EmmaGlaucoma Companion
Emma
Your Glaucoma Companion

Privacy Policy

Last updated: 5 June 2026  ·  Effective from Emma's public release  ·  Published by R.Tej Health Analytics Private Limited

The short version — in plain English

Emma is built on one principle: your health information is yours alone. The app is designed so that your eye-pressure readings, your conversations with Emma, and your personal notes never leave your phone. We do not have a server full of patient data. We cannot read your health information. We have deliberately built it this way.

There are a few places where your device does connect to outside systems — to download Emma's AI at first launch, to play coaching videos hosted on YouTube, or if you choose to turn on iCloud backup. We explain each of these honestly below.

For the full detail, read on. If you have questions, contact us at privacy@withemma.health.

1. Who we are

Emma is published by R.Tej Health Analytics Private Limited, a company incorporated in India, whose registered office is at A-125 New Friends Colony, New Delhi 110025, India.

For the purposes of the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and India's Digital Personal Data Protection Act 2023 (DPDPA), R.Tej Health Analytics Private Limited is the data controller (the "Data Fiduciary" under the DPDPA) — the company responsible for deciding how and why any personal data relating to you is used.

You can contact us about privacy at any time:

  • Email: privacy@withemma.health
  • Post: R.Tej Health Analytics Private Limited, A-125 New Friends Colony, New Delhi 110025, India

2. Our privacy principle: privacy by architecture

Most health apps collect your data and send it to their servers. Emma works differently. We have built Emma so that your health data never reaches us. The artificial intelligence that powers Emma runs entirely on your phone. Your conversations with Emma, your eye-pressure readings, your notes, and your appointment records are processed and stored locally — on your device, under your control.

This is not just a policy promise. It is how Emma is engineered. We cannot read your health data because our servers never receive it.

We explain the specific limited cases where network connections do occur in Section 5 below. We believe in being honest about those, too.

3. The health data Emma handles — and where it stays

When you use Emma, you may enter and store the following information. All of it stays on your device only:

Q Does Emma see my eye-pressure (IOP) readings?
No. Your IOP readings, notes, and appointment records are saved in the Emma Journey Log on your device using Apple's secure on-device database technology (SwiftData). They are never sent to us.
Q Does Emma read the questions and conversations I have with the AI?
No. Your questions and Emma's answers are processed by AI models that run entirely on your phone. No part of your conversation is transmitted to any server — not ours, not anyone else's.
Q What about the camera — does Emma store or upload photos I take?
No. When you use the reading aid to photograph a medicine label or piece of small print, the text recognition runs entirely on your device using Apple's Vision framework. Images are never uploaded. We ask for camera or photo access only at the moment you use this feature, and only with your permission.
Q Does Emma send my voice to a server?
No. Voice is processed entirely on your device. When you speak to Emma, speech recognition runs on-device only — Emma explicitly requires Apple's on-device recognition mode (requiresOnDeviceRecognition = true). If a particular device or language cannot recognise speech on-device, Emma simply hides the microphone rather than sending your audio anywhere — it never falls back to a server. The read-aloud feature likewise uses Apple's on-device text-to-speech. Your voice is never transmitted to Apple, to us, or to anyone else.
Q What about the eye-health information Emma uses to answer my questions?
This information is built into the app. Emma contains a curated knowledge base of eye-health information drawn from public-domain and government sources (NHS, the US National Eye Institute, and others). Lookups happen on your device. No queries leave your phone to fetch answers from the internet.
Q What about my medication reminders?
Reminders are local. Drop-time and appointment reminders are scheduled using your phone's local notifications. No reminder data is sent to us.
Q Does Emma collect performance or crash diagnostics?
Only if you turn it on — and it stays on your device. Emma includes an optional diagnostics feature (off by default) that records app performance and stability information — launch time, memory use, hangs and crashes. These contain no health data and are stored only on your device to help diagnose problems. They are not transmitted to us or anyone else.

4. The lawful basis for processing your data

UK data-protection law (UK GDPR) requires us to have a legal reason — called a "lawful basis" — for using personal information. Because Emma is built so that health data never reaches our servers, this section applies mainly to the limited data interactions described in Section 5.

Your eye-health data (IOP readings, appointment records, notes) is stored by you, on your device. To the extent that Emma's software processes this data locally on your phone in order to provide the app's core functions — such as displaying your Journey Log or powering Emma's answers — our lawful basis is:

  • Performance of a contract (Article 6(1)(b) UK GDPR): using your data to provide the service you downloaded Emma to receive.
  • Explicit consent (Article 6(1)(a) and Article 9(2)(a) UK GDPR): for processing of special-category health data. Your health data is classified as "special category" data under UK GDPR, which requires a higher level of protection. We rely on your explicit, informed consent — given when you first use the Journey Log — as the legal condition for this processing.

