Effective date:  1 July 2024

1. Introduction

Allurion Technologies, Inc. ("us", "we", or "our") operates the Allurion mobile application (hereinafter referred to as the "App").

This privacy policy (“Privacy Policy”) describes how we collect, use, and share your Personal Data (defined below) collected through the App.  This Privacy Policy does not, however, cover information collected through Allurion’s website at https://allurion.com.  For further details on how we process your personal data in connection with our website, please see our Website Privacy Policy available here: https://www.allurion.com/en/privacy-policy

The protection and security of your personal data is important to us. Personal data means data about a living individual (including 20 years following the individual’s death if the individual is based in Canada) who can be identified from that data (or from that data and other data either in our possession or likely to come into our possession) (“Personal Data”). 

The App has been developed and is operated by Allurion Technologies, Inc. based at 11 Huron Drive, Natick, MA 01760 USA. Allurion Technologies, Inc., a Delaware corporation, is the controller of your Personal Data collected via the App.

2. Personal Data Collection and Use

We will process your Personal Data when you submit it in the following ways:

  • App Account Registration and Profile Details: When you create an App account, the following information will be stored: your name, gender, date of birth, height, date and location of balloon placement and placement clinic (if applicable),  language preference, phone number, email address, password, authentication details, and other registration information including your password for the App account. The App allows you to monitor your weight, body fat percentage, body water percentage, bone mass, muscle mass, body mass index, basal metabolic rate and visceral fat by connecting with your Bluetooth Allurion Scale. By connecting it with your Bluetooth Allurion Scale, the App will collect and store this Personal Data. The App may also collect and store additional health and fitness data (such as sleep data, exercise data and heart rate data) that you share from your mobile device, from Fitbit and/or from the Allurion Health Tracker device. You may also choose to share further information with the App regarding your health and personal circumstances (including, but not limited to, information relating to physical and mental health conditions, hunger levels, and marital status).
  • Customer Service: If you contact us about the App or for any other reason relating to customer service, we will keep a record of that contact. You may provide us with Personal Data when sending us your request. We will keep your email address in order to consider your request and respond to you.
  • Usage Data: When you access the App with a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, videos and screenshots of your user sessions, unique device identifiers, and other diagnostic data (“Usage Data”).
  • Location Data: We use location data, such as your current location, to search for clinics near you and to assist with syncing the Bluetooth Allurion Scale and Allurion Health Tracker device with the App. If you have allowed us to collect it, the location data we use will be based on your device’s location.
  • Messages and Video Consults: If you choose to do so, the App will connect you with your selected clinic either via the Messages feature or a Video Consult. If you choose to connect to your selected clinic via the App’s Messages feature, Allurion will have access to the contents of your text messages, as well as any responses from your selected clinic. Please note, however, if you choose to connect to your clinic via the Video Consult feature, Allurion will not be able to access the online consultation.
  • Conversations: If you participate in conversations with or otherwise use Allurion’s artificial intelligence (AI) health coach, Coach Iris, we will use, collect and share information, including those conversations, as described in section 4 below.

3. The Reasons for Using Your Personal Data

To the extent we collect Personal Data from you, as described in this Privacy Policy, we use such information for the purposes listed below; and where we are not otherwise required under applicable law to seek your consent for such processing, we rely on the legal bases listed below (in respect of individuals located in the European Economic Area (EEA) and the United Kingdom). Note that, in certain circumstances detailed below, we will process Personal Data on more than one legal basis depending on the specific purpose for which we are using your Personal Data.

Purpose

Legal Basis

To provide and maintain the services that are provided through the App.

Performance of a contract

To notify you about changes to the App.

Performance of a contract or our legitimate interests

To allow you to participate in interactive features of the App, including sharing your App data with your family and friends when you have chosen to do so, and sharing App data with your selected Allurion clinic and healthcare providers.

Performance of a contract; our legitimate interests; public interest in the area of public health; or your consent

To coordinate the care provided to you by your selected Allurion clinic and health care providers.

Performance of a contract; our legitimate interests; or your consent

To provide customer support when it is requested by you.

Performance of a contract or our legitimate interests

To gather analysis and/or valuable information (including by analyzing and evaluating your usage of the App, the content of your messages/conversations with App features and/or by asking you to participate in market research and surveys) so that we can continue to develop, test, assess the quality of our App features, train our artificial intelligence models, improve our products and the App and to offer new and/or enhanced functionality and features.

