Table of Contents
Last Updated 5/20/2022
We may provide additional privacy notices to you at the time we collect your data. This type of an “in-time” notice will govern how we may process the information you provide at that time.
1. Information We Collect
We may obtain information about you in a variety of ways, including through your use of our Services, when you call, email or otherwise communicate with us (including through social media), or when you participate in events or other promotions.
Categories of personal information we collect:
- A. Identifiers.
- Name, email address, unique online identifier (UUID, Advertising ID, IDFA), IP Address
- B. Personal Records
- Name, email address, username and password, zip code, credit card information (when you purchase directly from our website);
- C. Protected classification characteristics under California or federal law.
- Age, Gender
- D. Commercial information.
- Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; website and/or application content viewed.
- E. Biometric information.
- F. Internet or other similar network activity.
- Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. See Information collected by Automated Means in Section 2 below for further details.
- G. Geolocation data.
- H. Sensory data.
- Photographs and videos that you voluntarily choose to upload through our community and social features.
- I. Inferences drawn from other personal information.
We may only collect some of the information above for certain services. In addition to the above, we may also collect the following types of information:
- To customize our Services to your requirements, we may ask you to tell us your fitness goals and other related information. Separately, we may offer you opportunities to add further information, which will provide additional customization of the Services for you. If you choose not to share some or all of this information with us, you may not have access to certain features of our site and mobile applications.
- Content, comments, photographs, video submissions or your likeness when you provide it to us as part of our community and social features
2. Sources of Information and Purposes of Use
Some of this information you provide to us and some we collect when you use our Services. We also may obtain information about you (including personal information) from our business partners, such as vendors, and others.
Information collected from you
The following are examples of the types of information we may collect directly from you:
- Name. We require your name at the time of sign up in order to process your payments.
- Email address. We use your email address to (i) communicate with you about our Services, including our other products and provide you with exclusive offers; ii) responding to your requests, inquiries, comments, and suggestions; (iii) and communicating with you about your account.
- Username and/or Password. Certain of our Services use this information to facilitate your access to our website or mobile application and validate your login for your security.
- Payment card and other payment information. If you pay for Services directly through our website, you authorize us to have our payment processor collect this information.
- Fitness Goals. You may choose to tell us about your goals to personalize the Service for you.
- Age. You may choose to provide your age to help us personalize the Services. This is voluntarily provided information.
- User Content (comments, photos, videos). You may choose to provide user content when you use our community or social features.
- Customer Service Interactions. If you contact our customer support team, we collect the information you give us during this interaction.
Information collected by automated means (“Automated Information”)
“Pixel tags” (also known as a “clear GIFs” or “web beacons”) which are tiny images (in most cases, typically just one-pixel) that can be placed on a Web page or in our electronic communications to you in order to help us measure the effectiveness of our content by, for example, counting the number of individuals who visit us online or verifying whether you’ve opened one of our emails or seen one of our Web pages.
“HTML5” (the language some websites, such as mobile websites are coded in) may be used to store information on your computer or device about your website usage activities and to help determine how our Services are being used by our visitors, how the services can be improved and to customize our Services for our users.
Web browsers may offer users of our websites the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly. The “help” menu on most internet browsers contains information on how to disable cookies, or you can visit www.aboutcookies.org/how-to-control-cookies/.
Automated Information includes information such as:
- IP address
- Browser type/version (for example: Firefox 59.0.2 (64 bit))
- Browser language (for example: English)
- Operating system used (for example: Windows 10)
- Internal resolution of the browser window
- Service provider and signal strength
- Hardware and software information
- Device Type
- Services online
- Time zone
- Identifiers associated with cookies or other technologies that may uniquely identify your device or browser
- AdvertisingID (such as Google’s AdvertisingID and Apple’s IDFA, both of which are randomly generated numbers that you can reset by going into your device’s settings)
- Adjust ID (this identifier lets us know where our users found our Services online, record user app events and optimize our advertising efforts)
- Screen resolution
- Java on / off
- Color depth
- Dates and times of access
This Automated Information is generally used for the following purposes:
- for the technical provision of our Services in order to be able to provide you with a functioning user-friendly experience
- to provide you with a secure experience and to take measures to protect our website and mobile applications from cyber risks
- to uncover insights about your use of our website and mobile applications in order to improve our Services and features, including developing new products and features
- to facilitate your access to our website or mobile application
- to customize our Services for you
- to help us better understand our current and potential customers and optimize the application of our Services accordingly
- events and usage data are captured for our internal business analytics in order to understand how our users interact with our mobile applications and use our services. For example, we may capture when a user visits a screen, taps a button, permits notifications, upgrades, or otherwise interacts with the app or Site.
