Privacy Policy

Effective Date of this Privacy Policy: September 11th, 2025

 

1. Introduction and Data Controller

 

Protecting your personal data is important to us. This Privacy Policy explains what data we collect in our mobile application, for what purposes we process it, and what rights you have regarding your personal data.

 

This Privacy Policy applies to the use of the mobile application Lunaletics (hereinafter referred to as the “App”) on smartphones and tablets.

 

Data Controller

 

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

 

Lunaletics GmbH

Merianstr. 31, 80637 Munich, Germany

Email: info@lunaletics.com

 

If you have any questions about data protection or the processing of your personal data, you can contact us at any time using the contact details provided above.

 

1.1 Jurisdiction-Specific Information for the United Kingdom (UK)

 

This Privacy Policy also applies to users located in the United Kingdom, in accordance with the applicable data protection laws under the UK Data Protection Act 2018 in conjunction with the UK GDPR (United Kingdom General Data Protection Regulation).

 

The controller for the purposes of the UK GDPR is the same as the controller named above under Article 4(7) of the EU GDPR.

 

To exercise your data protection rights in the United Kingdom, you may contact the relevant supervisory authority:

 

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK

https://ico.org.uk

 

1.2 Jurisdiction-Specific Information for Switzerland

 

This Privacy Policy also applies to users residing in Switzerland and complies with the provisions of the Swiss Federal Act on Data Protection (revFADP / revDSG).

 

The controller processes personal data in accordance with the principles of purpose limitation, proportionality, and data security pursuant to the revFADP.

 

Under the revised Swiss data protection law (revFADP), we refer to “personal data” as “personal information” or “Personendaten”, as legally defined.

 

You have the right to access, rectification, erasure, and objection in accordance with Articles 25 et seq. of the revFADP.

 

The competent supervisory authority in Switzerland is:

 

Federal Data Protection and Information Commissioner (FDPIC / EDÖB)

Feldeggweg 1, 3003 Bern, Switzerland

https://www.edoeb.admin.ch

 

1.3 Jurisdiction-Specific Information for Canada

 

For users in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) and the enhanced requirements under the Québec Act respecting the protection of personal information in the private sector (Bill 64) apply in addition to this Privacy Policy.

 

Legal basis and purpose

Personal data is processed exclusively for the purposes stated in this Privacy Policy and on the basis of the user’s consent. Health and sensitive data will only be processed if the user has given explicit consent.

 

Transfer outside Canada

Data may be transferred to our processors located in the European Union or other countries. In doing so, we ensure that an adequate level of protection is maintained (e.g., through EU Standard Contractual Clauses).

 

User rights

Under Canadian law, users have in particular the following rights:

  • Access to their personal data stored by us
  • Correction of inaccurate or incomplete data
  • Withdrawal of consent with effect for the future
  • Deletion of data, insofar as no statutory retention obligations apply
  • Information about cross-border data transfers

 

Contact for Canada

Questions or concerns from Canadian users can be directed to the contact details of the controller provided above. Upon request, we will provide additional information about our safeguards for data transfers outside Canada.

 

1.4 Jurisdiction-Specific Information for Australia

 

For users in Australia, the Privacy Act 1988 (Cth) applies in addition to this Privacy Policy.

 

Legal basis and purpose

Personal data is processed exclusively for the purposes stated in this Privacy Policy and only with the user’s consent. Health and sensitive data are processed solely with explicit consent.

 

Transfer outside Australia

As data is processed on servers located within the European Union and in some cases in third countries, appropriate safeguards (e.g., EU Standard Contractual Clauses) are implemented to ensure a level of protection consistent with Australian law.

 

User rights

Users in Australia have in particular the following rights:

  • Access to their personal data stored by us
  • Correction of inaccurate, incomplete, or outdated data
  • Withdrawal of consent with effect for the future
  • The right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if they believe their privacy rights have been violated

 

Contact for Australia

Inquiries from Australian users can be directed to the controller’s contact details provided above.

 

1.5 Jurisdiction-Specific Information for Brasil

 

For users residing in Brazil, the provisions of the Lei Geral de Proteção de Dados (LGPD, Law No. 13.709/2018) apply in addition to this Privacy Policy.

