Privacy Notice

Contents

1. Who We Are

The controller responsible for processing with regard to the Product is SOUL STRETCH LTD, a company incorporated in Cyprus under company No. HE 476137, with its registered address at Georgiou Vizyinou, 1, 1080, Nicosia, Cyprus.

2. Contact Us

Should you have any general questions about this Privacy Notice, the use of your data by us, or if you want to assert your data protection rights, please use support@shapely.coach to contact us.

We implement appropriate technical and organizational measures consistent with GDPR Article 32, including encryption in transit and at rest, least‑privilege access controls, logging and monitoring, secure software development practices, periodic vulnerability testing, and a documented incident response procedure.

Please note that in some cases, for your safety and when we have reasonable concerns about the authenticity of a request, we may need to authenticate you before proceeding with your request.

3. Your Privacy Rights and How to Exercise Them

You are entitled to data-related rights as described below. You may assert them directly via the App (to the extent possible) or via the contact options.

Please note that these rights are based on European laws, namely the General Data Protection Regulation (the “GDPR”). Depending on your country of residence, those rights may have different interpretations. Should you wish to assert your country-specific rights, kindly let us know, and we will review your case individually.

All employees and contractors with access to personal data are subject to confidentiality agreements and regular data-protection training.

We maintain internal records of processing activities as required under Article 30 GDPR.

In the event of a personal data breach likely to result in a risk to individuals, we will notify the competent supervisory authority without undue delay and, where required, affected users.

Right to access

You may ask to confirm whether we process your data and if so, to provide you with the scope of such processing and a copy of the data concerning you stored by us.

We apply the storage limitation principle (GDPR Art. 5(1)(e)). Personal data is retained only for as long as necessary for the purposes described in this Privacy Notice and then securely deleted or irreversibly anonymized according to our retention schedule. Children’s data collected with parental consent is retained only for as long as needed to fulfill the specific request and then deleted.

Right to rectification

You have the right to request correction of inaccurate or outdated personal data concerning you and the completion of incomplete data. We try to allow you to correct/add data through the Product’s settings to the extent possible, e.g. you can log in to your user profile and correct, amend, or delete information about yourself. We will also inform third parties to whom we transferred your data in the event of rectification of your data.

When personal data is transferred to countries without an adequacy decision, we use appropriate safeguards such as the Standard Contractual Clauses and perform a transfer impact assessment (TIA). We also apply additional technical and organizational measures where appropriate.

Right to erasure (Right to be forgotten)

Where we process health, fitness, or wellness information, we do so only on the basis of the user’s explicit consent under Article 9(2)(a) GDPR. You may withdraw this consent at any time in the app settings or by contacting us; upon withdrawal we cease processing and erase the related data unless retention is required by law.

You may request the erasure of your personal data stored by us. Please note, however, that the right to erasure is not absolute and shall be fulfilled by us only provided specific legal requirements are met. You may request data erasure only if:

• your personal data is no longer necessary for the purposes for which it was initially collected,
• you have withdrawn your consent to personal data processing, and the consent was the sole legal basis for the processing,
• you have successfully objected to the processing based on a balancing of interests relating to your particular situation,
• your personal data has been unlawfully processed,
• your personal data has to be erased for compliance with a legal obligation, or
• you are an underage person and used our Product by mistake.

Further, your right to erasure is subject to restrictions. For example, we are not under obligation or even allowed to delete data that we are still obligated to retain due to statutory retention periods. Similarly, data that we need for the establishment, exercise, or defense of legal claims is excluded from your right to erasure.

If we have transferred personal data to third parties, we will either initiate the deletion of your data from such third parties or inform them about the erasure, insofar as required by applicable law.

In order to avoid any unnecessary legalese and keeping in mind the general use of such words, we will interpret all user requests asking us to “delete my data” as requests for erasure of data under Article 17 GDPR.

