This Privacy Policy (“Privacy Policy”) governs the processing and transfer of personal data collected or processed by Kemtai Ltd. (collectively with its subsidiaries and affiliated companies “Company”, “we”, “us” or “our”) when we provide our services, through the use of our training and physiotherapy platform and application (“Product”), or when you access or use our website available here (“you” or “your” and “website” or “services”). This Privacy Policy is an integral part of any other agreement between us, including without limitation the website’s terms and any of our products’ terms (“Terms”). Any capitalized terms not defined herein shall have the meanings ascribed to them in the Terms, or under the applicable privacy laws.
This Privacy Policy explains what data we may collect from you, how such data may be used or shared with others, how we safeguard it and how you may exercise your rights related to your Personal Data (as defined below), as required under relevant privacy regulation, including without limitation and where applicable: the EU General Data Protection Regulation (“GDPR”), relevant US Privacy Laws (as such terms is defined below), the California Consumer Privacy Act (“CCPA”), and the Israeli Privacy Protection Law, 1981. In addition, any reference to the GDPR (as defined below) shall also include the UK Data Protection Act, 2018 (UK-GDPR).
This Privacy Policy does not pertain to Personal Data relating to our employees, contractors and other staff as part of their employment or engagement with us.
Additional Notice to California Residents: In the event you are a California resident – please review our CCPA Notice to learn more about our privacy practices with respect to the CCPA.
If you have any questions regarding this Privacy Policy or our data practices, you are welcome to contact us at: privacy@kemtai.com.
You are not required by law to provide us with any Personal Data. However, please note that some of our services require the processing of certain Personal Data and without such data we may not be able to provide you with all or part of such services.
1. POLICY AMENDMENTS:
We reserve the right to amend this Policy from time to time, at our sole discretion. The most recent version of the Policy will always be posted on the website. The updated date of the Policy will be reflected in the “Last Modified” heading. Subject to applicable law, any amendments to the Policy will become effective immediately, unless we notify you otherwise. If we materially change the way in which we process your previously collected Personal Data, we will provide you with prior notice, or where legally required, request your consent prior to implementing such changes. We strongly encourage you to review this Policy periodically to ensure that you understand our most updated privacy practices.
Kemtai Ltd. is the Data Controller (as such term is defined under the GDPR or equivalent privacy legislation) of your Personal Data collected from you as a user of our services.
You may contact us as follows:
PLEASE NOTE THAT END-USERS’ PERSONAL DATA PROCESSED ON BEHALF OF OUR ENTERPRISE CUSTOMER WITHIN THE SERVICES IS LEGALLY OWNED BY SUCH ENTERPRISE CUSTOMERS, WHILE WE MERELY ACT AS PROCESSORS OR SERVICE PROVIDERS ON THEIR BEHALF (“ENTERPRISE CUSTOMERS” AND “END USERS”, RESPECTIVELY). THEREFORE, ANY REMAINDER OF SUCH END-USERS’ DATA MENTIONED HEREIN IS FOR INFORMATIONAL PURPOSES ONLY AND SUBJECTED TO THE INSTRUCTIONS AND PRIVACY PRACTICES OF SUCH ENTERPRISE CUSTOMER, WHO IS ENTIRELY AND SOLELY RESPONSIBLE FOR THE PRIVACY PRACTICES CONCERNING ITS END-USERS.
Contact details of our EU Data Protection Representative (“DPR”) for EU data subjects:
You can contact our DPR through our designated compliance page at: https://app.prighter.com/portal/12768395549.
Below you can find information regarding the purposes for which we process your personal data as well as our lawful basis for processing, the definition of “personal” and “non-personal” data, and how it is technically processed.
Non-Personal Data
During your interaction with the services, we may collect aggregated, non-personal non-identifiable information (“Non-Personal Data “). We are not aware of the identity of the user from which the Non-Personal Data is collected. We collect Non-Personal Data regarding your use of the services, such as the scope, frequency, latency, pages accessed and viewed, time and date stamp, interactions with content and materials displayed through our services, language preference, and other technical information regarding the device used to access the services, for example type of device, type of browser, operating system, etc.
