Paid opportunities every month — new health & wellness briefs, limited roster spots.Apply now

Privacy Policy

Last updated: May 12, 2026

This Privacy Policy describes how Kyoji Health ("Kyoji", "we", "us", or "our") handles personal data in connection with the Kyoji Creators marketing site at ugc.kyojihealth.com (the "Site"). It applies to visitors and to people who apply to join the Kyoji Creators roster through linked forms (for example, Typeform). If you interact with other Kyoji products or the main studio site, separate notices may apply there.

Not medical advice; informational use

Disclaimer: This site does not provide medical advice, diagnosis, or treatment, and nothing here replaces advice from a qualified health professional. Do not disregard or delay medical advice because of something you read here. Automated or AI-assisted content may contain errors; verify important health-related information with a professional. See our Disclaimers for the full statement.

Creator marketplace and third-party content

Kyoji Creators is a marketplace that connects brands and independent creators. Kyoji does not own content creators produce for clients, and final approval of whether work is accepted, published, or paid for rests with the client unless otherwise agreed in writing. To the maximum extent permitted by law, Kyoji is not responsible for creator-generated content. See our Disclaimers for the full statement.

1. Data controller

The controller responsible for personal data described in this policy is Kyoji Health, established in Portugal. For privacy requests, contact isauraconsulting@gmail.com.

2. Personal data we collect

2.1. You provide directly

  • Information you submit in a creator application or contact flow (for example, name, email, social handles, portfolio links, and answers you choose to provide).
  • Messages you send us by email or through other channels you initiate.

2.2. Collected automatically

  • Technical data such as IP address, device type, browser, approximate region derived from IP, and pages or features used on the Site.
  • Cookies and similar technologies (see Section 6). We may use analytics tools to understand aggregate traffic and improve the Site.

2.3. From partners

  • When you complete an application hosted by a third party (such as Typeform), that provider processes your responses on our behalf or as an independent controller per their terms. We receive the application data they route to us.

3. How we use personal data

  • Operate, secure, and improve the Site and our creator programs.
  • Review creator applications and communicate with you about them.
  • Measure engagement and troubleshoot technical issues.
  • Comply with law, enforce our terms, and protect rights and safety.

4. Legal bases (EEA, UK, and similar jurisdictions)

Where GDPR-style rules apply, we rely on:

  • Legitimate interests — running the Site, security, fraud prevention, and understanding aggregate use, balanced against your rights.
  • Consent — where required for non-essential cookies or marketing communications you opt into.
  • Contract / pre-contract — processing needed to evaluate your application or onboard you when you become a roster creator.
  • Legal obligation — where we must retain or disclose information to meet regulatory, tax, or law-enforcement requirements.

5. Sharing and subprocessors

We may share personal data with:

  • Service providers who assist us (for example, hosting, analytics, form providers, email), under contracts that limit use to providing services to us.
  • Professional advisers (lawyers, accountants) where needed.
  • Authorities when required by law or to protect Kyoji, users, or the public.
  • Corporate transactions — in connection with a merger, acquisition, financing, reorganization, sale of assets, or insolvency, in which case we will require recipients to honor this policy or notify you of material changes.

We do not sell your personal data as "sale" is defined under U.S. state privacy laws, and we do not share it for cross-context behavioral advertising in ways those laws treat as "sale" or "sharing".

6. Cookies and analytics

We use cookies and similar technologies that are strictly necessary for the Site to function, and, where allowed, analytics cookies (Google Analytics) to understand traffic. Where required by law, we use a cookie banner and Google Consent Mode so you can accept or reject non-essential cookies; see our Cookie Policy for details. You can also control cookies through your browser settings.

7. International transfers

We may process data in the United States and other countries. Where we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards such as Standard Contractual Clauses or other mechanisms approved by regulators.

8. Retention

We keep personal data only as long as needed for the purposes above:

  • Application data — typically for the duration of the recruitment relationship and a reasonable period afterward, unless a longer period is required for legal claims or compliance.
  • Marketing and analytics logs — for shorter periods defined in our tools' settings, unless a longer retention is justified by security or law.
  • Tax and finance records — as long as applicable law requires when payments apply.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal data, and to object to certain processing. You may also have the right to lodge a complaint with a supervisory authority — for Portuguese residents, the Comissão Nacional de Proteção de Dados (CNPD) at cnpd.pt; for other EEA/UK residents, your local data protection authority. To exercise rights, email isauraconsulting@gmail.com. We will respond within the timeframes required by applicable law (often within 30 days for GDPR requests, subject to extension for complex requests).

California residents. If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and limit use of sensitive personal information, and the right not to receive discriminatory treatment for exercising those rights. You may use an authorized agent to submit a request; we may require the agent to provide proof of authorization and may require you to verify your identity directly.

10. Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal data against loss, misuse, and unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Children

The Site is not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

12. Changes

We may update this Privacy Policy from time to time. We will post the new version on this page and adjust the "Last updated" date. Where changes are material and we have your contact details, we may also notify you by email.

13. Contact

Questions about this policy or your personal data: isauraconsulting@gmail.com. You can also review our Data deletion page for how to request erasure of personal data we hold.