Right to restriction of processing

You have the right to request, under certain conditions, restriction of processing (i.e. the marking of stored personal data to restrict its future use). The requirements for restriction of processing are as follows:

• The accuracy of your personal data is contested, and we must verify the accuracy of your data;
• The processing is unlawful but you do not want your personal data to be erased, and instead you request restriction of use of your personal data;
• We no longer need your personal data for the purposes of processing, but you need the data for the establishment, exercise, or defense of legal claims;
• You have objected to data processing, and we are verifying whether our legitimate interests override yours.

Right to objection

You have the right to object to the processing of your personal data in whole or in part at any time, and in any form, in the event that our processing is based on a legitimate interest (balancing of interests). In order to process your objection, we kindly request you to refer to your particular situation as to why you believe that your rights and freedoms are at a particular risk (see Article 21 of GDPR for more details).

Please note that the right to objection is not absolute, and we will stop the processing of your data only provided we cannot demonstrate compelling legitimate grounds for processing.

Where the processing you object against concerns direct marketing purposes, we will stop any processing once we receive an objection from you. A common example of how you can exercise an objection to marketing communications is pressing the “unsubscribe” button in emails.

Right to data portability

You have the right to receive the data you provided to us in a commonly used and machine-readable format to transfer that data to another controller without our interference, in accordance with the applicable laws and regulations.

To the extent possible, we will allow you to export data for further use directly via the App. You may also ask us to assist you with moving your data where it is technically feasible. Please note that this option relates only to data processed based on the performance of our contract with you or based on your consent. For more information about the contract and consent, please refer to Section 5 below.

Right to withdraw consent

If you provide consent to the processing of your personal data, you can withdraw it at any time. Consent withdrawal does not have a retroactive effect, meaning that any processing which occurred before the withdrawal shall not be affected.

Right to lodge a complaint

You can lodge a complaint with the data protection authority at any time if you believe that your data has been processed unlawfully. Here is the contact information for the Cypriot supervisory data protection authority:

Office address: kypranoros 15, Nicosia 1061, Cyprus; Postal address P.O.Box 23378, 1682 Nicosia, Cyprus; Email: commissioner@dataprotection.gov.cy

3.1 California Privacy Rights (CCPA/CPRA)

Our Product is not directed to residents of California, and we do not conduct targeted activities there. We do not sell or share personal data as defined under the CCPA.

However, if you are a California resident using our Product, you may exercise your rights under the California Consumer Privacy Act (CCPA/CPRA) by contacting us at support@shapely.coach.

4. Personal Data We Collect

Your user journey may vary depending on whether it is the App or the Website (or both) you have chosen to use. We process data:

• You directly provide to us (for example, when you choose your areas for improvement or send us an email or when interacting with our coaches)
• We receive about you from third parties (for example, when you sign in via Apple or allow us to access Apple Health app or Health Connect data)
• Automatically when you use our Product (for example, your IP address via cookies or SDK technologies) or when you use our devices (for example, BetterMe Band).

4.1. Data directly provided by you

Identifiers

This may include your name, phone number, email address. You provide us with this information when you register for the Product, purchase our physical products, subscribe to our newsletters, or contact us by any other means.

Onboarding and Product Data

You provide us with this category of information when you register for the Product and/or go through the onboarding process and/or use the Product. This category, in particular, includes:

• General information about you. For example, age, date of birth, gender, etc.
• Wellness and Fitness information, which covers physical characteristics such as height and weight, data related to your workouts, meditation and breathing preferences, sleep patterns, and the type and duration of physical activities you engage in. We may also ask you to provide information on your fitness level, nutritional preferences, or provide you with an option to track your water, food intake. We leverage selected pieces of this data to tailor your experience as a part of the services we deliver.
• Special wellness data. Some pieces of information we collect may be regarded as a special category of personal data or sensitive data under certain data protection laws that we are subject to. When this is the case, for example, when we ask you whether you need a meal plan for diabetes or whether you decide to opt-in for a limb loss special program or where you decide to use our cycle tracking feature, we will strive to ask your consent for processing of such data.