- Monitoring and analyzing the effectiveness of our communications (including by identifying when emails sent to you have been received and read)
Information collected from service partners and integrated services.
We may obtain information, including personal information from third parties and sources that we integrate into our Services either for the provision of our services or to facilitate your access to our Services such as described below.
If you purchase a subscription to one of our mobile apps, neither Google nor Apple provide us with any personal information of the subscription purchaser (like name, email or payment information). Only an anonymized Subscription ID or Order ID gets transferred to Cancer Champions. If you create a Cancer Champions account, this anonymized subscription information gets attached to your record for the purpose of subscription sharing with your Cancer Champions account across multiple devices.
3. How We May Use Your Personal Information
In addition to the purposes described above, we may use the information we collect for a variety of purposes, such as the following:
Performing Our Services
- Maintaining or servicing accounts, providing customer service, operation of our website and mobile applications; processing or fulfilling orders and transactions, verifying user information, processing payments.
- For your convenience, if you register for one of our mobile applications, we may port over your login and/or profile data to other mobile applications or Services that you purchase from us.
- We may link your account across one or more devices or Services so that you can enjoy a consistent experience across all devices and/or Services that you access.
- Communicating about the products and services we offer, and responding to requests, inquiries, comments, and suggestions.
- Providing social and community features, including publicly displaying content (comments, photos, videos) that you voluntarily post.
- Understanding and evaluating how our services and features perform with our users.
- Uncovering insights about usage in order to improve the services and provide customers with enhanced features as well as inform our development of new features and products.
- Development of customized or personalized experiences of our Services, such as remembering your information so you do not have to re-enter it each time you use one of our Services.
- Auditing Interactions with Consumers
- Measuring usage of our websites and mobile applications.
- Measuring our advertising and marketing activity (e.g., measuring how a user was acquired).
- To provide you with a secure experience and to take measures to protect our website and mobile applications from cyber risks.
- Protecting against, identifying, investigating, preventing, and responding to fraud, illegal activity (such as incidents of hacking or misuse of our websites and mobile applications), and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide.
- Identification and repair of impairments to intended, existing functionality of our Services
- Understanding our customer in order to more effectively market our Services.
- We use your email (with your consent where required) to send you information about our products and services and exclusive offers.
Quality and Safety Maintenance and Verification
- Activities related to improving the quality of the Services we provide, including upgrade or enhancement of the Services.
- Verification or maintenance of the quality or safety of Services.
- Tracking and responding to quality and safety matters.
- Protecting our rights and property.
- Complying with legal or regulatory requirements, judicial process, industry standards and our company policies.
- Other purposes that may be described at the time you choose to provide personal information to us.
We may also aggregate and/or de-identify any information that we collect, such that the information no longer identifies any specific individual. We may use, disclose and otherwise process such information for our own legitimate business purposes – including historical and statistical analysis and business planning – without restriction.
4. How We May Share Information about You with Others
Third Party Service Providers
We may share information about you with the following categories of third-party providers for a variety of business purposes:
- Customer Communications and Insights Platforms. We may share email, app usage and interactions with our third party customer communications platform provider for the following business purposes: performing services that allow us to communicate with you and administer your account as well as track your usage for our internal analytics.
- Internal Business Insights Platforms. Our third party internal business analytics platform provides us with the tools to help us understand app usage and interactions and uncover insights that allow us to improve our product and features as well as optimize our marketing. We may share or make available unique user identifiers, IDFA, deviceID, IP address, Adjust ID and app usage and events (such as when you subscribed to our services) with these providers for the following business purposes: performing services that allow us to (i) monitor and understand usage in order to enhance existing Services or develop new products and features and (ii) better understand our customers in order to market our products more effectively.
- Measurement and Attribution. These service providers offer tools that allow us to measure and attribute the source of new subscription sign ups and that allow us to uncover insights about usage and app events. We may use unique user identifiers made available to us from these third party providers to help us measure the effectiveness of our ads (e.g., where and how a user is acquired) and to uncover information about how our customers are using our apps in order to improve their quality and safety. We may also share and/or store the unique identifiers with these providers for the same purpose.
