Data Collected by ZHOR TECH

We collect data about you, including personally identifiable information, only with your consent. This includes:

• Account data: Name, email address, date of birth, gender, username and password to access our services
• Health & biometric data: Biomechanical data from Mov-Scan™ sensor analysis including power, cadence, gait metrics, and other mobility indicators
• Location data: When you use our products, we may collect device location information necessary for movement analysis
• Third-party authentication: If you sign in via third-party accounts (e.g., Google), we collect only the information you have agreed to share

How We Use Your Data

We use collected data to:

• Administer and deliver the Baliston Health platform services
• Provide biomechanical statistics, visualizations, and mobility assessments to practitioners
• Analyze, develop, and improve our services and AI algorithms
• Communicate about services, features, and platform updates
• Send commercial communications (only with explicit opt-in consent)

How Your Data is Shared

We share your data only under the following circumstances:

• When necessary for the performance of our services
• At the request of a national authority or by court order
• If required by applicable law
• To investigate and defend against claims or allegations
• To protect the rights and safety of ZHOR TECH, our users, and personnel
• With your explicit prior consent

We may process your data using subprocessors listed on our Subprocessor List. All subprocessors are contractually required to comply with equivalent data protection standards.

We may anonymize certain data from our users for research purposes and to improve our AI algorithms. Anonymized data cannot be used to identify any individual.

Legal Basis of Processing

Processing Activity	Data	Legal Basis
Website / platform usage	IP addresses, connection timestamps, electronic signatures	Art. 6(1)(f) GDPR — Legitimate interest
Strictly necessary cookies	Session identifiers, security tokens	Art. 6(1)(f) GDPR — Legitimate interest
Non-essential cookies	Analytics, preferences, marketing identifiers	Art. 6(1)(a) GDPR — User consent
Authentication	Username, hashed password, email, IP address	Art. 6(1)(b) GDPR — Contractual requirement
Practitioner profile	Name, phone, email, profession, offices	Art. 6(1)(b) GDPR — Contractual requirement
Patient profile	Name, gender, age, shoe size, height, weight, location	Art. 6(1)(b) GDPR — Contractual requirement
Anonymous sensor raw data	Unprocessed binary data from Mov-Scan™ pods	Art. 6(1)(b) GDPR — Contractual requirement
Anonymous algorithm output	Steps, cadence, gait line, propulsion, stability, etc.	Art. 6(1)(b) GDPR — Contractual requirement
Algorithm output linked to patient	Same as above, linked via unique patient identifier	Art. 6(1)(b) GDPR — Contractual requirement
Customer communication	Name, phone, email	Art. 6(1)(f) GDPR — Legitimate interest
Newsletters / Marketing	Name, phone, email	Art. 6(1)(a) GDPR — Explicit consent

Data Retention

We retain your data as long as you are a registered user of our platform. Beyond that, we store data only when legally required (warranty obligations, statutory limitation periods, tax retention requirements). If you delete your account, all data will be deleted or anonymized, except data required for the completion of ongoing contractual obligations (e.g., pending deliveries).

Your Rights

Under applicable data protection law, you have the right to:

• Access — receive confirmation of data processing and a copy of your data
• Rectification — correct inaccurate or incomplete data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — limit processing without deletion
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest
• Withdrawal of consent — revoke consent at any time for future processing

To exercise your rights, please use our Contact & Data Requests page, or email compliance@zhortech.com, or write to:

ZHOR TECH SAS
7 Place Stanislas
54000 Nancy, France

Security Measures

We implement appropriate technical and organizational security measures to protect against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures are continuously reviewed, tested, and updated.

Hosting and Access Data

Our platform is hosted on Amazon Web Services (AWS) infrastructure located in both the European Union and the United States. Each time you access our platform, standard server log files are automatically generated (e.g., IP address, date/time of access, data transferred). This access data is used exclusively for ensuring trouble-free operation and improving our services. Access logs are deleted no later than seven days after your visit.

