By using this App, you agree to the collection and use of your information in accordance with this Policy. This Policy applies to users who are residents of the United States and complies with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Texas Data Privacy and Security Act (TDPSA), and other applicable U.S. state and federal privacy regulations. In the event of any conflict between this Policy and applicable regulations, the relevant regulation shall prevail.
The ORing app and compatible accessories (such as the ORing smart ring) are consumer fitness and wellness products. They are not medical devices and are not intended for medical diagnosis, treatment, or clinical monitoring. Information in the App is for general wellness reference only.
The information described below constitutes foundational data necessary for this App to deliver its core services — including wellness and fitness tracking, device connectivity, data synchronization, and activity tracking. The absence of any category of such information will prevent core functions from operating properly.
Required Basic Information Categories and Justifications
Device Basic Information (device model, OS version, Bluetooth identifier, hardware identifier, etc.)
Justification: Used for smart device pairing, connection stability assurance, fault diagnosis, and account security verification.
Note: Hardware identifiers and similar device information will be anonymized or de-identified. Once processed, such data cannot be used to identify you personally and will not be used for any additional purpose.
Health Basic Data (heart rate, step count, sleep data, oxygen level from wearables (wellness reference), body temperature, motion sensor data, etc.)
Justification: Used to generate wellness insights and activity summaries, activity records, data displays, and status alerts as part of our core services.
Note: Health basic data constitutes sensitive personal information requiring heightened protection. We process this data only with your explicit consent, strictly adhering to the principles of purpose limitation and data minimization. It will not be used for any purpose unrelated to the service, and additional security safeguards are applied. This App does not sell or share your health data for cross-context behavioral advertising, in compliance with CCPA/CPRA requirements for the handling of sensitive personal information.
Account Basic Information (email address, identifier, registration information)
Justification: Used for identity verification, account management, cloud data synchronization, and secure storage.
Note: Account identifiers are stored with strict encryption. Email addresses are used solely for account verification and security notifications, are not sold to any third party, and are not used for marketing purposes, in compliance with CCPA/CPRA requirements regarding the storage and use of personal information.
Supplementary Statement: This App and its related services do not constitute a Covered Entity or Business Associate as defined under the Health Insurance Portability and Accountability Act (HIPAA), nor do they provide medical services or medical advice.
All information collection and use described in this section adheres to the principle of minimum necessity. We do not sell your personal information, nor do we share your personal information with third parties for cross-context behavioral advertising. All personal information is processed solely for the purposes expressly stated in this section.
Health Data
This App connects to smart wearable devices (such as smart rings) via Bluetooth to read wellness- and activity-related data. Such data includes: heart rate, step count, sleep data, oxygen level from the wearable (wellness reference), skin temperature (surface temperature, not core body temperature), biological sex, and date of birth. We use this data to generate personalized wellness insights and activity analyses, and to help assess your heart rate zones and physical condition. We will not use your health data for marketing or advertising purposes, nor will it be sold to any third party.
Supplementary Notes:
You may withdraw your consent to the processing of health data at any time, upon which we will cease processing your health data.
Health data is retained for the duration of your active account period. Following voluntary account cancellation, we will delete all of your health data within a reasonable timeframe (generally within 30 days). If you have not logged in for more than 12 consecutive months, your account may be treated as inactive. Prior to deletion, we will send a notification to your registered email address, providing you with a 30-day window to log in and retain your data.
Your health data is stored on AWS U.S. servers (AWS us-east-1, Virginia) with no cross-border transfer, ensuring all data processing meets applicable U.S. regulatory requirements.
Location Information
This App accesses your precise location (GPS) solely for distance calculation and route display within the activity tracking function. Location data is collected only while you have actively enabled the activity tracking function and collection ceases immediately upon the conclusion of the activity. As a general principle, location data is processed in real time on your device locally and is not proactively uploaded to any server. Where log information is necessary for functional implementation or technical debugging purposes, such data will be anonymized and will not be used to identify users, nor will it be sold or used for advertising purposes.
