Terms of Service
Effective: June 24, 2026
Last updated: June 24, 2026
These Terms of Service ("Terms") govern access to and use of HealthReact, including the HealthReact research platform, HealthReact mobile application, web portals, dashboards, connected wearable and sensor integrations, and related services.
By accessing or using HealthReact, users agree to comply with these Terms. If a user does not agree with these Terms, they should not use HealthReact.
1. Provider information
HealthReact is provided by:
University of Hradec Kralove
Faculty of Science
Rokitanskeho 62
500 03 Hradec Kralove
Czech Republic
Company ID: 62690094
Contact e-mail: info [at] healthreact.eu
Data protection contact: gdpr [at] uhk.cz
If HealthReact is provided in a particular study by another organisation or in cooperation with another organisation, the relevant study documentation, contract, informed consent form, participant information sheet, or privacy notice may identify additional responsible organisations, study sponsors, research institutions, healthcare providers, controllers, processors, or contact persons.
2. Scope of the Service
HealthReact is a digital research and monitoring platform used to support scientific, clinical, public health, behavioural, and health-related studies.
HealthReact may include:
- the HealthReact mobile application,
- web portals,
- research dashboards,
- study workspaces,
- questionnaire and ecological momentary assessment modules,
- notification and reminder systems,
- compliance reports,
- data exports,
- wearable device integrations,
- sensor integrations,
- Google Health API and Fitbit-related integrations,
- other connected health, fitness, behavioural, and environmental data sources.
The exact functionality available to a user depends on the specific study, workspace, device configuration, participant permissions, enabled modules, contractual setup, and technical availability of third-party services.
HealthReact may be used in multiple studies. Individual studies may be operated on separate servers or within separate HealthReact workspaces on shared infrastructure. Study workspaces are designed to be separated so that authorised users of one study do not automatically have access to data from another study.
3. Research and study-specific use
HealthReact is primarily intended to support research, monitoring, and study-related activities. Use of HealthReact within a particular study may be subject to additional documents, including:
- participant information sheets,
- informed consent forms,
- study protocols,
- ethics approval documentation,
- data processing agreements,
- contracts,
- institutional policies,
- instructions from the study team,
- study-specific privacy notices.
If study-specific documentation provides more specific rules for participation, data collection, withdrawal, contact points, or study procedures, those study-specific rules apply in addition to these Terms.
In case of a conflict between these Terms and mandatory study-specific documentation approved by the responsible research institution, ethics committee, healthcare provider, or study sponsor, the study-specific documentation prevails for that study participation, unless otherwise required by law.
4. Eligibility and authorised use
HealthReact may only be used by persons who are authorised to access it, including:
- study participants,
- research staff,
- healthcare professionals involved in a study,
- study administrators,
- technical administrators,
- authorised project partners,
- other users explicitly approved by the relevant study or HealthReact administrator.
Users must use HealthReact only for lawful purposes and only within the scope of their authorised role.
Users must not access or attempt to access HealthReact, study data, workspaces, accounts, systems, or integrations for which they are not authorised.
If a user is participating in a study, the user should follow the instructions provided by the study team and should contact the study team in case of questions about study participation.
5. User accounts and access credentials
Some users may receive login credentials, access links, QR codes, study codes, participant identifiers, or other authentication methods.
Users are responsible for keeping their access credentials confidential and for preventing unauthorised access to their account or device.
Users must not:
- share login credentials with unauthorised persons,
- allow unauthorised persons to use their account,
- impersonate another person,
- use another person's account without permission,
- attempt to bypass access controls,
- interfere with authentication or authorization mechanisms.
If a user suspects unauthorised access, loss of credentials, misuse of an account, or a security incident, they should contact the study team or HealthReact support as soon as possible.
6. Participant responsibilities
Study participants using HealthReact should:
- provide information truthfully and to the best of their knowledge,
- complete study tasks according to study instructions where possible,
- use connected devices according to the instructions provided,
- keep the HealthReact application reasonably up to date where applicable,
- maintain required device permissions if they wish to continue data collection,
- inform the study team if they experience technical issues,
- not intentionally submit false, misleading, manipulated, or harmful data.
