Privacy policy

Effective Date: April 1, 2026    Last Updated: April 1, 2026

This Privacy Policy ("Policy") is issued by Ezymind Nexus, Inc., a corporation incorporated under the laws of the State of Delaware, which operates primarily under the brand name Dusq and may operate under such other brand or trade names as it may adopt from time to time ("Company," "we," "our," or "us"). The Company is a wholly-owned subsidiary of Ezymind Healthcare Private Limited, incorporated under the Companies Act, 2013, India.

This Policy describes how we collect, use, store, disclose, and protect personal information when you use our mobile application, hardware device, and related services (collectively, the "Services"). Please read this Policy carefully. By creating an account or using the Services, you agree to the practices described herein. If you do not agree, please discontinue use immediately.

1. Definitions

"Biometric Information" means any personal information based on an individual's biometric identifier used to identify that individual, as defined under applicable state biometric privacy statutes including BIPA, CUBI, and analogous laws.

"Personal Information" means any information that identifies, relates to, describes, or is reasonably capable of being associated with a particular consumer or household, interpreted consistently with applicable law.

"Sensitive Personal Information" means a subset of Personal Information including, without limitation, biometric data, health and medical information, precise geolocation data, and account access credentials.

"Services" means the Dusq mobile application, associated hardware device(s), firmware, software, and all related features and digital properties offered by the Company.

"You" or "User" means any individual who accesses, downloads, registers for, or otherwise uses the Services.

2. Information We Collect

2.1 Information You Provide Directly

  • Registration and Account Data: your name, telephone number, email address, and credentials provided during account creation or management.
  • Communications and Support Data: information provided when contacting our support team, submitting feedback, or otherwise communicating with us.
  • Transaction and Billing Data: billing details and payment method information processed through our PCI-DSS-compliant third-party payment processor. We do not store full payment card numbers on our own systems.
  • User-Generated Content: any content, preferences, or inputs you voluntarily submit through the Services.

2.2 Information Collected Automatically

  • Device and Technical Data: device identifiers, hardware model, operating system and version, application version, crash logs, and diagnostic information.
  • Usage and Interaction Data: features accessed, navigation patterns, session duration, timestamps, and other interaction data generated through your use of the Services.
  • Network and Connectivity Data: IP address, network type, connection quality, and general geographic region (country or state level only, not precise location).
  • Device Sensor and Measurement Data: data generated by or derived from the operation of Dusq hardware devices, including physiological and environmental measurements recorded during use. The technical composition and proprietary parameters of such data constitute confidential and proprietary information of the Company.

2.3 Biometric and Health-Related Information

In providing the Services, we may collect, process, or derive information that constitutes biometric identifiers, biometric information, or health-related data as defined under applicable law. Such information is processed solely for the purposes described in this Policy and is subject to the additional protections set out in Section 5.

2.4 Information from Third Parties

  • Mobile Platform Providers: limited transactional data from Apple App Store or Google Play in connection with your download or purchase of the application.
  • Analytics Partners: aggregated or pseudonymised usage metrics from third-party analytics services engaged by the Company.
  • Advertising and Attribution Partners: limited interaction signals used to measure marketing effectiveness, subject to your consent where required by applicable law.

3. How We Use Personal Information

3.1 Provision and Operation of the Services

  • To create, authenticate, maintain, and administer your account.
  • To deliver the features of the Services, including personalised insights, reports, scores, and recommendations derived from your usage and device data.
  • To process and fulfil orders, subscriptions, and other transactions.
  • To facilitate customer support, respond to inquiries, and resolve disputes.

3.2 Research, Development, and Improvement

  • To conduct internal analytics, quality assurance, and product testing.
  • To develop, refine, and validate our proprietary algorithms, computational models, and Service features.
  • To identify usage trends and improve the overall performance and reliability of the Services.

3.3 Communications

  • To deliver transactional messages including verification codes, authentication tokens, order confirmations, and service notices required to operate the Services.
  • To send product updates, feature announcements, and marketing communications where you have not opted out of such communications.