Data Transfer

To fulfill contractual obligations, we may share your data with shipping service providers and payment processors. Where data transfers occur outside the European Economic Area, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

1. Definitions

"Provider" means ZHOR TECH SAS, registered in Nancy, France (SIREN 808 187 280), operating as Baliston Health.

"Customer" means the professional entity or healthcare practitioner that has signed the order form and accepted these Terms of Use.

"Authorized Users" means Customer's employees, consultants, contractors, and agents who are authorized by Customer to access and use the Services and for whom access has been purchased.

"Services" means the Baliston Health Mobility Scan Platform, including the web application, mobile applications (iOS and Android), AI-powered gait analysis engine, and all associated features and functionality.

"Products" means the Baliston Health Mov-Scan™ sensor pods, customizable insoles, charger, and accessories provided in connection with the Services.

"Customer Data" means all information, data, and content collected, uploaded, or otherwise provided by Customer or its Authorized Users through the Services, including patient data. Customer Data does not include anonymized or aggregated data derived from use of the Services.

"Access Credentials" means any username, password, security key, token, or other authentication method used to verify an individual's identity and authorization to access the Services.

"Confidential Information" means information in any form that the disclosing party considers confidential or proprietary, including technology, trade secrets, business operations, plans, strategies, customers, and pricing.

"Documentation" means any manuals, instructions, or other materials provided by the Provider describing the functionality, configuration, operation, or maintenance of the Services.

2. Access and Use Rights

Subject to these Terms of Use and payment of applicable fees, Provider grants Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the subscription term, solely for Customer's internal healthcare practice purposes.

Access is limited to the number of Authorized Users specified in the applicable order form. Customer may not exceed this number without prior written agreement and payment of additional fees.

3. Customer Obligations

Customer shall:

• Ensure all Authorized Users comply with these Terms of Use
• Be responsible for the accuracy, quality, and legality of all Customer Data
• Use the Services only in accordance with applicable laws and regulations, including health data protection requirements
• Maintain the confidentiality of all Access Credentials and promptly notify Provider of any unauthorized access
• Not resell, sublicense, or make the Services available to any unauthorized third party
• Not attempt to reverse-engineer, decompile, or disassemble the Services or any component thereof
• Not use the Services to transmit any Harmful Code (viruses, malware, or other malicious software)

4. Data Protection

The processing of personal data is governed by our Privacy Policy and Data Processing Agreement. Customer acts as the data controller for patient data processed through the platform. Provider acts as data processor in accordance with the DPA.

5. Intellectual Property

All intellectual property rights in the Services, platform, algorithms, AI models, Documentation, and all other Provider Materials remain the exclusive property of ZHOR TECH SAS. Nothing in these Terms transfers any ownership rights to Customer. Customer retains all ownership rights in Customer Data.

6. Availability and Support

Provider will use commercially reasonable efforts to make the Services available 99.5% of the time, excluding scheduled maintenance. Support is provided through Zoho Desk during business hours (CET). Emergency support for critical issues is available as specified in the applicable order form.

7. Confidentiality

Both parties agree to protect Confidential Information with at least the same degree of care they use to protect their own confidential information, and in no event less than reasonable care. Neither party shall disclose Confidential Information to third parties without prior written consent, except to employees, agents, or contractors who need access to perform obligations under these Terms and are bound by equivalent confidentiality obligations.

8. Warranties and Disclaimers

Provider warrants that the Services will perform materially in accordance with the Documentation during the subscription term. The Baliston Health platform is a clinical decision-support tool. It does not replace professional medical judgment. Provider makes no warranty that the Services will be uninterrupted, error-free, or that all defects will be corrected.

9. Limitation of Liability

Provider shall not be liable for any clinical decisions made based on platform outputs. To the maximum extent permitted by law, Provider's total aggregate liability for all claims arising under or related to these Terms shall not exceed the amounts paid by Customer in the twelve (12) months preceding the event giving rise to the claim.

