Privacy Policy TOSOO App
Last Updated: January 23, 2026
1. Introduction
The tosoo mobile application (hereinafter "App") is provided by Tosoo AG to facilitate clinical research. The App is used exclusively for the technical setup of the TOSOO device (WiFi configuration) and to collect brief participant feedback regarding device usage and as a medium to request support.
2. Controllers and Responsibility
In the context of this clinical study, the following entities are responsible for your data:
Tosoo AG provides the App as a technical service provider. The legal responsibility (Data Controller) for the data collected within the scope of a clinical study lies with the respective Study Sponsor (e.g., university or research institute). The name and contact details of your specific Study Sponsor, as well as their Data Protection Officer (DPO), can be found in the Patient Information and Informed Consent documents provided to you during your initial study enrollment.
3. Data Collection and Purpose
A. Identification Data (Pseudonymization)
To protect your privacy, the App does not process real names.
- Data: A unique, randomly generated Study ID (pseudonym).
- Purpose: To assign measurement data to the correct patient file at the Sponsor's site without the technical provider knowing your actual identity.
B. Technical Configuration Data (Local Setup)
To enable the headband to transmit data independently, the App assists with the network setup.
- Data: WiFi credentials (SSID and Password).
- Purpose: This data is required so the TOSOO Headband can transmit measured health data autonomously (e.g., every morning) to the cloud.
- Storage: WiFi credentials are stored exclusively locally on your smartphone and on the device. They are not transmitted to Tosoo AG servers or third parties.
C. Feedback and Survey Data
- Data: Responses to brief questions regarding usage (e.g., "Did you wear the device last night?", subjective experience).
- Purpose: To record treatment (compliance) and user experience for the clinical study.
- Transmission: This data is encrypted and transmitted directly to the secure cloud infrastructure.
D. Legal Basis
Processing is based on your informed consent as part of your participation in the study, in accordance with the Swiss Human Research Act (HRA/HFG) and Article 31 of the Swiss Federal Act on Data Protection (nDSG/FADP).
4. Storage and Data Security
- Cloud Infrastructure: All study data is stored on Google Cloud Platform (GCP) servers in the Zurich (Switzerland) region.
- Encryption: All data is encrypted both during transit (TLS) and at rest (AES-256) according to current state-of-the-art technology.
- Access Control: Only authorized study personnel have access to the unencrypted health and study data. Tosoo AG only has access to data checks for quality assurance purposes.
- No Tracking: The App does not use any third-party analytics tools (such as Google Analytics or Facebook SDK) and contains no advertising.
5. Required App Permissions
Bluetooth: Required to locate and pair with the TOSOO Headband for WiFi setup.
Location Services: Required by Android/iOS to perform Bluetooth scans and identify WiFi networks. No GPS movement profiles are created or stored.
6. Retention Period
In accordance with the Swiss Human Research Act (HFG) and the study protocol, study-related data is archived for a minimum of 10 years.
7. Your Rights
Under the Swiss FADP (nDSG), you have the following rights:
1. Right to Access: You can request information about the data processed about you.
2. Right to Rectification: Correction of inaccurate data.
3. Right to Data Portability: Receipt of your data in a structured, commonly used electronic format.
4. Right to Withdraw Consent: You can withdraw your consent at any time.Note: In the event of a withdrawal, data collection will cease. Data already collected may continue to be used in anonymized form if this is strictly necessary to achieve the study objectives, in accordance with the HRA/HFG.
To exercise these rights, please contact the study team or email privacy@tosoo.ch.
