Previous Privacy Policy

This page contains previous versions of the privacy policy. For the current version, refer to

Thank you for your interest in our breathing app OXA that is available for both Android and iOS. OXA helps users to improve breathing by providing step by step instructions and exercises, personalized feedback, insights and giving recommendations on how to reduce stress and anxiety, increasing focus and contributing to a positive overall well being. OXA is based on scientific research in combination with ancient experience and wisdom. Along the way, OXA educates users about the underlying principles of breathing and the behaviour of the human body in order to understand the proposed exercise plans and do effective breathing sessions.

This privacy policy informs you about the collection and processing of personal data that is required to a) providing a functional and user friendly website including its contents and service offered there and b) providing the app functionality as outlined in the Terms of Service.

Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration and legal basis for the processing of such data. We also inform you  about third-party components we use to optimize our app and improve the user experience.

To use the OXA app you need the OXA vital sign sensor that measures the activity of your heart, breathing, physical activity and also skin temperature.

1. Responsible party

Nanoleq AG, as data controller, is responsible for the processing of your personal data utilized by this website and the OXA app. In this privacy policy, “we”, “our” or “us” refer to:

Nanoleq AG

Hofwisenstrasse 50a

8153 Rümlang


Telephone: +41 78 975 10 72


The name of the Controller’s privacy officer is Niclas Granqvist

2. Your rights

You have the right, subject to the conditions set out in the General Data Protection Regulation (GDPR) to request access to and rectification or erasure of your personal data, data portability, restriction of processing of your personal data, the right to prohibit direct marketing, the right to object to processing of your personal data, and the right to lodge a complaint with a supervisory authority.

We always request your consent and we request it only in cases when it is necessary for our offering of the service e.g. when we update our privacy policy. You have the right to withdraw your consent at any time. Note that the withdrawal of consent would prevent us from offering the service to you.

We kindly ask you to address all inquiries regarding the processing of your personal data to our data protection officer along with a copy of an identity document to verify your identity.

3. Collection and processing of personal data
3.1 Website

Our web site is  Here you can find general information about our sensor and app. You can also find links for purchasing our sensor.

The following section applies to our web site.

3.1.1 Cookies

For analytics and understanding of visiting customers we use Google analytics. We can see pages visited, geographical distribution and time spent on pages. This information is used to improve our services. Notice that we have no way of knowing your identity or personal information. The data thus collected will be temporarily stored, but not in association with any other of your data (completely separated from OXA app data, see 3.2 and following).

We use cookies on our website. Cookies are small files or other storage technologies stored on your computer by your browser. The cookies possess certain specific information about you, such as your browser, location data, or IP address. This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function.

The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data.

If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR.

All cookies are deleted when the browser is closed.

You can refuse the use of cookies by changing the settings on your browser. Not all of the functions on our site may be fully usable If you prevent or restrict cookies.

4.1 Registration for OXA App

In order to use the OXA app, you need to download the app from Google’s Play Store or Apple’s App store. After successful installation, you must complete the registration process within the app by providing a valid email address and a secure password, or by using your Google or Apple login, as well as agreeing to our End User License Agreement (EULA).

The actual registration process, meaning the creation of an identity, is provided by Google Firebase Authentication. While we actively only pass on email address and password, Google may collect additional information such as your IP address. For more details, please have a look at Google’s privacy policy available at

By completing the registration process, you enter into a contractual relationship with us. We process your personal data to provide you the OXA app as specified in our EULA. Thus, we process your personal data based on your contractual relationship with us ("contractual necessity", Art 6 (1) (b) GDPR).

4.2 Using the App

By using the app based on the contractual relationship (Art 6 (1) (b) GDPR), the following data may be collected and processed:

The OXA app is actively recording data with the help of your device. For the purpose of analysing an activity and subsequently creating a profile for personalized breathing guidance, we use the following data:

App usage: in order to understand how our users interact with OXA we collect app usage statistics including date and time when the app accesses our servers, the app version, operating system information and information relating to how the app functions (logging data). With this information we can further improve the quality of OXA as well as further enhance the  user experience and general functionality. Notice that this information is anonymised and we have no information about your identity as we don’t need that.

4.3 Standalone use of OXA sensor

Our OXA device and services were developed to be used in conjunction with each other to offer the best possible experience. The OXA sensor can also be used in standalone mode without using our app and services and OXA may be compatible with some existing apps. Notice that when used in standalone mode not all information such as respiration will be available. Only the OXA app can show the full set of information. When you use the sensor in standalone mode, we do not collect any data but the App you are using may do that. Please consult the other App’s Privacy statement to understand what personal data is saved. We may receive data about the purchase of OXA sensors e.g. through a web shop.

Notice that when you use the sensor in standalone mode we cannot offer you software updates and you may not have the latest innovations with best quality data. Thus we recommend that you regularly check with the OXA app if a software update for the sensor is available.

4.4 Nanoleq Research

The science of breathing, heart and mind are important to Nanoleq. We have advisors and research teams focused on measurement, data extraction, algorithms and human physiology. We do this research to develop new and improved services and products so that you can understand your body better.

Sometimes we collaborate on research with 3rd parties such as universities, schools and hospitals. The aim is the production and publication of scientific articles in journals to further develop the science of physiology. Our collaborators apply the highest ethical standards when conducting study protocols. We do not disclose any personal data and if such a need would arise then we will ask for your consent before publication and you can refuse.

5. Data Retention of OXA App Data

General personal data such as year of birth, email, gender or height is retained until the termination of the contractual relationship.

Data logs are always deleted after 60 days independent of the contractual state.

We may retain some of your data for the establishment, exercise or defence of legal claims for 3 years after the termination of your contract with us (Art 6 (1) (f), GDPR).

6. Data Security

We implement appropriate technical and organisational measures to protect the confidentiality and integrity of your personal data, meaning protecting your personal data against unauthorized, unlawful or accidental access, processing, loss, use and tampering. Those measures are subject to constant evaluation and enhancements.

7. Transfer of personal data outside EU/EEA

No OXA app data (personal data) is transferred to 3rd parties outside EU/EEA/EFTA.

8. Transfer of personal data to supervisory authorities or courts

We may disclose personal data about you to others to comply with a valid legal order, court order, legal process or other legal obligation.

9. Children

We request children under the age of 16 to not use the OXA app and provide personal data without the consent of a guardian.

10. Updates to our privacy policy

This Privacy Notice was updated on November 8th 2021. You can view the previous versions here. We may occasionally make changes to this Privacy Notice, and we notify our customers about such changes by email or via our apps.