As a leading group specializing in health, nutrition, and exercise, we are dedicated to offering online diet and exercise programs, along with engaging challenges focused on lifestyle modification, healthy eating, weight loss, and more.
When using our apps or websites, we may request information such as your name, email, current weight and height, target weight, fitness level, areas for improvement, and food preferences. In some instances, you may have the option to skip certain onboarding questions. Additionally, we automatically collect device data such as language settings, IP address, time zone, device type and model, operating system, Internet service provider, and unique identifiers. This data is essential for delivering our services, analyzing app usage, and serving ads.
In our efforts to enhance the user experience and attract more individuals to our services, we utilize third-party solutions such as Amplitude, Facebook, Firebase, Google, Apple, Appsflyer, and Crashlytics. By doing so, we can process data to analyze user interactions, including subscription frequency, average user metrics, and customized ad targeting.
For more information about how we handle data (Section 2), your data privacy rights (Section 5), and the relevant data controller (Section 12), please refer to our Privacy Policy. If you have any unresolved questions or wish to exercise your privacy rights, please feel free to contact us at [email protected]
Our Privacy Policy aims to elucidate the collection and processing of personal data when using our mobile applications, websites, and related services (“App” or “Service”).
By utilizing the Service, you are affirming that (i) you have thoroughly reviewed, understood, and consented to this privacy policy, and (ii) you are at least 16 years old (or have obtained approval from a parent or guardian). If you do not agree or cannot make this pledge, refraining from using the Service is imperative. In such an instance, it is necessary to (a) delete your account, contact us to request the deletion of your data; (b) terminate any subscriptions via the provided functionalities from Apple (for iOS users) or Google (for Android users), any other available app stores, or directly through us if purchased from our websites; and (c) remove the App from your devices.
Translations from the English version are solely for convenience. In the event of any disparities in meaning or interpretation between the English language version of this Privacy Policy and any translation, the English version shall prevail as the sole legally binding document.
Furthermore, the term “GDPR” refers to the General Data Protection Regulation (EU) 2016/679, which involves the safeguarding of personal data and its free movement. “EEA” encompasses all existing member states within the European Union and the European Economic Area.
In the context of personal data, “Process” encompasses the activities of collection, storage, and disclosure to others.
Outlined below are the contents of our Privacy Policy:
1.Categories of personal data collected
2.Purposes for processing personal data
3.Legal bases for processing personal data (Applicable to EEA-based users only)
4.Parties with whom personal data is shared
5.Steps for exercising privacy rights
6.Age limitations
7.International data transfers
8.Changes to the privacy policy
9.California privacy rights
10.Data retention
11.Handling of “do not track” requests
12.Personal data controller
13.Contact details
1.Categories of personal data collected
At Grishana, the privacy and security of our users’ personal information is of utmost importance. We gather personal data from our users voluntarily, such as their physical characteristics, preferred diet, and exercise habits, as well as through automatic means like their IP addresses. We also receive information from third-party sources, such as when users sign up using the Apple ID login.
The personal data collected may contain sensitive or special categories of personal data as defined by applicable data protection regulations, and we always obtain explicit user consent before processing such data. We also provide an option for users to withdraw their consent at any time.
In situations where special category personal data is necessary for us to provide services to our users, such as requiring diabetes type to offer tailored meal plans or heart rate data from our wellness band for tracking fitness progress, we obtain consent before processing this data.
Our wellness band is a tracking device that monitors a user’s fitness metrics like sleep duration, heart rate, and steps taken. We seek consent from users before collecting any such data, via a pop-up screen that appears when the user connects the device to the Grishana app.
When users sign up for Grishana using the Apple ID login, we collect personal data like their verified email address and full name. Users have the option to share their real email address or an anonymous one via the private email relay service. Apple also provides in-depth privacy information on the sign-up screen.
At Grishana, we strictly adhere to all relevant privacy laws and regulations and prioritize transparency with our users when it comes to how we collect, process, use and share personal data. We clarify the types of data we collect in our privacy policy, as well as when users can expect notifications from us, how we store their data, and how they can exercise their privacy rights and contact us for inquiries and concerns.
