This Privacy Policy explains how WhiteApps LTD (hereinafter referred to as "we" or "us") collects, stores, uses, and protects your personal data in connection with your use of our website (including, but not limited to, https://wallpilates.fit4me-life.com/) and our Fit4Me application. This policy also explains your rights regarding your data and the measures we implement to protect your privacy in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
1. Important Information About Privacy
This notice contains all the necessary information to help you make an informed decision regarding the use of our product. We also inform you about your rights and how to exercise them. If you have any questions or concerns, please contact us.
To use the product, you may be required to provide certain personal data, such as your name, email address, current weight and height, target weight, fitness level, areas for improvement, dietary preferences, and other personal information. We also automatically collect certain device settings, such as language, IP address, time zone, device type and model, device settings, operating system, internet service provider, mobile carrier, and unique identifiers (e.g., IDFA and AAID). We use this data to provide our services, analyze their usage, and measure advertising effectiveness.
You own all data about yourself, including the data you enter regarding your physical activity, the purpose of using the product, and how you use it. We use third-party solutions to improve our product and engage users. As a result, we may process data using third-party services such as Amplitude, Facebook, Firebase, Google, Apple, Appsflyer, and Crashlytics. Some data may be stored and processed on the servers of these companies, allowing us to analyze user interactions and advertising effectiveness.
Please review our Privacy Policy to learn more about how we use your data (Section 3), what privacy rights are available to you (Section 6), and who the data controller is (Section 1). If you have any unanswered questions, please contact us at support@fit4me-life.com.
The controller responsible for processing data within the product is WhiteApps Ltd, registered at 61 Bridge Street, Herefordshire, United Kingdom, HR5 3DJ.
2. Categories of Personal Data We Collect
We collect the following categories of personal data:
Data you voluntarily provide to us (e.g., when selecting areas for improvement or contacting us via email).
Data received from third parties (e.g., when signing in with Apple ID).
Automatically collected data (e.g., your IP address, device information, time zone, etc.).
We process your data in compliance with UK legislation, including the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.
2.1. The data you provide to us
When you register for and/or use the Services, you provide us with information about yourself, such as your name, age, gender, physical characteristics (including height, weight, and improvements), fitness level, dietary preferences (including food preferences, preferred meal frequency, and foods you dislike), meditation preferences, sleep preferences, type and duration of physical activity you engage in, food you have, email address, etc.
Some of the information we collect may be considered special categories of personal data or sensitive data under certain data protection laws which we are subject to. In such cases (for example, when we ask you if you need a diabetic meal plan or if you are considering joining a special program for amputees), we ask for your consent to process such data, but you can withdraw your consent at any time. The expression "all categories of personal data" or other generalized expression below does not include special categories of personal data or sensitive data.
Suppose the information required to provide the Product falls under a special category of personal data (e.g., type of diabetes to develop a program that meets your needs). In that case, consent is required to access the Product.
2.2. Data provided by third parties
When you sign in with Apple to register for an account with the Product, we receive personal information from your Apple ID. This information includes, but is not limited to, your name and verified email address. You can provide your real email address or an anonymous email address that uses a private email relay service; Apple displays detailed privacy information on the Apple Sign-In screen. For more information about Apple Sign-In, please click here.
2.3. Data that we automatically collect
a. Information about how you learn about us. We collect data about your application or the URL that led you to our site (i.e., the application or location on the Internet you were in when you clicked on our advertisement).
b. Device and location information. We collect data from your mobile device. Examples of such data include language preferences, IP address, time zone, device type and model, device settings, operating system, Internet service provider, mobile network operator, device ID and Facebook ID.
c. Use of data. We record how you interact with our Product. For example, we may record your clicks on certain parts of the interface, the features and content you interact with, the workouts you perform, the time and duration of those workouts, how often you use the Product, the time you spend in the Product, your progress in your workout program, and record any orders you place during your subscription. We also record the advertisements in the Product that you access (and the Internet links to which these advertisements lead).
