Personal Data and Information we Collect from you
Personal Data you Provide us Directly
General Information. When you sign up to use the App, we may collect Personal Data about you such as:
- Full name
- Email address
- Date of birth
- Password or passcode
- Place of residence and associated location information
- ID (to prove your identity in certain cases).
When you use the App, you may choose to provide personal information about your health and well-being such as:
- Body temperature
- Menstrual cycle dates
- Various symptoms related to your menstrual cycle and health
- Other information about your health (including sexual activities), well-being, and related activities, including personal life (collectively, “Personal Data”).
You also may give us the ability to import into the App Personal Data about your health and activities from third-party services such as Apple HealthKit and Google Fit. Such imported Personal Data may include sports activities, weight, calories burnt, heartbeat rate, number of steps/distance traveled, and other data about your health. In order for us to process any Personal Data under this category we will explicitly ask your consent on the registration screen.
Personal Data we may Collect Automatically
When you access or use the App, we may automatically collect the following information:
- Hardware model
- Information about the operating system and its version
- Unique device identifiers (e.g. IDFA)
- Mobile network information
- Device storage information
- Location Information
- IP address
- Time zone
- Information about your mobile service provider
App usage data, including, among others:
- Frequency of use
- Areas and features of our App you visit
- Your use patterns in general
- Engagement with particular features
Data from external sources
We may use third-party tools like AppsFlyer that provide us some of your attribution data that we further utilize to customize and personalize your App experience. We may also use such data for statistical purposes and analytics.
How we use your Personal Data
Purposes of processing
We may use your Personal Data for the following purposes:
- to analyze, operate, maintain and improve the App, to add new features and services to the App, to support the existing functions of the App
- to customize content and materials you see when you use the App
- to provide and deliver the products and services you request, process transactions and send you related information, including confirmations and reminders
- to customize product and service offerings and recommendations to you, including third-party products and offerings (excluding data from Apple HealthKit and Google Fit). Of course, You can opt-out anytime by contacting us at support@Anna.health
- to verify your identity when it is required by law
- to send you technical notices, updates, security alerts and support and administrative messages
- for billing (invoicing), account management and other administrative purposes, if applicable
- to respond to your comments, questions and requests and to provide customer service
- to monitor and analyze trends, usage and activities in connection with our App
- solely with respect to information that you mark for sharing, for Company promotional purposes (except data from Apple HealthKit and Google Fit)
- to link or combine with information we get from others or (and) from you to help understand your needs and provide you with better service, to use in training AI
- for scientific and academic research purposes
Principles of Processing
Data minimization and purpose limitation. We will not process Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by you or collect any Personal Data that is not needed for the mentioned purposes. For any new purpose of processing we will ask your separate explicit consent. To the extent necessary for those purposes, we take all reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current. We also undertake to collect only such amounts and types of Personal Data that is strictly needed for the mentioned purposes.
No sale of Personal Data
Your Privacy Rights
It does not matter what country or region you come from. We are committed to providing you vast privacy rights for your Personal Data.
Correction of Personal Data
If you believe that your Personal Data is inaccurate, you have a right to contact us and ask us to correct such Personal Data.
Restriction of Processing
You also have a right to request that the processing of your Personal Data be restricted, if you contest the accuracy of the Personal Data we need some time to verify its accuracy.
Information rights and access to your Personal Data (including in portable form)
The App gives you the ability to access Personal Data within the App. You have a right to request information about what Personal Data we have about you, to access all your Personal Data and receive a copy of it, including in a structured and portable form (.json). We also commit to notify you, as required under applicable laws, about Personal Data breaches related to your Personal Data.
Erasure of your Personal Data
You may ask us to erase your Personal Data, if you withdraw your consent to processing, if you believe such processing is not compliant with applicable law and in some other cases. Please be aware that erasing some Personal Data may affect your App experience.
Right to object to the processing of your Personal Data
In some cases, you can object to the processing of your Personal Data, for example, if we process it under legitimate interest basis.
How to Exercise your Privacy Rights
Right to Opt-out
We do not generally sell information as the term “sell” is traditionally understood. However, if and to the extent “sale” under the CCPA is interpreted to include advertising technology activities such as those implemented specifically for certain targeted advertising, California Residents may indicate your election here and we will comply with applicable law as to such activity.
- If you have difficulty accessing the webforms, in order to exercise your CCPA rights, you may also email us at firstname.lastname@example.org with a subject line of “CCPA Rights” For your protection, prior to actioning on any of your CCPA requests we will need to verify your identity.
- If you elect to exercise any of your rights under CCPA, Captain Well will not deny services, provide a different price or rate for our services, or provide a different level of service to you because you exercised such rights.
