PRIVACY POLICY FOR THE NESS MOBILE APPLICATION
Effective: 26th, October 2025
The Ness Mobile application (" Ness", "we", "us" or "our") is owned and operated by Ness. We are committed to protecting the privacy and security of your personal information.
1. WHAT IS THE PURPOSE OF THIS POLICY?
At Ness, we respect your privacy and are committed to protecting your personal information. Ness (“we,” “us,” or “our”) provides a mental health support platform offering AI-assisted tools and guidance to promote emotional well-being and self-awareness. This Privacy Policy describes how we collect, use, store, and safeguard your personal data when you access or interact with our mobile application and related Services. We process personal data in accordance with the UK GDPR, the Data Protection Act 2018, and any other applicable data protection regulations, ensuring transparency and protection of your privacy rights.
By accessing or using the Services, you confirm that you have read and understood this Privacy Policy and agree to the processing of your personal data as described. Users who do not agree with the terms of this Privacy Policy must refrain from using the Services.
If you have any concerns about how your information is handled, you may contact us at a.davlenova@datago.kz or raise a concern with the Information Commissioner’s Office (ICO) in the United Kingdom. The applicable legal framework is the UK GDPR and relevant European Union data privacy regulations.
2. YOUR CONSENT
By using the Ness App, you acknowledge and provide your explicit and informed consent to the processing of any personal data that may arise from your use of the App, in accordance with Article 9(2)(a) of the UK GDPR.
This consent is provided voluntarily and solely for the purpose of enabling the App’s features and delivering its services. We process only the limited data necessary to operate the App and do not collect personal identifiers such as your name or email address.
You have the right to withdraw your consent or object to processing at any time without affecting the lawfulness of prior processing. To do so, please contact us at a.davlenova@datago.kz. Upon withdrawal, certain App functions may no longer operate as intended
3. DATA CONTROLLER
The data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 is:
Ness
Registered in England and Wales
Email: a.davlenova@datago.kz
(For privacy enquiries: a.davlenova@datago.kz)
Ness determines the limited purposes and means of processing any personal data collected through the Ness App.
4. WHAT DATA WE COLLECT
Ness collects only the personal data required to operate, maintain, and improve the Services and mobile application. Described below are the categories of data we collect:
a. Information You Provide Directly. Account Details including email address, age, and any profile information you choose to supply. AI Interaction Content such as chat messages, emotional check-ins, and responses within wellbeing exercises. User Feedback including voluntary survey submissions, feature ratings, and support requests.
b. Information Collected Automatically. Technical and Device Information such as device model, operating system, language settings, and time zone. Service Usage Data including logs of in-app activity, interaction patterns, and performance data to improve functionality and user experience.
c. Sensitive (Special Category) Data. Some information shared through the Services may relate to your mental or emotional health. This data is considered “special category data” under UK GDPR and is processed only:
I. With your explicit consent.
II. When necessary to support the delivery of wellbeing tools.
III. Under reinforced confidentiality and security measures.
Full details regarding processing purposes and legal bases are provided in subsequent sections of this Privacy Policy.
5. HOW WE USE YOUR DATA
Ness processes personal data solely for legitimate and clearly defined purposes, including:
a. Service Delivery and Personalisation. Tailoring wellbeing tools, chatbot responses, and user recommendations to enhance your experience and support emotional regulation.
b. Service Performance and Improvement. Monitoring usage trends, identifying technical issues, and developing new features to improve the efficiency, safety, and quality of the Services.
c. Security, Fraud Prevention, and Legal Compliance. Protecting the integrity of the platform, detecting harmful or unauthorised activity, and meeting legal, regulatory, or compliance obligations.
d. User Support and Communication. Responding to support inquiries, sending service related notifications, and informing you of important updates or changes to these Terms or our Privacy Policy.
