EN

Privacy Policy

Dernière mise à jour : 21/04/2026

AINOHA, a simplified joint-stock company under French law, registered with the Grenoble Trade and Companies Register under number 940 585 953 R.C.S. Grenoble, with its registered office located at 25 rue Beethoven, 38400 Saint-Martin-d'Hères, is referred to in this policy as " Ainoha," " we," or " our."

TheAinoha™ app allows users (" you," " your," or " Users ") track their symptoms and hormonal parameters, perform biometric analysis via their smartphone camera, access blood test analysis, and interact with a chatbot that provides personalized recommendations related to well-being and hormonal balance (the " App "). 

The purpose of this policy is to inform you about how we process your personal data when you use the Application, in accordance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data (the " GDPR ").

1. Définitions

CNIL: National Commission for Information Technology and Civil Liberties, 3 Place de Fontenoy, 75334 Paris.

Recipient: Any natural or legal person, public authority, agency, or other body that receives personal data.

Personal data: Any information relating to an identified or identifiable natural person, directly or indirectly, in particular by reference to an identifier (e.g., name, email address, online identifier).

Data controller: Natural or legal person who determines the purposes and means of personal data processing. In the context of this policy, this is Ainoha.

Subcontractor: Any natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller, in accordance with the controller's instructions.

Processing: Any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, storage, adaptation, consultation, use, disclosure, restriction, erasure, or destruction.

2. Pourquoi traitons-nous vos données personnelles ? 

We collect the following categories of personal data when you use the Application:

2.1. Finalité du traitement : Création et gestion du compte utilisateur

Data collected

  • Name;
  • First name;
  • Email address;
  • Date of birth.

Legal basis

Performance of the contract with the User

Shelf life

During the period of use of the Application, then for a period of

2.2. Finalité du traitement : Fourniture des services de l’Application Ainoha™ :

  • Monitoring and hormonal profile
  • Interactions with the Aino Chatbot
  • Personalized recommendations
  • Personalized supplements (if applicable)

Data collected

  • Health information (height, weight, type and brand of contraceptive):
  • Self-questionnaires (energy, sleep, symptoms);
  • Biometric analyses (heart rate, respiratory rate, stress level);
  • Blood tests (biomarkers);
  • Text data exchanged with the Aino™ chatbot;
  • User Preferences

Legal basis

  • Performance of the contract with the User
  • Explicit consent of the User

Shelf life

During the period of use of the Application, then for a maximum period of one (1) year

2.3. Finalité du traitement : Réponse aux demandes des Utilisatrices

Data collected

Data transmitted in requests

Legal basis

Legitimate interest in responding to User requests

Shelf life

Processing time for the request, plus the statutory limitation period.

2.4. Finalité du traitement : Assurer le bon fonctionnement et la sécurité de l’Application

Data collected

  • Browsing data;
  • IP address;
  • Technical data (device type, logs, errors)

Legal basis

Legitimate interest in providing a functional Application

Shelf life

While browsing the Application

2.5. Finalité du traitement : Conformité aux obligations légales ou aux demandes des autorités compétentes

Data collected

Any data necessary to meet a legal requirement

Legal basis

Legal obligation

Shelf life

For the period necessary to comply with the applicable legal obligation

Ainoha retains your personal data only for as long as necessary for the purposes outlined in the table above.

After these periods, the data is deleted or anonymized.

In certain cases, data is also stored in intermediate archives for:

  • comply with legal obligations such as accounting, social security, or tax requirements;
  • enable us to compile evidence in the event of a dispute, within the applicable limitation periods.

3. Qui sont les destinataires de vos données personnelles ?

3.1. Employés d’Ainoha

Your personal data may be processed by Ainoha employees, within the limits of their respective responsibilities and exclusively for the purposes of this policy.

3.2. Prestataires de service

Ainoha uses technical service providers who operate the infrastructure necessary for the proper functioning of the Application. This includes, in particular, hosting, storage, management, and maintenance services for the Application, its content, and the personal data processed.

