For now, the SKIIN service is only offered to Swiss residents. More countries coming soon.

×
Solutions How It Works
Partners
About
Shop

Last Updated: July 23, 2025

Myant - Privacy Policy

This Privacy Policy explains how Myant Medical Corp., its subsidiaries, affiliates, divisions (collectively "Company", "Myant", "we", "us", or "our") collects, uses, discloses, and protects your personal data when you use the SKIIN™ kit, SKIIN™ Garment, SKIIN™ Pod, the SKIIN CONNECTED LIFE APP (SCLA) Mobile App, SKIIN CONNECTED LIFE HEARTBEAT (SCLA-А) Mobile App, Myant Virtual Clinic Portal (MVCP) and any related services (collectively, "SKIIN™" or "Services"). Because SKIIN™ is a medical device that records sensitive health data, we are firmly committed to complying with applicable privacy and data protection laws, including the EU General Data Protection Regulation (GDPR), the Swiss Federal Act on Data Protection (FADP), the Personal Information Protection and Electronic Documents Act (PIPEDA), and the Personal Health Information Protection Act (PHIPA).

 

Important: Please read this Privacy Policy carefully. By using the Services, you acknowledge you have read and understood the information herein. If you disagree with any part of this Policy, do not proceed with the Services or SKIIN device usage.

 

 

1. Controller identity & representatives

 

Primary controller:

  • Name: Myant Medical Corp.
  • Address: 2660 Speakman Drive, Mississauga, Ontario L5K 2L1, Canada
  • Email: privacy@myant.ca
  • Data Protection Officer: dpo@myant.ca

 

EU legal manufacturer (GDPR Article 27):

  • Name: be-on-market GmbH
  • Address: D-91244 Reichenschwand, Lilienstrasse 33, Germany
  • Email: info@boq.com

 

Swiss representative - CH-REP:

  • Name: Beyond Conception GmbH
  • Address: Roosstrasse 53, 8832 Wollerau, Switzerland

 

Healthcare provider relationships: When healthcare providers use our SKIIN™ Screening services, a separate Data Processing Agreement governs the processing relationship. In such cases, your healthcare provider acts as the Data Controller and Myant acts as Data Processor. This Privacy Policy applies to direct patient relationships with Myant.

 

2. Scope and Coverage

2.1 Scope & medical device context

  • SKIIN™ hardware and software components are medical devices in the EU, Switzerland and Canada and are subject to the applicable medical devices regulations.

 

2.2 Geographical coverage

  • This Policy applies to individuals in Canada, Switzerland and the European Union who use SKIIN™ devices or Myant Health services directly.
  • SKIIN™ Screening Healthcare Services: Currently available in Canada, Switzerland and Europe.
  • Healthcare Provider Relationship: When you receive services involving Myant. Services, including SKIIN™ Screening services, through your healthcare provider, your provider's privacy policy and a separate data processing agreement govern the relationship.
  • Covers data collected via the wearable hardware, mobile applications, websites, and associated services.

 

2.3 Age restrictions

  • The Services are intended for persons of 18 years of age or older.
  • We do not knowingly process personal data of children under the applicable age limit.
  • If we discover we have collected data from a minor, we will delete it unless valid parental consent is obtained.

 

2.4 Relationship types and applicable policies

Direct patient relationship

  • When you purchase SKIIN™ devices directly or create a Myant Health account, this Privacy Policy applies in full.
  • Myant acts as Data Controller for your personal and health information.

Healthcare provider relationship (SKIIN™ Screening)

  • When you receive SKIIN™ Screening services through your doctor, clinic, or hospital, your healthcare provider's privacy policy applies primarily.
  • Myant processes your data as Data Processor under a separate Data Processing Agreement.
  • Your healthcare provider determines the purposes and means of processing.
  • You should review both this Privacy Policy and your healthcare provider's privacy practices.