We may sometimes process and anonymize or aggregate Personal Data and identifiable information in a manner that shall create a new set of data that will be Non-Personal Data. Such a new data set can no longer be associated with any identified natural person. Non-Personal Data may be used by us without limitation and for any purpose.
If we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data.
Personal Data
We may also collect from you, directly or indirectly, during your access or interaction with the services, individually identifiable information, namely information that identifies an individual or may, with reasonable effort, be used to identify an individual (“Personal Data”). The types of Personal Data that we collect as well as the purpose for processing and the lawfulness are specified in the table below.
Please note that under applicable US Privacy Laws, Personal Data does not include information that cannot be reasonably linked to you, directly or indirectly, such as de-identified or aggregated data, and information governed by other state or federal laws, such as: Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Personal Data covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) and the Driver’s Privacy Protection Act of 1994, Children’s Online Policy Protection Act of 1998 (COPPA), Family Educational Rights and Privacy Act of 1974, National Security Exchange Act of 1934, higher education data and employment data, etc. As such, where an Enterprise Customer is deemed as Covered Entity under HIPAA, the processing of its End User data is subject to Enterprise Customer’s privacy practices notice which the End User is encouraged to read and be familiar with.
The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations:
DATA SET | PURPOSE AND OPERATIONS | LAWFUL BASIS PER GDPR |
Contact and Customer Support Information: If you voluntarily contact us in order to purchase our services, request for quotation, become a partner, or receive our support, you may be required to provide us with certain Personal Data such as your full name, email address, and any additional information you decide to share with us.
| We will use this data to respond to your inquiry.
The correspondence with you may be processed and stored by us to improve our internal operations, as well as in the event we reasonably determine it is needed for future assistance or to handle any dispute you might have with us.
We may retain and manage such information using external services and platforms such as CRM systems. | We process such Contact Information subject to our legitimate interest.
If you are a customer of our services approaching us with respect to your usage of the services, or a partner approaching us regarding our partnership, the data will be processed per the contract between us.
|
Receive access to our Demo If you wish to receive access to our demo, you may be required to provide us with certain Personal Data such as your business email. | We will use this information to respond to your request to schedule a demo with us and grant you a temporary access.
Such information may be processed and stored by us to improve our internal operations, as well as in the event we reasonably determine it is needed for future assistance or to handle any dispute you might have with us.
We may retain and manage such information using external services and platforms such as CRM systems. | We process such information subject to our legitimate interest.
Further, and following the initiation of a demo, we will retain this data per the contract between us.
|
Product User Account Basic Information: Any user of the Product must have an account. The information provided during the registration process may include your name, address, email, phone number username and password. Further, we may collect certain basic demographic information regarding the user, such as gender, age (years), height, weight, etc.
| We will process this information to verify your identity and grant you access to the Product. As part of that we may use your email or phone number as part of a Multi-Factor-Authorization process. We may also use this information in order to provide you with account management, to provide the services as well as to send you needed information related to provide you with our services and which related to our business engagement (e.g., send you a welcome message, notify you regarding any updates to our services, send applicable invoices, etc.) and additional occasional communications and updates related to the services. Such messages may be delivered to you through email or SMS in accordance with applicable law.
Further, we may send you promotional and marketing emails, to the extent we are allowed to do so under applicable law (“Direct Marketing” as detailed hereunder).
We may also process your user’s account information by using “cookies”. | Our lawful basis for processing such data, analyzing it, and granting you access to the requested service is the contract between us. We may further analyze and process your login data for security purposes, upon our legitimate interests. In some cases, and where required under applicable law, using your data for promotional purposes will be subject to your consent. In such instances, you may always withdraw your consent at any time by contacting us or unsubscribe from any marketing list through the designated feature included in such message.