3.4 Safety, Fraud Prevention, and Legal Compliance

  • To verify identity and prevent unauthorised account access.
  • To detect, investigate, and prevent fraudulent transactions, abuse, and violations of our Terms of Service or applicable law.
  • To comply with applicable laws, regulations, court orders, and valid governmental requests.
  • To enforce our contractual rights and protect the rights, property, or safety of the Company, our users, and the public.

3.5 Aggregated and De-Identified Data

We may aggregate or de-identify Personal Information such that it can no longer reasonably be associated with an identifiable individual. This includes data collected through the Device and Services, such as sleep patterns, sensor readings, and wellness metrics. De-identified or aggregated data derived from your use of the Device and Services may be used internally to improve our proprietary algorithms, train machine learning models, develop new features, and conduct internal research. Before being used for these purposes, data is de-identified such that it cannot reasonably be used to identify you individually. This de-identified data is not shared with or sold to third parties.

4. Legal Bases for Processing

Where required by applicable law, our processing of Personal Information is grounded in one or more of the following bases:

  • Performance of a Contract: processing necessary to provide the Services you have requested or to perform our obligations under our Terms of Service.
  • Legitimate Interests: processing necessary for our legitimate business interests, including improving and securing the Services and preventing fraud, where such interests are not overridden by your rights and freedoms.
  • Consent: where we rely on your consent to process Sensitive Personal Information or biometric data as required by applicable state law. You may withdraw consent at any time; withdrawal does not affect the lawfulness of prior processing.
  • Legal Obligation: processing necessary to comply with a legal obligation applicable to the Company.

5. Biometric and Sensitive Health Information

5.1 Statutory Notice and Consent

The Services involve the collection of information that may constitute biometric identifiers or biometric information within the meaning of the Illinois Biometric Information Privacy Act (740 ILCS 14/10), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code sec. 503.001), the Washington My Health MY Data Act, and analogous statutes in other jurisdictions. This notice is provided in satisfaction of applicable statutory disclosure obligations.

By accepting this Policy and using the Dusq hardware device or associated application features, and where separately required by applicable biometric privacy law, you expressly consent to the collection, storage, processing, and use of biometric and health-related information as described in this Policy.

5.2 Prohibited Uses and Non-Disclosure

We will not sell, lease, trade, or otherwise profit from your Biometric Information. We will not disclose it to any third party except: (a) as required by applicable law or valid legal process; (b) to service providers acting on our behalf under contractual restrictions no less protective than those in this Policy; or (c) with your prior written consent.

5.3 Retention and Destruction

Biometric and health-related information is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by law. Upon the earlier of: (a) satisfaction of the initial purpose of collection; (b) three (3) years from your last interaction with the Services; or (c) a valid deletion request, we will permanently destroy or irreversibly anonymise such information, unless continued retention is required by applicable law or regulation.

5.4 Security Standard

We store, transmit, and protect Biometric Information using a standard of care equal to or greater than the standard we apply to other confidential and commercially sensitive information we hold.

6. SMS Communications

When you provide your mobile phone number to Dusq during account signup, login, or other authentication flows on the Dusq mobile application or website, you consent to receive SMS messages from us for account authentication purposes. These messages contain one-time passcodes (OTPs) used to verify your identity.

6.1 What We Collect

Your mobile phone number, the timestamps of SMS messages sent to you, and the delivery status returned by our SMS service providers.

6.2 How We Use It

Phone numbers are used solely for account authentication and operational notifications related to your Dusq account. We do not use your phone number to send marketing or promotional content.

6.3 Sharing

We do not sell or share your phone number with third parties for marketing purposes. Your phone number is shared with our SMS service providers, namely Twilio, Inc. (United States) and SMSCountry Networks Pvt. Ltd. (India), strictly for the purpose of delivering authentication messages, and only to the extent necessary for that delivery.

6.4 Message Frequency

SMS messages are sent only in response to authentication events you initiate (such as logging in or requesting a one-time passcode). We do not send unsolicited SMS messages.

6.5 Opt Out

You may opt out of receiving SMS messages at any time by replying STOP to any message. Opting out will prevent you from completing SMS-based authentication and may affect your ability to log in.