 

Legal basis and purpose

Personal data will only be processed for the purposes described in this Privacy Policy. Health data and other sensitive data are processed exclusively based on your explicit consent.

 

International data transfers

As data processing may occur on servers located within the European Union and, in some cases, in third countries, we implement appropriate safeguards (such as EU Standard Contractual Clauses) to ensure an adequate level of data protection in compliance with the LGPD.

 

User rights under the LGPD

In accordance with the LGPD, users have the following rights:

  • Confirmation of whether personal data is being processed
  • Access to the personal data we hold about you
  • Correction of incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion of unnecessary or excessive data
  • Portability of data to another service provider (where technically feasible)
  • Withdrawal of previously granted consent with future effect
  • Information about data sharing practices and the ability to object to processing
  • The right to lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD)

 

Contact for Brazil

Brazilian users may direct any questions or concerns to the Controller using the contact details provided in Section 1.

 

2. General Information on Data Processing

 

We process personal data exclusively in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Your data is only processed where permitted by law or where you have given your explicit consent.

 

2.1 Legal Bases for Processing

 

The processing of your personal data is based on the following legal grounds:

  • Article 6(1)(a) GDPR – Consent

(e.g. for health data, push notifications, feedback submission)

  • Article 6(1)(b) GDPR – Performance of a Contract

(e.g. for registration, use of the App, payment processing)

  • Article 6(1)(f) GDPR – Legitimate Interests

(e.g. app security, error analysis, optimization, contacting you)

  • Article 9(2)(a) GDPR – Explicit Consent for processing special categories of personal data

(particularly health-related data such as menstrual and cycle information)

 

These legal bases apply accordingly under the UK GDPR and the UK Data Protection Act 2018.

 

2.2 Recipients of Personal Data

 

Your personal data is only shared with third parties where this is necessary to fulfill a contract, required by law, or where you have explicitly consented. This includes, for example, payment providers, hosting services, and analytics tools.

 

Data may be shared in particular with:

  • Processors under Article 28 GDPR (e.g. hosting by Supabase)
  • Platform providers (e.g. Apple, Google)
  • Payment processors (e.g. RevenueCat)
  • Support and feedback tools (e.g. Sentry, Wiredash)

 

2.3 Data Transfers to Third Countries

 

Some of the services we use may process personal data outside the European Union, particularly in the United States. In such cases, we ensure that an adequate level of data protection is maintained, for example by concluding Standard Contractual Clauses (SCCs) issued by the European Commission or by implementing other appropriate safeguards.

 

2.4 Data Processing on Our Behalf (Data Processing Agreements)

 

We work with selected service providers under data processing agreements in accordance with Article 28 GDPR. These processors act strictly on our instructions and are contractually bound to adhere to strict data protection requirements.

 

3. What Data Is Collected?

 

When using our App, the following categories of personal data may be collected. This data is obtained either through your active input, through the use of app features, or automatically via your device.

 

3.1 Registration Data

 

To create and manage your user account, we collect:

  • Email address
  • Password (stored in encrypted form)
  • User ID (assigned automatically)

 

3.2 Health and Cycle Data (Special Category of Data)

 

To provide personalized content and functionality, we collect—with your explicit consent—the following information:

  • Date of last menstrual period
  • Duration of period and cycle
  • Self-assessed fitness level

 

This information constitutes special categories of personal data under Article 9 GDPR and is only processed with your explicit consent.

 

3.3 Training and Activity Data

 

To track and analyze your training activities, we collect:

  • Performed exercises (type and number of repetitions)
  • Date and time of workouts

 

3.4 Device and Usage Data

 

When using the App, certain technical data and user interactions are automatically recorded:

  • App launches and user interactions (e.g., clicks, visited screens)
  • IP address, device type, operating system, screen resolution
  • Location data (if enabled)
  • Device language setting

 

3.5 Communication Data

 

In connection with in-app messaging and push notifications, we store:

  • Push notification settings
  • Responses to in-app messages (e.g., opens, clicks)

 

3.6 Payment Data

 

For access to paid content and subscriptions, we process the following:

  • Payment provider: RevenueCat (in combination with Apple or Google, where applicable)
  • Transaction ID (if provided by the payment provider)

 

Note: No payment data is stored in the App itself.