Supplementary Note: Location information constitutes personal information under CCPA/CPRA and is collected only with your explicit authorization. You may disable location permission at any time through your device's system settings or the App's permission management interface, upon which we will immediately cease collecting such information.
Camera and Photo Library
We access camera permission for avatar photo capture and issue feedback photo uploads; we access photo library permission to allow avatar image selection, issue feedback image selection, and saving of shared images to your photo library. The above functions are triggered only when you actively authorize and use them. We do not access your camera or photo library in the background.
Bluetooth
We access Bluetooth permission to connect and synchronize your smart wearable device. Bluetooth data is used solely for device pairing and health data synchronization and will not be used to track your location or identity. When you actively trigger a synchronization, the synchronized health data is uploaded to our AWS U.S. servers via an encrypted HTTPS connection for the purpose of providing data analysis services, with no cross-border transfer.
Notifications
We access notification permission to send you application messages, health reminders (such as low battery alerts), and status updates. If notification permission is disabled, important security notifications — such as data breach alerts — remain accessible within the App at My > Settings > Privacy Settings > Compliance Notifications.
You may independently control the following non-core permissions via My > Settings > Privacy Settings > Device Privacy Permissions: precise location permission, camera permission, photo library permission, and notification permission.
Upon disabling precise location permission: The activity tracking function will remain available, but distance calculations will be inaccurate. Core functions such as wellness insights, sleep summaries, and data synchronization will not be affected.
Upon disabling camera, photo library, or notification permissions: Only the associated functions will be unavailable. The App's primary services will not be affected.
Depending on your state of residence, you may be entitled to the following privacy rights under applicable U.S. state privacy laws.
California Residents (CCPA/CPRA)
California residents are entitled to the following rights, for each of which this App provides a corresponding functional entry point:
Right to Know: You have the right to know the categories and specific content of personal information we collect, use, disclose, and sell.
Right of Access: You have the right to access the personal information held by this App about you, including information collected within the past 12 months. Request entry: My > Settings > Privacy Settings > Information Rights > Information Access. We will respond within 45 days of receiving a verifiable request. If an extension is required, the maximum extension period is 90 days, and you will be notified in advance.
Right of Deletion: You have the right to request the deletion of personal information we hold about you (except as required by law or regulation). Deletion entry: My > Settings > Privacy Settings > Information Rights > Information Deletion, or My > Settings > Account & Security > Cancel Account to delete your entire account.
Right of Rectification (CPRA): You have the right to request the correction of inaccurate personal information we hold about you. Correction entry: My > Settings > Privacy Settings > Information Rights > Information Correction.
Right to Data Portability (CPRA): You have the right to obtain a copy of your personal information in a structured, readable format. Request entry: My > Settings > Privacy Settings > Information Rights > Data Portability.
Right to Opt Out of Sale/Sharing: You have the right to opt out of the sale of your personal information or its sharing for cross-context behavioral advertising. This App does not sell or share your personal information for advertising purposes; therefore, this right does not need to be exercised.
Right to Limit Use of Sensitive Personal Information (CPRA): You have the right to restrict our use of sensitive personal information (including health data) to purposes limited to providing the services you have requested. You may exercise this right at My > Settings > Privacy Settings > Consent Management.
Right to Non-Discrimination: Exercising any of the above rights will not result in discriminatory treatment (such as denial of service, additional charges, or reduced service quality).
Residents of Other States (Virginia, Colorado, Connecticut, Texas, etc.)
Eligible residents of the above states are entitled to the rights of access, rectification, deletion, and data portability, as well as the right to opt out of targeted advertising (not applicable to this App) and the right to opt out of the sale of personal information (not applicable to this App), pursuant to their respective state privacy laws. Requests are handled in the same manner as for California residents. Please submit requests through the entry points described above or via the contact information provided at the end of this Policy. We will respond within the timeframes required by applicable regulations.