6. HOW WE MIGHT SHARE YOUR DATA
Ness does not sell, trade, or disclose personal data to advertisers or third parties for marketing purposes. Personal data may only be shared in limited circumstances, strictly as necessary to support the delivery and protection of the Services:
a. Trusted Service Providers. Carefully selected third-party processors that support technical operations including hosting, data storage, security, and analytics. These providers act only on our instructions and are bound by contractual confidentiality and data protection obligations.
b. Authorised Partner Organisations (Where Applicable). If you access the Services through an affiliated institution or programme, certain information may be shared with that organisation solely for the purpose of administering and supporting your access to our wellbeing tools.
c. Legal, Regulatory, or Safety Requirements. Disclosure may occur where required by UK law or lawful request, or when necessary to protect the rights, safety, or wellbeing of users, the public, or Ness, including the prevention of fraud or threats to security.
Any data shared externally is minimised to what is strictly necessary and processed under appropriate safeguards in line with legal requirements.
7. LAWFUL BASIS FOR PROCESSING DATA
Ness processes personal data only where a valid lawful basis under the UK GDPR applies. This includes processing necessary to deliver and personalise the Services, safeguard platform security, comply with legal obligations, and support improvements to mental well-being tools. Certain types of sensitive data, such as mental health related information, require explicit consent and are handled with heightened protections. In all cases, Ness ensures that processing activities are limited to what is necessary and proportionate for the purposes described in this Privacy Policy.
| Purpose | Data | Legal Basis | Notes |
|---|---|---|---|
| To provide and personalize the Service | Account details, interaction data, preferences | Contractual Necessity (Art. 6(1)(b)) | Special category data processed only with Explicit Consent (Art. 9(2)(a)) |
| To improve, maintain, and secure the platform | Usage analytics, device data, logs | Legitimate Interests (Art. 6(1)(f)) | Not used for profiling and automated decision-making with legal effects |
| To communicate with users, including updates and support responses | Contact information, activity information | Contractual Necessity (Art. 6(1)(b)) or Consent (Art. 6(1)(a)) | Users may opt out of non-essential communications at any time |
| To comply with legal and regulatory requirements | Any personal data required by law | Legal Obligation (Art. 6(1)(c)) | Special category data processed only where a lawful exemption applies |
| To ensure safety and prevent misuse or harm | Technical logs, user reports, behavioural signals | Legitimate Interests (Art. 6(1)(f)) | Safeguards implemented to minimise intrusion |
To provide and personalise the Service | Account details, interaction data, preferences |
We do not use your data for marketing, analytics, or behavioural tracking. All processing is carried out under the lawful bases of consent (Article 6(1) (a)) and legitimate interests (Article 6(1) (f)) where applicable, ensuring data minimisation and purpose limitation).
8. INTERNATIONAL DATA PROCESSING
Ness is established in the United Kingdom and primarily processes personal data within the UK. In certain circumstances, personal data may be transferred to or accessed by trusted service providers located outside the UK or the European Economic Area (“EEA”). These transfers are limited to what is necessary to operate, secure, and improve the Services.
Whenever personal data is processed in other jurisdictions, Ness implements appropriate safeguards to ensure a level of protection equivalent to UK GDPR requirements. Such measures may include:
a. UK GDPR–approved International Data Transfer Agreements (IDTAs)
b. EU Standard Contractual Clauses (SCCs) where relevant
c. Technical safeguards such as encryption and access controls
d. Transfers only to jurisdictions recognised as providing adequate protection by UK authorities.
We require all external processors to act solely on our instructions, maintain confidentiality, and implement robust security measures. Users may request additional information about international transfer safeguards or obtain copies of relevant contractual protections by contacting us using the details provided in this Privacy Policy.
9. DATA SECURITY
Ness takes appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure, in accordance with the UK GDPR, the Data Protection Act 2018, and the EU GDPR where applicable. Our security controls include encryption of data in transit and at rest, restricted access based on job role, secure cloud infrastructure, routine security monitoring, and regular testing of our systems. Where possible, we apply data minimisation and pseudonymisation to reduce risks.
Although we work hard to safeguard your information, no digital service can guarantee absolute security. Users should keep their devices secure and advise us promptly if they suspect any unauthorised access or security concerns.
In the event of a personal data breach, Ness will follow its incident response procedures and notify affected users and relevant authorities where required by law.
