top of page

Terms of Service

For the Youwell patient app

Last updated: 07.05.2026

Effective date: 07.05.2026

Version: 1.0

Introduction

This document sets out the terms and conditions (the "Terms") that govern your use of the Youwell patient app (the "Service"), provided by Youwell AS, company registration number 916 293 739, C. Sundts gate 17–19, 5004 Bergen, Norway ("we", "us" or "our"). The document also contains our privacy policy describing how we process your personal data.

By registering, creating an account or otherwise using the Service, you confirm that you have read, understood and accepted these Terms. If you do not agree to the Terms, you must not use the Service.

The Service collects and processes health and activity data from connected devices and applications ("Connected Sources"), including smartwatches, fitness trackers, health apps and similar wearables. This involves the processing of sensitive personal data, and we ask that you read the privacy policy in Part B carefully.

 

PART A — TERMS OF SERVICE

1. Definitions

"User" or "you" means a natural person who has registered for and uses the Service.

"Service" means the Youwell patient app, including the associated website, mobile application and features that enable connection and aggregation of data from wearables and health applications.

"Connected Sources" means third-party wearables, applications, platforms or devices (e.g. smartwatches, fitness trackers, health apps) that you authorise to share data with the Service.

"Health Data" means data relating to physiological measurements and health status, including heart rate, heart rate variability (HRV), sleep patterns, blood pressure, weight, blood glucose and similar measurements.

"Activity Data" means data relating to physical activity, including steps, workouts, distance, calories and location/GPS data.

"User Data" means the collective term for Health Data, Activity Data and other information you provide or that is generated through your use of the Service.

2. The Service

2.1 The Service enables you to connect and aggregate data from various Connected Sources, so that you can obtain an overview of and insights into your own health and activity data. The Service uses a third-party provider to facilitate the integration with Connected Sources.

2.2 We reserve the right at any time to modify, update, suspend or discontinue all or part of the Service. This includes the possibility that one or more Connected Sources may become unavailable, for example as a result of changes made by the third party that provides the source’s API.

3. Eligibility and registration

3.1 To use the Service, you must be at least 16 years old. If the local age of consent for the processing of personal data is higher in your country of residence, that local age applies.

3.2 You must provide accurate and complete information when registering, and keep such information up to date.

3.3 You are responsible for keeping your login credentials confidential and for all activity that takes place under your account.

4. Connection to Connected Sources

4.1 The Service allows you to authorise the collection of data from Connected Sources. When you connect a source, you will normally be redirected to the relevant third party’s authorisation page, where you must consent to the data sharing.

4.2 Each Connected Source has its own terms and privacy policies, which you must comply with in addition to ours. We do not control such third parties and are not responsible for their services, availability or data practices.

4.3 You may withdraw your authorisation for a Connected Source at any time, either through the Service or directly with the third party. We will then stop collecting new data from that source, but data already collected will be handled in accordance with the privacy policy.

5. Acceptable use

When using the Service, you undertake not to:

  • use the Service for unlawful purposes or in breach of these Terms;

  • connect sources or share data belonging to other persons without their consent;

  • attempt to circumvent technical security measures, gain unauthorised access, or decompile or reverse-engineer the Service;

  • use the Service in a manner that may damage, overload or impair our or any third party’s systems;

  • use automated tools (bots, scrapers) to extract data from the Service;

  • resell, commercially exploit or otherwise make the Service available to third parties without our prior written consent.

6. Intellectual property rights

6.1 All rights to the Service, including software, design, trademarks, text, images and other content, belong to us or our licensors. Nothing in these Terms transfers any such rights to you.

6.2 You retain your rights to your User Data. By using the Service, you grant us a non-exclusive, royalty-free licence to process User Data to the extent necessary to provide and improve the Service, as further described in the privacy policy.

7. Right of withdrawal (consumers)

7.1 As a consumer in the EU/EEA, you have a 14-day right of withdrawal in respect of digital services. The withdrawal period runs from the date of the contract.

7.2 If you ask us to start providing the Service before the withdrawal period has expired and you expressly consent to losing your right of withdrawal once the Service has been fully performed, you will lose your right of withdrawal to the extent the Service has been performed.

7.3 To exercise your right of withdrawal, use the standard withdrawal form provided by the relevant consumer authority, or send us an unequivocal statement at support@youwell.no.

8. Liability and limitation of liability

8.1 The Service is provided "as is" and "as available". We make no warranties that the Service will be error-free, uninterrupted or that data from Connected Sources will be accurate or complete.

8.2 To the maximum extent permitted by applicable law, all warranties on behalf of providers of Connected Sources and other third-party service providers are disclaimed, including all implied warranties of merchantability, fitness for a particular purpose and non-infringement. Such third-party service providers shall have no liability whatsoever for any consequential, special, punitive, indirect or incidental damages arising out of or relating to your use of the Service.