- Other technology providers necessary to provide our services (including cloud storage and web hosting providers). We store user provided and Automated Information and/or aggregate or non-personally identifiable information with our cloud storage providers. We also may make certain Automated Information available for various purposes such as monitoring network traffic to detect malicious actors and to protect against malware, fraud or other unlawful uses or activity.
- Payment processors. If you purchase our Services outside of the Apple or Google stores, we will process your payment through our third party provider. When you pay in this manner, you authorize and direct us to process your payment through our payment processor.
- Marketing providers. We, or the third party service providers we use to assist us with marketing our own products to you, may use the information we collect from you to provide advertisements and offers for our other products. For example, we may share information with Meta that allows us to create Custom or Lookalike Audiences. You may learn more about Facebook Lookalike Audiences at https://www.facebook.com/business/help/164749007013531. Additionally, we may share certain information, including app events, with Facebook or other advertising partners that provide us with optimization services for our advertising. You can learn more about how to opt out of having such activity sent to Facebook at https://www.facebook.com/help/2207256696182627 and https://www.facebook.com/off_facebook_activity/. We may also use Google Ads to advertise our products. When you view or click on an ad on a website or app, tracking technology may be set by Google to help better provide advertisements that may be of interest to you. You may opt-out of the use of this tracking technology by visiting Google’s Advertising and Privacy page: www.google.com/privacy_ads.html. Additionally, we may obtain your information in connection with a contest, sweepstakes, event, offering or other promotional activity that is jointly offered by us and any third parties. By entering such contest or sweepstakes, you authorize and direct us to share your information with our co-sponsor. We may also share your information with a third party service provider who administers the promotion, contest and/or sweepstakes. We may also share aggregate information to third party providers and platforms that help us understand our user demographic, including user demographic interests, habits and usage patterns for certain of our Services so that we may market our products more effectively.
Legal, Regulatory, Compliance and Similar reasons
In addition, we may disclose and/or share your information to comply with legal or regulatory requirements (including to comply with a court order, judicial subpoena or other subpoena or warrant), industry standards, judicial process, and our company policies, as well as to protect against, identify, investigate, prevent and respond to fraud, illegal activity (such as identifying and responding to incidents of hacking or misuse of our websites and mobile applications), adverse event reporting, and claims and other liabilities.
We also reserve the right to disclose your information (i) when we believe in good faith that disclosure is appropriate or necessary to take precautions against liability, (ii) to protect our rights or property or the legal and property rights of others and (iii) investigate and defend third party claims or allegations against us.
5. Do Not Track Disclosures
Some web browsers may transmit “do-not-track” signals to the websites with which the user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are aware of them. Because there currently is no industry standard concerning what, if anything, websites should do when they receive such signals, our Sites do not currently process or respond to “do-not-track” (DNT) settings in your web browser. If and when a final standard is established and accepted, we will reassess how to respond to these signals.
6. Social Media
If you choose to communicate with us or another user through social features available on our websites or mobile applications or through our social media pages, or other similar communication or messaging features or services, such information may be made publicly available. For security purposes, please do not include any password, social security number, payment card or other sensitive information via these features. We have the right, but not the obligation to monitor messages and communications between and among users for security and training purposes. We may, but are not obligated to, remove any content we deem (in our sole discretion) to be inappropriate.
7. Information for Individuals in the European Economic Area (EEA)
Your Choices and Rights
As a resident of the EEA, you may have some or all of the following rights in relation to how we use your personal information:
- you may request access to your personal information and receive copies of it;
- you may have inaccurate/incomplete personal information corrected and updated;
- Object to, or Limit or Restrict, Use of Data:
- you can ask us to stop using all or some of your personal information or to limit our use of it;
- in certain circumstances, you can request a right “to be forgotten” (this is a right to have your information deleted or our use of your data restricted). We will honor such requests unless we have to retain this information to comply with a legal obligation or unless we have an overriding interest to retain it;
- in certain circumstances, exercise the right to data portability (this is a right to obtain a transferable version of your personal information to transfer to another provider); and
- Consent Management:
- where we rely on consent to process your personal data, you may withdraw consent at any time. You do not have to provide a reason for your withdrawal where processing is based on consent.