 

3.7 Consent Records

 

To document your data protection consents in a legally compliant manner, we store:

  • Timestamp and content of granted consents
  • Confirmation of acceptance of the Privacy Policy and health data processing

 

3.8 Website Access Data

 

When visiting our website www.lunaletics.com, our hosting provider automatically collects server log files, including:

  • IP address
  • Date and time of access
  • Accessed pages or files
  • Referrer URL (if provided)
  • Browser and operating system used

 

These data are used exclusively to ensure smooth operation of the website, for troubleshooting, and for IT security purposes. They are not combined with other data sources.

 

Hosting provider: Hostinger International Ltd., Lithuania

Server location: France (EU)

Privacy policy of the provider: https://www.hostinger.com/privacy-policy

 

3.9 Newsletter

 

Users may optionally subscribe to our email newsletter during account creation. The email address is used solely to send information about the Lunaletics App, new features, offers, or health-related content.

 

Subscription is voluntary and requires separate opt-in consent.

Legal basis: Article 6(1)(a) GDPR – Consent

 

You may revoke your consent at any time with future effect, e.g., by clicking the “Unsubscribe” link in any email or by contacting our support team.

 

We currently do not use an external email marketing provider.

 

Your email address is only used for sending the newsletter and is not shared with third parties.

 

3.10 Contacting Us

 

If you contact us via email, the personal data you provide (e.g., email address, name, message content) will be used exclusively to respond to your inquiry.

 

Legal basis:

  • Article 6(1)(b) GDPR – pre-contractual steps or performance of a contract, or
  • Article 6(1)(f) GDPR – our legitimate interest in effective communication.

 

Your data will not be shared with third parties and will only be retained as long as necessary to process your inquiry. See the general section on data deletion and your rights as a data subject.

 

4. How Is This Data Used?

 

We process your personal data solely for the purpose of providing, improving, and securing the App, as well as fulfilling our contractual and legal obligations. Each category of data is used for the following specific purposes:

 

4.1 Registration Data
  • Creation and management of your user account
  • Authentication during login
  • Linking your personal data within the App

 

4.2 Health and Cycle Data
  • Creation of a personalized cycle and training profile
  • Adapting training recommendations based on your cycle history
  • Analysis of trends and development of your health over time (e.g. cycle regularity, perceived fitness)

 

These data fall under special categories of personal data as defined by Article 9 GDPR and are only processed with your explicit consent.

 

4.3 Training and Activity Data
  • Recording and visualization of your training activities
  • Progress tracking within the App
  • Personalized training suggestions

 

4.4 Device and Usage Data
  • Ensuring technical functionality of the App
  • Analyzing user behavior to improve app usability
  • Optimizing content and navigation within the App
  • Sending push notifications (if enabled)
  • Potential localization of content (e.g. language settings, location)

 

In addition, we use anonymized and aggregated usage data to analyze app installations and marketing channels via Appsflyer. It is not possible to identify individual users.

 

4.5 Communication Data
  • Sending push notifications (e.g. workout reminders or cycle phase notifications)
  • Evaluating interaction with in-app messages to improve communication

 

4.6 Payment Data
  • Managing in-app purchases and subscriptions
  • Verifying and assigning transactions
  • Integration with payment processor RevenueCat (including Apple or Google, where applicable)

 

Note: No payment data is stored directly within our App.

 

4.7 Consent Data

 

  • Documentation of your data processing consents
  • Management of your consent preferences (e.g. health data, tracking, push notifications)
  • Demonstrating compliance with GDPR requirements

 

4.8 No Automated Decision-Making or Profiling

 

We do not engage in automated decision-making within the meaning of Article 22 GDPR or the corresponding provisions of the UK GDPR, which would produce legal effects concerning you or similarly significantly affect you.

 

We also do not carry out any profiling to analyze or predict personal preferences, interests, or behaviors.

 

5. Use of Third-Party Services and Tools

 

To provide and improve our App, we rely on carefully selected third-party services. These providers process data either on our behalf (as data processors) or under their own responsibility. Where required, we have entered into data processing agreements (DPAs) in accordance with Article 28 GDPR.