Our legitimate interests or public interest in the area of public health; or your consent

To better understand how you interact with the App, including its functionality and features, as well as ensure the content is presented in the most effective manner.

Our legitimate interests

If you qualify for discounts on further purchases of our products, we will process your Personal Data to issue you with vouchers and/or discount codes.

Performance of a contract or our legitimate interests

To help search for Allurion clinics near to your location.

Our legitimate interests

To support the synchronization of the Bluetooth Allurion Scale and Allurion Health Tracker device with the App.

Performance of a contract or our legitimate interests

To help us fix any issue with the App, including where we respond to your questions or respond to your request for support, maintenance, troubleshooting, or other performance issues.

Performance of a contract or our legitimate interests

To conduct data analysis, testing and research, including for statistical purposes, and so that we can better understand the type of people who use our App and products such that we can develop and expand our consumer market.

Our legitimate interests or public interest in the area of public health

To conduct scientific research relating to the App.

Our legitimate interests or public interest in the area of public health

To develop and implement security tools and mechanisms as part of our efforts to keep the App safe and secure.

Our legitimate interests

To measure the effectiveness and distribution of our advertising campaigns.

Our legitimate interests

To detect, prevent and address technical issues.

Performance of a contract or our legitimate interests

To improve the quality of health information provided by us and our affiliates.

Our legitimate interests; public interest in the area of public health; or your consent.

To improve and personalize the App experience and enable us and our affiliates to make better decisions based on the information you provide to us.

Our legitimate interests; public interest in the area of public health; or your consent.

4. Coach Iris

Coach Iris is a generative AI- powered health coach delivered via the App. Users may initiate conversations with Coach Iris on a range of topics.

If you decide to use Coach Iris, Coach Iris leverages third-party AI technology provided by our service providers. This technology is trained to generate intelligent and personalized responses in conversations with users. Coach Iris’ responses are based on information collected through the App. For example, if you ask Coach Iris to provide support on your weight management, it will provide personalized tips for managing your weight based on information you provide in your conversations and through the App.

For Coach Iris to provide you with relevant responses, Allurion will share your information with the AI service provider that powers Coach Iris. They will only use your Personal Data to generate responses to your chats; they will not use your data to train their AI models. Also, Allurion shares your conversations with Coach Iris with your selected Allurion clinic and/or healthcare provider(s). Allurion retains the history of your conversations with Coach Iris for this reason, so you have access to previous conversations, and also so Coach Iris can provide a better experience for you.

If you agree to use Coach Iris, Allurion will collect information (including Personal Data) about your experience with Coach Iris, and use this information (which may include your conversation history) to develop, test, assess the safety and accuracy, and improve the performance of Coach Iris.

5. Retention of Personal Data

We keep your account information, like your name, email address, and password, for as long as your account is in existence because we need it to operate your account. We may also be required to maintain your information to meet legal requirements. In some cases, when you give us Personal Data for a feature of the App, we delete the Personal Data after it is no longer needed for the feature and no longer required to be kept by law. If you choose to connect to your selected clinic via the App’s Messages feature, we will store your text messages between you and your clinic for two years.

We keep other information, like the Personal Data we obtain when you connect with your Bluetooth Allurion Scale, until you use your account settings or tools to delete the data or your account is no longer used, unless otherwise required or authorized by law. This is because we use this data to provide you with your personal statistics and other features of the App. We also keep information about you and your use of the App for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the “The Reasons for Using Your Personal Data” and “How we Share your Personal Data” sections. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

6. Storage of your Personal Data

Your information, including Personal Data, may be transferred to — and maintained on — computers and servers located in the United States or the EEA. Your information may also be accessed by Allurion affiliates or service providers in other jurisdictions. Where the storage or access location is outside of your state, province, country or other governmental jurisdiction, the data protection laws may differ from, and may not provide the same data protections as, those in your jurisdiction.

In those instances, we will take those steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and that no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place for the security of your data and other personal information.

For individuals based in the United Kingdom or the EEA: If you are based in the United Kingdom or the EEA, please be aware that when you use the App, your Personal Data will be stored by our Service Providers (as defined below) in the EEA; however, your Personal Data may also be accessed by Allurion Technologies, Inc. in the United States and other Allurion entities or service providers located outside your jurisdiction. For further details, please contact us using the details in the “Contact Us” section below.