d. Advertising identifiers We collect your Apple Digital Advertising Identifier ("IDFA") or Google Advertising Identifier ("AAID") (depending on your device's operating system). You can usually reset these numbers in your device's operating system settings (although we have no control over this).
e. Transaction data. If you make a payment through the Product, you will be required to provide financial account information, such as a credit card number, to our third-party service provider. We do not collect or store full credit card number information, but we may receive credit card-related data and transaction data (date, time, amount and type of payment method used).
f. Cookies. Cookies are small text files that are stored on a user's computer for record-keeping purposes. There are two types of cookies: session cookies and persistent cookies. Session cookies are deleted when you close your browser and are used to help you navigate our services. Persistent cookies remain on your device for a longer period of time. In addition, we use tracking pixels set by cookies to deliver online advertising.
Cookies are used, among other things, to automatically recognize you the next time you visit our services. As a result, information that you have previously entered in certain fields on the website may automatically appear the next time you use our services. These cookies are stored on your device and in most cases only for a limited period of time.
3. For what purpose do we process your personal data
To provide our services This includes the ability to use the Product uninterrupted and to prevent or correct errors or technical problems with the Product.
We use Amazon Web Services (AWS) to host personal data and to operate and distribute this Website, a hosting and server service provided by Amazon.
To personalize your experience We process your data, such as information related to your menstrual cycle, to customize the content of the Product and make suggestions according to your personal preferences. For example, we ask you to provide the dates of your menstrual cycle and various symptoms related to your menstrual cycle to synchronize your fitness plan with your period.
Providing customer support We process your personal data to respond to your requests for technical support, service information, and other customer communications. For this purpose, we may send you messages or emails regarding, for example, the operation of our services, security, payment transactions, our Terms of Use, or this Privacy Policy.
To communicate with you about your use of our services, we may send push notifications and emails containing reminders and other information about the Product. For example, you might receive push notifications when new features are added. To stop receiving push notifications, please adjust your device settings; to unsubscribe from emails, click the unsubscribe link in the footer of each email.
The services we use for this purpose may collect data about the date and time you viewed or interacted with the message, such as clicking on a link within it.
We use SendPulse, a personalization and retention marketing platform, to send personalized emails to our users. For more information, please refer to SendPulse's Privacy Policy.
We use the Zendesk ticketing system to process customer requests. If you contact us through our contact form or email, we store the data you provide via the Zendesk ticketing system. For details, please see Zendesk's Privacy Notice.
Research and analyze the use of the Product This helps us to better understand our business, analyze our operations, and maintain, improve, innovate, plan, design, and develop the Product and our new products. We also use this data for statistical analysis to test and improve our Product. This allows us to better understand which features and sections of the Product are most popular with our users and which categories of users use the Product. As a result, we often make decisions about how to improve our website based on the results of this process.
Third-party services we use for this purpose We use Facebook Analytics, a service provided by Facebook, that allows us to use various analytical tools. With Facebook Analytics, we can, among other things, use aggregated demographic data and website traffic data. For more information about Facebook's practices, please read the Facebook Privacy Policy.
To analyze the use of this website and measure the effectiveness of certain advertisements, we use Google Analytics, a web analytics tool from Google. It stores a cookie on your device to provide analysis results. Google Analytics provides us with aggregated information about the data you enter on our website and your interactions with it. You can manage the collection and processing of this data using browser plugins available here. For more details about how Google uses your information, visit Google's Privacy Policy.
We also use the Amplitude analytics service to better understand how you interact with our services, such as your time zone, device type (mobile or tablet), and unique identifiers (e.g., IDFA). Amplitude allows us to track interactions within our apps, helping us prioritize features. For more details, see Amplitude's Privacy Policy.
Additionally, we use Firebase Remote Config to track and analyze user behavior in the Product, such as responses to changes in structure, text, and other components. Firebase Remote Config, provided by Google, supports A/B testing and configuration while also enabling us to tailor content for app users (e.g., displaying different input screens to different users). For more details, refer to the Firebase Privacy Policy and Firebase Privacy and Security Overview.
We also use Firebase Analytics, a Google analytics service, to gain insights into how our users interact with the Product. See the Google Partner Privacy Policy for more information about how Google uses your data. For specific details on Firebase, see the Firebase Privacy Policy.
