Rapty App - Smart Food Scanner

Privacy Policy | Rapty Health LLC

Last Updated: 23 November 2023

1. Introduction to Privacy Policy

This Privacy Policy explains how Rapty ("we" or "us") collects, stores, uses, transfers, and shares personal data from our users ("you") in connection with the Rapty mobile application, Rapty Food Scanner application (the "App"), and the rapty.health website, including any products and services related to them (collectively, the "Services"). Rapty is a data controller.

Note: The App may be listed under different names depending on your location.

We may change this Privacy Policy from time to time. If changes are significant, we will notify you by email or through the App. Your continued use of the Services after the policy update indicates your acceptance of the changes. Non-acceptance of these terms means you should not use the Services. The latest updates are available on our Website and in the App.

2. Personal Data Collection

We collect personal data about you when you interact with the Services, directly from you, or from other sources and third parties.

Personal Data You Provide Directly:

- General information: When signing up, we may collect personal data like your name, email address, year of birth, password, residence, time zone, and language. Sex and/or gender may be inferred from your use of the Services.

- With consent, we may connect to third-party services like Apple HealthKit and Google Health Connect for health and activity data.

Automatically Collected Data:

- Device information: Model, operating system, unique identifiers, device accessibility features, network information, storage.

- Location information: IP address, time zone, service provider.

- Service usage data: Frequency, accessed areas and features, payment information.

We use cookies and similar technologies for data collection. See our Cookie Policy for details.

Data from External Sources: We may receive data about you from third parties to enhance your user experience.

3. Use of Personal Data

We process your personal data based on legal bases, depending on the features used:

- Your Consent: For processing health data.

- Contractual Obligations: For providing the Services.

- Legitimate Interest: In providing and securing the Services.

- Legal Obligation: To comply with laws and regulations.

By using the Services, you agree to the collection and use of your personal data as outlined in this Privacy Policy.

4. Principles of Data Processing

We adhere to the principles of data minimization and purpose limitation: We will not process personal data in ways that are incompatible with the purposes for which it was collected or authorized by you. Additionally, we will avoid collecting any personal data that is unnecessary for these stated purposes.

Commitment to Non-Sale of Personal Data: We pledge not to sell or rent your personal data for monetary gains. Your personal data will not be disclosed, except as outlined in this Privacy Policy. We may share your data with our service providers who facilitate our services, as detailed in this Privacy Policy. Furthermore, data obtained through the Apple HealthKit or Google Health Connect framework will not be used for advertising or similar services, nor will it be sold to advertising platforms, data brokers, or information resellers.

5. Your Privacy Rights

Irrespective of your geographic location, we commit to offering you privacy rights akin to those provided under the General Data Protection Regulation (GDPR) concerning your personal data. These rights include:

- The right to access and review your personal data in our possession.

- The right to request correction of any inaccuracies in your personal data.

- The right to ask for the deletion of your data under certain conditions.

- The right to limit the processing of your personal data in specific scenarios.

- The right to move or transfer your personal data for use across different services.

- The right to object to the processing of your data based on our legitimate interests or public tasks.

- The right to oppose decisions made solely on automated processing, including profiling, affecting you legally or significantly.

- The right to revoke your consent to data processing at any moment.

- The right to file a complaint with relevant authorities if you believe your GDPR rights have been violated.

These rights are subject to certain conditions and limitations under the GDPR and might vary based on the context of the data processing activities.

6. To Exercise Your Privacy Rights

To exercise your privacy rights, please send an email to [email protected]

Response Time:

- We aim to respond to your request within 30 days of receipt.

- In complex cases, like complete data erasure from backup systems, it might take up to 90 days. We will inform you if an extension is needed and provide the reason for the delay.

Additional Considerations:

- For unclear requests, we may contact you for clarification.

- We reserve the right to refuse or charge a fee for unfounded or excessive (repetitive) requests.

- Identity verification is required. Normally, we verify requests through the email used during registration. For unregistered accounts, additional verification may be necessary.

Complaints:

- You have the right to complain to your local data protection authority about our processing activities.

- For concerns about our privacy practices, contact us at [email protected]

7. Third-Party Data Processing:

- Your personal data will not be shared with third parties, except as stated in this Privacy Policy.

8. Promotion of Services:

- With your consent, we may share non-health personal data with AppsFlyer for promoting Rapty’s services.

- AppsFlyer, a mobile marketing platform, processes your data as per our instructions.