In no event shall Provider be liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or business opportunities.

10. Term and Termination

These Terms remain in effect for the subscription period specified in the order form, and automatically renew for successive periods unless either party provides written notice of non-renewal at least thirty (30) days prior to the end of the then-current term. Either party may terminate for material breach if the breach remains uncured thirty (30) days after written notice.

Upon termination, Customer's access to the Services will cease and Provider will delete or return Customer Data in accordance with the Data Processing Agreement.

11. Governing Law and Jurisdiction

These Terms of Use are governed by the laws of France, without regard to conflict of law principles. Any disputes arising under these Terms shall be submitted to the exclusive jurisdiction of the competent courts of Nancy, France.

1. Scope

These Terms apply to all orders for Baliston Health Mov-Scan™ Kits (including sensor pods, customizable insoles, chargers, and accessories), platform subscriptions, and associated professional services placed through ZHOR TECH's authorized sales channels, including the Baliston Health website powered by Shopify.

2. Orders and Acceptance

Orders are confirmed upon written acceptance by ZHOR TECH and receipt of payment or a valid purchase order. ZHOR TECH reserves the right to decline any order at its sole discretion. An order confirmation email will be sent to the address provided by Customer.

3. Pricing and Payment

Prices are as stated in the applicable order form, quotation, or online listing at the time of purchase. All prices are exclusive of applicable taxes (VAT, sales tax) unless otherwise explicitly specified. Payment terms are net thirty (30) days from invoice date unless otherwise agreed in writing. Late payments may incur interest at the rate of three times the legal interest rate applicable in France, plus a fixed recovery fee of €40.

4. Delivery

Delivery dates are estimates and not guaranteed. Risk of loss transfers to Customer upon delivery to the carrier. ZHOR TECH is not liable for delays beyond its reasonable control, including force majeure events. Customer shall inspect goods upon receipt and report any damage or discrepancy within five (5) business days.

5. Warranty

ZHOR TECH warrants that hardware products (Mov-Scan™ pods, chargers) will be free from material defects in materials and workmanship for a period of twelve (12) months from the date of delivery. Software and platform services are warranted to perform materially in accordance with the applicable Documentation during the subscription term. This warranty does not cover damage caused by misuse, unauthorized modification, or normal wear and tear.

6. Returns and Refunds

Defective products may be returned within the warranty period for repair or replacement at ZHOR TECH's option. Customer must obtain a Return Merchandise Authorization (RMA) prior to returning any product by contacting support at compliance@zhortech.com. Refunds for subscription services are handled in accordance with the applicable order form.

7. Limitation of Liability

ZHOR TECH's total aggregate liability for all claims arising under these Terms of Sale shall not exceed the amounts paid by Customer under the relevant order in the twelve (12) months preceding the claim. ZHOR TECH shall not be liable for any indirect, incidental, or consequential damages.

8. Governing Law and Jurisdiction

These Terms of Sale are governed by the laws of France. Any disputes shall be submitted to the exclusive jurisdiction of the competent courts of Nancy, France.

9. Consumer Dispute Resolution

The European Commission's online dispute resolution platform is available at: http://ec.europa.eu/consumers/odr. For complaints, contact ZHOR TECH SAS by mail at 7 Place Stanislas, 54000 Nancy, France.

1. Scope and Roles

Controller: The healthcare practitioner or entity using the Baliston Health platform who determines the purposes and means of processing patient data.

Processor: ZHOR TECH SAS (SIREN 808 187 280), 7 Place Stanislas, 54000 Nancy, France, which processes personal data on behalf of the Controller to deliver the Baliston Health platform services.

2. Subject Matter and Duration

The Processor processes personal data solely for the purpose of providing the Baliston Health Mobility Scan Platform services, including AI-powered gait analysis, biomechanical assessment, patient data management, longitudinal tracking, and related clinical decision-support features. Processing continues for the duration of the services agreement.