6.6 Help

Reply HELP to any SMS message for assistance, or contact us at info@dusq.com.

6.7 Message and Data Rates

Standard message and data rates may apply per your wireless carrier. Dusq is not responsible for charges levied by your carrier for receiving SMS messages.

6.8 Marketing and Promotional Communications

Where you have consented, we may send promotional communications by email or other electronic means. You may opt out at any time by following the unsubscribe instructions in any such message or by contacting us at info@dusq.com.

7. Disclosure of Personal Information

We do not sell your Personal Information. We do not share Personal Information for cross-context behavioural advertising. We may disclose Personal Information in the following limited circumstances:

7.1 Service Providers

We engage third-party vendors and contractors to perform functions on our behalf, including cloud hosting, analytics, payment processing, customer support, and SMS delivery. Such parties access Personal Information only to the extent necessary for their designated functions and are bound by contractual data protection obligations.

7.2 Corporate Affiliates

We may share Personal Information with our parent entity, Ezymind Healthcare Private Limited, and with other entities under common control, for legitimate operational, administrative, or product development purposes, subject to data protection obligations consistent with this Policy.

7.3 Business Transfers

In connection with a merger, acquisition, restructuring, or sale of assets, Personal Information may be transferred to the relevant successor entity. We will provide advance notice before Personal Information becomes subject to a materially different privacy policy.

7.4 Legal Process and Protection of Rights

We may disclose Personal Information where we believe in good faith that disclosure is required or permitted in order to: (a) comply with applicable law, regulation, or enforceable governmental request; (b) respond to lawful legal process; (c) enforce this Policy or our Terms of Service; or (d) protect the rights, property, or safety of the Company, our users, or the public.

7.5 With Your Consent

We may share Personal Information with third parties with your prior, express, and informed consent.

8. Data Retention

We retain Personal Information for no longer than is necessary to fulfil the purposes for which it was collected, to provide the Services, or as required by applicable legal, regulatory, or contractual obligations. Factors considered in determining retention periods include the nature and sensitivity of the data, applicable statutory requirements, the existence of pending legal proceedings, and the need to maintain records for dispute resolution and fraud prevention.

Upon account deletion, we will delete or anonymise your Personal Information within thirty (30) calendar days of a valid deletion request, subject to any applicable legal obligations or pending proceedings. Biometric information is subject to the additional retention and destruction requirements in Section 5.3.

9. Security

We maintain a written information security programme incorporating reasonable administrative, technical, and physical safeguards designed to protect Personal Information against unauthorised access, disclosure, alteration, loss, and destruction. These include encryption of data in transit and at rest, role-based access controls, authentication mechanisms, network security measures, and periodic internal security reviews.

No method of transmission or storage is entirely impervious to risk, and we do not warrant or guarantee absolute security. In the event of a breach that triggers notification obligations under applicable law, we will notify affected individuals and relevant regulatory authorities within the required timeframes. Users are responsible for maintaining the confidentiality of their account credentials and should notify us promptly of any suspected unauthorised access.

10. Children's Privacy

The Services are not directed to individuals under the age of eighteen (18). We do not knowingly collect Personal Information from minors. If we learn that we have inadvertently collected information from a minor, we will take prompt steps to delete it. Parents or guardians who believe a minor has submitted information to us should contact info@dusq.com immediately.

11. Your Privacy Rights

Subject to applicable law and certain exceptions, you may have the following rights with respect to your Personal Information. To exercise any right, submit a request using the contact information in Section 22.

  • Right to Know and Access: request disclosure of the categories and specific pieces of Personal Information we hold, the sources from which it was collected, the purposes for which it is used, and the categories of third parties with whom it has been shared.
  • Right to Correction: request correction of inaccurate Personal Information we maintain about you.
  • Right to Deletion: request deletion of Personal Information we have collected, subject to applicable legal exceptions.
  • Right to Portability: receive a copy of certain Personal Information in a structured, machine-readable format.
  • Right to Opt-Out of Sale or Sharing: we do not sell Personal Information or share it for cross-context behavioural advertising.
  • Right to Restrict Processing: request restriction of processing in circumstances permitted by applicable law.
  • Right to Non-Discrimination: we will not discriminate against you for exercising any legally protected privacy right.