If you are a resident of the EEA and you wish to access, change or delete personal information we hold about you, you may contact us at [email protected]. If we change or delete your personal information or if you decline to actively share certain personal information with us, we may not be able to provide you with our Services or some of the features and functionality of our Services. In addition, you may contact us to request that we not disclose your personal information to third parties (other than those that are acting as our agent to perform tasks on our behalf, such as data processors). Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on the rights and freedoms of another person. For example, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.
For your protection, we may require proof of identity and verification before we can answer the above requests.
Legal basis for processing data
In this section, we identify the legal grounds on which we rely to process personal information.
In some cases, we have a legitimate interest to process the personal information that we collect, such as to develop, administer and support our products and services; to operate, evaluate and improve our business; to facilitate and manage engagement programs; to promote research; to support our recruitment activities; or to facilitate a Corporate Transaction (including a sale of assets or merger or acquisition).
In other cases, we process personal information to fulfill our contracts with business partners, such as third parties that distribute our products.
It may also be necessary for us to process personal information to establish, exercise or defend against fraud, illegal activity, and claims and other liabilities, including by enforcing the terms and conditions that govern the services we provide.
Our processing of certain information may be necessary to comply with our legal obligations, and for reasons of public interest, such as with respect to adverse events and product safety reporting.
We may also process personal information as specifically permitted by applicable legal requirements.
If we rely on consent for the processing of your personal information, we will seek such consent at the time we collect your personal information.
International data transfers
We may transfer your personal information to countries other than the country in which the data was originally collected for the purposes described in this Privacy Notice. For example, if you are located outside of the United States, we may transfer your personal information to the United States, where Cancer Champions is headquartered. The countries to which we transfer personal information may not have the same data protection laws as the country in which you initially provided the information. When we transfer personal information across borders, we consider a variety of requirements that may apply to such transfers.
Specifically, we may transfer personal information from the European Economic Area to:
- Countries that the European Commissions has deemed to adequately safeguard personal information,
- Pursuant to the recipient’s compliance with standard contractual clauses (also known as Model Clauses), EU-US Privacy Shield, or Binding Corporate Rules,
- Pursuant to the consent of the individual to whom the personal information pertains, or
- As otherwise permitted by applicable EEA requirements.
8. Information for Residents of California: Your California Privacy Rights
Access to Information and Data Portability Rights
You have the right to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
- The categories of personal information we have collected about you.
- The categories of sources from which we collected your personal information.
- The business or commercial purposes for our collecting or selling your personal information.
- The categories of third parties to whom we have shared your personal information.
- The specific pieces of personal information we have collected about you.
- A list of the categories of personal information disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
- A list of the categories of personal information sold about you in the prior 12 months, or that no sale occurred. If we sold your personal information, we will explain:
- The categories of your personal information we have sold.
- The categories of third parties to which we sold personal information, by categories of personal information sold for each third party.
You have the right to make or obtain a transportable copy, no more than twice in a twelve-month period, of your personal information that we have collected in the period that is 12 months prior to the request date and are maintaining.
Data Deletion Rights
Except to the extent we have a basis for retention under CCPA, you may request that we delete your personal information that we have collected directly from you and are maintaining. Note also that we are not required to delete your personal information that we did not collect directly from you.
Exercising Your Rights
To make a request for access, portability or deletion according to your rights under CCPA, please send an email to [email protected] with the subject line “Request for Consumer Personal Rights”. California Consumers may exercise these rights via an authorized agent who meets the agency requirements of the CCPA. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. For security, any request you submit to us is subject to an identification and residency verification process (“Verifiable Consumer Request”).
The Verifiable Consumer Request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Some personal information we maintain about Consumers is not sufficiently associated with enough personal information about the Consumer for us to be able to verify that it is a particular Consumer’s personal information (e.g., clickstream data tied only to a pseudonymous browser ID). As required by the CCPA, we do not include that personal information in response to Verifiable Consumer Requests. If we cannot comply with a request, we will explain the reasons in our response.
We will make commercially reasonable efforts to identify Consumer personal information that we collect, process, store, disclose, and otherwise use and to respond to your California Consumer privacy rights requests. We will typically not charge a fee to fully respond to your requests, but we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome.
We will not discriminate against you in a manner prohibited by the CCPA because you exercise your CCPA rights.
California’s “Shine the Light” law, Civil Code section 1798.83, requires certain businesses to respond to requests from California customers asking about the businesses’ practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. We do not currently engage in the type of sharing covered by that law and so no such list exists. We do not make any representations concerning third parties that do not collect personal information directly through our Services.