Please note that if you are using our services as an End User, your data is processed by us in our capacity as a Data Processor, under the legal basis established by the relevant Enterprise Customer. |
Product Use Data: As part of your usage of our services, we may retain, keep and manage, for you and on your behalf as a customer, including your session activity, usage patterns, Product’s configurations and management data, information regarding the intended treatment as well as treatment progress, and any other information collected and processed as part of your use of any of our Product and services.
| We will use this information in order to provide you with our services.
| We process such data for the purpose of performing our contract with you. Please note that if you are using our services as an End User, your data is processed by us in our capacity as a Data Processor, under the legal basis established by the relevant Enterprise Customer. |
Health Related Data Processed on Behalf of our Enterprise Customers: We may collect, retain, analyze, and otherwise process health related Data relating to End Users whose information is submitted or managed by our Enterprise Customers through the services. | We process such data solely on behalf of the relevant Enterprise Customer and in accordance with their instructions. | Such data is processed by us in our capacity as a Data Processor, under the legal basis established by the relevant Enterprise Customer. |
Video Recordings: As part of providing you with the Product’s services, we may record and capture your photographs and training related videos for analysis purposes. | Such data is being analyzed to provide you (and your therapist in certain cases) with feedback regarding your exercise and training. The initial analysis of the captured content is done locally on your device. This includes generation of your skeleton “stick figure”. Basically, the row data, including any of your images or videos, are not uploaded to our servers, and only the locations of your joints and body parts are uploaded during the exercise and information derived from that. However, provided your choice and consent, and with no guarantees regarding such content availability and backup, we may retain the captured images and videos for you. You may turn off and control those options through the settings. | We process such data for the purpose of performing our contract with you.
Please note that if you are using our services as an End User, your data is processed by us in our capacity as a Data Processor, under the legal basis established by the relevant Enterprise Customer |
Payment Data: When you make payment to receive our services, you will be asked to submit payment information data such as your credit card number, bank account data, debit card, etc.
| We will use the information to provide you with the services. We will use third party payment processors and any transactions that are processed by these third-party payment processors will be governed by their privacy policies and terms which we recommend that you review. | We process such data for the purpose of performing our contract with you.
Certain payment data is being retained by us as part of our legal obligations (e.g., bookkeeping). |
Online Identifiers and Advertising and Targeting data: When you interact with the website and services, we may collect online identifiers such as your Internet Protocol address (IP), Cookie-ID, etc., and other information that relates to your activity through the website, such as pages viewed, click stream data, login time and date stamp, etc. This data might be collected directly by us or through our use of third parties’ cookies and advertisement platforms.
Similarly, we may collect Ad calls, which is a code shared with advertisers, include zip code, advertiser ID, the webpage the you came from, the IP address, approximate location which assists the advertiser to determine which ads to place. The ad call will also include your preference regarding interest-based advertisement as further explained herein.
| Collection of device identifiers is needed for the following purposes: (i) Internal statistics and analysis, for which device identifiers might be combined with usage data, for example, to analyze how many visitors have accessed certain content and from which country (where the country is extracted from the IP address) in order to enhance and improve our website and its content. (iii) Marketing and advertising purposes. Our partners will process this data to manage and deliver advertisements and content more effectively and personally, including contextual, behavioral, and interests-based advertising based on your activity, preferences or other data available to us or to our business partners and advertisers, including for re-targeting purposes.
| Our lawful basis for processing this data for technical and security purposes is based upon our legitimate interest. If we process your Personal Data for analytics and advertising purposes and to the extent required under applicable laws (e.g., if we use third party cookies), we will obtain your consent for such processing. In any such case, you may withdraw consent or change your preferences at any time by using the cookie settings tool available on our website.
|
Direct Marketing: As a user, we will send you materials and marketing content through the email information you provided during your registration. | We will use this information to keep you updated with offers and content such as updates, new capabilities and features, and to send you invoices and supporting documentation.
We will always do so in accordance with and to the extent permitted by applicable law. | We process such data subject to our legitimate interest. You can opt-out at any time through the “unsubscribe” link within the email or by contacting us directly. However certain operational content, such as invoices, will still be sent. |
Recruitment Data: in the event you wish to apply for a job, you may voluntarily provide us with your CV and cover letter through our means of communications. | We will use the CV and information you provide to process your job application for recruitment purposes and check your suitability.
| We will process basic recruitment data subject to our legitimate interests to consider your application and respond. If we move forward with you in the recruitment process, or where you have initiated the recruitment application, at an advanced stage of the negotiations we will process your data as part of our contractual relationship with you. If we choose to retain your data for any other future positions that may apply to you, we will ask for your explicit consent to the extent required by applicable law. |
Please note that the actual processing operation for each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. The transfer of Personal Data to third-party countries, as further detailed in the Data Transfer Section below, is based on the same lawful basis as stipulated in the table above.