How to Submit a Request
All information rights requests are processed free of charge (except for requests that are manifestly unfounded or excessive). You may submit a request through: the in-App entry points described above; or by sending an email to privacy@opove.com, specifying your name, type of request, and contact information. We will verify your identity before processing your request.
This App entrusts the following third parties with the processing of personal information. We have implemented the necessary oversight and management of commissioned processors to ensure that personal information is processed lawfully and securely and does not exceed the scope of the commission. This App does not sell your personal information to any third party.
Your core business data is stored on AWS U.S. servers (AWS us-east-1, Virginia) with no cross-border transfer.
Details regarding third-party commissioned processing are available at My > Settings > Privacy Settings > Third-Party Commissioned Processing Information, including the name, processing purpose, data types, and privacy policy link for each commissioned processor.
Commissioned scope: Account authentication, identifier management
Data processed: Account identifier, email address (used solely for login authentication-related functions)
Data description: Strictly limited to what is necessary for the function; does not involve sharing of core business data.
Privacy Policy: https://www.apple.com/legal/privacy/
Commissioned scope: Map display, account authentication (location information is processed on-device only and is not uploaded)
Data processed: Account information, map logs (used solely to enable the relevant functions)
Data description: Strictly limited to what is necessary for the service; core business data is not shared with Google, in compliance with CCPA requirements.
Privacy Policy: https://policies.google.com/privacy
Commissioned scope: Crash collection, error diagnosis, performance monitoring
Data processed: Error logs, device information (de-identified or anonymized)
Data description: The relevant data has been de-identified or minimized and is not generally directly identifiable to individual users; however, it may in certain circumstances be considered personal information. We have taken measures to limit its scope of use. Core business data is not involved.
Privacy Policy: https://sentry.io/trust/privacy/
Information Inquiry
Details regarding commissioned processors are available at My > Settings > Privacy Settings > Third-Party Commissioned Processing Information.
Ova is an AI health data interpretation feature built into the O Ring App. It generates periodic analyses and reference reports based on health data you have authorized. Ova is not a real-time conversational AI; it generates interpretation reports only when you actively trigger it. If not triggered, no report will be generated. Interpretation results are stored solely in local in-app records or AWS U.S. backend logs, with no cross-border transfer.
When using the Ova feature, we will process your authorized health data (such as sleep, activity, and heart rate data) to generate and deliver an interpretation report only after you have actively triggered the AI analysis function. If you do not trigger this feature, we will not proactively process any related data. The data described above will not be used to identify you personally, will not be sold to any third party, and will not be used for advertising or marketing purposes.
You understand and acknowledge that the content provided by Ova is intended solely for health data interpretation and reference purposes, does not constitute a medical diagnosis, treatment recommendation, or any form of medical practice, and should not be relied upon for any medical decision. Data collected by wearable devices and AI analysis results may be subject to variance due to wearing method, environmental factors, or technical limitations. The interpretations provided do not guarantee complete accuracy or applicability to your specific circumstances. Opove assumes no responsibility for any decisions you make or consequences arising from your reliance on such interpretations.
Granular AI data authorization control: My > Settings > Privacy Settings > Ova Data Access — here you may independently control whether to allow the AI to analyze your health and activity data to generate reports. The option to use anonymized data for model improvement and new feature testing is disabled by default.
Automated decision-making statement: The AI features within this App generate health data interpretation reports and deliver them to you only after you have actively clicked to trigger the function. Even if you have already authorized access to the relevant health data, no interpretation report will be generated unless you actively trigger the function. The AI features do not make fully automated decisions that produce legal effects or similarly significant impacts on you. California residents who have concerns about an AI-generated report may submit a query via My > Settings > Privacy Settings > Feedback & Complaints, and we will respond within 7 business days.