Research participation

  • Separate consent and privacy notices apply for research studies.
  • De-identified data may be processed under different legal frameworks.
  • Specific research privacy notices provided at time of consent.

 

3. Information we collect

 

We collect information in three ways: (1) information you provide, (2) information we collect automatically, and (3) information we receive from other sources.

 

3.1 Information you provide

Account & profile information:

  • Name, email address, address, phone number, date of birth, gender.
  • Country, preferred language, time zone.
  • Height, weight, medical conditions (optional).
  • Account credentials and security information.
  • Profile preferences and settings.

 

Health & medical information:

  • Medication information you choose to provide.
  • Health goals and lifestyle information.
  • Medical history or conditions you elect to share.
  • Healthcare provider information (if connecting to SKIIN™ Screening services).
  • Voice memos, notes, or tags you add to ECG recordings.

 

Communication data:

  • Customer support inquiries and correspondence.
  • Feedback, survey responses, and research participation.
  • Event registration and promotional activity participation.

 

Payment information:

  • Billing address and payment method details (processed by third-party payment processors).
  • Transaction history and purchase records.

 

3.2 Information we collect automatically

Health & biometric data (may vary from region to region based on the respective Instructions for use):

  • ECG waveforms and heart rhythm data.
  • Heart rate, heart rate variability.
  • Respiration rate and patterns.
  • Activity levels, steps, posture metrics.
  • Sleep patterns and quality indicators.
  • Stress indicators and derived health scores.
  • Location of ECG recording on body (chest, body).

 

Device & technical information:

  • Device model, operating system, software version.
  • Unique Device Identifiers and user IDs.
  • IP address and approximate location (city/country level).
  • Network connection information.
  • Crash reports and diagnostic data.
  • App usage patterns and session information.

 

Usage information:

  • Features accessed and frequency of use.
  • Time spent in different app sections.
  • Settings and preferences.
  • Data export and sharing activities.

 

3.3 Information from other sources

Healthcare providers:

  • Medical reports, referrals, or assessments (with your consent).
  • Integration data from electronic health records (where authorized).

 

Third-party health applications:

  • Data from connected fitness trackers or health apps (with your permission).
  • Integration with Apple Health, Google Fit, or similar platforms.

 

Business partners:

  • Information from authorized distributors or healthcare facilities.
  • Research collaboration data (anonymized/de-identified).

 

4. Purposes and Legal Basis

We process your personal data only for legitimate, clearly defined purposes under valid legal bases:

 

4.1 Core medical services

Purpose

  • Provide ECG monitoring, health tracking, medical device functionality, SKIIN™ Screening services.

 

Legal basis

  • Contract Performance (GDPR Art. 6(1)(b)) for service delivery.
  • Explicit Consent (GDPR Art. 9(2)(a)) for special category health data.
  • Health Professional Exception (GDPR Art. 9(2)(h)) for SKIIN™ Screening medical services.

 

4.2 Healthcare provider services (SKIIN™ Screening)

Purpose

  • Provide at-home cardiac assessments, Holter monitoring, cardiologist review, medical reporting.

Legal basis

  • Contract Performance for healthcare service delivery.
  • Explicit Consent for health data processing.
  • Legal Obligation for medical device vigilance and healthcare regulations.

 

4.3 Service improvement & analytics

Purpose

  • Improve device algorithms, enhance user experience, develop new features.

Legal basis

  • Legitimate Interests (GDPR Art. 6(1)(f)) for product improvement.
  • Consent (GDPR Art. 6(1)(a)) for optional analytics and research participation.

 

4.4 Customer support & safety

Purpose

  • Troubleshoot issues, provide technical support, ensure device safety.

Legal basis

  • Legitimate Interests for basic support.
  • Explicit Consent when analyzing health data for support purposes.

 

4.5 Legal & regulatory compliance

Purpose

  • Meet medical device regulations, adverse event reporting, financial compliance.

