Terms of Service

Version 2.1 - Updated on 20 January 2026 These General Terms and Conditions ("GTC") govern the contractual relationship between the user ("User" or "Consumer") and SanoLabs GmbH, Lahnstraße 68, 65195 Wiesbaden, Germany, ("SanoLabs GmbH" or "we"). They apply to the use of our applications, websites, products, and services. The GTC are binding upon acceptance by the User. Please review them carefully prior to any use of our services. Part 1 - General Terms and Conditions I. Structure and Composition The contractual documentation consists of: 1. Part 1 - General Terms and Conditions (GTC): Definitions, scope, rights, and obligations. 2. Part 2 - General Terms and Conditions of Use (GTCU): Rules governing the operation and use of the App, Services, and Products. These documents together constitute the contractual framework between the User and SanoLabs GmbH. Your use of our Products is also subject to our Data Privacy Policy and other applicable terms. II. Definitions • App: The Sam software application (formerly Viraa) developed and operated by SanoLabs GmbH, accessible via smartphones or other compatible devices. • Consumer: Any natural person acting for purposes outside their trade, business, craft, or profession. • Contract: The contractual relationship established between SanoLabs GmbH and the User upon registration or other confirmation of consent. • Services: All digital content and connected digital health services provided by SanoLabs GmbH, including but not limited to: o Creation and maintenance of User Accounts, o Collection, storage, and analysis of personal health-related data, o Visualisation of collected data in graphical form, o Provision of recommendations or programs concerning for, amongst others, exercise, nutrition, and sleep, o Transmission of product information, company news, and marketing announcements, o Access to customer support services. • Products: All digital and non-digital goods and services provided by SanoLabs GmbH, including the App. • User Account: The personal account enabling authenticated access to the App and Services. • Visitors: Individuals who access the SanoLabs GmbH website or App without registering a User Account. III. Scope and Application 1. These GTC apply to all Products and Services offered by SanoLabs GmbH. 2. By creating a User Account, downloading the App, or otherwise using the Services, the User accepts these GTC. 3. Mandatory statutory consumer protection provisions remain unaffected. IV. Conclusion of Contract 1. Any presentation of Products or Services on the website or App constitutes a non-binding invitation to contract. 2. By completing registration or using the Services, the User makes a binding offer. The Contract is concluded when SanoLabs GmbH confirms the registration or permits access to the Services. 3. The contractual text is stored electronically by SanoLabs GmbH and transmitted to the User upon request. V. Right of Withdrawal 1. Consumers are entitled to a statutory right of withdrawal of 14 days in accordance with §§ 355–356 BGB, unless an exclusion applies. 2. The right of withdrawal is excluded where provision of digital content has commenced with the User’s express consent and acknowledgement of the loss of the right of withdrawal (§ 356 Abs. 5 Nr. 2 BGB). 3. Withdrawal must be declared in text form (e.g., email to info@sanolabs.eu). VI. Contract Term and Termination 1. The Contract remains valid for the duration of use of the App, Products, or Services. 2. The User may terminate the contractual relationship at any time by sending a declaration in text form to info@sanolabs.eu. Termination shall become effective upon receipt of the notice by SanoLabs GmbH. 3. SanoLabs GmbH may terminate the contractual relationship for good cause, including but not limited to: o Serious breach of these GTC or statutory provisions by the User, o Use of the App for unlawful or abusive purposes, o Manipulation of data or technical interference. o Refusal by the User to consent to material amendments of these GTC as communicated in accordance with Section VII 4. Inactive Accounts: An account shall be deemed inactive if the User has not logged in or otherwise interacted with the App for a period of three (3) years. SanoLabs GmbH may delete inactive accounts after prior notification and a grace period of ninety (90) days. All data will then be deleted in accordance with statutory retention periods. VII. Amendments 1. SanoLabs GmbH may amend these GTC where necessary to reflect changes in legal requirements, technical developments, or minor adjustments to Services that do not materially affect the User’s rights and obligations. Such amendments will be communicated to the User in text form (e.g., email, in-app notification) at least thirty (30) days before they take effect. The User may object within this period; if the User objects, either party may terminate the contract. 