Send marketing messages We process your personal data for marketing campaigns. We may add your email address to our marketing lists. As a result, you will receive information about our products, such as special offers and new features and products available on the Product. If you do not wish to receive marketing emails from us, you may unsubscribe by following the instructions in the footer of the marketing email.
We use Sendpulse, a personalization and retention marketing platform, to send personalized emails to our users.
To personalize our advertising We and our partners use your personal data to tailor advertisements and possibly even show them to you at appropriate times. For example, if you have accessed our Product, you may see advertisements for our products, for example, in your Facebook feed.
How to opt-out or influence personalized advertising On the website: you can use the Consent Management Platform to decide whether to allow us to store or access information on your devices using cookies and other tracking technologies in order to display interest-based advertising. You can open the Consent Management Platform by clicking the "Privacy" button in the lower right corner of the website.
iOS: On your iPhone or iPad, go to Settings > Privacy > Apple Ads and uncheck Personalized Ads.
Android: To turn off ads on your Android device, simply open the Google Settings app on your mobile phone, tap on "Ads" and turn on "Opt-out of interest-based ads". Alternatively, you can reset your advertising ID in the same section (this may also help you see fewer personalized ads).
To learn more about how you can influence the choice of ads on different devices, please see the information available here.
You can also get useful information and opt-out of interest-based advertising by following these links:
Network Advertising Initiative - http://optout.networkadvertising.org/
Digital Advertising Alliance - http://optout.aboutads.info/
Digital Advertising Alliance (Canada) - http://youradchoices.ca/choices
Digital Advertising Alliance (EU) - http://www.youronlinechoices.com/
DAA AppChoices page - http://www.aboutads.info/appchoices
We value your right to influence the advertisements you see, so we let you know which service providers we use for this purpose and how some of them allow you to control your advertising preferences.
We use the Facebook pixel on the Product. The Facebook pixel is a code placed on the Product that collects data that helps us track conversions from Facebook ads, create targeted audiences, and remarket to people who have taken certain actions on the Website.
We also use Facebook Ads Manager in conjunction with Facebook Custom Audience, which allows us to select the audience that will see our ads on Facebook or other Facebook products (e.g., Instagram). With Facebook Custom Audience, we can create a list of users with specific data sets, such as IDFA, and select users who have performed certain actions on the Product. As a result, we can ask Facebook to show ads to a specific list of users. As a result, more of our ads may be displayed when you use Facebook or other Facebook products (e.g., Instagram). You can learn how to opt out of ads served to you through Facebook Custom Audience here.
Facebook allows its users to influence the ads they see on Facebook. To learn how to control the ads you see on Facebook, go here or change your Facebook ad settings.
Google Ads is an ad-serving service from Google that may deliver ads to users. In particular, Google allows us to customize ads so that they are displayed, for example, only to users who have performed certain actions on our website (e.g., to show our ads to users who have visited our website). This remarketing can be in the form of an ad on a Google search results page or on a site in the Good Display Network.
Third-party vendors, including Google, use cookies to serve ads based on past visits to the Product. Google allows its users to opt out of Google's personalized advertising and prohibits the use of their Google Analytics data.
Managing Cookies in Browsers It is possible to completely prevent your browser from accepting cookies by adjusting your cookie settings. These settings can typically be found in your browser's "Options" or "Preferences" menu. Below are helpful links for managing cookies in commonly used browsers, or you can consult your browser's "Help" section for guidance:
Internet Explorer: Enable or disable cookies in Internet Explorer
Firefox: Clear, enable, and manage cookies in Firefox
Chrome: Manage cookies and site data in Chrome
Safari (macOS): Manage cookies in Safari on macOS
Safari (iOS): Clear cookies and browsing data in Safari on iOS
If you have additional questions or require further assistance, please contact us at support@fit4me-life.com.
To process your payments We provide paid products and/or services as part of the Product. To do so, we use third-party services (e.g., payment processors) to process payments. As a result of this processing, you can pay for a personalized fitness plan, and we will receive a notification that the payment has been made and send you the fitness plan.