3. Categories of Data Subjects

• Patients of the Controller's healthcare practice
• Practitioners and staff of the Controller (Authorized Users)

4. Categories of Personal Data

• Patient identification data (name, contact information, demographics)
• Patient health and biometric data (gait metrics, biomechanical measurements from Mov-Scan™ sensors)
• Practitioner identification and authentication data
• Device metadata and session data
• Location data (when relevant to the assessment)

5. Processor Obligations

The Processor shall:

• Process personal data only on documented instructions from the Controller, unless required by EU or Member State law
• Ensure all personnel authorized to process personal data are bound by confidentiality obligations
• Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
• Assist the Controller in responding to data subject requests (access, rectification, erasure, portability, etc.)
• Assist the Controller in ensuring compliance with obligations related to data breach notification and data protection impact assessments
• Delete or return all personal data to the Controller upon termination of the services, and delete existing copies unless retention is required by law
• Make available to the Controller all information necessary to demonstrate compliance with GDPR Article 28 obligations
• Allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller

6. Sub-processing

The Processor maintains a current list of approved subprocessors. The Controller will be notified of any intended changes (additions or replacements) at least thirty (30) days in advance, with the opportunity to object. If the Controller objects on reasonable grounds, the parties will work in good faith to resolve the objection.

7. International Data Transfers

Data is processed on Amazon Web Services (AWS) infrastructure located in both the European Union (Frankfurt) and the United States. Any international transfers comply with GDPR Chapter V requirements, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission and supplementary measures where necessary.

8. Data Breach Notification

The Processor will notify the Controller without undue delay (and in any event within 48 hours) of becoming aware of a personal data breach affecting Controller's data. The notification will include: the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach.

9. Term and Termination

This DPA remains in effect for the duration of the services agreement between the parties. Upon termination, all personal data will be deleted or returned to the Controller within thirty (30) days, in accordance with Controller's documented instructions, unless applicable law requires continued storage.

1. Acceptance

By accessing or using the Baliston Health platform, you confirm that you have read, understood, and agree to be bound by this User Agreement. If you do not agree, you must not access or use the platform.

2. Authorized Use

You may use the platform solely for legitimate healthcare assessment and clinical decision-support purposes within the scope of your organization's subscription. You must not:

• Share your Access Credentials with any other person
• Attempt to access data belonging to other organizations or users
• Reverse-engineer, decompile, or disassemble any part of the platform
• Use the platform for purposes other than those authorized by your organization
• Copy, redistribute, or create derivative works from the platform or its outputs without prior written consent

3. Account Security

You are responsible for maintaining the confidentiality of your login credentials and for all activities that occur under your account. You must notify your organization's administrator immediately if you become aware of any unauthorized access to your account or any security breach.

4. Patient Data Responsibilities

When entering or processing patient data through the platform, you must ensure that:

• You have obtained all necessary patient consents in accordance with applicable healthcare regulations
• You comply with applicable data protection laws (including GDPR, and HIPAA where applicable)
• Patient data is accurate and up-to-date
• You do not enter unnecessary personal data beyond what is required for the clinical assessment

5. Acceptable Use Policy

You shall not:

• Upload any malicious code, virus, or harmful software to the platform
• Interfere with or disrupt platform operations, servers, or networks
• Use the platform in any manner that violates applicable laws or regulations
• Share platform outputs (reports, analyses) in a manner that could identify patients without their explicit consent
• Use automated scripts, bots, or other means to access the platform beyond normal usage

6. Clinical Disclaimer

The Baliston Health platform provides clinical decision-support data based on AI-powered gait analysis. It does not constitute medical advice and does not replace professional clinical judgment. All diagnostic and treatment decisions remain the sole responsibility of the treating healthcare professional. ZHOR TECH shall not be liable for any clinical outcomes resulting from the use of platform data.

