Loop by SYMBYX Privacy Policy

Last Updated: 25/09/2025

1. INTRODUCTION

SYMBYX Pty Ltd ("Company", "we", or "us") respects your privacy and is committed to protecting it through compliance with this Privacy Policy ("Policy"). This Policy describes how we collect, use, disclose and process personal information through our mobile application Loop by SYMBYX (“App”) and any other digital products that refer to this Policy (together, the “Services”). “User“, “you“ and “your“ refer to the individual or entity that accesses or otherwise uses the Services, and each of your heirs, assigns, and successors. It outlines:

  • The types of information we may collect or that you may provide when you use the Services;
  • How we collect, use, maintain, protect, and disclose this information; and
  • Your choices and rights with respect to your personal information.

This Policy applies to all users of our Services, including individuals who use the App for general wellness purposes such as symptom tracking, self-management, and receiving personalised reminders. By accessing or using the Services, you agree to the practices described in this Policy. If you do not agree, please do not create an account and use the Services. This Policy may be updated from time to time. We will notify you of material changes, and continued use of the Services indicates your acceptance of those changes.

Please also review our Terms of Use, which govern your use of the Services.

2. WHAT PERSONAL INFORMATION DO WE COLLECT AND WHY?

“Personal Information” refers to data that identifies or can be used to identify you. We only collect Personal Information necessary to deliver and improve the App’s wellness-focused features. Specifically:

2.1. Identity Information

Types: Name, surname, gender, date of birth.

Purpose:

  • To create and manage your user profile.
  • To personalise your App experience.
  • To comply with legal obligations or enforce our rights.

2.2. Contact Information

Types: Email address.

Purpose:

  • To send important service-related updates (e.g. policy changes or technical notices).
  • To respond to user support enquiries or feedback.
  • To communicate with you regarding your App usage or activity logs.

2.3. Device Information

Types: Mobile device model, operating system, browser type.

Purpose:

  • For diagnostics and performance optimisation.
  • To troubleshoot issues and provide support.

2.4. Geolocation Data

Types: Time zone information.

Purpose:

  • To schedule reminders based on your local time settings.

2.5. Wellness-Related Inputs

Types: Data you manually enter or sync through services like Apple Health, including movement patterns (e.g. steps), medication times, and general wellness-related entries such as check-ins or reminders.

Purpose:

  • To help you track and organise information you choose to monitor within the App.
  • To enable features such as notifications, summaries, and logs based on your preferences and recorded data.
  • To support general health awareness, daily routine planning, and self-management practices.
  • To process anonymised and aggregated data for the purpose of improving the app and SYMBYX services. Such processing enables us to identify general trends, enhance functionality, and inform internal research. This collective, non-personal data cannot be used to identify you and is utilised solely to improve the overall user experience and SYMBYX’s services.

Use of health data from Apple Health is optional and subject to your explicit consent. You can manage permissions at any time via your device settings. The App does not diagnose, treat, or monitor any disease or serious condition. All features are designed solely for wellness and self-tracking purposes.

3. USE OF INFORMATION REGARDING MINORS

The Services are not intended for individuals under the age of 18. We do not knowingly collect Personal Information from individuals under the age of 18. If you believe we have inadvertently collected information from a person under 18, please contact us at info@symbyxbiome.com so we can take appropriate steps to delete the data.

4. HOW WE COLLECT INFORMATION

We collect information in the following ways to support the functionality and improvement of the App and Services:

4.1. Information You Provide to Us

We collect information you choose to share with us directly through the App or other means. This may include:

  • Details you provide when creating an account, completing onboarding, or using features such as logging check-ins, setting reminders, or logging routines.
  • Responses to optional surveys or feedback forms, which may be used to improve the App.
  • Records of your communication with us, including customer support enquiries via the App or via email.
  • Information you submit when reporting a technical issue, including any supporting screenshots or usage logs you consent to share for troubleshooting.

4.2. Information Automatically Collected Through Your Use of the App

To support performance and functionality, we may automatically collect certain technical data when you use the App. This includes:

  • Device type, operating system, and App version.
  • General usage information such as feature engagement and session duration.
  • Diagnostic data to help us identify and fix bugs or performance issues.