2. Material changes that substantially alter the contractual balance (e.g., introduction of new fees, limitations of services) require the User’s express consent. Continued use of the Services without such consent does not constitute acceptance and does not create a breach; in this case, the existing contract remains in force under the old terms until the User either provides consent or SanoLabs GmbH terminates the contract in accordance with Section VI. VIII. Communications 1. SanoLabs GmbH will communicate with the User electronically (email, in-app notifications). Communications are deemed received on the day of transmission. 2. The User must ensure that the registered contact details are up to date and regularly checked. 3. Electronic records generated by SanoLabs GmbH’s systems serve as evidence, subject to statutory evidentiary provisions. IX. Liability 1. SanoLabs GmbH shall be liable without limitation for intent (Vorsatz) and gross negligence (grobe Fahrlässigkeit). 2. Liability for injury to life, body, or health caused by negligence shall not be excluded. 3. In cases of slight negligence, SanoLabs GmbH shall be liable only for breaches of essential contractual obligations (Kardinalpflichten), and only for foreseeable, contract-typical damages. 4. Statutory mandatory liability (e.g., under the Produkthaftungsgesetz) remains unaffected. X. Warranty (Gewährleistung) 1. Statutory warranty rights apply to all Products and Services, unless expressly excluded where permissible by law. 2. For gratuitous Services, liability for defects is limited to intent and gross negligence. 3. Warranty periods are governed by statutory law, generally two years for Consumers. XI. Governing Law and Jurisdiction 1. These GTC are governed by the laws of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG). 2. For Consumers resident in the European Union, mandatory consumer protection laws of their country of residence shall also apply. 3. Exclusive jurisdiction for merchants is Wiesbaden, Germany. For Consumers, statutory rules on jurisdiction apply. XII. Force Majeure SanoLabs GmbH shall not be liable for non-performance due to events beyond its reasonable control, including but not limited to natural disasters, epidemics, armed conflicts, strikes, cyberattacks, governmental actions, or supply shortages. XIII. Severability Should any provision of these GTC be held invalid, the remaining provisions shall remain enforceable. The invalid provision shall be replaced by a valid one which most closely approximates the intended economic purpose. Part 2 – General Terms and Conditions of Use (GTCU) I. Access to Services 1. The App is available via the Apple App Store and Google Play Store. The User must comply with the applicable store’s terms of use. 2. SanoLabs GmbH endeavours to provide access to the Services without interruption but does not warrant continuous availability. Scheduled maintenance or unforeseen interruptions will be communicated where possible. II. User Accounts 1. Users must be at least 18 years of age. Minors may register only with verifiable parental consent in compliance with applicable law. 2. The User is responsible for the accuracy of information provided during registration. 3. The User must keep login credentials confidential and ensure secure use of the account. Any use by third parties is attributed to the User unless SanoLabs GmbH is at fault. 4. Users may delete their account at any time. SanoLabs GmbH may suspend or delete accounts for material breach or prolonged inactivity, subject to prior notice. III. Use of Services 1. Services may only be used for personal, non-commercial purposes. 2. Prohibited uses include: o Violation of applicable laws or third-party rights, o Reverse engineering, decompilation, or attempts to access source code, o Automated data collection (scraping, harvesting, crawling), o Manipulation, interference, or disruption of the App or Services, o Circumvention of security measures, o Use of the App in bad faith or for fraudulent purposes. IV. Health Disclaimer 1. The App provides lifestyle and wellness information. It does not constitute a medical device within the meaning of Regulation (EU) 2017/745 (MDR). 