Privacy Policy
1. Data Collection and Usage
1.1 Personal Information We Collect
When you use the 'Emotional Fitness' app (also ‘us’ or ‘we’ from now on), we collect the following personal information from you:
- Email Address: We collect your email address when you sign up for our app. We use your email to send you newsletters, inform you about product novelties, promotions, and commercial information from other companies. You can unsubscribe from these communications at any time through the link provided in each email.
- Name or Nickname: You may choose to provide your name or a nickname. We use this information to personalize your app environment.
- Password: For security reasons, we collect and store a password that you create. This password, along with your email address, is used for authentication purposes when you log into our app.
- Operating System (OS): We collect information about whether you are using Android or iOS. This information helps us understand the distribution of our app users and optimize our app for different platforms.
- Language Settings: We collect information about the language you use to set up the app. This helps us to provide you with a personalized experience in your preferred language.
- User-Generated Data: We collect and store data that you produce when you answer questions, take tests, and interact with various features of the app. This data is essential for the proper functioning of certain widgets and features within the app, and it allows you to gain insight into your own mental health.
1.2 How We Use Your Information
We use the information we collect for the following purposes:
- To Provide and Maintain Our Services: We use your email and password to authenticate your account and enable you to use our app. Your user-generated data is used to personalize your experience and enable the functionality of various features and widgets within the app.
- To Communicate with You: We use your email address to send you newsletters and promotional materials that may be considered of your interest. You can opt out of receiving these communications at any time.
- To Improve Our Services: We use your operating system information, language settings, and user-generated data to analyze usage patterns and trends to improve the functionality and user experience of our app.
- For Profiling Purposes: We use your operating system information, and language settings for user profiling to better tailor our services and marketing communications to your preferences.
- For Security Purposes: We use your password and email to secure your account and protect the integrity of our app.
1.3 Your Choices and Control
You have the following choices and control over your information:
- Unsubscribe from Newsletters: You can unsubscribe from our newsletters at any time by clicking on the unsubscribe link provided in each email.
- Access and Update Your Information: You can access and update your name, password, email, and other account information through the app’s settings.
- Data Deletion: You can request the deletion of your account and associated data at any moment by contacting us, see contact information at the bottom of this document.
1.4 Data Retention
We retain your personal information for as long as necessary to provide the services you have requested, or for other essential purposes such as complying with legal obligations, resolving disputes, and enforcing our policies.
- Account Information: Data like email addresses and passwords may be retained for as long as the app is available for the sake of its good functioning (e.g., authentication procedures). If your account remains inactive, meaning that you have not logged in or otherwise used our services, for a period of two (2) years or more, we reserve the right, at our sole discretion, to deactivate or permanently delete your account and all associated data.
Before taking any such action, we will make reasonable efforts to notify you through the contact information associated with your account. This may include sending an email to the address we have on file, notifying you the next time you log in to our platform, or other similar communication methods.
If your account is deactivated or deleted due to inactivity, you may lose access to all data, content, features, and products associated with that account. We are under no obligation to compensate you for any such loss.
- User-Generated Data: The data produced by the user during the daily functioning of the app (answers to questions, tests, etc.) will never be kept for more than two years, unless there is an identifiable reason, like the ones provided at the beginning of this section, that prevents us from deleting your data, or unless the user explicitly requests us to keep their data available in the app. We keep the right to delete the data you have produced in the app at our sole discretion and without notice, and we are under no obligation to compensate you for any such deletion.
- Regular Review: We regularly review the data we hold and will delete personal data when it is no longer necessary for the purposes for which it was collected. We are under no obligation to compensate you for any such deletion.
- Security: We employ security measures to protect your data. [Details of these measures may be covered in a separate ‘Security’ section of this Privacy Policy.]
2. Data Sharing and Disclosure
2.1 Sharing for Marketing Purposes
- Email Addresses: We may share your email address with selected third-party organizations that wish to send you occasional commercial emails related to their products or services. You have the right to opt out of this sharing at any time and can unsubscribe from any marketing communications you receive from these third parties through the unsubscribe link provided in each email.
2.2 Third-Party Service Providers
- Supabase Database: We use Supabase as our backend service provider to store and manage users' data. Supabase is committed to ensuring the security and protection of the data that we process, and to provide a compliant and consistent approach to data protection. For more information on Supabase’s privacy practices, please visit https://supabase.com/privacy.
- RevenueCat: We use a third-party payment processor, RevenueCat, to handle transactions within our app. When you make a purchase through our app, you will be providing your payment information directly to RevenueCat. We do not collect or store your financial information, such as credit card details. When you make a purchase, we share certain information with RevenueCat to enable the transaction. This information may include your name, your email address, transaction details (e.g., the date of the transaction, the amount, and the product purchased).
