Updated and Effective as of August 2023
Thank you for choosing to be part of our community!
WE HOPE YOU TAKE SOME TIME TO READ THROUGH IT CAREFULLY, AS IT IS IMPORTANT.
This Privacy Policy describes how Digital Naperad Technologies Ltd (collectively, “we,” “us,” or “our”) collects, uses, stores, transfers, and discloses personal information from our Users in connection with our Website or/and Web application located at the following Website: https://heartbit.app (collectively referred to as “Service”). One way to protect your privacy is to learn how it will be used before you give it out. We attach great importance to your privacy rights and truthfully explain why and how we process your information. We tried to shorten this privacy policy, so it would be easier to understand the rights of a User (referred to as “you,” “yours,” etc.) and our obligations to the User’s data. «Personal Data» means personal data that relates to you as an identified or identifiable individual.
Where applicable, you must provide us with the relevant Personal Data to be able to use our Services completely. You should not use the Services if you disagree with this Policy, our Terms of Use, and any other agreement that governs your use. BY USING THE SERVICE, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 16 YEARS OF AGE (OR HAVE HAD YOUR PARENT OR GUARDIAN READ AND AGREE TO THIS PRIVACY POLICY FOR YOU). You must not use the Service if you disagree or cannot make this promise. In this case, you must (a) contact us and request deletion of your data; and (b) leave the Service and not access or use it.
We may update this Privacy Policy from time to time, so please be sure to check regularly. We will notify you of any material changes by posting the new Privacy Policy on the primary access points to the Services or as otherwise required by applicable law.
If any questions still need to be answered, please contact us at help@heartbit.app.
When the User uses our Services, we can collect, use, receive, process, transfer, and share some of the User’s Personal Data for different legitimate purposes. Below are explanations regarding what Personal Data we may collect or process, why we may collect this data, and the legal bases relied on in each case.
Category | Personal Data |
User-provided information (In some instances, we may require certain Registration Information, in other cases, we may ask you to provide such data voluntarily.) | |
Contact Data – when the User registers for the Service and enters the contract | email; Name/Surname/Nickname; password or passcode; last 4 digits of the card number; comment. |
Location Data - we do not collect the User’s precise location | country, state, or coarse location such as Approximate Location Services (general - non-precise location). |
Quiz Data - during the onboarding questionnaire, the User may provide different quiz personal data. We do not collect, store, share, or transfer this quiz data or use this data for identification, marketing, or advertising purposes. We are not collecting biometric information. | date and place of birth, birth time, gender, weight, age, photo (arm, face, Etc.), relationship status, future goals, source of stress, answers to the questions, data on physical characteristics (including height, weight, areas for improvement), Etc. |
Automatically collected information. When you use the Service, some information about your device and user behavior may be processed automatically. | |
Device Info – technical data | device type and model, two-character country code, a subdivision of country (e.g., state), city, two-character language code, operating system, and version number (ex.: ios 7.1.3, android), hardware type, connection type (for example, WiFi, 3G, 4G), network service provider, device motion parameters and carrier. |
Identity Data - identify a computer, device, browser, or product | IP Address; ID for advertisers (IDFA) (iOS only); Google Advertising ID, or GPS ADID (ID Device) if Google Advertising ID is empty; API level (Android only); Firebase ID and other similar unique identifiers. |
Usage Data (Events) - indicates if the activity happened on mobile or web | length of the User's last session in seconds; Length of the User's current session in seconds; Number of sessions recorded; Push notification token, i.e., registration token (Android), device token (iOS); clicks on User's ads; the type of ads and the webpage or Application from which such ads were displayed; downloads and installations of applications. |
Diagnostic information | logs, error reports, events, and the type, number, date, and page relating to this information. |
Cookies and Other Tracking Technologies | cookies, web beacons (also known as "tracking pixels"), embedded scripts, location-identifying technologies, fingerprinting, device recognition technologies, in-app tracking methods, and other tracking technologies now and hereafter developed ("Tracking Technologies") may be used to collect information about interactions with the Service or information received from third parties. |
Please note that we may ask your permission to connect to Apple HealthKit (please see more information here: http://www.apple.com/ios/health/) and Google Fit (please see more details here: https://www.google.com/fit) to enable us to import Personal Data about your health and activities into the Service. This imported data may include calories burned, heart rate, and other data about your health. When you choose to have this data imported, you are subject to the Google Fit and Apple HealthKit privacy policies and practices.