- Once you have submitted an opt-out request, we will not ask you to reauthorize the sale of your Personal Data for at least 12 months.
- We do not knowingly sell the Personal Data of minors under 16 years of age with or without affirmative authorization.
California “Shine the Light” Law
If you are a California resident and have an established business relationship with us, you may request a notice disclosing the categories of personal information we have shared with third parties, for the third parties’ direct marketing purposes, during the preceding calendar year.
We will exercise them within 30 days after receipt. It may take us up to 90 days in some cases, for example for full erasure of your Personal Data stored in our backup systems. We will let you know if we need more time and explain the reasons for the delay.
Please keep in mind that if we receive a vague request, we may engage the individual to better understand the motivation and content of the request. We may also refuse manifestly unfounded and excessive (repetitive) requests.
We might also require you to prove your identity in some cases. Normally, we make sure to verify that the request is coming from the same email as you indicated when registering in the App. In case of doubt we may ask you to undergo some additional verification. This is made to ensure that no rights of third parties are violated by your request.
Subject to applicable laws, you may have a right to lodge a complaint with your local data protection authority about any of our activities (related to your privacy rights, among others) that you think are not compliant with applicable law. However, if you think that we do something incorrectly, let us know first at email@example.com. We care about your privacy and want to make sure that we did everything to address any of your concerns.
Third parties processing your Personal Data
We will not share your Personal Data with any third parties except as specified below.
Processing to find new Anna users and stay in touch with you
We may share some of your non-health Personal Data with AppsFlyer, a mobile marketing platform, that handles your Personal Data in accordance with our instructions. By using AppsFlyer and its integrated partners we are able to reach you and people like you on various platforms and spread the word about the App to help more women to stay in control with their health and well-being. If we need to share your Personal Data with other platforms for this purpose, except as defined herein, we will ask for your consent. In some countries we will ask for your explicit consent to share this data.
Here is a step-by-step illustration of how we work with AppsFlyer and its integrated partners:
1. You become a Anna user and we start sharing Personal Data, strictly limited to the following set:
a) Technical identifiers: IP address (which may also provide general location information), User agent, IDFA (Identifier for advertisers), Android ID (in Android devices), Google Advertiser ID, Customer-issued user ID and other similar unique technical identifiers.
b) Your age group
c) Your subscription status
d) The fact of application launch.
2. Anna App sends your data to AppsFlyer, which analyzes it and provides us reports and insights on how to optimize our promotional campaigns.
3. At the same time, AppsFlyer sends your data to some of its integrated partners (e.g. Pinterest, Google Ads, Apple Search Ads, FB marketing network, and a couple of others) to find you or people like you on different platforms, including social media websites. These integrated partners analyze your data and show relevant information about the App to people who might be potentially interested in it or remind you about revisiting the App, if you stopped using it a while ago.
4. This is how you and new users find out more about Anna, get accurate cycle predictions, learn about the meaning of their bodies’ cues and receive credible information about their health. You contribute to the growth of the Anna community by providing your consent to use the Anna app.
We may share aggregated, anonymized or de-identified information, which cannot reasonably be used to identify you, with our partners or research institutions. For example, we may share, including, without limitation, in articles, blog posts and scientific publications, general age demographic information and aggregate statistics about certain activities or symptoms from data collected to help identify patterns across users. Sharing such data contributes to the advancement of scientific research on women’s health.
We may also share some of your Personal Data in the following special circumstances:
in response to subpoenas, court orders or legal processes, to the extent permitted and as restricted by law (including to meet national security or law enforcement requirements)
when disclosure is required to maintain the security and integrity of the App, or to protect any user’s security or the security of other persons, consistent with applicable laws. In such cases we may also delete some of your Personal Data (e.g. resetting your password to avoid unauthorized access)
when disclosure is directed or consented to by the user who has input the Personal Data
in the event that we go through a business transition, such as a merger, divestiture, acquisition, liquidation or sale of all or a portion of its assets, your information will, in most instances, be part of the assets transferred.
Information Posted by youInformation Posted by you
Any information (including Personal Data) you share in any online community area or online discussion is by design open to the App community. You should think carefully before posting any Personal Data in any public forum. What you post can be seen, disclosed to, or collected by third parties and may be used by others in ways we cannot control or predict, including to contact you for unauthorized purposes.
Retention of your Personal Data
When you use the App
After you Stop Using the App
If you choose to delete the App or deactivate your account, or your account becomes inactive for a while, we will retain your Personal Data for a reasonable period in case you decide to re-activate the Services. The App covers different periods of users’ lifecycle; therefore, retention of your data is needed in some cases to secure your smooth experience with other App functions (e.g., switching to pregnancy mode after cycle tracking).