10. DATA RETENTION
We retain only the minimum information necessary to provide and support the App.
| Data Category | Purpose of Processing | Retention Period | Deletion / Anonymisation Method |
|---|---|---|---|
| Account Information (name, contact details, login credentials) | Maintain and manage user accounts | While account remains active, plus up to 2 years after closure | Secure erasure from active systems and backup |
| App Usage Data (logs, feature interactions) | Improve and support mobile app functionality | Up to 24 months from collection | Aggregation and anonymisation |
| Transaction & Payment Records | Provide services, comply with financial law | 6 years from transaction date (UK legal requirement) | Secure erasure or anonymisation |
| Customer Support Communications | Respond to inquiries and service improvement | Up to 2 years from last interaction | Secure erasure |
| Device & Technical Data | Performance and security monitoring | Up to 12 months from collection | Secure deletion or anonymisation |
| Secure deletion or anonymisation | Fraud detection, dispute resolution | As long as necessary for legal protection | Secure storage until closure, then deletion |
We regularly review and securely delete or anonymise any retained correspondence or data once it is no longer required for its purpose.
11. YOUR RIGHTS
Under the UK General Data Protection Regulation (UK GDPR), you have several rights regarding your personal data. These rights are subject to certain legal limitations but can be exercised at any time by contacting us at
a. Right to access: information about your data stored by us and its processing (art. 15 GDPR),
b. Right to rectification: correction of incorrect personal data (art. 16 GDPR),
c. Right to erasure: deletion of your data stored by us (art. 17 GDPR),
d. Right to restrict processing: restriction of data processing if we are not yet allowed to delete your data due to legal obligations (art. 18 GDPR),
e. Right to object: objection to the processing of your data by us (art. 21 GDPR) and
f. Right to data portability: data portability, provided that you have consented to data processing or have concluded a contract with us (art. 20 GDPR).
g. Right to withdraw your consent: if you have given us your consent, you can revoke it at any time with effect for the future.
If you believe we have not handled your data properly, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk or by calling 0303 123 1113.
12. CHILDREN'S PRIVACY
Our services are not directed to children under 18 years of age, and individuals under 18 are not permitted to use the Ness mobile application. We do not knowingly collect or process personal data from anyone under this age. If you believe that a child under 18 has provided us with personal information, please contact us immediately at a.davlenova@datago.kz.
13. ADDITIONAL NOTES ON AI FEATURES
Ness integrates AI-driven tools within the mobile application to support emotional well-being, self-awareness, and stress management. Users should consider the following:
a. AI is Supportive, Not Clinical. The AI features provide guidance, exercises, and suggestions based on user inputs. They are not a substitute for professional medical, psychological, or psychiatric care. Users should seek licensed professionals for diagnosis, treatment, or crisis support.
b. Automated Responses. AI-generated outputs are automatically produced based on patterns in the data you provide. While designed to be evidence informed, responses may be limited, generalized, or occasionally inaccurate. Users should exercise judgement and not rely solely on AI outputs.
c. Data Usage for AI Improvement. User interactions with the AI may be used in anonymized or aggregated form to improve model performance, enhance features, and maintain the quality and safety of the Services. No personally identifiable information is used for commercial purposes without consent.
d. Limitations in Understanding Context. The AI may not fully comprehend complex personal circumstances, sensitive emotional states, or cultural nuances. It is intended for general guidance and self-reflection, not individualized professional advice.
e. User Responsibility. Users are responsible for the accuracy and appropriateness of information they provide to the AI. Ness is not liable for outcomes resulting from AI suggestions or guidance.
f. No Emergency Use. AI features are not intended for crisis, emergency, or life threatening situations. In such cases, users must contact local emergency services or trained professionals immediately
14. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time. Updates will be posted to our Mobile application with a new "last updated" date. For significant changes, we may notify you by email or prominent Mobile application notice.
15. COMPLAINTS OR CONCERNS
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us at:
Email: a.davlenova@datago.kz
Postal Address:
We aim to respond to all privacy related enquiries within 30 days in accordance with the UK GDPR. If you remain dissatisfied after contacting us, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK data protection regulator:
Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Last Updated 26th October 2025