Automatically Collected Data:
a. Referral Data:
We gather information about how you discovered our services, including the app or URL that referred you to us. This helps us understand the effectiveness of our advertisements and marketing efforts.
b. Device and Location Data:
We collect data from your mobile device, such as your language settings, IP address, time zone, device type and model, operating system, internet service provider, mobile carrier, hardware ID, and Facebook ID. When you sync your Grishana device through our app, we also collect details including the IP address used for syncing, sync time and date, geographic location of the device, and information about your Grishana device’s battery level.
c. Activity Data:
When you sync your Grishana device through our app, we collect activity data such as the number of steps taken, distance covered, pace, type and duration of physical activities, calories burned, heart rate, and sleep patterns and quality.
d. Usage Data:
We track your interactions with our service to improve your experience. This includes logging taps on specific areas of the interface, the features and content you engage with, workouts completed, time and duration of workouts, frequency of app usage, duration spent in the app, progress in your training program, and subscription orders. We also record your interaction with ads within our app and the internet links associated with those ads.
e. Advertising IDs:
We collect your Apple Identifier for Advertising (IDFA) or Google Advertising ID (AAID) depending on your device’s operating system. These identifiers help us personalize and optimize the advertisements you see. You can usually reset these identifiers through your device’s settings.
f. Transaction Data:
When you make payments through our service, we rely on third-party service providers to process the financial account data you provide, such as your credit card number. While we do not collect or store full credit card numbers, we may receive transaction-related data such as the date, time, amount, and payment method used.
g. Cookies:
We utilize cookies and tracking pixels on our website for record-keeping and tracking purposes. Cookies can be either session-based (which expire when you close your browser) or persistent (which remain on your hard drive for an extended period). These cookies help us automatically recognize you on future visits and may store certain information you have previously entered on our service, making it more convenient for you. Most cookie data is only stored for a limited period on your device.
2.For what purposes we process your personal data
We process your personal data for the following purposes:
2.1. Providing our Service:
We process your data to ensure a seamless experience using our Service, address any errors or technical issues, and manage orders. This includes providing you with metrics such as steps, activity, heart rate, and sleep patterns from your device. We use trusted service providers, such as Amazon Web Services, to host personal data and ensure the operation of our app, as well as monitoring services like Crashlytics and Firebase Performance Monitoring to track app performance.
2.2. Personalized Experience:
We process your personal data, including characteristics and preferences, to customize the content of our Service and provide tailored recommendations. This may include offering a nutrition plan with vegetarian options or providing a customized meal plan offer via in-app chat to help you achieve your goals.
2.3. Account Management and Customer Support:
We process your personal data to manage your account and provide customer support. This includes addressing any technical support requests and sending notifications or emails related to the performance of our Service, security, payment transactions, or updates to our Terms and Conditions and Privacy Policy.
2.4. Communication about your Use of our Service:
We communicate with you through push notifications, sending reminders, motivational messages, and other information related to our app. You may receive a daily push notification reminding you to work out. You can manage your push notification settings on your device. We use messaging and customer service tools like Intercom to communicate with you within the app. When you chat with us, certain data is transferred to Intercom to enable identification and communication. We also use message sending services like Firebase Cloud Messaging, Firebase Notifications, and Apple Push Notification service to send messages and notifications across platforms and devices.
These are the main purposes for processing your personal data in connection with our Service. We prioritize the security and protection of your data and comply with privacy regulations to ensure your privacy rights are respected.
2.5. Research and Analysis:
We collect and analyze data to better understand our business, improve the Service, and develop new products. This analysis helps us plan, design, and enhance the features and training plans within the Service. For instance, if we find that users engage more frequently with workouts focused on leg exercises, we may introduce a new workout specifically targeting this area. We use various analytics tools such as Appsflyer, Facebook Analytics, Amplitude, Google Analytics, Firebase Remote Config, Firebase Analytics, and Fabric Answers to conduct research and analyze how users interact with our App. These tools provide us with valuable insights to improve the Service based on user preferences and behaviors.