We share this information with RevenueCat for the following purposes:
- To process your transactions
- To manage your subscription (e.g., to activate or deactivate your access to our premium content)
- To comply with legal and regulatory requirements
After a successful transaction, we store the following information in our system:
- Whether the transaction was successful (i.e., whether you are subscribed or not)
- The date of the transaction
- The duration of your subscription
RevenueCat is responsible for securing your payment data. We recommend that you review RevenueCat’s Privacy Policy to understand how they protect your personal information: https://www.revenuecat.com/privacy/
- YouTube Video Integration: Our app integrates with YouTube to display videos that are relevant to our services. When you watch these videos through our app, you are interacting with content from YouTube, which is a service provided by Google LLC. Please be aware of the following:
- Privacy Policies: We have no control over YouTube's data collection and privacy practices. We encourage you to review YouTube’s Privacy Policy to understand how they handle your personal information. https://support.google.com/youtube/answer/10364219
- Content Responsibility: We are not responsible for any additional content that YouTube may display alongside or after the videos that are integrated into our app, including advertisements or suggested videos.
2.3 Other Disclosures
We may disclose your personal information if we are required to do so by law, or if we believe in good faith that such disclosure is necessary to:
- Comply with legal obligations or a court order;
- Protect and defend our rights or property;
- Prevent or investigate possible wrongdoing in connection with our services;
- Protect the personal safety of users of our app or the public;
- Protect against legal liability.
2.4 Your Choices and Control
- Opting Out of Data Sharing for Marketing and Unsubscribe from Third-Party Emails: You have the right to opt out of our sharing of your email address with third-party organizations for marketing purposes. You can exercise this right at any time by contacting us, see contact information at the bottom of this document. If you receive commercial emails from third-party organizations as a result of our sharing, you can unsubscribe from their communications at any time through the unsubscribe link provided in each email.
2.5 No Sale of Personal Information
We do not sell your personal information to third parties. We value your privacy and are committed to the confidentiality of the data you produce in this app.
3. Your Rights
3.1 Data Portability
You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller without hindrance from us. This right applies when:
- The processing is based on your consent or on a contract;
- The processing is carried out by automated means;
- The data is available and it hasn’t been deleted from our database.
To exercise this right, please contact us, see contact information at the bottom of this document. We will provide you with your personal data CSV or JSON format within 30 days of your request, where this is technically feasible.
4. Data Breach Notification
4.1 Notification to the Supervisory Authority
In the event that we become aware of a data breach that poses a risk to the rights and freedoms of individuals, we will report the breach to the Federal Data Protection and Information Commissioner (FDPIC) in Switzerland within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws.
4.2 Notification to the Data Subject
If the data breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify the affected individuals without undue delay. This notification will include, at a minimum:
- The nature of the data breach;
- The categories and approximate number of individuals concerned;
- The categories and approximate number of personal data records concerned;
- The likely consequences of the data breach;
- The measures taken or proposed to be taken to address the data breach, including, where appropriate, measures to mitigate its possible adverse effects.
4.3 Contact Information for Data Breach Inquiries
For any inquiries regarding our data breach notification procedures, or to report a suspected data breach, please contact us, see contact information at the bottom of this document.
5. International Data Transfers
Your personal data may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside the United States of America and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States of America, and process it there.
We comply with the EU-U.S. Data Privacy Framework as set forth by the European Commission regarding the collection, use, and retention of personal information transferred from the European Union to the United States. We have implemented the following measures in compliance with the EU-U.S. Data Privacy Framework:
• Limiting access to your personal data to what is necessary and proportionate, as outlined in the framework.
• Complying with a detailed set of privacy obligations, including the requirement to delete personal data when it is no longer necessary for the purpose for which it was collected.
• Ensuring continuity of protection when personal data is shared with third parties.
6. User Consent
6.1 Explicit Consent for Terms and Privacy Policy
Before you can create an account and use the 'Emotional Fitness' app, we require you to explicitly agree to our Terms of Service and this Privacy Policy. During the sign-up process, you will be asked to read and accept these documents. By checking the box and proceeding with the registration, you are confirming that you have read, understood, and agree to be bound by our Terms of Service and this Privacy Policy.
6.2 Consent for Marketing Communications
During the sign-up process, or at any other time while using our app, you will have the option to consent to receive marketing communications from us. These communications may include emails with updates, promotions, and other commercial content that may be of interest to you.
- Opt-In Mechanism: We use a clear and unambiguous opt-in mechanism for marketing communications. You must actively opt in, for example by checking a box, to indicate that you would like to receive these communications.
- Right to Withdraw Consent: You have the right to withdraw your consent to receive marketing communications at any time. You can exercise this right by clicking on the "unsubscribe" link in any marketing email we send you or by contacting us using the contact details provided in this Privacy Policy.