You should be aware that we may retain certain Personal Data and other information after your account has been terminated or deleted in an aggregated, anonymized form. We reserve the right to use your information in any aggregated data collection after you have terminated your account, however we will ensure that the use of such information will not identify you personally. We will also retain your Personal Data as necessary to comply with legal obligations, resolve disputes and enforce our agreements.
Personal Data you Elect to Share with Third Parties
We take reasonable steps in order to ensure compliance of such third parties with any applicable laws that might govern the processing of your Personal Data.
Security of your Personal Data
General Security Measures
We take all reasonable and appropriate measures to protect all Personal Data collected from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the nature of the Personal Data that we process and risks associated with special categories of Personal Data we collect (information about health). Among others, we utilize the following information security measures to protect your Personal Data:
- Pseudonymization and tokenization of certain categories of your Personal Data
- Encryption of your Personal Data in transit and in rest
- Systematic vulnerability scanning and penetration testing
- Protection of data integrity
- Organizational and legal measures. For example, our employees have different levels of access to your Personal Data and only those in charge of data management get access to your Personal Data and only for limited purposes required for the operation of the App. We impose strict liability on our employees for any disclosures, unauthorized accesses, alterations, destructions, misuses of your Personal Data.
- Conducting periodical data protection impact assessments in order to ensure that the App fully adheres to the principles of ‘privacy by design’, ‘privacy by default’ and others. We also commit to undertake a privacy audit in the event of the Company’s merger or takeover.
Please understand that you can help keep your information secure by choosing and protecting your password appropriately, not sharing your password and preventing others from using your mobile device. Please understand that no security system is perfect and, as such, we cannot guarantee the absolute security of the App, or that your information will not be intercepted while being transmitted to us.
If you want to report a security incident related to the App please contact us at firstname.lastname@example.org under “Security Notice” subject.
General age limitation. We are committed to protecting the privacy of children. The App is not intended for children and we do not intentionally collect information about children under 13 years old. The App does not collect Personal Data from any person the Company actually knows is under the age of 13. If you are aware of anyone under 13 using the App, please contact us at email@example.com and we will take the required steps to delete such information and (or) delete her account.
Age limitation for the European Union residents.
Due to legal requirements you shall be at least 16 years old to use the App. We do not allow the use of the App by the European Union residents younger than 16 years old. If you are aware of anyone younger than 16 using the App, please contact us at firstname.lastname@example.org and we will take steps to delete such information and (or) delete her account.
Communication with you
We may contact you from time to time via email or through other means (like popups or push notifications) to communicate with you about products, services, offers, promotions, rewards, and events offered by us and others, and provide news and information that we think will be of interest to you.
Opt-out options. You can always opt out of receiving emails by unsubscribing via the “Unsubscribe” link contained in the email. Opting-out of these emails or notifications will not end the transmission of important service-related emails that are necessary to your use of the App. If applicable laws prescribe so, we may ask some users to provide their consent for such communications.
Please note that we may contact you with our information about products, services, offers, promotions, rewards, and events offered by us and others via third-party platforms (like social media). See more in section Processing to find new Anna users and stay in touch with you. Please note that you can always opt-out from such communication and usage of your Personal Data by contacting us at email@example.com.
Storage and international Personal Data transfers
The Company is based in the United States, and Personal Data we collect is governed by U.S. law. Please be advised that U.S. law and laws of other countries may not offer the same protections as the law of your jurisdiction.
In addition, you agree that Personal Data collected may be stored and processed in Canada and the United States, where the Company rents servers, or in any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the App, you consent to any such transfer of Personal Data outside of your country.
Privacy Shield Notice
Please bear in mind that we may transfer your Personal Data to the United States whose data protection is not deemed adequate under applicable data protection law.
Complaints and Dispute Resolution
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at firstname.lastname@example.org.
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the following link for more information or to file a complaint. The services of JAMS are provided at no cost to you.
You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country (including Switzerland) participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident. The arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.
U.S. Federal Trade Commission Enforcement
Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Onward Personal Data transfers
In the context of an onward data transfer we have responsibility for the processing of Personal Data we receive under the Privacy Shield. We remain liable under the Principles if our processor processes such Personal Data in a manner inconsistent with the Principles and applicable laws, unless we prove that we are not responsible for the event giving rise to the damage. For any onward transfer we commit to execute a formal agreement with any receiving party or processor acting on our behalf.
If we receive Personal Data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the Personal Data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.
Data Protection Officer (DPO)
To communicate with our Data Protection Officer, please email at email@example.com or use the “Contact us” page.