2. The App does not provide medical diagnosis, treatment, or replace professional medical advice. 3. Users with health concerns must seek professional medical consultation without delay. V. Intellectual Property and Licence 1. All intellectual property rights in the App, Products, and Services remain vested in SanoLabs GmbH or its licensors. 2. The User is granted a limited, non-exclusive, non-transferable licence to use the App and Services in accordance with these GTCU. 3. The licence does not entitle the User to reproduce, distribute, sublicense, resell, or combine the App with third-party software or hardware without prior written consent. VI. Updates and Third-Party Features 1. SanoLabs GmbH may provide updates, upgrades, or modifications to maintain security and functionality. Users are obliged to install such updates. 2. Features provided by third parties are subject to separate terms. SanoLabs GmbH is not liable for third-party content or malfunctions. VII. Data Handling and Account Security 1. The User is responsible for implementing adequate technical measures, such as secure passwords, device protection, and software updates. 2. Data transmission to third parties, including healthcare professionals, is at the User’s risk. SanoLabs GmbH assumes no responsibility for security once the data leaves its systems. VIII. Limitations of Use 1. The App is not designed to substitute medical treatment or consultation. 2. The App may not be used in jurisdictions where such use would violate applicable law. Data Privacy Policy Version 2.1 – Updated on 20 January 2026 I. Introduction SanoLabs GmbH takes the protection of your personal data seriously. This Privacy Policy explains how we collect, process, and protect your data when you use the Sam App (formerly Viraa), our website, and related services. We comply with the EU General Data Protection Regulation (GDPR), the Bundesdatenschutzgesetz (BDSG), and all other applicable data protection laws. Marketing language has been avoided to ensure legal clarity. II. Definitions • Personal Data: Any information relating to an identified or identifiable individual (Art. 4(1) GDPR). • Health Data: Personal Data concerning health status (Art. 4(15) GDPR). Processing requires explicit consent (Art. 9(2)(a) GDPR). • Anonymized Data: Data that has been irreversibly altered so that identification of a person is impossible. • Pseudonymized Data: Data that can only be attributed to a person with additional separate information. • Data Controller: SanoLabs GmbH, which determines purposes and means of processing. • Processor: Any external entity processing data on behalf of SanoLabs GmbH, bound by data processing agreements under Art. 28 GDPR. III. Sources of Personal Data We collect data in the following contexts: 1. Website visits: IP address, browser type, and usage data via cookies (see cookie policy). 2. Account creation: Identity and login information (name, email, password, date of birth). 3. Use of Services: Physiological and technical data, e.g., steps, heart rate, sleep patterns, depending on device permissions. 4. Targeted communication: User segmentation for communication preferences and advertising. Health Data is not shared with third parties. 5. Support and contact: Data provided when contacting support (name, request content). 6. Research participation: Responses to questionnaires, with separate explicit consent. 7. Automatically collected data: Device identifiers, IP addresses, geolocation (if consented). IV. Legal Bases for Processing 1. Contract performance (Art. 6(1)(b) GDPR): Account creation, provision of services. 2. Consent (Art. 6(1)(a) GDPR; Art. 9(2)(a) GDPR for Health Data): Research participation, Health Data processing, marketing. 3. Legal obligation (Art. 6(1)(c) GDPR): Tax, accounting, vigilance obligations. 4. Legitimate interest (Art. 6(1)(f) GDPR): Fraud prevention, IT security, improvement of services – excluding Health Data. V. Consent and Withdrawal 1. Consent is obtained separately and explicitly for Health Data, research, and marketing. 2. Users may withdraw consent at any time with effect for the future via in-app settings or by emailing privacy@sanolabs.eu. Withdrawal shall be as easy as giving consent. 3. For minors, parental consent is required (Art. 8 GDPR). VI. Retention of Data 1. Personal Data is stored only as long as necessary for the purposes outlined, or as legally required. 