- To extend our reach on various platforms, we use AppsFlyer and its partners. If sharing data with other platforms is needed, beyond what's described in this Privacy Policy, we will seek your consent.

8.1 When you join Rapty and provide your consent, we start sharing certain personal data with AppsFlyer and its integrated partners for promoting Rapty’s services. This data includes:

- Technical identifiers such as IP address (which may give general location information), user agent, IDFA for iOS devices, Android ID for Android devices, Google advertising ID, a unique customer-issued user ID, and other similar identifiers.

- Your age group.

- Your current subscription status with Rapty.

- Records of when you launch the Rapty App.

8.2. Rapty forwards your personal data to AppsFlyer, which then analyzes this data and provides us with reports and insights to optimize our promotional campaigns.

8.3. Concurrently, AppsFlyer transmits your personal data to several of its integrated partners (like Pinterest, Google Ads, Apple Search Ads, Meta Audience, and others). These partners analyze your data to locate you or individuals similar to you across different platforms, including social media sites. They display information relevant to Rapty to those who might be interested in our services or remind you about Rapty if you haven't used the App recently.

8.4. Opt-out Options: You have the right to revoke your consent or opt out from the sharing of your personal data with AppsFlyer for marketing purposes at any time by altering your device settings on iOS or Android. However, please note that the use of AppsFlyer for integrating data between the Website and App, particularly for onboarding new users, is obligatory, and you cannot opt out of AppsFlyer’s data processing for these purposes.

9. To Facilitate App Functionality

There are instances where we collaborate with external companies, designated as “processors,” to manage your personal data on our behalf.

These processors are crucial in helping us operate the Services effectively. They assist in our communication with you and conduct various activities associated with the App. Their role involves processing specific personal data under our direction, contributing to the overall functionality of the App and the provision of Services. We maintain responsibility for any actions or oversights by our processors and ensure to establish data processing agreements with them, adhering to the requirements of relevant laws.

10. Aggregated Data Usage

We may process your personal data into aggregated, anonymized, or de-identified forms, rendering it unidentifiable to you. This data might be shared with entities like academic research institutions or utilized for statistical analyses. For instance, we could distribute or utilize generalized demographic information and collective statistics about activities or symptoms from the data gathered to spot trends among users. These insights can be used in articles, blog posts, or scientific papers, potentially aiding in female health research.

In specific academic or user research studies, we will seek your consent before participation. Consent can be withdrawn anytime by contacting us at [email protected].

11. User-Generated Information

Information you post in these community areas, including personal data, becomes accessible to the Rapty community. Please be cautious about sharing personal information in public forums. Your posts could be exposed, shared, or collected by others and used in unforeseeable ways, potentially leading to unsolicited contact. If you wish to remove mistakenly posted personal data in our community areas, please email us at [email protected].

12. Information Sharing: Legal and Safety Reasons

We might preserve or disclose some of your personal data under limited circumstances, such as:

- In response to legal requests like subpoenas or court orders, as permitted and required by law.

- When necessary to maintain the Services' security and integrity or to safeguard a user's safety or the safety of others, in accordance with applicable laws.

- For legal rights assertion or legal claims defense.

- When directed or agreed upon by the user who provided the personal data.

- In the event of a business transfer, acquisition, or reorganization.

The legal basis for these processing activities may include legitimate interest or legal obligations, depending on the context.

13. Data Retention Practices

We retain your personal data only for the necessary duration to provide the Services or to fulfill the purposes for which it was collected, except in the following cases:

Account Deactivation/Data Erasure Requests:

- You can request account deactivation and data erasure at any time by contacting [email protected]

- We aim to process deletion requests within 30 days.

- Complete data erasure from backup systems may take up to 90 days.

- Once your account is deactivated, Rapty will typically erase all personal data, which cannot be restored for future account reactivation.

App Deletion or Inactivity:

- If the App is removed from your device or your account becomes inactive, we store your personal data for three years. This facilitates potential Service reactivation or App reinstallation.

- After three years of inactivity, your personal data will be deleted.

- You may request earlier data deletion by contacting us.

- Data retention is crucial for a seamless experience across various App functions, like transitioning from cycle tracking to pregnancy mode.

Limitations on Deletion:

- We may retain specific personal data post-account termination as required for legal compliance, dispute resolution, and agreement enforcement.

- We will attempt to anonymize or de-identify your data where feasible.