We will verify your identity before processing any request and will respond within the timeframe required by applicable law, generally forty-five (45) calendar days, with the possibility of a single extension where reasonably necessary. You may designate an authorised agent to submit requests on your behalf, subject to verification of the agent's authority. Where we decline a request, we will provide a written explanation and, where required by applicable law, information on how to appeal.

12. Additional Disclosures for California Residents (CCPA/CPRA)

This Section supplements the Policy and applies solely to California residents pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (Cal. Civ. Code sec. 1798.100 et seq.).

12.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected Personal Information falling within the following CCPA categories: Identifiers; Personal information under Cal. Civ. Code sec. 1798.80(e); Biometric information; Health and medical information; Internet or other electronic network activity information; General geolocation data; and Inferences drawn from the foregoing.

12.2 Sensitive Personal Information

We collect sensitive personal information under the CPRA, including biometric and health-related data, solely to perform the Services and for internal development, security, and fraud prevention. We do not use or disclose sensitive personal information for purposes that would require a right to limit use under Cal. Civ. Code sec. 1798.121.

12.3 No Sale or Sharing for Advertising

We do not sell Personal Information. We do not share Personal Information for cross-context behavioural advertising as defined under Cal. Civ. Code sec. 1798.140(ah).

12.4 Shine the Light (Cal. Civ. Code sec. 1798.83)

We do not share Personal Information with third parties for their own direct marketing purposes.

12.5 Authorised Agents

California residents may designate an authorised agent to submit CCPA/CPRA requests on their behalf. We require written authorisation signed by the consumer and may require independent identity verification, unless the agent holds power of attorney under California Probate Code sections 4000 to 4465.

12.6 Biometric Data Requests

For CCPA/CPRA requests relating to biometric data, please include the subject line "California Biometric Data Request" in your communication to info@dusq.com.

13. Additional Disclosures for Other State Residents

Residents of states with comprehensive privacy legislation, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas, Oregon, Montana, Iowa, Indiana, Tennessee, and New Hampshire, may have rights under applicable law including the right to access, correct, delete, and obtain a copy of their Personal Information; opt out of profiling for decisions producing legal or similarly significant effects; and appeal our response to a rights request.

To exercise available rights, contact us as described in Section 22. We will respond in accordance with applicable state law. Where we decline a request, we will provide a written explanation and, where required, information on how to appeal to the relevant state Attorney General or supervisory authority.

14. Cross-Border Data Transfers

The Company is incorporated and operated in the United States, and Personal Information collected through the Services is stored and processed in the United States. As a wholly-owned subsidiary of Ezymind Healthcare Private Limited (India), Personal Information may be accessed by or transferred to personnel or systems in India in connection with operational, research and development, and technical functions. Such transfers are conducted subject to contractual data protection obligations designed to ensure Personal Information receives protection consistent with applicable US privacy law.

By using the Services, you acknowledge that your Personal Information may be transferred to and processed in the United States and other countries, and you consent to such transfer in accordance with this Policy.

15. Third-Party Links and Services

The Services may contain links to third-party websites, applications, or services not owned or controlled by the Company. This Policy does not apply to such services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through the Services.

16. Do Not Track Signals

We honour the Global Privacy Control (GPC) opt-out preference signal. If you visit our website with GPC enabled, we will treat this as a request to opt out of the sale or sharing of your personal information for the device and browser you use to visit the site. Where we are able to associate the device with a user account, we will apply the opt-out to that account as well. To learn more about GPC, visit https://globalprivacycontrol.org. Our Services do not otherwise respond to Do Not Track (DNT) signals, as no uniform technical standard for doing so has been adopted across the industry.

17. Cookies and Tracking Technologies

Our website and Services use cookies and similar tracking technologies, including pixels, web beacons, and local storage, to operate and improve the Services, remember your preferences, and support analytics and advertising functions. Cookies are small data files placed on your device when you visit our website.