 

5.1 Supabase (Authentication & Database)

 

We use the service Supabase, provided by:

 

Supabase Inc.

970 Toa Payoh North, #07-04, Singapore 318992

 

Supabase handles user management (registration, login) and stores your App data, including health-related data, in a PostgreSQL database. Data is processed either on servers located within the EU or—if transferred to third countries—under the safeguards of EU Standard Contractual Clauses (SCCs).

 

5.2 Sentry (Error Monitoring)

 

To monitor app stability and log errors, we use Sentry, operated by:

 

Functional Software, Inc. (Sentry)

45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA

 

Pseudonymized technical data (e.g., device type, error code, timestamp) may be transmitted. Processing is based on our legitimate interest in ensuring the stability and functionality of the App (Article 6(1)(f) GDPR).

 

5.3 Wiredash (User Feedback)

 

For in-app user feedback (e.g., bug reports, feature suggestions), we use:

 

Wiredash GmbH

Balanstraße 73, 81541 Munich, Germany

 

Wiredash processes user input and technical metadata strictly under our instructions, as a processor under a data processing agreement (Article 28 GDPR).

 

5.4 Push Notifications: Firebase Cloud Messaging

 

We use Firebase Cloud Messaging (FCM), a service provided by:

 

Google Ireland Limited

Gordon House, Barrow Street, Dublin 4, Ireland

 

FCM assigns a pseudonymous token ID to your device for targeted delivery of push notifications. Notifications are only sent if you have actively consented to receiving them. You can revoke consent at any time in your device settings.

 

Processing is based on your consent (Article 6(1)(a) GDPR).

 

Data transfers to the USA by Google may occur. To ensure an adequate level of data protection, Google applies Standard Contractual Clauses (SCCs) in accordance with Article 46 GDPR.

 

For more information on Google’s privacy practices, visit:

https://policies.google.com/privacy

 

5.5 RevenueCat (Payment Management)

 

We use RevenueCat, operated by:

 

RevenueCat, Inc.

633 Taraval Street, Suite 101, San Francisco, CA 94116, USA

 

RevenueCat manages in-app purchases and subscription tracking. It processes transactional data (e.g., product ID, purchase status, timestamp) but does not process or store complete payment details.

 

Processing is based on contractual necessity (Article 6(1)(b) GDPR).

 

5.6 Apple App Store & Google Play Store

 

In-app purchases and App downloads are processed via:

  • Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

 

Both providers operate as independent data controllers, especially with regard to payment processing and store analytics. Please consult their respective privacy policies for more details:

  • Apple: https://www.apple.com/legal/privacy
  • Google: https://policies.google.com/privacy

 

5.7 Vimeo (Video Streaming)

 

To embed and provide video content within our app, we use the service Vimeo, operated by:

 

Vimeo Inc.

330 West 34th Street, 10th Floor, New York, New York 10001, USA

 

When using embedded Vimeo videos, technical information (e.g., IP address, browser type, device type, access timestamp) and potentially user interactions (e.g., playback start, pause, video completion) may be collected and transmitted to Vimeo. This processing is based either on the necessity to fulfil our contract with you (Art. 6 para. 1 lit. b GDPR) or on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing engaging and high-quality multimedia content.

 

Such data processing may involve transfers to the United States. Vimeo relies on EU Standard Contractual Clauses (SCCs) in accordance with Art. 46 GDPR to ensure an adequate level of data protection.

 

Further information on Vimeo’s data processing can be found at:

https://vimeo.com/privacy

 

5.8 Appsflyer (Analytics & Attribution)

 

We use Appsflyer to analyze app installations and measure the effectiveness of our marketing campaigns. The provider is:

 

Appsflyer Ltd.

14 Maskit St., Herzliya 4673314, Israel

 

Appsflyer collects and processes pseudonymized information about the use of our app, including device identifiers (e.g., IDFA, GAID), IP address (shortened/anonymized), installation source, app launches, and interactions. This data is only used in aggregated form to evaluate the reach of our app and the effectiveness of marketing activities.

 

The processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in analyzing and optimizing our app and marketing activities.

