of Google Analytics: https://tools.google.com/dlpage/gaoptout

Third-Party Services:

We may use third-party analytics and marketing tools that set their own cookies. Please refer to their privacy policies for more information.

9. Your Rights Under GDPR

Under GDPR and applicable data protection laws, you have the following rights regarding your personal data:

Right to Access:

You can request a copy of the personal data we hold about you.

Right to Rectification:

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (“Right to be Forgotten”):

You can request deletion of your personal data in certain circumstances (e.g., when data is no longer necessary, you withdraw consent).

Right to Restrict Processing:

You can request that we limit how we use your data in certain situations.

Right to Data Portability:

You can request your data in a structured, machine-readable format to transfer to another service provider.

Right to Object:

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent:

If processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Right to Lodge a Complaint:

You can file a complaint with your local data protection authority if you believe your rights have been violated.

To exercise any of these rights, please contact us at: privacy@purepath.club

We will respond to your request within 30 days (as required by GDPR).

10. International Data Transfers

PurePath operates primarily in the Gulf Cooperation Council (GCC) region. Your data may be stored and processed in:

Primary Data Storage:

  • Oman and other GCC countries
  • Data centers that comply with local data residency requirements

International Transfers:

In some cases, we may transfer data outside the GCC region (e.g., to cloud service providers). When we do, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Your explicit consent for specific transfers

We ensure all international transfers comply with GDPR and GCC data protection requirements.

11. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children without parental consent.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at privacy@purepath.club. We will promptly delete such information.

For users under 18 accessing our services through a parent, guardian, or healthcare provider, we require appropriate consent and parental/guardian oversight.

12. Third-Party Websites and Services

Our website may contain links to third-party websites and services. This Privacy Policy applies only to PurePath services.

We are not responsible for the privacy practices of third-party websites. We encourage you to review the privacy policies of any external sites you visit.

Third-party service providers we work with (e.g., payment processors, cloud hosting) have their own privacy policies. We select providers who meet our security and privacy standards.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services.

When we make changes:

  • We will update the “Last Updated” date at the top of this page
  • For material changes, we will notify you via email or a prominent notice on our website
  • Your continued use of our services after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Officer:

Email: privacy@purepath.club

Address: Muscat, Oman

General Inquiries:

Email: info@purepath.club

Phone: +971 (Contact for details)

You can also contact us through our Contact page.

We will respond to your inquiry within 30 days.

Supervisory Authority:

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Back to Top