For the limited data processed in the network interactions described in Section 5 (for example, IP-address logs from our content-delivery network), our lawful basis is our legitimate interests (Article 6(1)(f) UK GDPR) in operating and improving a secure, reliable service — provided those interests do not override your fundamental privacy rights.

5. Limited network interactions — what happens and why

Although Emma is built to be as private as possible, there are four situations where your device makes a network connection. We describe each one honestly below.

5.1 Downloading Emma's AI model (first launch)

When you first open Emma, the app downloads Emma's AI model files from our content-delivery servers over a secure HTTPS connection. This download is a one-way transfer: the model files are sent to your device. No personal or health information is included in this request.

Like any connection to a web server, our content-delivery network's servers will record a standard server-log entry, which includes your device's IP address and the date and time of the download. This is how the internet works. We use this log information only for security, fraud prevention, and infrastructure management (for example, to detect abuse or measure download traffic). We do not use IP addresses to identify you personally or link them to your health data. We do not share these logs with advertisers or data brokers.

Retention: these server logs are retained for 30 days, after which they are deleted.

5.2 Coaching videos hosted on YouTube

Emma includes short coaching videos produced by a specialist eye clinician. These videos are served from youtube-nocookie.com, a privacy-focused YouTube embed domain. However, we want to be transparent:

  • When you tap to watch a video, your device connects directly to YouTube's (Google's) servers.
  • YouTube-nocookie reduces some forms of tracking, but Google may still set cookies, write to your device's local storage, and collect information about your video viewing as permitted by Google's privacy policy.
  • R-Tej does not receive or see any of this data. It is governed entirely by Google's Privacy Policy.

We show you a brief notice before the video loads so you can make an informed choice. If you prefer not to connect to YouTube, you do not need to watch the videos — the app's core health-information and companion features work without them.

5.3 Optional iCloud backup (off by default)

Emma includes an optional feature to back up your Journey Log (IOP readings, appointments, notes) to your own private iCloud account. This feature is turned off by default. You must actively enable it in Emma's Settings.

If you turn it on:

  • Your Journey Log data is backed up to your own private Apple iCloud database (CloudKit). Only you — and apps you authorise — can access this data. R-Tej has no access to your iCloud database. We cannot read, modify, or delete it.
  • This backup is governed by Apple's iCloud Terms and Conditions and Apple's Privacy Policy.
  • If you turn off iCloud backup or delete Emma, the data in your iCloud database remains under your control. You can delete it via Settings > [Your Name] > iCloud > Manage Account Storage on your iPhone.

5.4 Subscription payment (app store)

Emma is a paid app. Payment is processed entirely by the app store you downloaded it from (Apple's App Store or Google Play). This means:

  • R-Tej never receives your payment card details, bank information, or billing address.
  • R-Tej receives only a confirmation of whether your subscription is active (yes or no). Nothing else.
  • Your purchase history is governed by the app store's own privacy policy (Apple / Google).

6. What we do not collect

To be completely clear, Emma does not:

  • Collect or transmit your eye-pressure readings, appointment records, or personal notes to any server
  • Read, store, or transmit your conversations with Emma's AI
  • Upload photos or images you take with the reading aid
  • Collect your name, email address, or any other account information (Emma requires no account)
  • Use advertising, analytics, or tracking SDKs — Emma integrates no third-party analytics, advertising, crash-reporting, or tracking code whatsoever
  • Track your location
  • Show you targeted advertisements
  • Sell your personal data to any third party
  • Share your health data with insurers, employers, or pharmaceutical companies

7. Not a medical device

Emma provides general eye-health information and a supportive companion experience. It is not a medical device and is not a substitute for professional medical advice, diagnosis, or treatment. Emma never gives personalised medical or treatment advice. Always consult your eye specialist or GP about your specific condition and treatment.

This privacy policy is consistent with, and should be read alongside, Emma's full Terms of Use & Medical Disclaimer.

8. Your privacy rights

Under UK data-protection law (UK GDPR), you have the following rights. Because Emma stores your data on your device and not on our servers, most of these rights can be exercised directly within the app — but we are here to help if you need us.

Right of access

You can see all your data at any time within the Emma app. If you would like a copy of any data we hold about you (limited to server logs associated with your IP address), contact us.

Right to erasure

You can delete all your Journey Log data from within the app at any time (Settings > Delete My Data). Uninstalling Emma removes all on-device data permanently.

Right to portability

You can export your Journey Log (e.g. as a PDF for your clinician) from within the app. If you need data in a machine-readable format, contact us.

Right to rectification

You can edit any entry in your Journey Log directly within the app.

Right to object / restrict

If you object to any processing we carry out on the basis of legitimate interests (such as server-log analysis), contact us and we will consider your request.