 

Data transfers to third countries, including the United States and Israel, may occur. Appsflyer relies on the EU Commission’s adequacy decision for Israel (Art. 45 GDPR) and uses EU Standard Contractual Clauses (SCCs) for transfers to the USA to ensure an adequate level of data protection.

 

For more information, please see Appsflyer’s Privacy Policy: https://www.appsflyer.com/legal/privacy-policy

 

6. Data Transfers to Third Countries

 

Most of the processing of personal data takes place within the European Union (EU) or the European Economic Area (EEA). However, in certain cases, we use services based outside these regions.

 

6.1 No Third-Country Transfers in the Following Cases:
  • Supabase: Data processing (authentication and database storage) takes place exclusively on servers located in Germany (EU).
  • Sentry: Error reports are processed on servers located in the EU (data center in Frankfurt, Germany).

 

Therefore, no transfer of personal data to third countries occurs with these providers.

 

6.2 Transfers to the United States

 

The following providers may involve the transfer of personal data to the USA:

  • RevenueCat Inc.
  • Apple Inc. (e.g., APNs, App Store)
  • Google LLC (e.g., Firebase Cloud Messaging, Google Play Store)
  • Vimeo Inc. (Video Streaming)
  • Appsflyer Ltd. (Analytics & Attribution Tracking)

 

As the United States does not have a comprehensive adequacy decision from the European Commission (except for providers certified under the EU-U.S. Data Privacy Framework), such transfers are only carried out under appropriate safeguards, including:

  • Use of EU Standard Contractual Clauses (SCCs)
  • Additional protective measures (e.g., encryption, access controls)

 

6.3 Notice of Residual Risks

 

Despite the safeguards in place, when data is transferred to third countries—especially the United States—it cannot be entirely ruled out that government authorities may gain access to personal data. In such cases, EU residents may have limited legal remedies or means of redress.

 

6.4 Your Rights

 

You have the right to receive information about the safeguards used for data transfers to third countries. Upon request, we will provide you with a copy of the Standard Contractual Clauses used for such transfers.

 

7. Retention and Deletion of Data

 

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or until you request its deletion.

 

7.1 Default: Retention Until Deleted by the User

 

All personal data, including health, training, and usage data, is stored for as long as a user account remains active. There is no automatic deletion period.

 

You can delete your data at any time directly within the app or choose to delete your entire account. Upon account deletion, all associated data will be permanently and irreversibly erased.

 

7.2 No Statutory Retention Obligations

 

There are no legal retention obligations (e.g., under commercial or tax law) applicable to the data processed within our app. Therefore, data is stored solely based on your usage and consent.

 

7.3 Deletion Upon Withdrawal of Consent

 

If data processing is based on your consent (e.g., health data, push notifications), such data will be deleted immediately upon withdrawal of consent, unless there is another legal basis for continued processing.

 

8. Consent & Withdrawal

 

Certain data processing activities within our app—particularly those related to health and menstrual cycle data—are carried out based on your explicit consent in accordance with Art. 6(1)(a) and Art. 9(2)(a) of the GDPR.

 

8.1 Giving Consent

 

You provide this consent voluntarily and with full information, e.g., during the initial setup of the app or when entering sensitive data. Without your explicit consent, such data will not be processed.

 

Your consent specifically covers:

  • Collection and storage of menstrual cycle data
  • Processing of self-assessed fitness levels
  • Analysis of activity and training behavior to personalize content based on your cycle

 

8.2 Withdrawing Consent

 

You can withdraw your consent at any time with future effect. This can be done, for example:

  • via the settings within the app
  • by deleting the relevant data
  • by deleting your account entirely

 

Upon withdrawal, the affected data will be immediately deleted, provided no other legal basis exists for its continued processing.

 

Withdrawal does not affect the lawfulness of processing carried out before the time of withdrawal.

 

9. Your Rights as a Data Subject

 

As a user of our app, you have extensive rights under the General Data Protection Regulation (GDPR) with regard to your personal data. You may exercise these rights at any time.

 

9.1 Right of Access (Art. 15 GDPR)

 

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. If so, you may request access to this data as well as additional information (e.g., processing purposes, recipients, storage period).

 

9.2 Right to Rectification (Art. 16 GDPR)

 

If your personal data is incomplete or inaccurate, you have the right to request immediate correction or completion.