Payment Data

To make a purchase via the Website, you need to enter your payment information, such as bank card credentials, payment service (e.g. PayPal) credentials, etc. We may or may not have access to such payment information depending on the service provider processing your payment. Payment gateways, such as PayPal, Stripe, and Braintree, act independently; we receive limited information from them allowing us to recognize and record your subscription status, such as the date, time, and amount of the transaction, the type of payment method used, the payment transaction identification number, and the last four digits of the bank card. Our one-stop shop payment provider acts on our behalf; it collects and otherwise processes your payment data, including bank card credentials, IP address, email, and name, on our behalf. In practice, it shares with us only limited details regarding your payment, such as the date, time, and amount of the transaction, so our employees/contractors cannot view your payment credentials.

Communications Data

• We offer the opportunity to interact with coaches as part of our premium services. During these interactions, we process the text of your conversations with our coaches. This category includes any information you may share during these conversations such as your progress, feedback, questions, goals, photographs of your meals or any other details you may discuss.
• When you contact us for customer support or otherwise communicate with us, you may provide us with information related to your use of the Product, additional contact information, payment information, identification documents, or other information you may find helpful to resolve your query. We also collect information on the feedback you provide on the customer support experience.
• We will collect and process your feedback should you communicate it to us. Our App contains a feature via which you can provide us with feedback, rate our application, and/or engage in deeper discussions. We will collect and analyze the data you submit to make our Product better. We will also collect and process feedback should you communicate it to us in any other way.

4.2. Data provided by third parties

Apple ID Account

When you sign in with Apple to register an account in the Product, we get personal data from your Apple ID account. This data may include, in particular, your name and verified email address. You may choose to share your real email address or an anonymous one that uses the private email relay service. Apple will show you their detailed privacy information on the sign in with the Apple screen. Find more about signing with Apple here.

Apple Health App (and Apple Motion & Fitness API)

Provided you give express permission on your device, we may receive (read) or/and write (share) data about your activity with/from Health App. In some of our Apps, you may decide to allow us to read (receive) the following information from the Health App: the number of steps, covered distance, weight, and dietary energy, and other data that you chose on the consent screen. If you grant access for us to write data to (share with) Health App, we will transfer to Health App information on your workouts, weight, and dietary energy (calories intake). The pieces of data covered by Health Apps scope will be indicated to you by Apple on their native pop-up screens, which we do not have control of.

Before you decide to share your data with the Health App, we encourage you to review their privacy policy, as your data will be subject to those policies. More information on the Apple Health app can be found here. You can withdraw our access to read/write data from the Health App at any time directly in the Health App.

4.3. Data we collect automatically

Online Activity

We record how you interact with our Product. For example, we log your interactions with certain areas of the interface, the features, and content, workouts you do, the time and duration of your workouts, your meditation activities, how often you use the App, how long you are in the app, your training or meditation program progress, and your subscription orders.

Device and Geolocation data

We collect data from your mobile device. Examples of such data include: language settings, Internet Protocol address, time zone, type and model of a device, device settings, operating system, Internet service provider, mobile carrier, hardware ID, and Facebook ID. If you consent in certain of our products to share the geolocation data (for example, for you running routes), the app may receive this data as well.

Advertising IDs

We collect your Apple Identifier for Advertising (“IDFA”). You can typically reset these numbers through the settings of your device’s operating system (but we do not control this).

Cookies and Similar Tracking Technologies

Our products employ technologies (cookies, SDKs, etc.) to process your data to enhance your user experience, optimize ads, and analyze traffic. These technologies are activated when you interact with our services, visit our website, use our apps, or enable certain features like chats. Disabling these technologies may affect the functionality of certain features, although our products will remain usable.