HealthReact recognises that study participation may be voluntary and that users may have the right to withdraw from a study according to the applicable study documentation. These Terms do not limit rights granted by law, informed consent, or study-specific documentation.
7. Research staff and administrator responsibilities
Research staff, clinicians, administrators, and other authorised professional users must use HealthReact only for authorised study, clinical, research, administrative, technical, or support purposes.
Such users must:
- access only the workspaces and data they are authorised to access,
- maintain confidentiality of participant data,
- follow applicable study protocols,
- follow applicable data protection requirements,
- use exported data responsibly and securely,
- avoid unnecessary access to personal data,
- report suspected security or data protection incidents according to applicable procedures,
- comply with institutional, contractual, and legal obligations.
HealthReact access does not authorise users to process data outside the scope of their study role, employment role, contract, ethical approval, or legal basis.
8. Connected devices and third-party services
HealthReact may integrate with third-party devices, applications, APIs, and services. Depending on the study, these may include:
- Google Health API,
- Fitbit-related data sources accessible through Google Health API,
- Garmin-related services or SDK-based integrations,
- continuous glucose monitoring services,
- smart scales,
- environmental sensors,
- mobile operating system services,
- wearable devices,
- other health, fitness, behavioural, or sensor-based services.
Third-party services may be subject to their own terms of service, privacy policies, account requirements, device limitations, availability, and technical restrictions.
HealthReact is not responsible for the operation, accuracy, availability, security, policies, or changes of third-party services, devices, manufacturers, or API providers.
A third-party provider may modify, limit, suspend, discontinue, or change access to its data, APIs, devices, or services. Such changes may affect HealthReact functionality or data availability.
9. Google Health API, Fitbit, and OAuth authorisation
If a study or HealthReact module uses Google Health API, Fitbit-related data, or another Google-based health integration, users may be asked to connect their Google account and grant specific permissions through Google OAuth.
HealthReact will access Google Health API or Fitbit-related data only after the user has authorised such access.
Depending on the study and permissions granted by the user, HealthReact may access data such as:
- activity and fitness data,
- steps,
- distance,
- calories or energy expenditure,
- exercise or activity sessions,
- heart rate,
- heart rate variability or related physiological metrics where available,
- sleep data,
- body measurements,
- health and fitness metrics available through Google Health API,
- device or data source metadata,
- identifiers necessary to associate the Google or Fitbit connection with the correct HealthReact participant account.
The exact permissions requested may differ between studies. HealthReact aims to request only permissions that are necessary for the specific study or functionality.
Users may revoke access to Google APIs through their Google Account settings. If access is revoked, HealthReact will no longer be able to collect new data from that Google connection. Revocation of access may limit or stop certain study functions, data synchronization, dashboards, reports, or interventions.
Revoking Google access does not automatically delete data already collected and stored in HealthReact. Retention or deletion of previously collected data is governed by the applicable study documentation, legal basis, controller instructions, and HealthReact Privacy Policy.
HealthReact's use of information received from Google APIs is described in the HealthReact Privacy Policy and must comply with the Google API Services User Data Policy, including the Limited Use requirements.
10. Data accuracy and limitations of wearable and sensor data
HealthReact may process data from wearable devices, sensors, mobile applications, third-party APIs, and connected health services. Such data may be affected by:
- device accuracy,
- sensor limitations,
- device placement,
- battery level,
- participant behaviour,
- synchronization frequency,
- internet connectivity,
- operating system restrictions,
- manufacturer algorithms,
- third-party API availability,
- user permissions,
- delays in data transfer,
- missing or incomplete data.
HealthReact does not guarantee that data from wearable devices, third-party applications, sensors, or APIs is complete, continuous, accurate, clinically validated, or suitable for diagnosis.