The App may store data locally on your device, such as settings or login status, to ensure features function as expected. Where analytics or diagnostic data are used to improve the App, we process this information in aggregated or de-identified form, unless individual troubleshooting is explicitly requested by the user. We do not use cookies, web beacons, or tracking technologies for advertising or profiling. If third-party tools are used to support analytics or performance monitoring, they are configured solely to help us improve the App.

4.3. Information from Third-Party Integrations

If you choose to connect your App account with Apple Health or Apple Watch, we may access data that you explicitly authorise for syncing (such as steps, sleep patterns, or activity levels). You can revoke or adjust these permissions at any time through your device settings. We may also collect data from partners who help support core Services (e.g., database storage, authentication providers), but only to the extent required to deliver the App functionality. These third parties are bound by contractual obligations to protect your information.

5. DISCLOSURE AND TRANSFER OF YOUR INFORMATION

The Company does not sell your personal information. We will not disclose or transfer your personal information to unrelated third parties without your consent, except as described in this Policy. We may share or disclose information in the following circumstances:

5.1. To Service Providers and Partners

We may share personal information with trusted third-party service providers who support our operations and help us deliver the App. These include:

  • Cloud hosting providers
  • Infrastructure and database administrators
  • Authentication or analytics platforms
  • Customer support tools
  • Secure communications providers

These service providers are contractually bound to handle your information confidentially and securely and are only permitted to use it for the purpose of providing their specific services on our behalf.

5.2. We May Disclose Your Information with Your Consent

We may share information with other parties only when you explicitly authorise us to do so. For example, if you choose to sync with Apple Health, we will process and share the relevant data based on your selections and permissions.

5.3. To Fulfil a Purpose You Request

We may disclose your information to fulfil the reason you provided it. For example, to respond to a support enquiry or send you a requested report or summary.

5.4. For Legal, Safety, or Compliance Reasons

We may disclose your information if we believe it is reasonably necessary to:

  • Comply with applicable laws, regulations, court orders, or legal processes
  • Respond to law enforcement or regulatory enquiries
  • Enforce our Terms of Use or other agreements
  • Detect, prevent, or address fraud, misuse, security, or technical issues
  • Protect the rights, property, or safety of SYMBYX, our users, or others

5.5. Business Transfers

In the event of a merger, acquisition, asset sale, corporate restructuring, or similar transaction, your information may be transferred as part of the business assets. In such cases, we will ensure appropriate safeguards are in place to protect your privacy and notify you if required by applicable laws.

5.6. De-identified or Aggregated Data

We may share aggregated or anonymised information that cannot be used to identify you or your device with third parties for purposes such as research, analytics, product development, or similar activities. Anonymisation is carried out using technical safeguards, including data masking, aggregation thresholds, and pseudonymisation, to ensure the data cannot be re-identified.

6. CROSS-BORDER TRANSFERS AND INTERNATIONAL PRIVACY RIGHTS

6.1. Cross-Border Transfers

Some of our service providers may be located outside of your country, including in jurisdictions such as the United States, Europe, or Asia. Where we transfer your personal data across borders, we ensure that appropriate safeguards are in place in accordance with applicable data protection laws, including Standard Contractual Clauses (SCCs) where required under the EU General Data Protection Regulation (GDPR) or the UK GDPR.

6.2. If You Are in the European Economic Area (EEA) or United Kingdom (UK)

For individuals located in the EEA or the UK, SYMBYX Pty Ltd acts as the data controller for the personal information we collect through the App and related services. This means we determine the purposes and means of processing your personal data. For additional information about how we handle data under the GDPR and UK GDPR, see Section 11.

7. YOUR RIGHTS AND ACCESS TO YOUR INFORMATION

You have rights regarding your personal information, including the ability to access, correct, delete, or withdraw your consent. These rights may vary depending on your location and the laws that apply.

7.1. Access, Update, or Delete Your Information

You can review, update, or delete certain personal information directly within the App by accessing your account settings. If you would like to request access to your information, make corrections, or permanently delete your account, you can also contact us at info@symbyxbiome.com. For security reasons, we can only act on requests linked to the verified email address associated with your account. If you choose to delete your account, we will remove your personal information from active systems within one month, in line with Article 12(3) of the GDPR. Some data may continue to be stored in secure backups for a limited period where required to meet legal or regulatory obligations.