9. Online Privacy Choices and Rights
Device permissionsMobile platforms have permission systems for specific types of device data and notifications, such as camera and microphone as well as push notifications. Where applicable, you can change your settings on your device to either consent or oppose the collection of the corresponding information or the display of the corresponding notifications. Of course, if you do that, certain services may lose full functionality.
UninstallYou can stop all information collection by the app by disabling call forwarding and deactivating your account by following the instructions on the Service’s Settings screen and then uninstalling the app using the standard uninstall process for your device. If you uninstall the app from your mobile device, the unique identifier associated with your device will continue to be stored. If you reinstall the application on the same mobile device, we will be able to re-associate this identifier to your previous transactions and activities.
Location informationIf you choose to opt-in, some of our apps may collect your device’s precise real-time location, and in such cases, you may be able to opt out from further allowing us to have access to such location data by managing your location preferences in the app and/or on your device.
Notice to Nevada usersUnder Nevada law, Nevada residents may opt out of the “sale” of certain “covered information” (as defined under Nevada law) collected by operators of websites or online services. We currently do not sell covered information, as “sale” is defined by Nevada law, and we do not have plans to sell this information. However, if you would like to be notified if we decide in the future to sell personal information covered by the Act, please contact us at [email protected]. You are responsible for updating any change in your email address by the same method and we are not obligated to cross-reference other emails you may have otherwise provided us for other purposes. We will maintain this information and contact you if our practices change.
Marketing Opt-OutsSome of the service providers that we use to market our Services and show our ads on other websites and mobile applications may participate in the Digital Advertising Alliance’s (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising on the websites and mobile applications that you visit and use, including use of Cross-device Data for serving ads, visit http://www.aboutads.info/choices/, and http://www.aboutads.info/appchoices for information on the DAA’s opt-out program specifically for mobile apps (including use of precise location for third party ads). Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices/.
10. Data Retention
Except as provided below, we may retain your personal information for the longer of three (3) years after we become aware that you have ceased using our services or for so long as we have a legitimate business need for the information or to fulfill any legal and regulatory obligations. We may retain other information that is not personally identifiable for backups, archiving, prevention of fraud and abuse, analytics, or where we otherwise reasonably believe that we have a legitimate reason to do so.
11. How We Protect Personal Information
We use various efforts intended to safeguard the security and integrity of personal information collected through our Services. Despite these measures, however, we cannot and do not guarantee that information will be absolutely safe from interception or intrusion during transmission or while stored on our system, or otherwise, and you provide information to us at your own risk.
If you correspond with us by email, text message or using Web forms like a “contact us” feature available through our Services, you should be aware that your transmission might not be secure from access by unauthorized parties. We have no liability for disclosure of your information due to errors or unauthorized acts of third parties during or after transmission. If you create an account as part of using our Services, you are responsible for maintaining the confidentiality of your account password and for any activity that occurs under your account. Please notify us of any unauthorized use of your password or account.
If we believe that the security of your personal information in our care may have been compromised, we may seek to notify you. If we have your email address, we may notify you by email to the most recent email address you have provided us in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your email account using your computer or mobile device and email application software. We may also post a conspicuous notice on our site or notify you through the mobile application. By using the Site, you consent to our use of email, text message and/or notification through the app as a means of such notification. If you prefer for us to use the postal service to notify you in this situation, please let us know by submitting your request to [email protected]. You can make this election any time, and it will apply to notifications we make after a reasonable time thereafter for us to process your request. You may also use this email address to request a print copy, at no charge, of an electronic notice we have sent to you regarding a compromise of your personal information.
12. Links to Websites and Third-Party Content
For your convenience and information, we may provide links to websites and other third-party content that is not owned or operated by us. The websites and third-party content to which we link may have separate privacy notices or policies. We are not responsible for the privacy practices of any entity that it does not own or control. We encourage you to review the privacy policies of such third parties before providing them with any personal information.
13. Information Relating to Children
Our services are intended for general audiences over the age of 18 years old. We do not knowingly collect information from children under the age of 18 years old. If you are not over 18 years old then DO NOT DOWNLOAD OR USE THE SERVICES. If you believe that we may have personal information from or about a child under the age of 18 years old, please contact us at [email protected] (please include your name, mailing address, and email address). Note that we’ll attempt to delete the account of any child under the age of 18 that is reported to us as soon as possible. You are responsible for any and all account activity conducted by a minor on your account.
15. How to Contact Us