Users should not rely on HealthReact or connected device data as the sole basis for medical decisions unless this is explicitly stated in certified study-specific or product-specific documentation.
11. No medical advice
HealthReact is generally intended for research, monitoring, data collection, behavioural assessment, study support, and related purposes.
HealthReact does not provide medical advice, diagnosis, treatment, emergency monitoring, or emergency response services unless explicitly stated in separate certified product documentation or study-specific documentation.
Information displayed in HealthReact, including dashboards, notifications, reports, measurements, derived metrics, alerts, questionnaire outputs, or visualisations, should not be interpreted as medical advice.
Users should consult qualified healthcare professionals for medical questions, diagnosis, treatment, or urgent health concerns.
12. No emergency monitoring
HealthReact is not an emergency monitoring system.
HealthReact must not be used as a substitute for emergency medical care, continuous clinical supervision, emergency alarms, life-support systems, or immediate response services.
HealthReact may experience delays, outages, missing data, synchronization failures, device disconnections, battery-related failures, internet connectivity problems, or third-party service limitations.
In case of medical emergency, users should contact emergency services or seek immediate medical assistance through appropriate channels.
13. Privacy and data protection
The processing of personal data in HealthReact is described in the HealthReact Privacy Policy:
https://www.healthreact.eu/health-react/
The Privacy Policy explains what data may be processed, why it is processed, how it is collected, how Google API data is used, how data may be shared, how long data may be retained, and what rights users may have.
By using HealthReact, users acknowledge that personal data may be processed as described in the HealthReact Privacy Policy and relevant study-specific documentation.
If a user participates in a study, the relevant study documentation may contain additional information about data protection, controllers, processors, legal basis, retention, withdrawal, and participant rights.
14. Acceptable use
Users must not misuse HealthReact.
Users must not:
- use HealthReact for unlawful purposes,
- attempt to gain unauthorised access to systems, data, workspaces, accounts, APIs, or servers,
- interfere with or disrupt the operation of HealthReact,
- bypass security, authentication, authorization, or access-control mechanisms,
- upload or transmit malicious code,
- perform denial-of-service attacks,
- scrape, harvest, or extract data without authorisation,
- reverse engineer, decompile, or attempt to derive source code except where permitted by mandatory law,
- manipulate, falsify, or intentionally corrupt study data,
- impersonate another person or organisation,
- use HealthReact in a way that violates study documentation, contracts, institutional rules, or applicable law,
- use HealthReact to infringe intellectual property rights,
- use HealthReact to transmit unlawful, harmful, abusive, discriminatory, or otherwise inappropriate content,
- attempt to access another study workspace without authorisation,
- share confidential participant data outside authorised channels.
HealthReact may suspend or restrict access if misuse, security risk, unauthorised access, breach of these Terms, or violation of applicable law is suspected.
15. Intellectual property
HealthReact, including its software, platform, design, workflows, user interfaces, databases, dashboards, algorithms, documentation, trademarks, logos, and related materials, is protected by intellectual property rights.
Users receive only a limited, non-exclusive, non-transferable, revocable right to use HealthReact for authorised purposes and within the scope of their role, study participation, contract, or institutional permission.
These Terms do not transfer ownership of HealthReact, software, source code, algorithms, trademarks, logos, documentation, or other intellectual property to users.
Users must not copy, modify, distribute, sell, lease, sublicense, or commercially exploit HealthReact unless explicitly authorised in writing.
16. Study data, exports, and research outputs
Data collected through HealthReact may be used for research, analysis, reporting, publications, clinical evaluation, project deliverables, or other study-related outputs according to the relevant study documentation, legal basis, ethics approval, contracts, and data protection rules.
Authorised users who export data from HealthReact are responsible for handling exported data securely and lawfully.
Exported data may contain personal data, pseudonymous data, sensitive data, or confidential research data. It must not be shared, published, transferred, or reused outside the authorised study context unless permitted by applicable law, study documentation, contracts, and controller instructions.