7. Intellectual Property

All platform content, software, algorithms, AI models, and proprietary analysis methods remain the exclusive property of ZHOR TECH SAS. You receive a limited, non-exclusive, non-transferable license to use the platform during the term of your organization's subscription. This license terminates immediately upon expiration or termination of the subscription, or upon revocation of your Authorized User status.

8. Suspension and Termination

ZHOR TECH reserves the right to suspend or terminate your access to the platform if you violate this User Agreement, without prejudice to any other rights or remedies available. Your organization's administrator may also revoke your access at any time.

Access Control

• Role-based access control (RBAC) for all platform resources
• Multi-factor authentication (MFA) for administrative and developer access
• Unique user credentials with enforced strong password policies
• Regular access reviews and prompt de-provisioning of inactive or departing accounts
• Physical access controls for server facilities (managed by AWS)
• Principle of least privilege applied across all systems

Data Encryption

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for data at rest in all storage systems
• Encrypted database backups with access controls
• Certificate management and regular rotation procedures
• Encryption key management with separation of duties

Network Security

• Web Application Firewall (WAF) and intrusion detection/prevention systems
• Network segmentation between production, staging, and development environments
• Regular vulnerability scanning and periodic penetration testing by qualified third parties
• DDoS protection and mitigation services (AWS Shield)
• VPN required for administrative access to production systems

Application Security

• Secure software development lifecycle (SSDLC) with security reviews at each stage
• Mandatory code review for all production changes
• Static and dynamic application security testing (SAST/DAST)
• Dependency vulnerability monitoring and automated alerts
• Input validation, output encoding, and protection against OWASP Top 10 threats

Business Continuity & Disaster Recovery

• Automated daily backups with geographic redundancy across AWS regions
• Disaster recovery plan with defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)
• Regular backup restoration testing
• High-availability infrastructure with automatic failover
• Incident response plan with defined escalation procedures

Organizational Measures

• Designated Data Protection Officer (DPO)
• Designated Chief Information Security Officer (CISO)
• Mandatory security awareness training for all employees upon onboarding and annually thereafter
• Confidentiality agreements (NDAs) for all staff, contractors, and subprocessors
• Documented incident response and data breach notification procedures
• Regular internal security audits and risk assessments
• Vendor security assessment process for all subprocessors

What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, or mobile phone) when you visit a website. They help the website remember your preferences, understand how you use the site, and improve your browsing experience. Some cookies are essential for the site to function, while others are optional.

Types of Cookies We Use

Category	Purpose	Legal Basis	Duration
Strictly Necessary	Essential for the website and platform to function correctly (authentication, session management, security, load balancing, cookie consent preferences)	Art. 6(1)(f) GDPR — Legitimate interest	Session / up to 12 months
Functional	Remember your preferences such as language, region, and display settings	Art. 6(1)(a) GDPR — User consent	Up to 12 months
Analytics	Understand how visitors interact with our website to improve performance and content (Google Analytics)	Art. 6(1)(a) GDPR — User consent	Up to 26 months
Marketing	Track visitors across websites to display relevant advertisements and measure campaign effectiveness	Art. 6(1)(a) GDPR — User consent	Up to 24 months

Specific Cookies Used

Shopify (E-commerce Platform)

Our website is hosted on Shopify, which sets cookies for cart functionality, session management, and fraud detection. These are classified as strictly necessary cookies.

Google Analytics

We use Google Analytics to understand website traffic and user behavior. IP anonymization is enabled. You can opt out using the Google Analytics Opt-out Browser Add-on.

Managing Cookies

You can manage your cookie preferences at any time through:

• Our cookie consent banner (displayed on first visit and accessible from the footer)
• Your browser settings (instructions vary by browser)
• Google Analytics opt-out: tools.google.com/dlpage/gaoptout

Note that disabling strictly necessary cookies may prevent the website or platform from functioning correctly.