In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of the services and to enforce the Terms, as well as to protect the security or integrity of our databases, services, and the website, and to take precautions against legal liability. Such processing is based on our legitimate interests.
Depending on the nature of your interaction with us, we may collect the above detailed information from you, as follows:
When you access or use our services, we may use “cookies” or similar tracking technologies, which store certain information on your device (i.e., locally stored). The use of cookies is standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies are used by us for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and advertising. You can find more information about our use of cookies here: www.allaboutcookies.org.
There are several types of cookies, including without limitation:
You may find more information about the cookies we use as well as opt-out from cookies or change your preferences at any time by using the cookies setting tool available on the footer of our website.
Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including to combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies, and we are not responsible for their privacy practices.
Although we do not sell your personal information for profit, we do engage in targeted advertising on the website, this type of advertising activity may be considered a “sale” of Personal Data under certain US Privacy Laws and may also be referred to as “targeted advertising”. Please note that even if you opt-out you may still see personalized ads based on information other companies and ad networks have collected about you, if you have not opted out of sharing with them.
For IBA opt out options on desktop and mobile websites, please visit:
We also honor browser-based opt-out signals, such as the Global Privacy Control (GPC) and Universal Opt-Out Mechanisms (UOOM), by automatically disabling non-essential cookies when such signals are detected.
We share your data with third parties, including our partners or service providers that help us operate and make the most of the website. You can find here information about the categories of such third-party recipients.
Categories of Recipients | Additional Information |
Our Affiliated Companies
| We may share Personal Data with our affiliated companies and subsidiaries in order to provide joint services, for example, marketing, improving our services, etc. |
Our Service Providers
| We share your Personal Data with our trusted service providers and business partners that perform business operations for us on our behalf (as data processors) and pursuant to our instructions. This includes the following categories of service providers: ● AI/ML systems, who help us improve our services; ● Advertising and marketing service providers, who help us with advertising measurements, email marketing, etc.; ● Data storage providers, with whom we entrust the hosting and storage of our data; ● Consent Manager (CMP), an external service that provides us with the ability to allow website visitors to control and manage their cookies preferences and consent; ● General IT and SaaS providers – providing us with IT systems for the management of our daily conduct; ● Data analytics and data management providers, who help us improve, personalize and enhance our operation. ● Data security partners, who help us detect and prevent potentially illegal acts, violations of our policies, fraud and/or data security breaches and ensure compliance with legal obligations. |
Legal and Law Enforcement
| We may disclose certain Personal Data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other visitor to legal liability, and solely to the extent necessary to comply with such purpose. |
Corporate Transactions | In the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale) we will share the Personal Data we store with our acquiring company. In any such case, we will oblige the acquiring company to assume the rights and obligations as described in our Privacy Policy. |
Enterprise Customers | Provided you are an End User using our services under an Enterprise Customer, we may share your information with such Enterprise Customer, as the Data Controller of your data. Such sharing is not deemed as a transfer of data made on our behalf but simply as providing your relevant Enterprise Customer with the data, they legally own, per their instructions. Any further use of such data is upon the relevant Enterprise Customer excusive responsibility. |
When we share information with service providers, we ensure they only have access to such information that is strictly necessary for us to operate the website. These parties are required to secure the data they receive and to use the data for pre-agreed purposes only while ensuring compliance with all applicable data protection regulations (however, such service providers may use certain data for their own benefit subject to separate terms agreed upon with you or per your consent, as well as in the case of using merely Non-Personal Data).
Please note that in case you act as an End User under an Enterprise Customer, all your Product’s information will be available and transparent to your Enterprise Customer, as the controller of the data.
In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to optout, where applicable.
The circumstances in which we will retain your Personal Information include: (i) where we are required to do so in accordance with legal requirements, or (ii) for us to have an accurate record of your interaction with us in the event of any inquiries or contact requests, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data. Please note that except as required by applicable law, we will not be obliged to retain your data for a particular period, and we may delete it for any reason and at any time, without providing you with prior notice of our intention to do so.