Furthermore, we and our partners utilize targeting technologies to tailor ads, potentially displaying them to you at relevant moments. When enabled, your interactions with our website or app could result in seeing our ads on social media platforms, assisting us in measuring ad campaign effectiveness. We respect your right to privacy and provide you with the option not to allow data processing that is not required for providing you the services you request. We use, in particular, the following categories of tracking technologies:

• Strictly necessary. Our Products and their features require certain technologies to function properly. These technologies are typically activated when you request our service, for example, when you visit our website or open the app. By utilizing them, we can (i) remember your preferences as you navigate our products, (ii) ensure swift loading of the content you request, (iii) enhance the security of our products, and (iv) enable other functionalities of our products. Moreover, some of these technologies are activated when you enable certain features like chats or request customer support.
• Functional. We use functional technologies to personalize and enhance your experience. By utilizing them, we can remember your choices (for example, custom design settings or storing your language preference for an extended period). Additionally, they provide you with a more consistent user experience by remembering your settings, keeping you logged in for extended periods, or saving your shopping cart selections. If you disable these technologies, some features may not function properly, although you will still be able to use our products.
• Performance. We use performance technologies to process information about how you and others interact with our products. This helps us understand user engagement with our products and features, and identify preferences or dislikes. Some examples include counting visits and identifying traffic sources, understanding which sections or features are most favored, analyzing user preferences to help us decide what new features to build. When you disable performance technologies, we will not receive certain information that we process for analytical purposes.
• Targeting. We, and our partners, use targeting technologies to tailor ads and possibly even display them to you at relevant times. For instance, if these technologies are enabled and you interact with our website or app, you might see ads for our products in your social media feeds. Additionally, they help us measure the effectiveness of advertising campaigns and make advertising more relevant to you. If you decline these targeting technologies, you may see less relevant ads and miss our timely offers. It would also be more challenging for us to measure ad effectiveness.

5. How and Why We Use Your Data. Legal Bases for Processing

All processing of your data must be lawful, i.e. reliant upon one of the lawful bases referenced under applicable law, namely:

• Performance of a contract with you, i.e. provision of the Product as described in our Terms of Use,
• Your consent, i.e. when you provide consent to the processing of particular personal information,
• Our legitimate interests, i.e. when we believe that we can use and/or share your data since we have a legitimate balanced reason to do so,
• Performance of our obligations under the applicable law.

Below you can see described the purposes of our processing (why we process your information) for each lawful basis and the corresponding data categories used in each case.

As mentioned earlier, your user journey may vary depending on whether it is the App or the Website (or both) you have chosen to use. However, the purposes and legal bases for data processing in relation to the Website and the App coincide.

Performance of a contract with you

We will use data:

• To ensure the intended operation of the Product, namely, to maintain your profile in the Product, ensure you have easy access to it, and provide you with the functionality of the Product provided for in the Product descriptions as well as included materials. For example, we use your data to create fitness plans best suited for you.
• For billing purposes, account management, and feature accessibility.

Please note that provision of the information above is necessary for us to provide our Product to you (perform our contract with you). We will not be able to provide the Product without the information listed above. We will also not be able to continue providing the Product if you request data erasure or otherwise restrict our access to such data.

Your consent

We will use data:

• To exchange information with different fitness bands and/or trackers as per your request.
• To enable run/walk mapping features, dependent upon location. Precise location data allows us to visualize your route, calculate covered distances within a particular time period, and determine your speed.

Please note that you can withhold your consent or even revoke it at any time if you change your mind. You can do this either via the App settings or by contacting us. Unfortunately, this will also preclude us from providing you with features relying upon your consent.

Our legitimate interest

We will use data:

• BECAUSE it is our interest is to measure the use of our Product and count the people who interact with it, IN ORDER TO analyze the performance of our Product, improve it, and further deliver a better user experience based on analysis of your interaction with the Product (for example: we count users and events for reporting to identify how many users the Product has, which includes metrics like how many unique users the Product has, and then we analyze bugs and fix issues with the Product).
• BECAUSE it is our interest to understand who may be interested in our Product and to offer our Product to new potentially interested audiences as well as remind old users about it, IN ORDER TO assess the effectiveness of our advertising campaigns by understanding which advertisements led you to the Product and whether you finally used the Product or purchased it/some of its features.
• BECAUSE we believe the provision of presumably relevant information will be a plus in addition to the provision of the Product functionality, IN ORDER TO communicate with you in various ways, e.g.: (1) to send you technical notices, updates, and security alerts; (2) to send reminders to your smartphone or web browser via in-App messages and in-App and web push notifications; (3) to send promotional communications, such as product updates, offers, discounts, and to provide news and information that we think will be of interest to you (you can opt out of any of our promotional communications anytime as described in your privacy rights section).
• BECAUSE it is in our interest to assist our users with any inquiries or requests, IN ORDER TO provide customer support/ request processing to the customer support team, which includes, for example: (1) responding when you request our help such as assisting with your account login or verification process; (2) addressing your comments and questions.
• BECAUSE (1) it is in our interest to respond to complaints and prevent and address fraud, unauthorized use of the Product, violations of our Terms of Use and/or other policies, or other harmful or illegal activity; (2) it is in our interest to seek legal advice and protect ourselves (including our rights, personnel, property, or products), and our users or others, including as part of investigations or regulatory inquiries and litigation or other disputes, IN ORDER TO (1) defend ourselves from prospective legal claims, litigation, or other disputes, including in relation to violations of the Terms of Use, Privacy Notice, Subscription Policy, and/or Refund Policy; (2) ensure the safety, security, and integrity of the Product. To provide information to the authorities upon request.
• BECAUSE it is in our interest to eliminate disruptions, maintain system security, and detect and track inadmissible access and access attempts, IN ORDER TO identify disruptions and maintain Product security, including the detection and tracking of inadmissible access attempts and access to our servers.

Performance of our obligations under the law

We will use data:

• According to applicable tax and accounting laws, we may need to report your payments to conduct any necessary statutory reports/withdrawals.
• In order to comply with applicable laws, we may need to authenticate you, i.e. collect your identification information.
• According to applicable law, we need to understand whether you allow the processing of your data, push notifications, marketing communications, and similar activities.
• To provide information to authorities upon request

Automated processing of your data

We do not use your data to make decisions based solely on automated processing that would create legal or comparably significant effects.

6. Cookies and Similar Technologies, Your Choices

Cookies (“Cookies” or “Cookie”) are small text files that are placed on your device while you browse our Website. They help us remember/recognize some of your actions or choices during Website use for various purposes. Sometimes, they help us track you through websites and devices to understand the effectiveness of our ads.

We use similar technologies (“Similar Technologies”) which are technically different but serve the same purpose of remembering/recognizing your actions during App or Website use. Similar Technologies include:

• Pixels/Web beacons/Tags - code snippets added to our Website, for example, to create a tiny graphic. We usually use pixels that are dependent on cookies so your Cookie choices may limit the performance of pixels.
• Local storage - a property that allows us to save information in your web browser with no expiration date (even after the browser window is closed).

Who sets Cookies or Similar Technologies on our Website

There are two main types of Cookies and Similar Technologies that we can set:

• First-party Cookies and Similar Technologies: these Cookies and Similar Technologies are placed and read by us directly;
• Third-party Cookies: these Cookies are not set by us, but by our partners, like payment service providers (e.g., PayPal or Braintree) or advertising networks.

We recommend checking Section 7 of this Privacy Notice to understand with whom we cooperate while using Cookies and Similar Technologies.

Why and how we use Cookies and Similar Technologies

We use Cookies and Similar Technologies for a number of reasons, such as:

• protecting your account,
• saving your onboarding experience so that you can return to exactly where you left off,
• analyzing Website performance,
• advertising our Products,
• assessing advertising campaign effectiveness, and
• generally trying to make your experience with us better.

The Cookies and Similar Technologies we use generally fall into one of the following categories, whereas each category description allows us to understand why those Cookies and Similar Technologies are necessary.

Strictly Necessary Cookies and Similar Technologies

These Cookies and Similar Technologies are necessary for the Website to function and cannot be switched off in our systems.