7. How we Share your Personal Data

Business Transaction

If we are involved in a merger, acquisition, sale of company assets, financing, reorganization, bankruptcy, receivership, or transition of service to another provider, your Personal Data may be transferred, including as part of any due diligence process. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.

Affiliates

Affiliates of Allurion Technologies, Inc., including in the US and EEA, may receive your Personal Data. 

Disclosure for Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data if required or authorized to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Allurion Clinics

We will share your Personal Data if you select a clinic  so that it may provide its services to you and analyze your progress through the use of our products.

Disclosure for Service Providers

We engage third party companies and individuals to facilitate the App (“Service Providers”), provide the services through the App on our behalf, perform App-related services, and/or assist us in analyzing how the App is used.

These Service Providers have access to your Personal Data only to perform these tasks on our behalf and are obligated to keep such Personal Data confidential and not to disclose or use it for any other purpose.

Legal Requirements

Allurion Technologies, Inc. may disclose your Personal Data in the good faith belief that such action is necessary to:

  • To comply with the requirements of law or judicial proceedings or in the event of a request for cooperation from a government agency, whether or not required by law;
  • To protect and defend the rights or property of Allurion Technologies, Inc. and its affiliates, as well as users of the App;
  • To prevent or investigate possible fraud or wrongdoing in connection with the App and for risk management purposes;
  • To protect the security and personal safety of users of the App or the public; or
  • To protect against legal liability.

Other Subjects in Aggregate Form

We may share your Personal Data with third parties in aggregate or non-personally identifiable form.

8. Security of Personal Data

We have implemented appropriate administrative, technical and physical procedures and safeguards to protect the confidentiality, integrity, and availability of your Personal Data, as well as to ensure your Personal Data is processed securely and in accordance with this Privacy Policy. Please note, however, that no storage or transmission of Personal Data can be guaranteed as 100% secure. Consequently, while committing ourselves to protect the information in our possession, we cannot guarantee or ensure the total security of any information that you send us, including your health data.

You are responsible for protecting against unauthorized access to the App. You should use strong password security for both your Allurion account and for your mobile device, by using a mix of letters, numbers and symbols and a different password than you use for any other accounts that you may have. You must keep your passwords confidential and not share them with anyone.

We are not responsible for any lost, stolen or compromised passwords or for any access to your account from unauthorized users where such access is caused by your action or inaction. If you think your account has been compromised, please contact us as soon as possible, using the contact details in the “Contact Us” section below.

9. Exercising Your Rights

If you need to update your Personal Data, you can do so through the App. If you are unable to access that information for any reason, you can notify us of any changes to (or errors in) your Personal Data by contacting us at help@allurion.com.

Depending on where you are located, you may have the right to: (a) access the Personal Data we hold about you; (b) request we correct any inaccurate Personal Data we hold about you; (c) request we delete any Personal Data we hold about you; (d) restrict the processing of Personal Data we hold about you; (e) object to the processing of Personal Data we hold about you; (f) not be subject to automated decision-making; and/or (g) receive any Personal Data we hold about you in a structured and commonly used machine readable format or have such Personal Data transmitted to another company.

Please note that we may ask you to verify your identity before responding to such requests.

Where you have been asked to consent to the processing of your Personal Data, you can withdraw consent, such as by contacting us using our contact details below. Any withdrawal of consent will not affect the lawfulness of the processing based on your consent before the withdrawal. Please also note that when you withdraw consent, we will only stop processing your Personal Data that relates to the specific subject matter of the withdrawal.

To exercise any of your rights in connection with your Personal Data, please contact us using the contact information in the “Contact Us” section below. Additionally, you may have the right to complain to a Data Protection Authority in your country about our collection and use of your Personal Data.

10. Links to Other Sites

This Privacy Policy applies only to the App.  The App may contain links to  websites that are not operated or controlled by us (“Third Party Sites”). If you click a third party link, you will be directed to that Third Party Site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any Third Party Sites or the services offered by such sites.

11. Privacy of Minors

Generally, our App does not target or address anyone under the age of 18 (“Minors”).

We do not knowingly collect Personal Data from Minors; however, if you are based in Chile, you may use our App if you are aged 15 or over.