- No Condition for Service: Agreeing to receive marketing communications is not a condition for using our app or services. You can use the 'Emotional Fitness' app whether or not you agree to receive these communications.
6.3 Changes to Consent
We respect your choices and control over your personal data. You may update your preferences or change your consent choices at any time through your account settings or by contacting us directly.
6.4 Record of Consent
We maintain a record of your consents, to demonstrate compliance with consent requirements under applicable data protection laws.
Certainly! Below is a draft for the "Data Security" section of your Privacy Policy document, detailing the security measures you've implemented to protect user data:
7. Data Security
At 'Emotional Fitness', we prioritize the security of your personal data. We have implemented a range of technical and organizational measures to ensure that your data is protected from unauthorized access, alteration, disclosure, or destruction.
7.1 Supabase Database
All user data is stored on a Supabase database, a modern platform that adheres to industry-standard security measures. Supabase is designed with security in mind, ensuring that your data is stored safely.
7.2 Row Level Security
We have applied Row Level Security (RLS) to all our database tables. This means that access to data is restricted at the row level based on specific criteria. By implementing RLS, we ensure that only authorized users can access specific sets of data, enhancing the overall security of the data stored.
7.3 Table Policies
Every table in our database has specific policies for select, insert, and update operations. These policies are designed to prevent unauthorized or malicious actions, ensuring that data can only be accessed or modified in accordance with our strict guidelines.
7.4 Encryption of Critical Data
Certain types of data, which we consider critical, are encrypted in our backend. This includes sensitive information such as passwords. By encrypting this data, we add an additional layer of protection, ensuring that even in the unlikely event of a breach, that data remains unreadable.
7.5 Authentication Process
Our authentication process is managed by Auth schemas that are fully overseen by Supabase. These schemas are out of the user's range and adhere to the highest security standards in the industry. This ensures that user accounts are protected from unauthorized access.
7.6 Data Encryption within the App
All types of data stored within the 'Emotional Fitness' app are encrypted by Flutterflow. This means that data, both at rest and in transit, is protected from potential interception or unauthorized access.
7.7 Continuous Monitoring and Updates
We continuously monitor our systems and update our security practices in response to the evolving threat landscape. Our commitment is to ensure that 'Emotional Fitness' remains a secure platform for all our users.
8. Children’s Privacy
8.1 Age Restriction
The 'Emotional Fitness' app is not designed for or directed at children. In accordance with our Terms of Service, we do not permit use of our services by anyone under the age of 18. We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register for an account with 'Emotional Fitness'.
8.2 No Collection of Child Data
As our service is not intended for children under 18, we do not have features that are designed to collect information from children. If we discover that we have inadvertently collected personal information from a person under the age of 18, we will promptly take steps to delete that information.
8.3 Parental Notice
If you are a parent or guardian and discover that your child under the age of 18 has created an account with 'Emotional Fitness' without your consent, please notify us immediately, see contact information at the bottom of this document, and we will take appropriate action to remove the child’s information from our systems.
9. Updates to the Privacy Policy
9.1 Policy Changes and Updates
We may update our Privacy Policy from time to time to reflect changes to our information practices, new features, or changes in law. We believe that these changes will enhance our ability to protect your personal information, but they may result in changes to the way that we collect, use, or disclose your personal information.
9.2 Notification of Changes
If we make any material changes to this Privacy Policy, we will notify you by sending an email to the address you provided when you registered for an 'Emotional Fitness' account, or by placing a prominent notice on our app. This message will explain what the changes are and when they will take effect.
9.3 Continued Use Constitutes Acceptance
Your continued use of the 'Emotional Fitness' app after we send you a notification about changes to this Privacy Policy constitutes your acceptance of those changes. If you do not agree with any of the changes to the Privacy Policy, you should stop using the 'Emotional Fitness' app and deactivate your account.
10. Complaints Regarding Data Protection
If you believe that the processing of your personal data is in violation of national or international data protection laws, you have the right to lodge a complaint with a competent data protection authority.
If you live in the EU, you may lodge your complaint in the EU member state of your residence, your place of work, or the place of the alleged infringement. Each EU member state has one or more independent public authorities responsible for monitoring the application of data protection law, known as Data Protection Authorities (DPAs).
To exercise this right, please contact the appropriate DPA directly. Contact information for DPAs in the EU and European Economic Area (EEA) can be found on the European Data Protection Board's website: https://edpb.europa.eu/edpb_en Please note that lodging a complaint with a DPA will not affect any other legal rights or remedies that you have.
For more information about your rights under the General Data Protection Regulation (GDPR) or other applicable data protection laws, or to exercise any of your rights as a data subject, please contact us, see information contact below.
Contact information: support@emotionalfitness.app
Marc Lafuente Martínez
September 1st 2023. Ecublens, Switzerland.
2023 © Emotional Fitness App