8.3 Nothing in these Terms limits any liability that cannot be limited under mandatory law, including liability for wilful misconduct, gross negligence, personal injury or non-waivable consumer rights.

8.4 You acknowledge that the Service must not be used as a basis for decisions in acute medical situations, and that we are not liable for any health-related consequences arising from your use of the Service or your interpretation of the data presented therein.

9. Third-party providers and use of data from Connected Sources

9.1 The Service relies on data made available by providers of Connected Sources (e.g. wearable manufacturers and health platforms). Each such provider is a third-party beneficiary of clause 8 and the relevant provisions of this clause 9, and may enforce these provisions against you to the extent permitted by applicable law.

9.2 We will only access, collect, store, aggregate or use data from a Connected Source ("Source Data") for the purposes you have authorised through the Service and as expressly permitted by the relevant Connected Source provider.

9.3 We will not sell, license, lease or otherwise commercially transfer Source Data to any third party, including advertisers or data brokers, even if you would consent to such transfer. Source Data will only be disclosed to data processors acting on our behalf under a written data processing agreement, to the extent necessary to provide the Service.

9.4 We will respect the privacy settings and authorisation scopes you configure with each Connected Source. If you revoke an authorisation, we will stop accessing new Source Data from that source. Source Data already retrieved will be handled in accordance with the privacy policy in Part B.

9.5 Providers of Connected Sources may at any time make changes to their data, functionality or terms, which may affect the availability or content of Source Data within the Service. We are not responsible for any such changes.

10. Suspension and termination

10.1 You may terminate the agreement at any time by deleting your account in the Service or by contacting us at support@youwell.no.

10.2 We may suspend or terminate your access to the Service if you materially breach the Terms, if necessary for security or legal reasons, or if the Service is discontinued. In the case of serious breaches, suspension may take place without prior notice.

10.3 Upon termination of the agreement, your personal data will be handled as described in the privacy policy.

11. Changes to the Terms

11.1 We may modify these Terms. Material changes will be communicated at least 30 days before they take effect, by email or through a notice in the Service.

11.2 Your continued use of the Service after a change has taken effect constitutes acceptance of the new Terms. If you do not accept the changes, you may terminate the agreement before they take effect.

12. Governing law and venue

12.1 These Terms are governed by Norwegian law.

12.2 The parties shall seek to resolve any disputes amicably. Failing this, disputes shall be brought before the ordinary courts, with Bergen District Court (Bergen tingrett) as the agreed venue. Consumers may also contact the Norwegian Consumer Authority (Forbrukertilsynet), the Consumer Council (Forbrukerrådet), or use the European Commission’s online dispute resolution platform (ec.europa.eu/consumers/odr).

 

PART B — PRIVACY POLICY

This privacy policy describes how we process your personal data when you use the Service. We process personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Norwegian Personal Data Act.

13. Data controller

Youwell AS, company registration number 916 293 739, C. Sundts gate 17–19, 5004 Bergen, Norway, is the data controller for the personal data processed through the Service.

Contact: support@youwell.no

14. Categories of personal data we process

14.1 Account and contact information

  • Name, email address, phone number, date of birth, gender

  • Username and encrypted password

  • Profile information you provide (e.g. height, weight, training goals)

14.2 Health Data and Activity Data from Connected Sources

When you authorise a Connected Source, we collect data including:

  • Activity and exercise: steps, workouts, distance, duration, intensity, calories burned

  • Heart-related measurements: heart rate, resting heart rate, heart rate variability (HRV)

  • Sleep: sleep duration, sleep stages, sleep quality

  • Health measurements: blood pressure, weight, body composition, blood glucose, body temperature

  • Location and GPS data linked to workouts

Which categories of data are actually collected depends on which sources you connect and which data those sources support.

Special categories of personal data. Health data constitutes a "special category of personal data" under Article 9 GDPR and requires a separate legal basis for processing. We process such data on the basis of your explicit consent, cf. Article 9(2)(a) GDPR.

14.3 Technical data about use of the Service

  • IP address, device type, operating system, browser

  • Usage logs, including timestamps for connections and data collection

  • Cookies and similar technologies (see separate cookie statement)

15. Purposes and legal bases

We process your personal data for the following purposes:

a) To provide the Service. Processing data so that you can create an account, connect sources, receive insights and use the features of the Service. Legal basis: performance of a contract, Article 6(1)(b) GDPR. For health data: explicit consent, Article 9(2)(a) GDPR.

b) To improve and develop the Service. Analysing usage patterns, troubleshooting and developing new features. Legal basis: legitimate interests, Article 6(1)(f) GDPR. We use pseudonymised or aggregated data where possible. Health data is only processed for this purpose if you have given separate consent.

c) Security and abuse prevention. Preventing and detecting fraud, abuse and security incidents. Legal basis: legitimate interests and legal obligation, Article 6(1)(f) and (c) GDPR.

d) Communication. Sending operational messages, support communications and — where you have consented — marketing. Legal basis: contract, legitimate interests or consent.

e) Compliance with legal obligations. For example bookkeeping and accounting legislation. Legal basis: legal obligation, Article 6(1)(c) GDPR.

