Declaração de privacidade
Last updated: 2026-03-08
Lampsy Health ("Lampsy", "we", "us", "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard personal data when you interact with our website, join our waiting list, purchase the Lampsy System on our website, and use Lampsy's services.
1. Who we are and how to contact us
Data Controller: Lampsy Health, Lda. (Portugal). We determine the purposes and means of processing for the personal data covered by this Privacy Policy, which makes us the data controller under the GDPR.
Address: Rua da Prata, 80, 1100-420 Lisbon, Portugal.
Contact for privacy questions and GDPR requests: privacy@lampsyhealth.com
If we appoint a Data Protection Officer (DPO) or change our privacy contacts, we will update this Privacy Policy accordingly.
2. Scope of this Privacy Policy
This Privacy Policy applies to personal data processed in connection with:
- Website use
- Waiting list sign-ups
- Use of cookies and tracking tools
- Analytics and marketing integrations
- Purchases on our website (upon availability)
- Use of Lampsy's services
3. Personal data we collect
We collect personal data in three main ways: by the (i) information you provide, (ii) information collected automatically (through cookies and/or logs), and (iii) information produced as you use Lampsy's connected features.
Contact and inquiries: If you contact us through website forms or communications, we may collect your name, email address, and the content of your message.
Waiting list: Our waiting list page shows the following fields and selection options, for which we may collect: Name, Email, Phone Number, Country of Residence, and "What's your experience with epilepsy?".
Purchases (upon availability): When you place an order, we may collect personal data needed to process and fulfil your purchase, such as: contact details (name and email), billing/shipping details (address), and transaction details.
Gift purchases and recipient details (if applicable): If you buy a product/subscription as a gift and provide the recipient's contact information, we will process that third-party data to deliver the gift and related notifications.
Technical and usage data: When you use our website we may collect data through cookies/pixels, including IP address, device/browser information, browsing activity, referral URLs, timestamps, and engagement analytics (pages viewed, time spent, clicks). Non-essential cookies are only activated with your consent.
Lampsy is an epilepsy monitoring device that processes motion data in a privacy-preserving way, with optional features such as live video, notifications, and saving/reviewing/sharing event videos.
- Account and contact data (your name, email and phone number)
- Caregiver/emergency contact data you voluntarily provide so the system can send notifications and automated calls (names and phone numbers)
- Motion/event information (event timestamps and logs) used to generate notifications
- Video data clips, if you enable such optional features
- Technical data
How and why we process your personal data
We process personal data only where we have a lawful basis under GDPR Articles 6 and 9.
We acquire and process your personal data for basic functionality, security monitoring, fraud prevention, and maintaining the availability and integrity of services.
When you purchase via our website, we process personal data to take payment, fulfil delivery, manage subscriptions (if applicable), communicate about your order, and provide support.
When using Lampsy's services, automated notifications/calls when abnormal motion is detected are generated, and (when such features are enabled) we may provide live video and saved event video review.
With your consent, we use analytics tools to understand site performance and improve content and the user experience.
Where you opt in, we may use marketing tools to measure and understand the effectiveness of campaigns.
We may process personal data to meet legal obligations, including tax/accounting recordkeeping obligations related to sales (where applicable), and to respond to lawful requests from public authorities.
4. Cookies and similar technologies
EU ePrivacy rules require consent for storing or accessing information on a user's device, commonly implemented through cookies and similar technologies, except for storage/access that is strictly necessary to provide a service explicitly requested by the user.
Our current website privacy statement describes three categories of cookies: strictly necessary cookies (always active), analytics/performance cookies (activated only after consent), and marketing/targeting cookies (optional and disabled by default unless you opt in).
Your cookie choice is stored for 12 months and can be changed via the Cookie Settings window or through your browser settings.
Strictly necessary cookies: These cookies are necessary for the operation, security, and core functionality of our website and services. Because these technologies are strictly necessary, they are always active and do not require your consent.
Analytics cookies: These cookies help us understand how visitors use our website. Analytics cookies are only used if you have given your consent.