They are set out in response to actions you make, mainly in order to remember your choices, including cookie preferences, onboarding completion status and values, and login data.

If you block strictly necessary Cookies, some parts of the Website will not work.

Performance (Analytics) Cookies

These Cookies allow us to count visits and traffic sources so we can measure and improve the performance of our Website. They help us know which pages are the most and least popular and see how the user moves across the Website.

Functional (Preference) Cookies

Preference Cookies are used to remember your preferences and to recognize you when you return to our Product.

If you do not allow these Cookies then some or all of the below services may not function properly.

Targeting (Tracking) Cookies and Similar Technologies

We and our service providers (advertising networks) use Cookies and Similar Technologies to direct our ads to you through targeted advertisements for our Product on other sites you visit and to measure your engagement with those ads.

These Cookies and Similar Technologies may be used by those advertising networks to build a profile of your interests and show you relevant ads on other sites.

Your Cookie choices

Most browsers allow you to manage how Cookies are set and used as you’re browsing, and to clear Cookies and browsing data. Typically, such information can be found under the browser’s ‘Help’, ‘Preferences’, or ‘Options’ menus. Also, your browser may have settings allowing you to manage Cookies on a site-by-site basis as well as provide for incognito mode.

• Cookie settings in Chrome
• Cookie settings in Firefox
• Cookie settings in Safari - iOS
• Cookie settings in Safari - macOS
• Cookie settings in Opera

Should you wish to change your previously provided to us Cookie-related choices, please click the links below to take immediate effect:

• Reject all non-essential cookies; or
• Reset cookie settings (you can configure your choices via the cookie banner upon your next visit).

Your Similar Technologies choices

Most mobile devices and applications allow you to manage how other technologies, such as unique identifiers used to identify a browser, app, or device, are set and used. For example, the Advertising ID on Android devices or Apple’s Advertising Identifier can be managed in your device’s settings, while app-specific identifiers may typically be managed in the app’s settings.

Opt out of Personalized Advertising

You can visit the below sites to opt out of personalized advertising in general, including regarding our Website:

• Digital Advertising Alliance (DAA);
• European Interactive Digital Advertising Alliance (EDAA);
• Australian Digital Advertising Alliance (ADAA);
• Network Advertising Initiative (NAI);

You can also opt out of advertising provided by particular networks both in the App and on the Website:

• Google Ad Settings/Ad Personalisation
• Facebook Ad Settings
• Instagram Opt-Out Instruction
• Tik-Tok Opt-Out Instruction
• Twitter Opt-Out Instruction
• Pinterest Opt-Out Instruction
• Outbrain opt out on desktop and mobile web (Section 3 -> Outbrain User Types, including Opt Out Options)
• Taboola Access to Data and Opt-Out Tool

Please note that if you opt out of personalized advertising, you will still see advertisements – they will just not be tailored to your interests. Also note that deleting browser Cookies may remove the Cookie preferences you already made, so you may need to opt out again in the future.

Finally, you can exercise your preferences and opt out of personalized advertisements with regard to your mobile devices (smartphones, tablets) by:

• updating your mobile device settings:
• IOS devices: Settings -> Privacy -> Tracking -> Allow Apps to Request to Track (uncheck);
• Android Devices -> Settings -> Google -> Ads -> Opt Out of Ads Personalization.

Do Not Track

"Do Not Track" is a preference you can set in your web browser to let the websites you visit know that you do not want them collecting information about you. The Website does not currently respond to a "Do Not Track" or similar signal.

7. Personal Data Transfers

7.1. Data Transfers by Both the Website and the App

As we mentioned earlier, this Privacy Notice is aimed at describing data use in relation to the Product. Below, we explain with whom, in particular, we share your personal data from the Product, i.e. both the Website and the App.