Third-Party Cookies

Some cookies are placed by third-party services we use. These are governed by the respective third party's privacy policy. See our Subprocessor List for a complete list of third-party services.

Updates to This Policy

We may update this Cookie Policy from time to time. Changes will be posted on this page with a revised "Last updated" date. We recommend reviewing this policy periodically.

Contact Information

Data Subject Requests

Under the GDPR and other applicable data protection laws, you have the right to request:

• Access — a copy of the personal data we hold about you
• Rectification — correction of inaccurate or incomplete data
• Erasure — deletion of your personal data
• Restriction — limitation of processing activities
• Portability — your data in a structured, machine-readable format
• Objection — to object to processing based on legitimate interest or direct marketing

How to Submit a Request

Send your request to compliance@zhortech.com or by post to:

ZHOR TECH SAS — Data Protection Officer
7 Place Stanislas
54000 Nancy, France

Response Timeline

We will acknowledge your request within five (5) business days and provide a substantive response within thirty (30) days. For complex requests, we may extend this period by an additional sixty (60) days with prior notification and explanation.

Complaints

If you are not satisfied with our response to your request, you have the right to lodge a complaint with a supervisory authority. For France, the competent authority is:

CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
www.cnil.fr

Infrastructure & Hosting

Subprocessor	Purpose	Data Processing Location
Amazon Web Services (AWS)	Cloud infrastructure, compute, storage, database hosting, CDN, and security services for the Baliston Health platform	EU (Frankfurt) & US

E-commerce & Payments

Subprocessor	Purpose	Data Processing Location
Shopify	E-commerce platform powering the Baliston Health website, order management, and checkout	US / Canada / EU

Business Operations

Subprocessor	Purpose	Data Processing Location
Zoho Corporation — CRM	Customer relationship management, sales pipeline, and contact management	EU
Zoho Corporation — Desk	Customer support ticketing and help desk	EU

Communications

Subprocessor	Purpose	Data Processing Location
Twilio SendGrid	Transactional and marketing email delivery	US

Analytics

Subprocessor	Purpose	Data Processing Location
Google Analytics	Website traffic analytics and user behavior analysis (IP anonymization enabled)	US / EU

ZHOR TECH SAS (France)

Legal Name	ZHOR TECH SAS
Trading As	Baliston Health
Legal Form	SAS — Société par Actions Simplifiée
Managing Director (Président)	Malik Issolah
Registered Address	7 Place Stanislas, 54000 Nancy, France
SIREN	808 187 280
SIRET (siège social)	808 187 280 00017
N° TVA Intracommunautaire	FR01 808 187 280
N° EORI	FR808 187 280 00017
Code NAF/APE	72.19Z — Recherche-développement en autres sciences physiques et naturelles
NAF 2025	72.10H — Recherche et développement en autres sciences physiques et naturelles
Category	Petite ou Moyenne Entreprise (PME)
Employee Count	20–49 (2023)
Date of Incorporation	December 2, 2014
Phone	+33 3 83 36 72 72
Email	compliance@zhortech.com

Bal Inc (United States)

Legal Name	Bal Inc
Registered Address	333 West Maude Avenue, Suite 207, Sunnyvale, CA 94085, United States
Company Number	5064973
Phone	+1 (720) 994-3701
Email	compliance@zhortech.com

Responsible for Content

Malik Issolah, Président
ZHOR TECH SAS
7 Place Stanislas, 54000 Nancy, France

Liability for Content

As a service provider, ZHOR TECH is responsible for its own content on these pages in accordance with general laws. We are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to general laws remain unaffected. Liability in this respect is only possible from the time of knowledge of a concrete infringement. Upon becoming aware of any such violations, we will remove the content in question immediately.

Liability for Links

Our websites contain links to external third-party websites over whose content we have no influence. The respective provider or operator is always responsible for the content of linked sites. Linked pages were checked for possible legal violations at the time of linking. Illegal content was not identified at the time of linking. A permanent review of linked pages is not reasonable without concrete evidence of a violation of law. Upon becoming aware of any infringements, we will remove such links immediately.