2.6. Marketing Communications:
We process your personal data to send marketing communications, such as special offers, about our products. If you do not wish to receive marketing emails from us, you can unsubscribe by following the instructions provided in the footer of the emails. We may also show you advertisements within our App and send push notifications for marketing purposes. You can opt out of receiving push notifications by adjusting the settings on your device.
2.7. Personalized Ads:
We and our partners use your personal data to personalize advertisements and display them at relevant times. For example, if you have installed our App, you might see ads of our products in your social media feeds. To opt out of personalized advertising, you can follow the instructions below based on your device:
iOS: Go to “Settings” > “Privacy” > “Advertising” and select “Limit Ad Tracking.” You can also reset your advertising identifier in the same section.
Android: Open the Google Settings app on your device, tap “Ads,” and enable “Opt out of interest-based ads.” You can also reset your advertising identifier in the same section.
Additionally, you can visit the provided links to learn more about influencing advertising choices and opt out of certain interest-based advertising networks.
2.8. Push Notifications:
If you want notifications from your mobile device to be displayed on your Grishana device, you can grant us the necessary access in your mobile device system settings. You have the option to withdraw this access directly in your device system settings at any time.
2.9. Payment Processing:
For paid products or services within the Service, we use third-party services for payment processing. This ensures secure payment transactions, and we do not store or collect your payment card details. The information is provided directly to our third-party payment processors.
2.10. Enforcement and Fraud Prevention:
We may use personal data to enforce our Terms and Conditions of Use and to prevent and combat fraud. In certain situations, we may share your information, including with law enforcement agencies, if required by applicable laws and regulations.
2.11. Legal Obligations:
We may process, use, or share your data when legally required to do so, such as in response to a request from a law enforcement agency.
Please note that the information provided is a summary and more detailed information can be found in the respective Privacy Policies of the mentioned service providers.
3.Legal bases for processing personal data (Applicable to EEA-based users only)
Under the European Economic Area (EEA) data protection laws, we process your personal data based on the following legal bases:
Consent:
We obtain your consent to process your personal data for specific purposes, such as sending you marketing communications, processing sensitive data, and using data obtained from the Grishana Band.
Contractual Necessity:
We process your data to perform our contract with you, which includes providing the Grishana Service as outlined in our Terms and Conditions of Use, customizing your experience, managing your account, providing customer support, and processing payments.
Legitimate Interests:
We process your data based on our legitimate interests, unless your interests or rights override them. This includes communicating with you about your use of the Service, conducting research and analysis to improve our Service, sending you targeted marketing communications, personalizing ads, enforcing our Terms and Conditions of Use, and preventing fraud.
Legal Obligations:
We may process your data to comply with legal obligations, such as responding to requests from law enforcement agencies.
4.Parties with whom personal data is shared
We may share your personal data with third parties who assist us in operating, improving, supporting, and marketing our Service. These third parties provide services and perform various business functions on our behalf, based on our instructions. The types of third parties we share information with include:
1.Service Providers:
We share personal data with cloud storage providers for storing data (e.g., Amazon), data analytics providers for analyzing user interactions (e.g., Facebook, Google, Appsflyer, Firebase, Crashlytics, Amplitude, Fabric), and measurement partners for tracking metrics related to our Service.
2.Marketing Partners:
We work with marketing partners such as social media networks, marketing agencies, and email delivery services (e.g., Facebook, Google, Snapchat) to promote our Service and reach our target audience effectively.
3.Payment Processing Providers
When you make a payment for our paid products or services, we share your data with third-party payment processors to handle the transaction securely.
4.Communication Services Providers:
We collaborate with communication services providers (e.g., Intercom, Zendesk) to facilitate communication with users and provide customer support.
5.Shipping Providers:
If applicable, we may share your personal data with shipping providers to deliver physical products associated with our Service.