Legal basis

  • Legal Obligation (GDPR Art. 6(1)(c)).
  • Under MDR/Health Canada regulations, certain records are maintained for up to 10 years.


4.6 Security & fraud prevention

Purpose

  • Protect user accounts, detect unauthorized access, prevent misuse.

Legal basis

  • Legitimate Interests for security maintenance.
  • Legal Obligation for certain security requirements.

 

4.7 Marketing & communications

Purpose

  • Product updates, health tips, promotional offers.

Legal basis

  • Legitimate Interests for essential product updates.
  • Consent for marketing communications (you may opt out anytime).

 

Please note that when your data is processed as part of services provided by your healthcare provider (the "Healthcare Provider Relationship" or "SKIIN™ Screening" model), you may need to direct your privacy rights requests to your provider, who acts as the Data Controller.

 

5. How we share your information

We share your information only in limited circumstances with appropriate safeguards:

5.1 Healthcare providers

  • With your explicit consent, we may share ECG data and health information with your designated healthcare providers.
  • SKIIN™ Screening services involve sharing with licensed cardiologists and medical professionals.


We engage vetted third-party service providers to help operate SKIIN™ and Myant Health services. These providers ("Sub-Processors") process your data on our behalf under GDPR Art. 28 and equivalent data protection agreements:

 

  • Infrastructure & hosting
    • Cloud hosting providers (AWS Canada/Ireland, Microsoft Azure EU) ensuring data residency compliance.
    • Content delivery networks for app and website performance.
    • Database hosting with encryption and backup services.
  • Healthcare & medical services
    • Certified cardiologists and cardiac technicians for SKIIN™ Screening analysis.
    • Electronic health record integration partners (with your consent).
    • Medical device monitoring and safety reporting services.
  • Communication & support
    • Customer support platforms for handling queries and technical assistance.
    • Email service providers for account notifications and communications.
    • SMS/notification services for health alerts and reminders.
  • Analytics & performance (with your consent)
    • App performance monitoring (crash reporting, error tracking).
    • Usage analytics platforms for service improvement.
    • A/B testing platforms for user experience optimization.
  • Logistics & fulfilment
    • Shipping and logistics partners for device delivery.
    • Returns processing and inventory management.
    • Customs and international shipping compliance services.
  • Research & development (with separate consent)
    • De-identification and anonymization service providers.
    • Clinical research organizations for approved studies.
    • Academic research institutions under data sharing agreements.

Each provider is vetted for data protection compliance and bound by data processing obligations requiring them to:

  • Process data only per our instructions.
  • Implement appropriate security measures.
  • Assist with your privacy rights requests.
  • Report any security incidents immediately.
  • Delete or return data upon contract termination.

Current Sub-Processor List: For a complete, up-to-date list of sub-processors, their locations, and services provided, contact privacy@myant.ca

 

6. International data transfers

6.1 Primary data location

  • Health data primarily stored in Canada (subject to PIPEDA), EU (GDPR-compliant facilities) and Switzerland (FADP compliant).
  • We use certified data centers meeting ISO 27001 and SOC 2 standards.

6.2 Cross-border safeguards

  • When data transfers occur outside Canada/EU:
    • Adequacy Decisions: We rely on European Commission adequacy decisions where available.
    • Standard Contractual Clauses: EU SCCs for transfers without adequacy.
    • Transfer Impact Assessments: Regular evaluation of transfer risks and safeguards.

6.3 Specific regional compliance

  • France: Subject to HDS (Hébergeur de Données de Santé) requirements if processing French health data.
  • Canada: PIPEDA and PHIPA compliance for personal health information.
  • Switzerland: FADP compliance with equivalent protections to GDPR.

 

7. Data retention

7.1 Active account data

  • Retained while your account remains active to provide continuous health tracking.
  • Inactive accounts (24+ months) receive deletion notice before data removal.

7.2 Health data

  • ECG recordings: Retained per your preferences (default: available in app for 1 year).
  • SKIIN™ Screening medical data: 7 years (healthcare regulatory requirement).
  • Research data: If consented, may be retained longer in de-identified form.