We collect personal data to ensure the Service provided, analyze your behavior during the usage of our Service, add new features to our Service, and provide our third-party service providers with information crucial to their services.
Purposes | Personal Data | Legal Basis |
---|---|---|
To provide the Services according to our policies with you | Contact Data; Quiz Data; Location Data; Usage Data | Contract |
Research and development | Automatically collected information | Legitimate interest |
To diagnose and fix issues with the Service | Usage Data | Legitimate interest |
To help the User to choose a subscription plan, provide entertainment services, to send analysis reports, and go through the quiz to customize the User experience | Quiz Data | Contract |
To communicate with you | Contact Data | Contract |
To allow us to track the performance of our marketing campaign to help us optimize our Service features and events for each user | User ID, in-Apps activity data, advertising ID, IP address, location | Legitimate interest |
An alternative way to register (only for voluntary users’ desires) | If you sign into the Services with Facebook Connect (Instagram) or Google Connect, or Apple, we will collect information that is visible via your Facebook or Google account, such as (1) your first and last name, (2) Facebook ID/Google ID/Apple ID (3) Profile Picture/URL, city-level location. | Contract |
If applicable, billing (invoicing), account management, and other administrative purposes | Contact Data. In the event the User purchases products or Services directly from us, we, or a third party on our behalf, may collect the billing information the User provides us, as well as the payment card and other payment information, solely as required to process payments or send User invoices for such purchase. | Contract |
To send you marketing communications | Contact Data | Consent |
To personalize ads | Automatically collected information, Location data | Consent |
To prevent fraud or harm to us or any third party and ensure the security of our network and services | Automatically collected information | Legitimate interest |
Legal obligations | Contact Data | The legal obligation |
To fulfill contractual obligations with third parties | Automatically collected information. Contact Data | Legitimate Interest |
We may send one or more small data files called - "cookies" - to User's computer to uniquely identify User's browser, help the User log in faster, and enhance User's navigation through the website. Cookies may convey anonymous information about how Users browse the Services to us so we can provide you with a more personalized experience, but do not collect personal information about you. We may use different types of cookies: Essential Cookies (to provide you with Services available through our Site and to enable you to use some of its features) Functionality Cookies (to remember your login details and changes you make, this helps us to make Service personal oriented) Analytics Cookies (these cookies allow us to collect information about traffic to our Site and how users use our Site, but this information doesn't include personally identifiable user information, the data collected is aggregated and anonymous) Social Media Cookies (these cookies are used when you share information using a social media sharing)
We may use web and mobile analytics and advertising services and technologies (such as Google Analytics, Facebook Analytics, Firebase, AppStore Analytics, Tenjin, GameAnalytics, AdMob, etc.) to assist in collecting certain information about the devices or computers you use to access the Apps and Sites. Users can opt out of certain types of tracking by Google Analytics and Yandex.Metrica. If you want to refrain from participating in Google Analytics and Yandex.Metrica, you can download a browser add-on that blocks the display of ads. We may use remarketing technology like Google Remarketing. We may use Google Remarketing to serve targeted advertisements. You can disable this function using the appropriate settings at http://www.google.com/settings/ads. For further information about cookies, including how to see the cookies set on your computer or mobile device and manage and delete them, visit https://www.allaboutcookies.org and https://www.youronlinechoices.com.
