Privacy Notice
This privacy notice will inform you how we look after, collect, process, and use your personal data when you use our App and tell you about your legal rights.
About us
Narrativelab OÜ is the controller and responsible for your data ("we", "us", or "our").
Company Name | Narrativelab OÜ |
legal address | Eesti, Harju maakond, Tallinn, Lasnamäe linnaosa, Valukoja tn 8/2, 11415 |
Registry code | 17007093 |
[email protected] - for general and privacy questions |
Please note! We do not knowingly process the personal data of users under the age of 16. If you are such a user or the legal representative of such a user, please contact us.
By accessing or registering the App, the user agrees to the privacy notice and consents to collecting, transferring, and using personal data.
Before using the App, you must read and accept this privacy notice. If you don’t accept and agree to this privacy notice, you must immediately stop using our App.
Sources of data
Depending on your actions, we receive your data when you use and interact with the App.
You can change your personal data by exercising your right to rectify it and contacting us. Please note that the changed data will be stored on the same lawful basis and terms.
We may also receive data from third parties. It depends on your settings and the features you use.
Lawful bases
For processing your personal data, we rely on the following lawful bases:
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect (automatically or with your consent), use, store, and transfer different kinds of personal data about you, which we have grouped as follows:
Reasons for Processing | Types of data | Lawful bases |
For marketing and analytical purposes. To provide, improve, and develop the application. | Device Data. Includes model, OS version, and language. Unique device identifiers (including IDFA). | Performance of a contract with you. Your consent. Necessary for our legitimate interests (to keep our records updated and to study how customers use our app)/ |
For marketing and analytical purposes. To provide, improve, and develop the application. To use functions of the app. | Location and Demographic data. Includes internet protocol (IP) and location, country, state, city, zip code, and time zone. | Performance of a contract with you. Your consent. Necessary for our legitimate interests (to keep our records updated and to study how customers use our app). |
For marketing and analytical purposes. To provide, improve, and develop the app. | Log and Usage Data. Information about how you use our app and user activity within the application. | Performance of a contract with you. Your consent. Necessary for our legitimate interests (to keep our records updated and to study how customers use our app). |
To provide access to the App, identify the user, and track the subscription period. | Data on subscription fees. | Performance of a contract with you. Your consent. Necessary for our legitimate interests (to keep our records updated and to study how customers use our app). Necessary to comply with a legal obligation. |
To use the app's functionality and the ability to measure heart rate and other metrics through the camera. | Device function. Access your camera. | Performance of a contract with you. Your consent. |
To use the app's functionality and control the user’s blood pressure and blood oxygen level, pulse, and HRV. For in-app content. We show users the dynamics and give tips for improving performance. | Health data. Blood pressure, blood oxygen level, pulse, and HRV, | Performance of a contract with you. Your consent. |
To use the app's functionality and control the user’s blood pressure and blood oxygen level, pulse, and HRV. For in-app content. We show users the dynamics and give tips for improving performance. To provide more meaningful and comprehensive insights into your health and fitness. | Apple Health. Blood Glucose, Blood Oxygen, Diastolic Blood Pressure, Systolic Blood Pressure, Heart Rate, Heart Rate Variability, Respiratory Rate, Cardio Fitness, Beet-to-Beet Measurements. | Performance of a contract with you. Your consent. |
To participate in reviewing user refund requests to the Apple App Store or our suppliers to prevent fraudulent and deceptive actions by users. | Consumption Information. Account Tenure, App Account Token (UUID), Consumption Status, Customer Consented, Delivery Status, lifetime Dollars Purchased, lifetime Dollars Refunded, Platform, play Time, Refund Preference, Sample Content Provided, and User Status. | Your consent. It is necessary for our legitimate interests (to keep our records updated and to study how customers use our App). |
We don’t collect personal data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data). We don't collect any information about criminal convictions and offenses.
We also undertake to collect only such amounts and types of personal data strictly required for the purposes mentioned in this privacy notice section (data minimization principle).
We will ask for your separate explicit consent for any new processing purpose. To the extent necessary for those purposes, we take all reasonable steps to ensure that personal data is reliable, accurate, complete, and current for its intended use.
We share your Personal Data with our service providers, strictly limited to cases and purposes stipulated in this privacy notice.
We’ll not use the information gained through your use of our App and other frameworks for advertising or similar services or sell it to advertising platforms, data brokers, or information resellers.
We require all third parties to respect the security of your personal data and treat it under the law. We do not allow our third-party service providers to use your personal data for their purposes and only permit them to process your personal data for specified purposes.
We will not process personal data in a way incompatible with the purposes for which it has been collected or subsequently authorized by you by Section "Types of data we collect" of this privacy notice or collect any personal data that is not required for the mentioned purposes.
We disclose potentially personally-identifying information (i.e., personal data) among our employees, contractors, and affiliated or other third-party organizations that (i) need to know that information in order to process it on our behalf or to provide services available at the Company, and (ii) that have agreed not to disclose it to others.
We share your data with the parties below for purposes listen in Section "Types of data we collect".
External Third Parties!: Google LLC, Meta Platforms, Inc., Apple Inc., Amplitude Inc., Firebase, Inc., Appfigures, Inc., Cloudflare, Inc., Amazon Web Services, Inc., Microsoft Corporation, Hetzner Online GmbH, Supabase, Inc.
These parties help us with the storage of Personal Data, analyze or keep your data, and show relevant information about the App to us when you use the app to understand how you use the App, engage with particular features, and what you like or dislike the most to generate statistical reports.