Further, retention periods of Enterprise Customers’ End-Users’ data are set by the relevant Enterprise Customer as the legal owner of such data, per its business needs, legal obligations and other consideration upon its sole discretion.
We take great care in implementing physical, technical, and administrative security measures for the website and services, that we believe comply with applicable regulation and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed, or accidentally lost.
If you feel that your privacy was not dealt with properly or was dealt with in a way that was in breach of our Privacy Policy or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data, please contact us at our email.
Due to our global business operation, we may store or process your Personal Data in several territories, including, for example in Israel, the UK, EU, US or in other countries (whether directly or indirectly through the use of our vendors). Thus, your Personal Data may be transferred to and processed in countries other than the country from which you accessed our websites or otherwise the country of your jurisdiction. We will take appropriate measures to ensure that your Personal Data receives an adequate level of data protection upon its transfer in accordance with applicable law.
Further, when Personal Data collected within the EU is transferred outside the EU (and not to a recipient in a country that the European Commission has decided provides adequate protection) it shall be transferred under the provisions of the standard contractual clauses approved by the European Union. If you would like to understand more about these arrangements and your rights in connection therewith, please contact us at our email.
In addition, some of the third parties used for cookies management on our website may store and process data globally, including in the US (e.g., Google Analytics servers). When granting consent for such cookies, you hereby acknowledge and approve such cross-border transfer, in accordance with such third party’s privacy practices.
Data protection and privacy laws may grant you certain rights with regards to your Personal Data, all according to your jurisdiction. The rights may include one or all of the following: (i) request to amend your Personal Data we store accessing; (ii) review and access your Personal Data that we hold; (iii) request to delete your Personal Data that we hold (as long as we do not have a legitimate reason for retaining the data); (iv) restrict or object to the process your Personal Data; (v) exercise your right of data portability (vi) contact to a supervisory authority in your jurisdiction and file a complaint; and (vii) withdraw your consent (to the extent applicable).
If you wish to submit a request to exercise your rights, please fill out the Data Subject Request Form (“DSR”) available here and send it to our email at: privacy@kemtai.com.
When you contact us and request to exercise your rights regarding your Personal Data, we will require certain information from you in order to verify your identity and locate your data and that the process of locating and deleting the data may take reasonable time and effort, as required or permitted under applicable law. Data privacy and related laws in your jurisdiction may provide you with different or additional rights related to the data we collect from you, which may also apply.
In certain circumstances, and subject to applicable US Privacy Laws, you may permit an authorized agent to submit requests on your behalf. For more information, please refer to our DSR form.
You have the right to lodge a complaint with the EU Member State supervisory authority if you are not satisfied with the way in which we handled the complaint.
Any inquiry for exercising your rights as an End User acting under an Enterpriser Customer should be referred to the relevant Enterprise Customer acting as the Data Controller of such data.
Additionally, in accordance with applicable US Privacy Laws, if we decline to take action on your request, we will inform you within 45 days (Colorado residents) or 60 days (all other U.S. jurisdictions) of receipt. Our response will include a justification for the decision and an explanation about your right to lodge an appeal. If you wish to do so, please send your appeal request with a summary of the request and decision you want to appeal to: privacy@kemtai.com.We will respond to appeals within 45 days (one 15‑day extension possible where reasonably necessary).
If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:
Our Privacy Policy only addresses the use and disclosure of Personal Data we collect from you. To the extent that you disclose your Personal Data to other parties via the website (e.g., by clicking on a link to any other website or location), different rules may apply to their use or disclosure of the Personal Data you disclose to them, and this Privacy Policy does not apply to any such third-party products and services. You agree that we shall have no liability whatsoever with respect to such third-party sites and your usage of them.
Our services are not directed nor intended for use by children, and we do not knowingly process, sell or share children’s information. We will discard any information that we receive from a user who is considered a “child” immediately upon our discovery that such a user shared information with us. Please contact us at: privacy@kemtai.com, if you have reason to believe that a child has shared any information with us.
Last Updated: September 1, 2025