7.1.1. Third-party service providers

Cloud storage providers

Amazon Web Services (Amazon Web Services EMEA SARL, 352 2789 0057, 38 Avenue John F. Kennedy, L-1855, Luxembourg). We use Amazon Web Services, which is a hosting and backend service provided by Amazon, for personal data hosting and enabling our Product to operate and be distributed to its users. You may read more on Amazon’s security practices on its website.

Product monitoring service providers

To monitor infrastructure and the App’s performance, we use Crashlytics, which is a monitoring service provided by Google.

We use Firebase Performance Monitoring and Firebase Crash Reporting, which are monitoring services provided by Google. To learn more, please visit Google’s Privacy policy and Privacy and Security in Firebase.

We use Sentry, which is a monitoring service provided by Functional Software Inc. that helps us identify and resolve errors and crashes in our apps across different platforms such as JavaScript, Python, Ruby, Java and React. Sentry automatically captures all unhandled exceptions and relevant diagnostic data such as device information, app version, user feedback and breadcrumbs. We can also manually report errors to Sentry with custom tags and context data. Sentry also provides us with features such as performance monitoring, alerting and dashboards to help us prioritize and fix issues faster.

We use Contentsquare (including Hotjar), a user experience analytics service, to analyze how users interact with our app and website and to improve usability and performance. Contentsquare collects usage and interaction data such as page views, navigation paths, clicks, scroll behavior, and technical information including device type, operating system, browser type, screen resolution, and approximate location. This data is processed only for analytics and service improvement purposes. Where required by law, data is collected based on user consent or our legitimate interests in improving our services. Contentsquare may use cookies or similar technologies to perform its services. Data is processed in accordance with applicable data protection laws, including the GDPR and CCPA, and subject to Contentsquare’s security and confidentiality obligations.

We use GrowthBook to manage feature flagging, A/B testing, and controlled feature rollouts. GrowthBook enables us to deliver different product experiences and measure their performance in order to improve functionality, stability, and user experience. For this purpose, GrowthBook processes limited technical and usage data, such as anonymized or pseudonymized user identifiers, device or session information, app version, and feature interaction metrics. We do not use GrowthBook to process sensitive personal data. Processing is based on our legitimate interests in product optimization and, where required, user consent. All data is handled in compliance with applicable data protection regulations, including GDPR and CCPA, and subject to appropriate safeguards.

Data analytics providers

Google Analytics / Google Analytics for Firebase (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics / Google Analytics for Firebase are product analytics tools provided by Google, which help us to analyze the Product data and understand our users to optimize the Product performance.

Hotjar (Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta). Hotjar makes it easier to find points for improvement on our Website, understand our users' needs and to optimize their experience. We can analyse how much time you spend on which pages, which links you’ve chosen to click, what features you liked the most, etc. For more details, please refer to the Privacy Policy of Hotjar.

AppsFlyer (AppsFlyer Ltd., 14 Maskit Str., Floor 6 POB 12371, Herzliya 46733149, Israel. Appsflyer helps us understand, in particular, how users find our Product (for example, which advertiser delivered an ad that led you to our Product). Appsflyer also provides us with different analytics tools that enable us to research, analyze, and make your use of the Product better.

Amplitude (Amplitude, Inc., 201 Third Street, Suite 200, San Francisco, CA 94103). We use Amplitude for analytics purposes, specifically to understand how customers use our App. Amplitude provides us with different analytics tools that enable us to research and analyze Your use of the Product, which helps us to decide what Application features we should focus on. It also enables us to track Your interaction with our App and in order to detect particular technical issues with the App.

Usercentrics GmbH (Sendlinger Straße 7, 80331, Munich, Germany). We engage Usercentrics to ask for and manage your Cookie consent as required by different local regulations. Usercentrics collects your country-level location to show you an appropriate cookie consent banner and places some Cookies to save and remember your choice and to aggregate some statistics on users' Cookie-related choices.

Gateway service providers and payment processing partners

We use various payment processing and payment gateway providers that help us connect with different banks and payment systems around the world. These providers allow us to offer our customers a wide range of payment options and ensure fast and smooth transactions. Due to the large number of payment processing providers we work with, we cannot list them all here. However, some examples are Paddle, PayPal. Each payment processing provider has its own terms and conditions and privacy policy that may apply to the transactions they process.