Research outputs should be prepared in a way that respects participant confidentiality and applicable data protection requirements.
17. Availability, maintenance, and changes
HealthReact aims to provide reliable operation, but uninterrupted or error-free service is not guaranteed.
HealthReact may be temporarily unavailable due to:
- maintenance,
- updates,
- technical issues,
- security incidents,
- infrastructure outages,
- internet connectivity problems,
- third-party service limitations,
- API changes,
- device or operating system restrictions,
- force majeure events.
HealthReact may update, modify, improve, suspend, or discontinue features, integrations, modules, dashboards, APIs, or applications from time to time.
Changes may be required due to technical development, security needs, regulatory requirements, changes in third-party APIs, research needs, or operational considerations.
18. Suspension and termination of access
Access to HealthReact may be suspended, restricted, or terminated if:
- the user no longer participates in a study,
- the study ends,
- the user withdraws from a study,
- the user's role changes,
- the relevant institution requests termination,
- the user breaches these Terms,
- misuse or unauthorised access is suspected,
- continued access creates a security, privacy, legal, or operational risk,
- required third-party permissions are revoked,
- applicable law, contract, or study documentation requires termination.
Termination of access does not necessarily require deletion of data already collected. Data retention and deletion are governed by the HealthReact Privacy Policy, study documentation, controller instructions, legal obligations, and research integrity requirements.
19. Disclaimers
HealthReact is provided on an "as is" and "as available" basis to the extent permitted by applicable law.
HealthReact does not guarantee that:
- the service will always be available,
- data synchronization will always be continuous,
- third-party services will remain available,
- wearable or sensor data will always be accurate,
- notifications will always be delivered on time,
- all errors will be corrected,
- the platform will meet all individual expectations or requirements,
- data from third-party APIs will remain available in the same format or scope.
Nothing in these Terms excludes or limits liability where such exclusion or limitation is not permitted by applicable law.
20. Limitation of liability
To the extent permitted by applicable law, HealthReact and its provider are not liable for indirect, incidental, consequential, special, punitive, or exemplary damages, including loss of data, loss of profit, loss of research opportunity, loss of business, reputational damage, or interruption of service.
HealthReact and its provider are not responsible for failures, inaccuracies, delays, outages, or changes caused by third-party devices, third-party applications, APIs, operating systems, network providers, cloud providers, wearable manufacturers, or user devices.
This limitation does not apply to liability that cannot be excluded or limited under applicable law.
21. Third-party terms
When users connect HealthReact to third-party services, including Google Health API, Fitbit-related services, wearable devices, or other external systems, the users may also be subject to the terms and policies of those third-party providers.
Users are responsible for reviewing and complying with applicable third-party terms.
HealthReact is not responsible for third-party terms, privacy practices, account restrictions, service changes, API limitations, or device requirements.
22. Changes to these Terms
HealthReact may update these Terms from time to time to reflect changes in the platform, legal requirements, Google API requirements, third-party integrations, study practices, security requirements, or operational needs.
The latest version will be published on the HealthReact website. If changes are material, HealthReact or the relevant study controller may provide additional notice where required.
Continued use of HealthReact after updated Terms become effective means that the user accepts the updated Terms, unless applicable law or study-specific documentation provides otherwise.
23. Governing law
These Terms are governed by the laws of the Czech Republic, unless mandatory law provides otherwise.
If a user accesses HealthReact as part of a study conducted by another institution or in another jurisdiction, additional mandatory legal requirements, study documentation, contracts, or institutional rules may apply.
24. Contact
For questions about these Terms or HealthReact, please contact:
HealthReact Contact
E-mail: info [at] healthreact.eu
For privacy-related questions, please contact:
HealthReact Privacy Contact
E-mail: info [at] healthreact.eu
Data protection contact: gdpr [at] uhk.cz
For questions about a specific study, users should contact the study team, research institution, healthcare provider, or controller identified in the relevant study documentation.