We may share your information with third-party companies to perform certain services, including but not limited to hosting services, payment processing, analytics, and customer service, and to assist us in our marketing efforts. We share your Personal Data with certain third parties as part of our operation of the Service, whether shared by us or gathered directly by third parties through SDKs integrated into the Service. This data sharing enables us to provide you with the Service optimally, such as serving you personalized, relevant advertisements within the Service. We hereby undertake not to disclose or transfer the User’s Personal data to any third parties, except Processors mentioned in this paragraph, without receipt of individual consent of the User. The following companies are the Processors of the Personal Data of the Services (In case you want to learn more about the services and privacy options, please consult their websites and privacy policies):
Processor | Purpose | Policy and opt-out |
---|---|---|
Freshworks Inc. | Customer support (Email address, Content of the emails). | https://www.freshworks.com/privacy/ |
AppLovin Corp | Customer support: help us to communicate with you simple and fast | https://www.applovin.com/privacy/ |
AdColony, Inc | https://www.adcolony.com/privacy-policy/ | |
TikTok (Bytedance, Ltd) | https://www.tiktok.com/legal/page/row/privacy-policy/en | |
IronSource Mobile Ltd. | https://ironsource.mobi/privacypolicy.html | |
Snap Inc. | https://www.snap.com/en-US/privacy/privacy-policy/ | |
https://policy.pinterest.com/en/privacy-policy | ||
Meta Inc. | https://www.facebook.com/privacy/policy/ | |
Amplitude, Inc. | Mobile attribution and analytics. To perform research and analysis about how users interact with the Services. Personal Data collected: Cookies, Usage Data, Device Info, Identity Data. | https://amplitude.com/privacy |
Apple, Inc. | To collect and process payments for subscriptions to the App. Personal Data collected: Payment and banking information and Usage Data. | https://support.apple.com/en-us/HT210584 |
Facebook Ireland Ltd. | Our Services measure conversions using visitor action pixels from Facebook. It allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization. Facebook Analytics is an analytics tool provided by Facebook, Inc. (US) that may collect or receive information from our Services. You can manage your personalized ad preferences concerning Facebook directly from your Facebook account. Personal Data collected: Cookies, unique device identifiers for advertising (Google Advertiser ID or IDFA, for example), and Usage Data. | https://www.facebook.com/policy.php |
PayPal | To collect and process payments for subscriptions to the App and certain web services (Payment and Banking information). | https://www.paypal.com/by/webapps/mpp/ua/privacy-full |
Stripe | Payment service provider (Payment and Banking information) | https://stripe.com/privacy |
If you are located outside of the USA and choose to provide information to us, please note that we transfer the data, including Personal Data, to the USA and process it there. Your consent to this Privacy Policy, followed by submitting such information, represents your agreement to that transfer. We retain all Personal Data for as long as you use the Services and 24 months after you stop. If you do not use the Services for 24 continuous months, we erase Personal Data from our database and request the same erasure from any third party to whom your Personal Data may have been transferred. We may erase Personal Data earlier if we no longer need to process such data.
Personal data may be processed by automated and non-automated means and stored at our premises and on our service provider's servers. We understand that, unfortunately, the Internet's transmission of information is not entirely secure. We do our best to maintain the privacy and integrity of your information. We have implemented industry-standard security measures, which include encryption to protect your personal information, including all information you input into your habit data or share in Services, and this information is not available to third parties. Our measures include pseudonymization and tokenization; Encryption; Protection of data integrity, Etc. However, transmissions over the Internet are never 100% secure, and you should not provide personal data to avoid risk. We will also not use the information received through your use of the HealthKit and Google Fit framework for advertising or similar services or selling it.
We attach great importance to user privacy and would like to explain your data protection rights.
If you are based in the EEA, you have the following rights in addition to the above: The right to complain to the supervisory authority. We would love for you to contact us directly so that we can address your concerns. Nevertheless, you can complain to a competent data protection supervisory authority, particularly in the EU Member State where you reside, work, or where the alleged infringement has occurred.
The Service is intended for adults and has a minimum “Age Limit” in each country or region. In general, you must be 16 years of age or older to use the Service, or your age requires parental consent to process your personal data. Following the Federal Children’s Online Privacy Protection Act of 1998 (“COPPA”), we will never knowingly solicit, nor will we accept, personally identifiable information from users of the Service known to be under 13 years of age. Please see our privacy policy for additional information, including how to notify us of any concerns.
If you believe we have information from or about anyone under thirteen (13) years of age, please notify us by email at help@heartbit.app. Please include “COPPA Concern” in your message’s subject line and the body for the fastest processing. We will make the most significant efforts to delete the personal data.