Marketing service providers

We use the services of third-party advertising platforms, for example, Instagram, Facebook. which allows us to show targeted campaigns and messages to users within their platforms based on the user’s behaviour. To put it plainly, we provide information about you that will allow advertising platforms to locate you in their database and information that you performed a desirable action, such as making a purchase.

This allows an advertising network to understand which people are interested in our Product as well as to display advertisements of the Product to users who will most likely want it.

Please note that most advertising networks act as separate controllers or co-controllers of your data in full or in part, which means that such controllers decide whether to use the transferred data for their own purposes, e.g. providing you with advertisements of other providers similar to our Product. You can learn more about the data processing practices of such companies in their respective privacy policies:

• Facebook https://www.facebook.com/privacy/policy/
• Instagram https://help.instagram.com/155833707900388

We do not share any health & wellness information with advertising networks.

Should you wish to opt out of personalized advertising, please explore the options described in Section 6 above.

7.1.2. Health Apps

You may decide to allow us to write data to (share with) Health App, we will transfer to Health App information on your workouts, weight, and dietary energy (calories intake).

7.1.3. Law enforcement agencies and other public authorities

We may use and disclose personal data to enforce our Terms of Use to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by applicable law.

7.1.4. Third parties as part of a merger or acquisition

As we develop our business, we may buy or sell assets or business offerings. Customers’ information is generally one of the transferred business assets in these types of transactions. We may also share such information with any affiliated entity (e.g. parent company or subsidiary) and may transfer such information in the course of a corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

7.1.5. Affiliates

We may share your personal information with our partner organizations that are part of our corporate group – these are companies that are owned by, own, or are jointly-owned with us. These partner organizations will use the information in ways that align with this Privacy Notice, ensuring that your privacy is respected and protected across all our affiliated services within our fitness and wellness group.

7.1.6. International data transfers

Please note that in the course of doing business, we transfer your personal data outside of EU/EEA countries (if you are located outside of EU/EEA countries, we may transfer your personal data to other jurisdictions). For example, some of our service providers are located in the United States of America.

We shall implement measures as established under applicable law to ensure data transfers are protected as required. When a recipient is located in one of the jurisdictions listed on the official website of the European Commission here, the appropriate safeguard is the corresponding adequacy decision of the Commission. Where no such adequacy decision is present, we rely on the so-called Standard Contractual Clauses (see more about them here), along with a thorough analysis of the law of the destination country to safeguard your data and your rights.

8. Retention of Your Personal Data

We keep your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless further retention is required under applicable law.

You can request to terminate your account and delete your data at any time. We treat such requests as a termination of your contract with us and as a revocation of your consent(s). We will accommodate such requests and terminate any data processing under respective legal bases.

Please note that certain data can be retained even after your deletion request. That may be the case where processing is based upon our legitimate interest. For example, we may keep information on purchases in order to protect our rights in a legal action. Such storage is not indefinite and is limited to such data's usefulness and achieving our legitimate goals. As described in the Your Privacy Rights and How to Exercise Them section, you may object to our legitimate interests. If you wish to do so, please indicate this specifically in your message to us.

We may also keep data if deletion is not technically possible (for example, because your personal information has been stored in backup archives). We will securely store your personal information and isolate it from any further processing until deletion is possible.

The same applies to cases where we are obliged to retain your data under applicable law (e.g. accounting and tax laws). In the event of such retention, we will ensure via technical and organizational means that such data is not used for conflicting purposes, for example, advertising to you.

9. Changes to this Privacy Notice

We may change this Privacy Notice from time to time by posting those changes directly on this webpage. Please make sure to review this Privacy Notice regularly. Should the change be major, we will try our best to draw your attention to it, e.g. via a pop-up or email. By continuing to use our Product, you acknowledge you have read and understood the most up-to-date Privacy Notice.