These include the following providers:

  • Amazon Web Services (AWS): application hosting, data storage, and cloud infrastructure (EU region).
  • Shen.AI : analyse des paramètres physiologiques issus du scan vidéo (fréquence cardiaque, respiration, stress). Lors de la mesure vidéo des signes vitaux effectuée par Shen.AI au sein de l'Application, les images de votre visage ne seront traitées que localement sur votre appareil le temps d'obtenir les résultats de mesure. Ce traitement garantit que les données biométriques personnelles ne sont ni stockées sur l'appareil, ni transmises ou stockées en externe, préservant ainsi votre vie privée.
  • Mistral AI : génération des réponses du chatbot AINO en mode Zero Data Retention (ZDR). Aucune donnée n'est conservée par Mistral une fois la réponse fournie.
  • Manufacturer of dried blood collection kits: manufacturing and logistics of blood collection kits (DBS).
  • Medical laboratory specializing in dried blood spot analysis: analysis of blood samples (DBS) and production of biomarker results.

These service providers act as subcontractors for Ainoha. As such, they only have access to personal data to the extent strictly necessary for the performance of their services, and are contractually bound to guarantee the confidentiality, security, and compliance of the processing, in accordance with applicable regulations, in particular the GDPR.

4. Communication justifiée par des raisons légales

Ainoha may be required to disclose certain personal data if required by law, a judicial or administrative authority, or in the context of legal proceedings.

5. Vos données personnelles sont-elles transférées en dehors de l’Union européenne ? 

Your data is transferred outside the European Union, in particular due to the use of certain service providers.

In this case, these transfers are subject to appropriate safeguards, such as the inclusion of service providers on the list available on the Data Privacy Framework, or the signing of standard contractual clauses adopted by the European Commission.

Data hosted by Amazon Web Services (AWS) is stored in the eu-north-1 region, in an environment certified as a Health Data Host (HDS), guaranteeing a high level of security in accordance with the requirements applicable to health data in France.

6. Vos droits

Pour exercer les droits listés ci-après, vous pouvez contacter Ainoha à l’adresse suivante privacy@ainoha.fr

You have the following rights:

  • Right of access to your personal data: you have the right to obtain certain information from Ainoha, such as the purposes of the processing or the categories of personal data concerned.
  • Right to rectification: you may ask us at any time to rectify your personal data if it is inaccurate or incomplete.

Right to erasure/right to be forgotten: you may request the deletion of your personal data, particularly when it is no longer necessary for Ainoha, when you have withdrawn your consent, or when you have objected to its processing.

  • Right to restriction of processing: you may request the restriction of the processing of your personal data if you contest the accuracy of the data or if its processing is unlawful.
  • Right to data portability: when your personal data is subject to automated processing based on your consent or on a contract, you may request to receive this data or have it transferred to a third party.
  • Right to object: You may object to the processing of your personal data when it is based on legitimate interest, for reasons relating to your particular situation.
  • Right to decide what happens to your personal data after your death: you can set guidelines or designate a trusted third party to whom Ainoha can entrust your data.
  • Right to withdraw your consent: at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Before we can respond to your request to exercise one or more rights, we may ask you for additional information to verify your identity.

Ainoha undertakes to respond to your requests relating to this policy or the exercise of your rights as soon as possible, and at the latest within one (1) month of receiving the request, in accordance with the GDPR.

If your request is complex or if you have made multiple requests, the response time may be extended to three (3) months from receipt.

If you believe that the processing of your personal data is unlawful, you also have the right to lodge a complaint with:

  • the main data protection authority for Ainoha: the CNIL; or
  • from your local supervisory authority.

7. Sécurité des données personnelles

We implement appropriate technical and organizational measures to ensure the security, confidentiality, integrity, and availability of the personal data we process. These measures are regularly evaluated and updated.

These measures include, in particular:

  • Strict access controls and secure authentication measures;
  • Data encryption;
  • Continuous monitoring of the system with anomaly detection and alerts in the event of an incident;
  • Regular security tests integrated into the development cycle;
  • A structured procedure for managing security incidents;
  • Raising awareness and training teams in data security.

8. Contact

Pour toute question, ou demande concernant vos données personnelles ou la présente Politique de confidentialité, vous pouvez nous contacter à l’adresse suivante : privacy@ainoha.fr