Here is the additional information about how we collect, use, disclose and otherwise process the personal data of individual residents of the State of California within the scope of the California Consumer Privacy Act of 2018 (“CCPA”). We adopted this paragraph to comply with CCPA, and any terms defined in the CCPA have the same meaning when used in this notice. California law requires us to disclose the categories of personal information we collect and how we use them, the categories of sources from which we collect personal information, and the third parties with whom we share personal information. We have provided detailed descriptions above in this policy. In particular, our Services have collected the following categories of personal information from its consumers within the last twelve (12) months:
Category | Examples | Collected | We sell | Sources of Collection | Categories of Third Parties with Whom We Share Personal Information |
---|---|---|---|---|---|
A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number. | YES | NO | User, their Devices | Advertisers, Analytics Providers, and Third Parties as Legally required |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal data in this category may overlap with those from other categories. | NO | NO | N/A | N/A |
C. Protected classification characteristics under California or federal law | Race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth, and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information), driver’s license number, passport number, or other similar identifiers. | NO | NO | N/A | N/A |
D. Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES | NO | User | Payment Service Providers |
E. Biometric information | Genetic, physiological, behavioral, and biological characteristics or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data (Hair color, eye color, fingerprints, height, retina scans, facial recognition, voice, and other biometric data). | NO | NO | N/A | N/A |
F. Internet or other similar network activity | Browsing history, search history, and information on a consumer’s interaction with a website, application, or advertisement. | YES | NO | User, their Devices | Advertisers, Analytics Providers, and Third Parties as Legally required |
G. Geolocation data | Physical location or movements. | NO | NO | N/A | N/A |
H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | NO | NO | N/A | N/A |
I. Professional or employment-related information | Current or past job history or performance evaluations. | NO | NO | N/A | N/A |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO | NO | N/A | N/A |
K. Inferences drawn from other personal information | The profile reflects a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES | NO | User, their Devices, Partners | Advertisers, Analytics Providers, and Third Parties as Legally required |
As a California resident, you have the rights listed below:
You can request information about how we have collected and used your personal information during the past 12 months including the categories: The categories of information we have collected about you; The categories of sources from which the information is collected; The business or commercial purpose for collecting your information; The categories of third parties with whom we have shared your information; and The specific pieces of information we have collected about you.
You can request a copy of the personal information that we have collected about you during the past 12 months. Also, according to the California “Shine the Light” law users who are California residents have the right to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. To make such a request from us, if entitled, please use the contact information listed below.
You can ask us to delete personal information we have collected from you. We may need certain types of information so that we can provide our Services to you. If you ask us to delete some or all of your information, you may no longer be able to access or use the Services.
You have the right to be Free from Discrimination. We may not discriminate against you because you have exercised your rights, including, for example, by denying you access to our online services or charging you different rates or prices for the same online services, unless that difference is reasonably related to the value provided by your data.
You have the right to opt out of the sale of Personal Information, which is defined in a way that may include the transfer of data to third parties to personalize ads for you. Please note that the CCPA defines the term “sale” very broadly to include any exchange of data for consideration of any kind, not simply selling your data for monetary compensation. Depending upon the circumstances, the term “sale” could include a company providing a resident’s data to another entity to assist the company with targeted advertising. We do not sell to third parties, and within the last 12 months have not sold, any of your personal information. If you opt out of the ‘sale’ of your information, we will not sell your information, including to our advertising partners, but you may continue to receive ads from our Services, which may not be as tailored to your interests.
You have the right to complete your transaction.
You have the right to provide you a good or service.
You have the right to perform a contract between us and you.
You have the right to protect your security and prosecute those responsible for breaching it.
You have the right to fix our system in the case of a bug.
You have the right to protect the free speech rights of you or other users.
You have the right to comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et seq.).
You have the right to engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws.
You have the right to comply with a legal obligation.
You have the right to make other internal and lawful uses of the information that are compatible with the context in which you provided it.
Other Rights. You can request certain information about our disclosure of your information to third parties for their own direct marketing purposes during the preceding calendar year (to the extent we have shared information for such purposes within the given period). This request is free and may be made once a year. You also have the right not to be discriminated against for exercising any of the rights listed above.
You may exercise your California privacy rights described above by emailing us at help@heartbit.app. We will need to confirm your identity (e.g. first name, last name, account name, email address, state of residence, etc.) and California residency to process your requests to exercise your information, access or deletion rights. We aim to respond to a consumer request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.
The California Consumer Privacy Act (“CCPA”) provides California residents with the additional rights listed here. To exercise these rights, see the “Exercising Your California Privacy Rights” subsection below.
Conditions of the present PRIVACY POLICY may be unilaterally changed by us if required under the applicable laws or in other relevant cases with obligatory notification of the Users. The new version of the PRIVACY POLICY enters into force and is subject to observance by the User after the User has expressly agreed to its applicability. If the User does not agree to the relevance of the new version of the PRIVACY POLICY, the User will discontinue the usage of the Service of Digital Naperad Technologies Ltd and will not be allowed to use its account without the provision of unambiguous consent to the applicability of the new version of the PRIVACY POLICY.
DATA CONTROLLER:
Digital Naperad Technologies Ltd is a legal entity incorporated in Cyprus and registered at John Kennedy, 8, 3106, Limassol, Cyprus.
Email: help@heartbit.app