7.3 Legal & regulatory records

  • Medical device vigilance: Up to 10 years post-market (MDR/Health Canada requirement).
  • Financial records: 7 years (tax and accounting compliance).

7.4 Support & technical data

  • Customer support logs: 3 years after case resolution.
  • Crash reports and diagnostics: 18 months.
  • Encrypted backups: 6 months for disaster recovery.

 

8. Your privacy rights

You have comprehensive rights regarding your personal data:

8.1 Access rights

8.2 Correction & completion

  • Update inaccurate or incomplete information via app settings or support request.

8.3 Deletion rights

  • Delete your account and associated data (subject to legal retention requirements).
  • Withdraw consent for specific processing activities.

8.4 Data portability

  • Receive your data in machine-readable format.
  • Request direct transfer to another healthcare provider (where technically feasible).

8.5 Processing restrictions

  • Limit how we process your data in specific circumstances.
  • Object to processing based on legitimate interests.

8.6 Marketing opt-out

  • Unsubscribe from marketing communications at any time.
  • Opt out via email links or app settings.

8.7 Consent withdrawal

  • Withdraw consent for any consent-based processing.
  • Note: This may affect service functionality for health data processing.

 

Exercising Rights: Contact privacy@myant.ca or use in-app settings. We respond within 30 days and may require identity verification.

 

9. Security measures

We implement comprehensive security measures as required by GDPR Article 32 and medical device regulations:

 

9.1 Technical safeguards

  • End-to-end encryption for data transmission (TLS 1.3).
  • AES-256 encryption for data at rest.
  • Secure authentication and access controls.
  • Regular security testing and penetration testing.

9.2 Organizational measures

  • Staff security training and confidentiality agreements.
  • Role-based access controls with principle of least privilege.
  • Regular security audits and compliance reviews.
  • Incident response procedures with 72-hour breach notification.

9.3 Device security

  • Signed firmware to prevent tampering.
  • Secure key storage on mobile devices.
  • Regular security updates and patches.

 

10. Cookies & tracking

10.1 Website cookies

10.2 Mobile app analytics

  • Optional usage analytics to improve app performance.
  • Crash reporting for stability improvements.
  • All analytics require explicit opt-in consent.

 

Cookie Management: Control preferences via website cookie banner or app settings.

 

11. Children's privacy

  • Services not intended for users under 18 years old.
  • No knowingly collection of children's data without parental consent.
  • Parents may request deletion of any inadvertently collected children's data.

 

12. Changes to privacy policy

 

12.1 Update notifications

  • Material changes communicated via email and in-app notifications.
  • 30-day notice for significant changes affecting data use.

12.2 Continued service

  • Continued use after changes indicates acceptance.
  • You may delete your account if you disagree with updates.

 

13. Contact information & complaints

 

13.1 Privacy contacts

  • General Privacy: privacy@myant.ca
  • Data Protection Officer: dpo@myant.ca
  • Address: Myant Medical Corp., 2660 Speakman Drive, Mississauga, ON L5K 2L1, Canada

13.2 Regulatory complaints

You may file complaints with relevant supervisory authorities:

Canada:

  • Office of the Privacy Commissioner of Canada: www.priv.gc.ca.

European Union:

  • Your local data protection authority.
  • Lead supervisory authority contacts available at edpb.europa.eu.

Switzerland:

  • Federal Data Protection and Information Commissioner (FDPIC).

United States:

  • Relevant state privacy authorities where applicable.

 

We encourage contacting us first to resolve any privacy concerns directly.

By using the Myant Health platform including the SKIIN™ devices, you entrust us with sensitive health data. We are committed to earning and maintaining that trust through transparent privacy practices, robust security measures,
and strict regulatory compliance.

For questions about this Privacy Policy or to exercise your privacy rights, contact us at privacy@myant.ca.