When you give us express permission on your device, we may receive and/or share data about your activity with/from Health App, which includes Apple Health Kit and Google Fit.
In some of our Apps, you can choose to allow us to access the following information from the Health App: number of steps, covered distance, weight, and dietary energy. If you grant us permission to share data with the Health App, we will transfer information on your workouts, weight, and dietary energy (calories intake).
Before deciding to share your data with the Health App, we recommend reviewing their privacy policy as your data will be subject to their policies. You can find more information on Apple HealthKit at apple.com/ios/health and on Google Fit at google.com/fit.
The use and transfer of information from Google APIs in our Apps adhere to Google API Services User Data Policy, including the Limited Use requirements.
Generally, we do not transfer Google Fit data to third parties, except when necessary for (1) providing or improving user-facing features in our Apps, (2) complying with applicable laws, or (3) conducting a merger, acquisition, or sale of assets with notice to users.
We have implemented strong data protection and security measures to maintain high standards. No sensitive information is stored in application logs or included in backups unless necessary for the app’s functionality. Our app employs proven security measures, including encryption of data transmitted over the network using TLS, with regular updates to ensure the latest security recommendations are met. We also have robust access management processes and controls in place. Additionally, data requested from Google Fit is processed internally on users’ devices.
Access to the Google Fit data we obtain from you is restricted. Humans are not allowed to read this data, except (1) with your consent, (2) for security purposes such as investigating abuse, (3) when required by law, or (4) for internal operations where the data is aggregated and anonymized.
You can withdraw our access to read/write data from the Health App anytime directly within the Health App. We do not use the information obtained through the Health App for advertising or similar services. Below is more detailed information on how we process the data obtained from the Health App and what happens when you share your data with the Health App.
What information we may read (receive) from the Health App?
How do we use the information obtained from the Health App?
Number of steps (Apple Health Kit; Google Fit):
In our App, you can set a daily step goal, and we track your progress by inputting the number of steps. This allows us to provide you with convenient access to this information through App charts and aggregated data like your weekly average steps. We also send motivational messages to encourage you to reach your daily step goal, and you may even receive a badge in the App for consistent achievements.
Distance (Apple Health Kit; Google Fit):
If you grant our App access to your distance data, we can calculate and display the distance covered during distance workouts.
Dietary energy (Apple Health Kit; Google Fit):
We use this information to show you statistics on consumed calories and provide recommendations for calorie intake to help you achieve your goals. Additionally, we demonstrate how many calories you have consumed throughout the day.
What information we may write (transfer) to the Health App? What happens when you share your data from the App with the Health App?
Weight (Apple Health Kit; Google Fit):
If you manually input your current weight into our App, this information will be shared with the Health App to update your measurements.
Dietary energy (Apple Health Kit; Google Fit):
If you track your calorie intake in our App, this information will be shared with the Health App to update your statistics.
Workouts (Apple Health Kit; Google Fit):
You can choose to share workout information with the Health App. This allows the Health App to know the duration of the workouts you perform in our App.
We may utilize and disclose personal data in order to uphold our Terms and Conditions of Use, safeguard our rights, privacy, safety, or property, as well as those of our partners, you, or others. We may also respond to requests from courts, law enforcement agencies, regulatory bodies, and other public or governmental authorities, as allowed by law.
As we evolve our operations, there may be instances where we acquire or transfer assets or business offerings. Customer information is typically one of the assets that may be transferred in such transactions. We may also share this information with affiliated entities (such as parent or subsidiary companies) and transfer it in the course of corporate transactions, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the rare event of bankruptcy.
5.Steps for exercising privacy rights
To ensure control over your personal data, you are entitled to exercise the following privacy rights:
Accessing / reviewing / updating / correcting your personal data: You retain the right to review, modify, or rectify the personal data you have previously provided in the profile section of the App. If you wish to obtain a copy of the data we process, please submit a data access request.