7.2. Withdrawing Your Consent

If you have previously given consent to the collection or processing of your information, you can withdraw it at any time by updating your preferences in the App or by contacting us. Once we receive your withdrawal, we will stop processing your data for the purposes covered by that consent, unless we have a legal basis to continue processing.

7.3. Additional Rights for Users in Certain Regions

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or another region with applicable data protection laws, you may have the right to:

  • Access your personal data and receive a copy.
  • Correct inaccurate or incomplete information.
  • Delete your personal data (subject to legal exceptions).
  • Object to processing based on our legitimate interests.
  • Restrict how we process your data in certain situations.
  • Transfer your data to another provider (data portability).
  • Withdraw consent for any processing based on prior consent.
  • Lodge a complaint with your local data protection authority.
  • We do not use automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, please contact us at info@symbyxbiome.com.

8. DATA SECURITY

We take the protection of your personal information seriously and have implemented reasonable technical and organisational measures to safeguard it against loss, misuse, unauthorised access, alteration, or disclosure.

These measures include:

  • Secure servers and encrypted communications where appropriate
  • Firewalls and intrusion detection systems
  • Strict access controls and user authentication
  • Routine monitoring, security updates, and testing
  • Restriction of access to your information to authorised personnel only
  • While we do our best to protect your information, please be aware that no method of transmission over the internet or storage system is completely secure. We cannot guarantee the absolute security of your information.
  • Your security also depends on you. If you are assigned or create a password to access the App, you are responsible for keeping it confidential. We recommend that you use a strong password and do not share your login credentials with others. If you believe your account has been compromised, please contact us immediately at info@symbyxbiome.com.

9. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will revise the “Last Updated” date at the top of this Policy. If the changes are material, we will take reasonable steps to notify you. for example, through an in-app message or by email. We encourage you to review this Policy periodically to stay informed about how we protect your information. You are responsible for ensuring that we have an up-to-date and deliverable email address for you if you wish to receive such notifications.

10. RETENTION OF YOUR INFORMATION

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to comply with legal, accounting, or regulatory requirements, and to support the functionality of the App. When determining how long to retain your information, we consider:

  • The type and sensitivity of the data
  • The reason it was collected and whether that purpose has been fulfilled
  • Any legal obligations or industry standards that apply
  • The potential risk of harm from unauthorised use or disclosure

Where data is no longer needed, we will delete or anonymise it in a secure manner, in accordance with applicable laws and regulations.

If you delete your account, we will remove your personal information from active systems, unless we are required to retain certain data for legal or regulatory purposes. Data associated with symptom logs or wellness entries will be securely deleted or anonymised upon account deletion within one month, in line with Article 12(3) of the GDPR, except where limited retention is necessary for technical backups or compliance obligations.

11. FOR RESIDENTS OF THE EUROPEAN ECONOMIC AREA (EEA) AND UNITED KINGDOM (UK)

If you are located in the European Economic Area or the United Kingdom, SYMBYX Pty Ltd is the data controller of your personal data, as defined under the General Data Protection Regulation (GDPR) and the UK GDPR.

11.1. Legal Bases for Processing

We rely on the following legal grounds when processing your personal data:

  • Consent – Where you have given us clear and informed consent for a specific purpose (Article 6(1)(a) GDPR).
  • Contract – Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract (Article 6(1)(b)).
  • Legal Obligation – Where we are required to process your data to comply with a legal obligation (Article 6(1)(c)).
  • Legitimate Interests – Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and interests (Article 6(1)(f)).

11.2. Exercising Your Rights

You may exercise any of your rights under Section 7 of this Policy by contacting us through the details provided below. To help us confirm your identity, we may ask you to provide a copy of a valid identity document (such as a passport or national ID). In certain cases, we may not be able to provide access to specific personal data if doing so would violate the rights of another individual or if restricted by applicable law. For further information about your rights under GDPR or to lodge a complaint, you may contact your local data protection authority.

12. CONTACT INFORMATION

If you have any questions, feedback, or concerns about this Privacy Policy or how your personal information is handled, you can contact us at:

Email:
info@symbyxbiome.com

Mailing address:
SYMBYX Pty Ltd
Level 3, 116 Military Road
Neutral Bay, 2089, NSW, Australia

We are committed to working with you to address any concerns regarding your privacy. If you believe your issue has not been resolved to your satisfaction, you may also have the right to lodge a complaint with your local data protection authority, depending on your jurisdiction.