14.Data Security Measures

We implement robust technical and organizational measures to safeguard your personal data against loss, theft, misuse, and unauthorized access, considering the nature and risk associated with the data. These measures include:

- Data encryption during transit and at rest.

- Regular vulnerability scanning and penetration testing.

- Maintaining data integrity.

- Organizational measures, such as restricted employee access to personal data based on necessity and strict liability for data misuse.

- Periodic data protection impact assessments to ensure privacy by design and default.

- Privacy audits in the event of organizational changes like mergers or acquisitions.

Security Best Practices for Users:

- Secure your password and consider using a passcode for the App.

- Avoid sharing your password or mobile device.

- Remember that no security system is infallible.

In Case of Security Breaches:

- If a breach occurs, we will post a notice or inform you via email.

- Reasonable steps will be taken to rectify the breach in accordance with applicable laws.

- Actions in case of a personal data breach might include logging you out from all devices, resetting your password, and other necessary measures.

To report security incidents related to the Services, please contact us at [email protected].

15. Communication with You:

We may contact you occasionally via email or other methods like pop-ups or push notifications to share information about our products, services, offers, promotions, rewards, and events, or to provide news that we think will interest you.

Opt-out options: You can opt out of receiving marketing emails by clicking on the “Unsubscribe” link in the emails. Opting out of these communications will not affect the delivery of necessary service-related emails. For pop-ups or push notifications, you can adjust your device settings to opt out. In certain cases, we may request additional consent for these communications.

Please note that we may also contact you with information about our and others' products, services, offers, promotions, rewards, and events via third-party platforms, including social media.

Presence on Social Networks:

We actively use social media platforms to promote Rapty and engage with our users. When you interact with us on these platforms, we may process information like your username, profile picture, and any comments or posts you make regarding Rapty, solely for engagement purposes.

16. Storage and International Personal Data Transfers:

Rapty Health LLC is based in the United States, but the personal data we collect is transferred to and processed in the United States (subject to US laws) and other countries (subject to their respective laws). The data protection laws in the US and these other countries may not offer the same level of protection as the laws in your jurisdiction.

Transfers of Personal Data Outside the EU, EEA, and UK:

The personal data protection standards in the European Union (EU), the European Economic Area (EEA), and the United Kingdom may differ from those in other countries. Rapty transfers personal data from the EU, EEA, and UK to the US and other countries. For these transfers, we use standard contractual clauses, conduct transfer impact assessments, or rely on adequacy decisions by the European Commission. For more details, you can reach out to us at [email protected]

Complaints and Dispute Resolution:

If you have complaints about our data collection and use, EU and Swiss individuals should first contact us at [email protected]. We also provide the option for binding arbitration for unresolved complaints under certain conditions. Our practices are subject to the investigatory and enforcement powers of the US Federal Trade Commission regarding personal data transferred under the DPF.

17. United States Privacy Considerations

No Sale of Personal Information for Monetary Gain:

- We affirm that we do not sell your personal information for financial profit.

Disclosure as “Sale” or “Share”:

- Under certain U.S. state laws, including California, disclosing personal information to third parties for any benefit is considered a "sale" or "share," even if the third party doesn’t use the information for other purposes.

- We “share” personal information if we disclose personal information to a company for purposes of cross-context behavioral advertising.

Opt-out Requests:

- While we do not sell your personal information for monetary gain, you have the right to opt out of our “sale” or “sharing” of your personal information as defined under California or other U.S. state legislation.

- To exercise this right, you can adjust your browser settings, visit the “Your Privacy Choices” link on our website, or contact us directly.

Limiting Use of Sensitive Personal Information:

- The processing of sensitive personal information is restricted to purposes necessary to provide you with products or services.

Request to Know/Access:

- You have the right to request details about the personal and sensitive information we've collected about you, including our usage purposes, and the categories, sources, and third parties involved in the information we’ve collected in the past 12 months.

- This right can be exercised twice a year, free of charge.

Shine the Light Law:

- California residents may request annual information about personal information shared with third parties for their direct marketing purposes. Although we don’t share information for third-party marketing, you can inquire at [email protected]. Include “California Privacy Rights Request” in the email subject line and provide your name, address, city, state, and ZIP code.

Terminology Note:

- In this policy, “personal data” includes “sensitive/personal information” as defined under California laws.

18. Contact Us

For any privacy-related questions or concerns, you can reach out to us or our data protection officer at the provided contact details.