Deleting your personal data:
You can request the deletion of your personal data in accordance with applicable laws. We will make reasonable efforts to fulfill your request. However, please note that in some cases, we may be legally obligated to retain certain data for a specific period. In such instances, we will fulfill your request once we have fulfilled our obligations.
Objecting to or restricting the use of your personal data:
You have the right to request the cessation of all or specific uses of your personal data, or impose limitations on our usage.
Additional information for EEA-based users:
If you reside in or are based in the European Economic Area (EEA), the following rights apply:
The right to lodge a complaint with a supervisory authority:
While we encourage direct contact with us to address your concerns, you also have the right to lodge a complaint with a competent data protection supervisory authority in the EU Member State where you reside, work, or where the alleged infringement occurred.
The right to data portability:
Should you desire to receive your personal data in a machine-readable format, you can make a request for a copy of your data as outlined above. The data will be provided to you in a .json file format or another appropriate format.
To exercise any of your available privacy rights, please send a request to [email protected]
6.Age limitations
We do not intentionally collect or process personal data from individuals under the age of 16. If you become aware of anyone under 16 providing us with personal data, please contact us at [email protected]
7.International data transfers
In order to offer the Service as outlined in the Terms and Conditions of Use and for the purposes stated in this Privacy Policy, we may transfer personal data to countries outside the jurisdiction where the data was initially collected. If these countries do not have the same data protection laws as the country in which you initially provided the information, we implement appropriate measures to ensure your data is safeguarded.
8.Changes to the privacy policy
This Privacy Policy may be updated periodically. If significant changes are made to this Privacy Policy, you will be informed through our Service or other available means and will have the opportunity to review the revised Privacy Policy. By continuing to access or use the Service after the changes take effect, you agree to be bound by the updated Privacy Policy.
9.California privacy rights
This section of the privacy policy provides additional information about how we handle the personal data of California residents and the rights they have under the California Consumer Privacy Act (CCPA) and California’s Shine the Light law. Please note that this section is applicable only to residents of California, United States.
For more details regarding the personal information we collect, including the categories of sources, please refer to Section 1 above. We collect this information for the purposes outlined in Section 2 of this Privacy Policy. We may also share your information with specific categories of third parties as mentioned in Section 4.
With certain limitations, the CCPA grants California residents the rights to request more information about the categories or specific pieces of personal information we collect (including how we use and disclose this information), delete their personal information, opt-out of any “sales” that may occur, and not face discrimination for exercising these rights.
If you are a California resident, you can make a request regarding your CCPA rights by contacting us at [email protected]. We will verify your request and provide you with relevant information. You may also appoint an authorized agent to exercise these rights on your behalf.
Access rights under California’s Shine the Light law
In addition, California residents have additional access rights under the Shine the Light law. Residents have the right to inquire once a year about the personal information we disclose to third parties for direct marketing purposes. For more information on what is considered personal information under this statute, please visit the provided link.
To request this information from us, please send an email to [email protected] with the subject line “Request for California Shine the Light Privacy Information.” In the body of your message, include your state of residence and email address. Please note that not all information sharing is covered by the Shine the Light requirements, and our response will include only the information pertaining to covered sharing.
10.Data retention
We will keep your personal data for a duration deemed reasonably necessary to fulfill the purposes outlined in this Privacy Policy, which encompasses providing the Service to you, among other objectives. This retention period includes, but is not limited to, the duration of time during which you hold an account with the App. Additionally, we will retain and utilize your personal data as required to meet our legal obligations, settle disputes, and enforce our agreements.
11.Handling of “do not track” requests
This App does not currently support “Do Not Track” requests, unless otherwise indicated in this Privacy Policy. To find out if any of the third-party services we utilize honor “Do Not Track” requests, we recommend reviewing their respective privacy policies.
12.Personal data controller
The Grishana corporate group is responsible for managing your personal data.
13.Contact details
If you have any inquiries regarding this Privacy Policy or its previous versions, please feel free to get in touch with us. For any questions or concerns regarding your account or personal data, please contact us at [email protected]