Right to withdraw consent

If you have given consent for any processing (for example, enabling iCloud backup), you can withdraw it at any time in Emma's Settings. Withdrawal will not affect anything done beforehand.

How to make a rights request

Contact us at privacy@withemma.health. We will respond within one calendar month of receiving your request. We may ask you to verify your identity before acting on a request.

Right to complain to a regulator

If you are not satisfied with how we have handled your personal data, you have the right to complain to the Information Commissioner's Office (ICO), the UK data-protection regulator:

If you are based in the European Union, you also have the right to complain to your local EU supervisory authority.

9. Data retention

DataWhere storedControlled byRetention
Journey Log (IOP, appointments, notes)Your deviceYouUntil you delete it or uninstall Emma
Conversations with Emma (AI)Your deviceYouSession-based; not persisted by the app
Server logs (IP address + timestamp during model download)Emma's serversR-Tej30 days, then automatically deleted
iCloud backup (opt-in)Your iCloud (Apple)You (via Apple)Until you delete it from iCloud
YouTube viewing data (if you play a coaching video)Google's serversGoogleAs per Google's Privacy Policy
Subscription statusApp storeApple / GoogleAs per the app store's Privacy Policy

10. International transfers

Emma is published by an Indian company (R.Tej Health Analytics Private Limited) and is designed to comply with UK GDPR, EU GDPR, and India's DPDPA. Because your health data stays on your device, we do not transfer it internationally — it never reaches us in the first place. The only cross-border data flows are within the limited network interactions described in Section 5:

  • Content-delivery servers (model download): our content-delivery network may use servers in the United Kingdom, the European Union, and the United States. Where servers are located outside the UK, any transfer of standard server-log data (IP address and timestamp) is protected by appropriate safeguards, such as the UK International Data Transfer Agreement / Addendum and the European Commission's Standard Contractual Clauses.
  • YouTube / Google (coaching videos): when you play a coaching video, your device connects to Google LLC, based in the United States. Google's transfers from the UK/EU are governed by Google's own data-processing terms. See Google's Privacy Policy.
  • iCloud backup (opt-in): if you enable iCloud backup, Apple Inc. (United States) stores your data. Apple's international transfer arrangements are governed by Apple's iCloud Terms and Conditions. See Apple's Privacy Policy.

11. Security

We take the security of Emma seriously. On your device, your Journey Log is protected by your phone's own security — including your device passcode, Face ID / Touch ID, and hardware-backed encryption. On our servers, we hold only the minimal transient log data described above, which is protected by industry-standard access controls.

No method of electronic storage or transmission is 100% secure. If we ever became aware of a security incident affecting your data, we would notify you and the ICO as required by law.

12. Children's privacy

Emma is designed for adults, primarily people living with glaucoma and other eye conditions. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where a higher age applies for digital consent). The app is not directed at children.

If you are a parent or guardian and believe your child has submitted personal information through Emma, please contact us at privacy@withemma.health and we will delete it promptly.

13. Changes to this policy

We may update this privacy policy from time to time — for example, if we add new features, if the law changes, or to improve clarity. When we make a material change, we will:

  • Update the "Last updated" date at the top of this page
  • Show a notice within the Emma app
  • Where required by law, obtain fresh consent before the change takes effect

14. Contact us

If you have any questions, concerns, or requests about this privacy policy or how Emma handles your data, please get in touch:

R.Tej Health Analytics Private Limited

Privacy enquiries: privacy@withemma.health

Post: A-125 New Friends Colony, New Delhi 110025, India

We aim to respond to all enquiries within 30 calendar days.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office at ico.org.uk/make-a-complaint or by calling 0303 123 1113.

Appendix A: Additional information for California and US residents

If you are a resident of California, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) may give you additional rights. This appendix supplements the main policy above.

Personal information we collect about California residents

Given Emma's on-device architecture, the personal information R-Tej collects from California residents is limited to:

  • Device IP address and download timestamp — collected transiently in server logs when you download Emma's AI model (see Section 5.1). Category: "Identifiers" under CCPA.

R-Tej does not collect, sell, or share any other personal information about California residents. We do not use personal information for cross-context behavioural advertising.

Your CCPA/CPRA rights

  • Right to know: you may request information about the personal information we collect, use, and disclose.
  • Right to delete: you may request that we delete personal information we have collected from you, subject to certain legal exceptions.
  • Right to correct: you may request that we correct inaccurate personal information.
  • Right to opt out of sale or sharing: R-Tej does not sell or share personal information. No opt-out link is required, but you can confirm this by contacting us.
  • Right to limit use of sensitive personal information: we do not use sensitive personal information (including health data) for any purpose beyond providing the service.
  • Right to non-discrimination: we will not discriminate against you for exercising any CCPA right.

To exercise any of these rights, contact us at privacy@withemma.health. We will respond within 45 days (extendable by 45 further days with notice).