16. Sources of data

  • Directly from you, through registration and use of the Service.

  • From Connected Sources you authorise (wearables, health apps, health platforms).

  • Automatically through your interaction with the Service (technical data, logs).

17. Sharing of personal data

17.1 We do not sell, license, lease or otherwise commercially transfer your personal data to any third party, including advertisers or data brokers, even if you would consent to such transfer. This restriction applies in particular to data we receive from Connected Sources.

17.2 We may share data with the following categories of recipients:

  • Data processors providing services on our behalf, including the provider of the integration service for Connected Sources, cloud hosting providers, email and customer-communication tools, analytics tools, and customer support solutions. These are bound by data processing agreements.

  • Connected Sources, to the extent necessary to retrieve the data you have authorised.

  • Public authorities, where we are legally obliged to do so.

  • Potential acquirers in the context of a merger, acquisition or sale of business, provided that the recipient undertakes to maintain a comparable level of protection.

17.3 An up-to-date list of our sub-processors can be made available upon request.

18. Marketing communications and opt-out

18.1 We will only send you marketing communications where you have given your prior consent or where this is otherwise permitted by applicable law.

18.2 You may at any time withdraw your consent and opt out of receiving marketing communications, by using the unsubscribe link included in each marketing message, by adjusting the settings in the Service, or by contacting us at support@youwell.no.

18.3 We do not use data received from Connected Sources for direct marketing or advertising purposes.

19. Transfers to countries outside the EEA

Some of our data processors may be located outside the European Economic Area (EEA). Where such transfers occur, we ensure an adequate level of protection, primarily through the European Commission’s Standard Contractual Clauses (SCCs), supplementary measures (encryption, pseudonymisation) and — where relevant — adequacy decisions issued by the European Commission (e.g. the EU–U.S. Data Privacy Framework).

You may contact us at support@youwell.no for further information about the relevant transfers and the safeguards in place.

20. Retention period

We retain personal data for as long as necessary for the purposes for which it was collected, as set out below:

  • Account and user data: for as long as you have an active account.

  • Health Data and Activity Data: for as long as you have an active account, or until you withdraw your consent or delete the data.

  • Logs and technical data: typically 12 months, longer in security-related cases.

Upon termination of our agreement with the provider of a Connected Source, or where required by that provider, we will promptly cease using and delete the relevant Source Data, except to the extent retention is required by law.

When the purpose of storage has been fulfilled, the data is deleted or anonymised.

21. Your rights

You have the following rights under the GDPR:

  • Access — you may request access to the personal data we hold about you.

  • Rectification — you may request that inaccurate data be corrected.

  • Erasure ("right to be forgotten") — you may request that data be deleted where the conditions are met.

  • Restriction — you may request that processing be restricted in certain situations.

  • Data portability — you may receive your data in a structured, commonly used and machine-readable format, and transfer it to another data controller.

  • Objection — you may object to processing based on legitimate interests.

  • Withdrawal of consent — you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

  • Lodge a complaint with a supervisory authority — you may lodge a complaint with the Norwegian Data Protection Authority (datatilsynet.no) or the supervisory authority in your EEA country.

You may also revoke any authorisation you have given to a Connected Source, either through the Service or directly with the relevant provider, and we will respect any privacy settings you configure with that provider.

To exercise your rights, please contact us at support@youwell.no. We will respond without undue delay and within 30 days at the latest.

22. Automated decision-making and profiling

We do not use automated decision-making that produces legal effects or similarly significant effects.

 

23. Security

We have implemented technical and organisational measures appropriate to ensure the confidentiality, integrity and availability of personal data, including encryption in transit (TLS) and at rest, access controls, logging, regular security testing and staff training.

In the event of a personal data breach, we will notify the Norwegian Data Protection Authority within 72 hours where required, and notify you where the breach is likely to result in a high risk to your rights and freedoms.

24. Changes to the privacy policy

We may update the privacy policy in response to changes in law, practice or the Service. Material changes will be communicated by email or through a notice in the Service well in advance of taking effect.

25. Contact

Questions about the Terms or about the processing of personal data may be addressed to:

Youwell AS

C. Sundts gate 17–19, 5004 Bergen, Norway

Email: support@youwell.no

Visiting address:

C. Sundts gate 17-19, 5004 Bergen

Contact:

Organization number:

post@youwell.no

916 293 739

Postal address:

PO Box 234 Sentrum, 5804 Bergen

  • social-facebook-64x64
  • social-linkedin-64x64

© 2023 · Youwell AS

wp-wp-content_uploads_2017_06_Miljfyrtarn-norsk-farger.png

© 2023 · Youwell AS

bottom of page