Privacy Policy – Detectra (Test & Clinical Research Version)

Last updated: July 2025
Atreon SA (“we”, “us”, or “our”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you participate in a clinical research study using Detectra, our investigational software.
Detectra is a prototype software medical device developed for research purposes only. It is being evaluated in academic studies and clinical trials focused on rheumatology. The app is not a certified medical product and is not intended for diagnosis, treatment, or clinical decision-making at this stage, but solely for research purposes.
This policy complies with the European Union General Data Protection Regulation (GDPR), the UK GDPR, the Swiss Federal Act on Data Protection (FADP), and applicable U.S. regulations, including the Health Insurance Portability and Accountability Act (HIPAA) where relevant.

1. Who We Are

Atreon SA
Chemin de Rennier 4
1009, Pully, Switzerland
Email: privacy@detectra.app
Website: https://detectra.app

2. Nature of Participation

Participation in this research is entirely voluntary and is governed by a separate informed consent form, which must be signed prior to gaining access to the app. Your personal and health-related data will be collected solely for research purposes, as part of ethically approved clinical studies.
No health advice, diagnosis, or treatment will be provided through the app.

3. What Data We Collect

We may collect the following types of personal and health-related data:

• Identification information (e.g. participant ID, email, country of residence and postcode)

• Health data (e.g. hand images, symptoms, pain/function scores)

• Device information (e.g. model, operating system)

• App usage data (e.g. timestamps, screen interactions)

• Feedback submitted via the app or via researchers

All data collected will be pseudonymized wherever possible and used exclusively within the scope of the approved research project.

4. How We Use Your Data

Your data will be used solely for research and product development purposes, including:

• Evaluating the feasibility and usability of the Detectra app

• Assessing the accuracy and clinical value of digital biomarkers

• Supporting publications, reports, and scientific communication (in anonymized form)

• Build and train machine learning models

• Informing future improvements of the technology and potential regulatory submissions

We do not use your data for commercial profiling, targeted advertising, or unrelated purposes.

5. Legal Basis for Processing

The legal basis for processing your data is:

• Your explicit informed consent (Art. 6(1)(a) & 9(2)(a) GDPR)

• Scientific research purposes, subject to applicable safeguards (Art. 9(2)(j) GDPR)

• Public interest in health research

• Compliance with ethics approvals and research protocols

You may withdraw consent at any time without affecting your clinical care.

6. Data Sharing & International Transfers

Your data may be shared with:

• Authorized research personnel at collaborating institutions

• Ethics committees and regulatory bodies

• Subprocessors who provide secure hosting, analytics, or support services

Some data may be transferred outside your country of residence. In such cases, we ensure appropriate safeguards such as:

• Standard Contractual Clauses (SCCs)

• EU–US and Swiss–US Data Privacy Framework compliance

• Data minimization and pseudonymization prior to transfer

7. Data Security

We employ strict technical and organizational measures to protect your data, including:

• Transport Layer Security (TLS) encryption for data transmission

• Access controls and role-based permissions

• Secure data storage and data processing

• Regular technical audit and security checks.

• Anonymization or pseudonymization of health-related data

Your data will be retained only as long as required by the research protocol, ethics approval, or applicable legal and regulatory requirements. In accordance with the European General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP), data collected as part of a clinical trial must be retained to ensure the scientific integrity of the study and to comply with legal obligations, including audit and inspection requirements.
If you choose to withdraw from the study, no further data will be collected from you. However, data already collected up to the point of withdrawal will continue to be processed and retained as necessary for the purposes of the research, in line with legal and ethical standards. This is to ensure the validity and reliability of the research results and to comply with applicable laws, such as article 28(3) of the EU Clinical Trials Regulation (CTR). Upon project completion and after expiration of required retention periods, your data will be anonymized or securely deleted, unless continued retention is required by law.

9. Your Rights

You have the right to:

• Access your personal data

• Request correction or deletion

• Object to or restrict processing

• Withdraw your consent at any time

• Lodge a complaint with your local data protection authority

Please note:
While you have the right to request deletion of your personal data, this right may be limited in the context of clinical research. Under GDPR Article 17(3)(d) and equivalent Swiss law, data already collected and used for scientific research purposes may not be deleted if erasure would seriously impair or render impossible the achievement of the research objectives or compliance with legal obligations. This exception is necessary to maintain the integrity of the research and fulfill regulatory requirements.
If you withdraw your consent, no new data will be collected from you; however, data already collected up to that point will be retained and used as described above.
To exercise your rights, contact us at privacy@detectra.app

10. Children and Minors

This app is not intended for use by individuals under the age of 18, and any involvement of minors in studies must be explicitly approved by an ethics committee and involve parental/legal guardian consent.

11. Updates

We may update this policy if legal requirements or research protocols change. Any significant updates will be communicated through the study coordinator or within the app.

12. Contact

If you have questions or concerns regarding your data, please contact:
Data Protection Officer
Atreon SA
Chemin de Rennier 4
1009, Pully, Switzerland
Email: privacy@detectra.app