If you are a parent or guardian and you are aware that a Minor has provided us with Personal Data, please contact us using the details provided in the “Contact Us” section below. If we become aware that we have collected Personal Data from a Minor without verification of parental consent, we will take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We may update our Privacy Policy at any time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our App prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Where required by law, we will provide you the opportunity to read the revised policy so that you may decide whether you wish to continue to use the App. Your continued use of the App after the changes to this Privacy Policy will be deemed to be your acceptance of those changes.

13. Contact Us

We have appointed Allurion France S.a.s., with its address at 6 Boulevard Montmartre 75009 Paris, France as our EU data protection representative that you may contact if you are based in the EEA.

If you have any questions about this Privacy Policy, please contact us:

  • By email: help@allurion.com

14. If you are accessing the App from Mexico

a) Your Access, Rectification, Cancellation or Opposition (“ARCO”) rights.

To exercise any of your ARCO rights in connection with your Personal Data, please contact us at: help@allurion.com. When you choose to access, rectify, update, oppose, limit the use or divulging, or cancel your Personal Data, your request must include, at least, the following:

  • Your name, address and e-mail address or any other means by which you wish for us to send our response to your request;
  • Documents evidencing your identity or your legal representative, as applicable;
  • A clear and precise description of the Personal Data you are exercising your rights in relation to. In the event of a request for rectification, you shall state the required modifications and provide supporting documentation; and
  • Any other supporting information that facilitates us locating your Personal Data.

Unless you expressly indicate that you want to receive a reply by different means, we will respond to your request via the email address provided on your application within a maximum period of twenty (20) business days from the date the request was received. If we are required to do so, we will action your request within fifteen (15) business days from the date we responded to your request. In the case of requests for access to Personal Data, we will provide you with a copy of your Personal Data, provided we have prior proof of your identity or that of your legal representative, as applicable.

These deadlines may be extended once (for an equal period), if justified by the circumstances. Provided that the withdrawal of your consent does not result in us being unable to comply with any obligations with regards our relationship with you, the consent granted by you for the processing of your Personal Data may be revoked by delivering a written notice or an email to us using the contact details listed below. The withdrawal of consent will be effective from the date on which we receive your request.

b) Consent for processing and transferring Personal Data.

If you are based in Mexico, your consent for the processing of your Personal Data according to the terms provided herein will be deemed expressly granted when you acknowledge this Privacy Policy. By your acceptance, you also consent to any transfer of Personal Data that may be carried out by us pursuant to the terms of this Privacy Policy. For the processing of your health data within the App, we require your separate authorisation when you sign up to use the App.

15. If you are accessing the App from Brazil

a) Sensitive Data

You expressly agree that, for the provision of the services once you create your App account, we may access, process and transfer your data in accordance with this policy and Brazilian law 13.709/2018 (“LGPD”).

b) Your LGPD rights

To exercise any of your LGPD rights in connection with your Personal Data, please contact us at: help@allurion.com. When you choose to access, rectify, update, oppose, limit the use or divulgence of, or request the deletion of your Personal Data, your request must include, at least, the following:

  • Your name, address and e-mail address or any other means by which you wish for us to send our response to your request;
  • Documents evidencing your identity or your legal representative, as applicable;
  • A clear and precise description of the Personal Data you are exercising your rights in relation to. In the event of a request for rectification, you shall state the required modifications and provide supporting documentation; and
  • Any other supporting information that facilitates us locating your Personal Data.

Unless you expressly indicate that you want to receive a reply by different means, we will respond to your request via the email address provided on your application within a maximum period of fifteen (15) days from your request. In the case of requests for access to Personal Data, we will provide you with a copy of your Personal Data, provided we have prior proof of your identity or that of your legal representative, as applicable.

These deadlines may be extended once (for an equal period), if justified by the circumstances and legally approved. Provided that the withdrawal of your consent does not result in us being unable to comply with any obligations with regard to our relationship with you, the consent granted by you for the processing of your Personal Data may be revoked by delivering a written notice or an email to us, using the contact details listed below. The withdrawal of consent will be effective from the date that we receive your request.

c) Consent for processing and transferring Personal Data

If you are based in Brazil, your consent for the processing of your Personal Data according to the terms provided herein will be deemed expressly granted when you acknowledge this Privacy Notice, including the processing of your sensitive Personal Data. By your acceptance, you also consent to any transfer of Personal Data that may be carried out by us pursuant to the terms of this Privacy Notice.