Google Account Login (Google Sign-In)
Purpose of use: To provide one-tap login to this App using your Google account, for identity verification and account association.
Types of personal information collected: Basic profile information from your Google account (such as display name and profile photo), unique user identifier, and email address (subject to the scope of your authorization).
Data processing statement: Login information is processed by Google LLC within the United States. This App's core business data is stored on AWS U.S. servers and is not sold to any third party.
Operating entity: Google LLC (United States)
Privacy Policy: https://policies.google.com/privacy
Sign in with Apple
Purpose of use: To provide one-tap login to this App using your Apple account, for identity verification and account association.
Types of personal information collected: Your name (if you choose to provide it), an email address that may be hidden (or Apple's private relay email address), and a unique user identifier.
Data processing statement: Login information is processed by Apple Inc. within the United States. Apple will not use your personal information for advertising purposes. This App's core business data is stored on AWS U.S. servers and is not sold to any third party.
Operating entity: Apple Inc. (United States)
Privacy Policy: https://www.apple.com/legal/privacy/
In accordance with CCPA/CPRA requirements, this App hereby declares: we do not sell your personal information, nor do we share your personal information with third parties for cross-context behavioral advertising. Accordingly, you do not need to exercise your right to opt out of sale/sharing. However, if you wish to obtain written confirmation of this, you may send an email to privacy@opove.com and we will respond accordingly.
Pursuant to California Civil Code § 1798.83, California residents have the right to request, once per calendar year, information regarding our disclosure of their personal information to third parties for direct marketing purposes. This App does not disclose your personal information to any third party for direct marketing purposes. If you have any questions, please send an email to privacy@opove.com.
For privacy-related inquiries or complaints, please contact us via:
Privacy team: Opove Privacy Team
Privacy Officer: Sven Ma
Email: privacy@opove.com
In-App entry: My > Settings > Privacy Settings > Submit a Complaint
Upon receipt of a complaint, we commit to: sending an acknowledgment of receipt within 3 business days; completing the investigation and providing a written response within 30 business days; and, if an extension is required during the investigation, notifying you in advance of the reason and estimated completion date.
California residents who are dissatisfied with how we have handled their matter may file a complaint with the California Privacy Protection Agency (CPPA):
CPPA official website: https://cppa.ca.gov | Contact email: info@cppa.ca.gov
We take the security of your information seriously. We have established a comprehensive information security management framework and implemented security measures including AES-256-GCM field-level encrypted storage, TLS 1.3 transmission encryption, end-to-end transmission protection, access control, and security auditing. However, please be aware that no method of electronic transmission or storage is 100% secure.
In the event of a personal information breach that may materially affect your rights and interests, we will notify affected residents and relevant regulatory authorities in a timely manner in accordance with applicable U.S. state law requirements. Breach notifications (data breaches / security incidents) are available at My > Settings > Privacy Settings > Compliance Notifications, where historical breach events, affected data, remedial measures, and recommended user actions are displayed.
We may update this Privacy Policy from time to time. In the event of any material change, we will notify you in advance via in-App notification and to your registered email address, and will re-obtain your consent where necessary. The updated Policy takes effect upon publication. Without your consent, we will not amend this Policy in any manner that permits additional collection of your personal information or any other material modification.
Service provision: This App is provided on an "as is" basis. While we endeavor to ensure the stability and accuracy of the service, we do not guarantee that the service will be uninterrupted or error-free at all times, nor do we guarantee the absolute accuracy of data.
Limitation of liability: To the maximum extent permitted by law, we shall not be liable for indirect losses or data loss that are not attributable to our intentional misconduct or gross negligence. This provision does not affect any mandatory rights conferred upon you by CCPA/CPRA or applicable U.S. state regulations.
This disclaimer applies to the maximum extent permitted by law and does not affect any mandatory rights conferred upon you by applicable U.S. state privacy laws and regulations.