Product analytics (PostHog). We use PostHog (hosted in the EU by PostHog) to understand how visitors use our website: pages viewed, buttons and links clicked, feature and content interactions, conversion steps, and page-performance metrics (Web Vitals). Before you accept analytics cookies, PostHog runs in a cookieless mode: it stores nothing on your device, your IP address is not sent, and it processes only aggregate, non-identifying usage under our legitimate interest in measuring and improving the site. If you accept analytics cookies, PostHog uses first-party storage to recognise your device across visits, and your approximate location (country/city) is derived from your IP address for aggregate reporting. The raw IP address is used only for that lookup and is then discarded, not stored. We also capture masked session recordings and click/scroll heatmaps to diagnose usability issues: all typed input and on-screen text is redacted, recordings are tied only to an anonymous identifier, and both recording and interaction capture are disabled entirely on sensitive pages (account, checkout, sign-in, registration, and contact). We do not send health-related information, your name, email, or other identifying data to PostHog. You can change your choice anytime via Cookie Settings. See PostHog's privacy policy at posthog.com/privacy.
Marketing cookies: These cookies and similar technologies help us measure the effectiveness of our marketing campaigns. Marketing cookies are only used if you have given your consent.
Depending on the configuration of our website and services at a given time, the providers of these cookies and similar technologies may include, for example, Google Analytics, Hotjar, Meta, Google Ads, Stripe, and service providers supporting our website infrastructure or content management.
Meta Conversions API: With your marketing consent, we use Meta's Conversions API (a server-side connection) to measure and improve our advertising. We send Meta a limited set of events about your activity on our marketing pages, such as viewing a page or product, adding an item to your order, and starting checkout, along with technical identifiers used only to match the event to your Meta account: your IP address, browser user-agent, Meta's _fbp and _fbc cookie identifiers, and, if you are signed in, an irreversibly hashed version of your email and name. We never send health-related information or anything that could reveal a medical condition. You can withdraw consent at any time in your cookie settings, after which we stop sending these events.
Your cookie preferences are collected and managed through our cookie banner and settings tool. Your choice is stored for 12 months unless you change it earlier. You may update or withdraw your consent at any time through the Cookie Settings link or window available on our website.
5. How we share personal data
We share personal data only as needed for the purposes described above, including with:
- Service providers (processors) who help us operate our website and deliver services (such as hosting, email delivery, analytics, customer support tooling)
- Analytics/advertising providers, such as Google and Meta, where you have consented to those cookies/tools
- Payment providers and logistics partners (if applicable) to process payments and deliver products
- Authorities and professional advisers, where required by law or necessary to establish, exercise, or defend legal claims
6. International transfers
Some of our providers (Google, Meta, AWS, etc.) may transfer data outside the EU. These transfers are safeguarded through mechanisms such as Standard Contractual Clauses or adequacy decisions by the European Commission.
7. Data retention
We keep personal data only as long as necessary for the purposes described in this Privacy Policy, and we either delete, anonymise, or securely archive data when no longer needed.
We retain your personal data only as long as necessary for the purposes stated:
- Contact submissions: up to 2 years
- Analytics data: 14 to 26 months
- Legal records: up to 6 years, as required under Portuguese law
8. Your rights and other important information
You have rights under the GDPR, including: access, rectification, erasure, restriction, portability, objection (including an unconditional right to object to direct marketing), and the right to withdraw consent.
When we process personal data based on consent, you can withdraw consent at any time; withdrawal does not affect past processing that was lawful before withdrawal, but it does affect future processing that relies on consent.
To exercise your rights, contact us at privacy@lampsyhealth.com. We may need to request additional information to verify your identity before fulfilling your request.
You also have the right to lodge a complaint with the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (www.cnpd.pt).
9. Third-party data you provide
If you provide us with personal data about someone else (caregivers, emergency contacts, gift recipients), you must ensure you have the right to provide that data. Where GDPR Article 14 applies (data not obtained directly from the data subject), we will provide the required information to that person within the required timelines, unless an exception applies.
10. Children's privacy
Our services and communications are directed at adults, and we do not knowingly collect personal information from children under 16 through the website.
At the same time, our product use cases may involve children (under 16 years old) or disabled people, who may not be able to provide consent. Therefore, if you are a parent, guardian, or caregiver, and intend to monitor your child or the person with disability you are responsible for, we require the filling of a consent document allowing the processing of their data. Please contact us at privacy@lampsyhealth.com to fulfill said diligence.