User’s consumption Information and refund. By requesting a refund in the Apple App Store for an in-app purchase or automatically renewing a subscription, you acknowledge and consent to the transfer by us of Consumption Information described in the "Types of data we collect" section to Apple. Our legitimate interest must prevent fraudulent and deceptive actions by users. Apple uses and protects the data you share through the Send Consumption Information API in accordance with Apple’s Privacy Policy.
Cross-border transfer of personal data.
Some employees, contractors, and affiliated or third-party organizations may be located within or outside the USA, EU, or the European Economic Area (EEA). By using our App, you consent to transfer such information to them.
Changes to the privacy notice
We reserve the right to and may change this privacy notice occasionally. If we make any material changes, we will notify you through our App or email or by presenting you with a new version of this privacy notice for you to accept if we, for example, add new processing activities or collect additional personal data from you.
Your continued use of the App after the effective date of an updated version of the privacy notice will indicate your acceptance of the modified privacy notice.
Opt-out options
You can withdraw your consent or opt-out, whatever applies in your case, from sharing your Personal Data under this subsection anytime by using one of the following options:
Obtaining data from third parties
When a user buys a subscription, we receive transaction data, ID subscriptions, subscription terms, and App statistics from the Apple App Store.
The App App Store data processing policy further regulates the collection, processing, and transmission of purchase data via the Apple App Store.
Apple Health. Our app works with the "Apple Health app”. For this purpose, we ask the user for consent to access the Health data collected by Apple Health for the abovementioned purposes in the "Types of data we collect" section.
Banking information
When you pay for a subscription to our App, you share your banking information with the Apple App Store. This relationship is further regulated between the user and privacy notices in the Apple App Store.
We do not collect or process your bank information when buying a subscription.
Data security
We have implemented appropriate security measures to prevent your data from being accidentally lost, used, accessed unauthorized, altered, or disclosed. In addition, we limit access to your data to employees, agents, contractors, and other third parties who have a business need to know. They will only process your data based on our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We also use technical data encryption tools like SSL protocols to secure your data.
Data retention
How long will you use my personal data?
We will only retain your data for as long as necessary to fulfill the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your data, the purposes for which we process your data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
We store your data while you use our App.
In some circumstances, you can ask us to delete your data. To do so, email us at [email protected].
In some circumstances, we may anonymize your data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We require all third parties to respect the security of your personal data and treat it under the law. We do not allow our third-party service providers to use your personal data for their purposes and only permit them to process your personal data for specified purposes and under our instructions.
We do not use user data for sale (or any other commercial activity) to other companies. User data is used solely to ensure the app's functionality.
Your legal rights
European Economic Area residents
As a data subject, you have the right to interact with its data directly or through a request to us. This section describes these rights and how you can exercise them:
Right | Description |
Right to access | You can request an explanation of the processing of your personal data. |
Right to rectification | You can change the data if it is inaccurate or incomplete. |
Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
Right to restrict the processing | You may partially or completely prohibit us from processing your personal data. |
Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
Right to object | You may object to the processing of your personal data. |
Right to withdraw consent | You can withdraw your consent at any time. |
Right to file a complaint | If your request was not satisfied, you could file a complaint to the regulatory body. |
To exercise your rights, contact us. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. UK residents enjoy the same rights but may lodge a complaint at the other Authority in the UK – Information Commissioner’s Office. You can contact them at 0303 123 1113 or go online at www.ico.org.uk/concerns. | |
Please note! Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request, with the right to postpone it for 30 days more. |
If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.
Your rights vary depending on the laws that apply to you but may include:
Right | Description | Area | |
Right to access | You can request an explanation of how your personal data is processed. |
|
|
Right to correct | You can change the data if it needs to be more accurate or complete. |
|
|
Right to delete | You can request to delete your personal data from our systems. |
|
|
Right to portability | You can request all the data you provided to us and request to transfer data to another controller. |
|
|
Right to opt out of sales | The right to opt out of the sale of personal data to third parties. |
|
|
Right to opt out of certain purposes | The right to opt-out of processing for profiling/targeted advertising purposes. |
|
|
Right to opt out of the processing of sensitive data | The right to opt-out of processing of sensitive data. |
| |
Right to opt in for sensitive data processing | The right to opt in before processing sensitive data. |
|
|
Right against automated decision-making | A prohibition against a business making decisions about a consumer based solely on an automated process without human input |
|
|
Private right of action | The right to seek civil damages from a controller for statute violations. |
| |
Please note! Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is missing from the list, please contact us. | |||
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of a company governed by the CCPA's “sale” of their personal information.
We do not sell your personal information to anyone nor use your data as a business model.
However, we support the CCPA by allowing California residents to opt out of the future sale of their personal information. Please contact us if you would like to record your preference that we not sell your data in the future.
As data subjects, you have privacy rights prescribed by Canada’s federal and provincial privacy laws.
If you want additional information, please contact us by filling a request.
If you are not satisfied with the response, you can file a complaint with the Office of the Privacy Commissioner of Canada.
We are not entities that require HIPAA compliance (covered entities, such as health insurance companies, healthcare providers, including pharmacies and healthcare clearinghouses), and not business associates — persons or entities who handle protected health information for a covered entity. Therefore, we are not covered by the HIPAA
Nevertheless, we have obligations to comply with other laws and regulations governing mHealth applications and the protection of users' personal data, such as the Federal Trade Commission Act and FTC’s Health Breach Notification Rule.