2. Examples: o Support tickets: max. 3 years, unless legal claims require longer. o Accounting data: 10 years (HGB/AO). o Vigilance/adverse event reports: 10 years unless longer required under medical device law. o Health Data: until account deletion or withdrawal of consent. 3. Backup data: Backups cannot be individually modified but are overwritten in cycles to ensure compliance. 4. Inactive accounts: Deleted after 3 years of inactivity, following 90 days’ notice. VII. Data Sharing and Transfers 1. Internal sharing: Only with authorized staff bound by confidentiality. 2. Processors: IT providers, hosting providers, and support partners under Art. 28 GDPR agreements. 3. Third-country transfers: Only where safeguards exist under Art. 46 GDPR (Standard Contractual Clauses, adequacy decisions). 4. Legal disclosures: Data may be shared when required by law, with prior notice unless prohibited. 5. Research partners: Only anonymized or aggregated data is shared. VIII. Security Measures 1. SanoLabs GmbH implements appropriate technical and organizational measures (Art. 32 GDPR), including encryption, pseudonymization, access controls, and regular audits. 2. In case of a data breach, SanoLabs GmbH will notify the supervisory authority within 72 hours (Art. 33 GDPR) and affected users without undue delay (Art. 34 GDPR). IX. User Rights Users may exercise the following rights: 1. Right to information and access (Art. 15 GDPR). 2. Right to rectification (Art. 16 GDPR). 3. Right to erasure (Art. 17 GDPR). 4. Right to restriction (Art. 18 GDPR). 5. Right to portability (Art. 20 GDPR). 6. Right to object (Art. 21 GDPR), including: o General right to object to processing based on legitimate interests, o Absolute right to object to processing for direct marketing. 7. Right to withdraw consent (Art. 7(3) GDPR). 8. Right to lodge a complaint with the competent supervisory authority. Requests should be sent to privacy@sanolabs.eu. Proof of identity may be required. Responses will be provided within one month. X. Automated Decision-Making SanoLabs GmbH does not use personal data for automated decision-making or profiling within the meaning of Art. 22 GDPR. XI. Hosting and Storage 1. Health Data is stored exclusively in Germany on Google Cloud servers. 2. Other Personal Data may be processed outside the EEA only with adequate safeguards. XII. Severability and Link to GTC This Privacy Policy is an integral part of the contractual framework with the User. If provisions conflict with mandatory law, statutory rules prevail. The remainder remains valid. U.S. Addendum – Privacy Rights for U.S. Residents If you are a resident of the United States, including California, the following additional rights apply under state and federal privacy laws such as the California Consumer Privacy Act (CCPA/CPRA) and comparable state laws. 1. No Sale or Sharing of Personal Information SanoLabs GmbH does not sell your Personal Information and does not share it for cross-context behavioral advertising within the meaning of CCPA/CPRA. 2. Rights of U.S. Residents In addition to the rights set out in the GDPR section of this Policy, U.S. residents may exercise the following rights: • Right to Know: You may request information about the categories and specific pieces of Personal Information we collect and disclose. • Right to Delete: You may request the deletion of Personal Information we hold about you, subject to legal retention requirements. • Right to Correct: You may request correction of inaccurate Personal Information. • Right to Opt-Out of Sale/Sharing: You may request that we do not sell or share your Personal Information. • Right to Limit Use of Sensitive Personal Information: You may request that we limit use and disclosure of sensitive information (e.g., health data, biometric data) to what is necessary to provide the Services. • Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights. 3. Exercising Your U.S. Rights You may exercise these rights free of charge by contacting us at privacy@sanolabs.eu. We may need to verify your identity before processing your request. Authorized agents may submit requests on your behalf where permitted by law. 4. Response Times We will respond to requests within the timelines required by applicable U.S. law (generally 45 days, extendable by an additional 45 days if necessary). 5. Data Breach Notification In addition to our GDPR obligations, in the event of a data breach affecting U.S. residents, we will provide notifications in accordance with applicable federal and state data breach notification laws (e.g., California Civil Code § 1798.82).