 

9.3 Right to Erasure (Art. 17 GDPR)

 

You may request the deletion of your personal data, provided that no legal obligation or overriding legitimate basis prevents such deletion.

 

9.4 Right to Restriction of Processing (Art. 18 GDPR)

 

In certain situations, you may request the restriction of processing—for example, if you contest the accuracy of the data or object to unlawful processing.

 

9.5 Right to Data Portability (Art. 20 GDPR)

 

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, or to request transmission of the data to another controller.

 

9.6 Right to Object (Art. 21 GDPR)

 

You may object to the processing of your personal data if it is based on our legitimate interests (Art. 6(1)(f) GDPR).

 

9.7 Right to Withdraw Consent (Art. 7(3) GDPR)

 

You may withdraw your previously given consent at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal remains unaffected.

 

9.8 Right to Lodge a Complaint (Art. 77 GDPR)

 

If you believe that the processing of your personal data violates data protection laws, you have the right to file a complaint with a supervisory authority. Typically, this is the authority of your place of residence or the location of our company.

 

9.9 Additional Information for Users in the United Kingdom

 

If you reside in the United Kingdom, the same rights apply under the UK Data Protection Act 2018 in conjunction with the UK GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent at any time

 

For questions or complaints, you may also contact the UK supervisory authority:

 

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

https://ico.org.uk

 

10. Data Security

 

We implement appropriate technical and organizational measures to protect your personal data against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These measures are based on the requirements set out in Article 32 of the GDPR.

 

10.1 Technical Measures
  • Data Transmission: All data transmissions are encrypted using TLS/SSL protocols.
  • Access Control: Access to personal data is restricted to authorized personnel with appropriate access rights.

 

10.2 Organizational Measures
  • Data Minimization: Only data necessary for the respective purpose is collected.
  • Access Logging: Access to sensitive systems is logged and regularly reviewed.
  • Processor Agreements: All third-party service providers are contractually bound to comply with the GDPR.

 

10.3 Hosting and Infrastructure

 

Our backend systems (e.g., Supabase) are operated exclusively on servers located within the European Union. The storage of health and other sensitive data is carried out with enhanced protective measures.

 

11. Changes to this Privacy Policy

 

We reserve the right to update this Privacy Policy to reflect changes in legal requirements, technical developments, or the introduction of new features within the app.

 

11.1 Notification of Changes

 

In the event of significant changes—particularly if the purposes of data processing or the types of data collected change—we will inform you in a timely manner via the app or by email (if provided). Where legally required, we will request your renewed consent.

 

11.2 Validity of the Current Version

 

The most current version of this Privacy Policy is always available within the app or on our website.

 

12. Information for Users from the United States of America (USA)

 

This Privacy Policy also applies to users residing in the United States of America. It takes into account the applicable data protection laws of the following U.S. states to the extent relevant to our services: California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana, Delaware, Iowa, and Indiana.

 

We continuously monitor legislative developments in other U.S. states (e.g., Florida, New Jersey, New Hampshire, Nebraska, Minnesota) and will update this Privacy Policy as needed once new regulations become relevant to our services.

 

This statement reflects the requirements of the applicable data protection laws of the above-mentioned states, particularly the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

 

12.1 No Sale or Sharing of Personal Data

 

We do not sell personal data as defined by the data privacy laws of the above-mentioned states. We also do not share personal data with third parties for advertising purposes or for creating user profiles.

 

We currently do not offer personalized advertising and do not use your personal data for sale or sharing purposes. If this changes, we will provide a clearly labeled “Do Not Sell or Share My Personal Information” opt-out link, as required by law.

 

12.2 Your Privacy Rights in the U.S.

 

Users residing in certain U.S. states have the right to:

  • Request information about what personal data we collect and how we use it,
  • Receive a copy of the stored personal data,
  • Request deletion of their personal data,
  • Object to the processing of their personal data,
  • And opt out of the sharing or sale of personal data, if applicable.

 

Please note that, in order to protect your rights, we may be required by law to verify your identity before processing your request.

 

To exercise these rights, you can contact us at any time using the contact details provided in the section “Controller”.

 

We reserve the right to verify your identity before responding to any requests in accordance with legal requirements.