Copyright

Content and works on our websites and applications created by ZHOR TECH are subject to copyright law. Duplication, editing, distribution, and any utilization outside the limits of copyright law require the prior written consent of the respective author or creator. Downloads and copies of these pages are permitted for private, non-commercial use only. Where content was not created by ZHOR TECH, the copyrights of third parties are observed and such content is identified accordingly.

Dispute Resolution

The European Commission provides an online dispute resolution (ODR) platform: http://ec.europa.eu/consumers/odr

For complaints, contact ZHOR TECH SAS by mail at:
7 Place Stanislas, 54000 Nancy, France

In the absence of an amicable resolution and in accordance with Article L. 612-1 of the French Consumer Code, the Customer may use, free of charge, the MEDICYS mediation service: https://app.medicys.fr or by post: MEDICYS — 73 Boulevard de Clichy — 75009 Paris, France.

Manufacturer

Manufacturer	ZHOR TECH SAS
Address	7 Place Stanislas, 54000 Nancy, France
SIREN	808 187 280
Authorized Representative	Malik Issolah, Président

Product Identification

Product Name	Baliston Health Mobility Scan Platform
Hardware Component	Mov-Scan™ Sensor Pods
Software Component	Baliston Health Web & Mobile Application
Intended Use	AI-powered gait analysis and mobility assessment for healthcare practitioners

Applicable Directives and Regulations

• EU MDR 2017/745 — Medical Device Regulation (as applicable to the device classification)
• 2014/53/EU — Radio Equipment Directive (RED)
• 2011/65/EU — Restriction of Hazardous Substances (RoHS)
• 2014/30/EU — Electromagnetic Compatibility (EMC)
• 2014/35/EU — Low Voltage Directive (LVD)

Harmonized Standards Applied

The conformity assessment is based on applicable harmonized standards, including but not limited to:

• EN 62368-1 — Audio/video, information and communication technology equipment — Safety
• EN 301 489 — Electromagnetic compatibility for radio equipment
• EN 300 328 — Wideband transmission systems (2.4 GHz band)
• EN 62479 — Assessment of human exposure to electromagnetic fields
• Additional product-specific standards as applicable

CE Marking

The CE marking has been affixed to the product under the responsibility of ZHOR TECH SAS in accordance with the applicable directives listed above.

The full Declaration of Conformity document (signed) is available upon request. Contact compliance@zhortech.com.

Current Certifications

Certification	Scope	Status
CE Marking	Baliston Health Mov-Scan™ Sensor Pods — conformity with applicable EU directives (RED, RoHS, EMC, LVD)	✅ Active
EU MDR 2017/745	Medical Device Regulation compliance for the Baliston Health platform and Mov-Scan™ hardware	✅ Active

Regulatory Compliance

• GDPR — Full compliance with the EU General Data Protection Regulation, including appointed DPO, Data Protection Impact Assessments (DPIA), and Standard Contractual Clauses (SCCs) for international transfers
• EU MDR 2017/745 — Ongoing compliance with the European Medical Device Regulation, including post-market surveillance and vigilance reporting
• French Data Protection Law — Compliance with the Loi Informatique et Libertés and applicable CNIL guidance

Data Protection Practices

• Designated Data Protection Officer (DPO)
• Designated Chief Information Security Officer (CISO)
• Regular Data Protection Impact Assessments (DPIA) for high-risk processing activities
• Standard Contractual Clauses (SCCs) in place for all international data transfers
• Documented Technical and Organizational Measures reviewed and updated regularly
• Employee data protection training program

Quality Management

• Internal quality management system aligned with medical device best practices
• Post-market surveillance and clinical performance monitoring
• Vendor and subprocessor qualification and ongoing assessment
• Document control and change management procedures

Copies of certificates and regulatory documentation are available upon request. Contact compliance@zhortech.com.