17.1 Types of Cookies We Use

Strictly necessary cookies: required for the website and store to function, including session management, authentication, and shopping cart functionality. These cannot be disabled. Analytics cookies: help us understand how visitors interact with our website, including which pages are visited and how long users stay. Advertising and targeting cookies: used to deliver advertisements relevant to your interests and to measure the effectiveness of our marketing campaigns, including through third-party platforms such as Meta and Google.

17.2 Your Cookie Choices

You may adjust your browser settings to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of the Services. You may also opt out of interest-based advertising through the Digital Advertising Alliance at www.aboutads.info or the Network Advertising Initiative at www.networkadvertising.org.

18. Shopify and Our Online Store

Our online store at www.dusq.com is hosted by Shopify Inc. Shopify collects and processes personal information about your access to and use of the store in order to provide and improve the Services. Information you submit through the store will be transmitted to and processed by Shopify, as well as third parties that may be located in countries other than where you reside.

In addition, Shopify may use data from your interactions with our store, combined with data from other Shopify merchants, to provide Shopify-enhanced features. In these circumstances, Shopify acts as an independent data controller and is responsible for responding to requests you make regarding Shopify’s processing of your data. To learn more about how Shopify uses your personal information and to exercise rights in relation to Shopify’s processing, visit the Shopify Consumer Privacy Policy at www.shopify.com/legal/privacy and the Shopify Privacy Portal at privacy.shopify.com.

19. Marketing and Targeted Advertising

We use your personal information for marketing and promotional purposes, including to send marketing communications by email and to show you online advertisements on third-party platforms such as Meta (Facebook and Instagram) and Google, including based on items you have previously viewed or purchased and other activity on our Services. This may involve sharing certain information, such as email addresses or device identifiers, with those platforms in hashed or pseudonymised form to facilitate audience matching.

Depending on where you reside, you may have the right to opt out of the sharing of your personal information for targeted advertising purposes. To exercise this right, contact us at info@dusq.com or use the opt-out mechanism on our website where available. You may also opt out through your browser’s Global Privacy Control signal, as described in Section 16.

We may send promotional communications by email where you have consented or where permitted by applicable law. You may opt out of promotional emails at any time by using the unsubscribe link in any such message or by contacting us at info@dusq.com. Opting out of promotional emails will not affect transactional or account-related communications.

20. Complaints

If you have concerns about how we handle your personal information, please contact us in the first instance using the details in Section 22. We will investigate and respond to your complaint in a timely manner. If you are not satisfied with our response, depending on where you live, you may have the right to lodge a complaint with your applicable state Attorney General’s office or other relevant supervisory authority.

21. Changes to This Policy

We may update this Policy at any time. Material changes will be communicated by updating the Last Updated date at the top of this page, posting a notice within the Services, and, where required by applicable law or reasonably practicable, by notifying you at the email address on your account. Continued use of the Services following the effective date of a revised Policy constitutes acceptance of the updated terms. If you do not agree to a revised Policy, you must discontinue use of the Services and may request account deletion under Section 11.

22. Contact Information

For questions, concerns, or requests regarding this Policy or the exercise of any rights described herein, please contact us at:

Ezymind Nexus, Inc., operating as Dusq

131 Continental Dr, Suite 305, Newark, County of New Castle, Delaware 19713, USA

Email: info@dusq.com

Website: www.dusq.com

For California residents exercising rights under CCPA/CPRA, include the subject line "California Privacy Request" in your communication. For biometric data requests under BIPA, CUBI, or analogous statutes, include the subject line "Biometric Data Request". If you believe we have not adequately addressed your privacy concern, you may have the right to lodge a complaint with the applicable state Attorney General's office or relevant supervisory authority in your jurisdiction.

This Policy is issued by Ezymind Nexus, Inc. (operating as Dusq), a Delaware corporation (registered address: 131 Continental Dr, Suite 305, Newark, DE 19713), wholly-owned subsidiary of Ezymind Healthcare Private Limited (India). Effective Date: April 1, 2026. This document does not constitute legal advice. Dusq recommends periodic review with qualified US legal counsel.