We will not store or collect your payment card information ourselves. Instead, we will provide it directly to our third-party payment processors.
To enforce our Terms of Use and to prevent and combat fraud We use personal data to ensure the fulfillment of our agreements and contractual obligations, to detect, prevent, and combat fraud. As a result of such processing, we may provide your information to other parties, including law enforcement agencies (in particular, if a dispute arises in connection with our Terms of Use).
To comply with legal obligations We may process, use, or share your data when required to do so by law, including if a law enforcement agency requests your data through available lawful means.
4. On what legal basis do we process your personal data
This section informs you of the legal basis we use for each specific processing purpose. For more information about the particular purpose, please see Section 3. This section only applies to users from the EEA.
We process your data on the following legal grounds:
Your consent We will send you marketing communications on this legal basis. You can withdraw your consent at any time by using the unsubscribe link in the footer of our emails. If you allow us to do so, we will also send you push notifications. You can turn off notifications at any time in your device settings.
To fulfill our contract with you According to this legal framework, we can:
Provide our services (following our Terms of Use)
Customize your experience
Manage the account and provide customer support
Communicate with you regarding your use of our Product
Process your payments
For our (or others) legitimate interests, unless these interests are overridden by your interests or fundamental rights and freedoms that require the protection of personal data We rely on legitimate interests:
To research and analyze your use of the Product
Our legitimate interest for this purpose is improving our product so that we understand user preferences and can provide you with a better experience (for example, making using the website easier and more enjoyable or introducing and testing new features).
To personalize our ads
The legitimate interest we rely on for this processing is our interest in the targeted promotion of our Product
To ensure compliance with our Terms of Use
To prevent and combat fraud. Our legitimate interests for this purpose are to comply with our legal rights, to prevent and combat fraud and unauthorized use of the Product, non-compliance with our Terms of Use
To fulfill legal obligations.
5. With whom we share your personal data
We share information with third parties who help us operate, provide, improve, integrate, customize, support, and market our services. We may share some personal information, particularly for the purposes set out in Section 3 of this Privacy Policy. The types of third parties with whom we share information include but are not limited to:
5.1. Product providers.
We share personal information with third parties that we hire to provide services or perform business functions on our behalf under our instructions. We may share your personal information with the following service providers:
Cloud storage providers (Amazon)
Data analytics providers (Facebook, Google, Amplitude)
Marketing partners (social networks, marketing agencies, email delivery services, etc.)
Communication service providers (Zendesk)
Payment service providers (Apple, Stripe, PayPal, Primer)
Section 3 of this Privacy Policy describes in detail the purposes for which we share information and with which third-party service providers.
5.2. Law enforcement and other government agencies
We use personal data to enforce our Terms of Use, protect our rights, privacy, security, or property, and/or the rights of our affiliates, customers, or others, respond to requests from courts, law enforcement, regulators, or other governmental authorities, and as otherwise required by law. We may also use and disclose personal data if required by law.
5.3. Third parties as part of a merger or acquisition
While developing our business, we may acquire or sell assets or business offerings. Customer information is typically one of the business assets transferred in such transactions. We may also share such information with related parties (e.g., parent companies and subsidiaries) and may transfer such information as part of corporate transactions, such as the sale, disposition, merger, consolidation, or sale of our business assets or in the unlikely event of bankruptcy.
6. Your privacy rights and how to exercise them
You have rights to the data below. These rights can be exercised (to the extent possible) through the Product or the "Contact Us" option.
Please note that these rights are based on European law, namely the General Data Protection Regulation ("GDPR"). Depending on your country of residence, these rights may be interpreted differently. Please let us know if you wish to assert your rights in a particular country.
The right of access You can ask us to verify whether we process your data and, if so, to provide you with a copy of the extent to which we do so and what data we store.
The right to rectification You have the right to request us to correct inaccurate or outdated personal data about you and to supplement incomplete data. To the extent possible, we will try to provide you with the opportunity to correct/add data through the Product settings. For example, you can log in to your user profile and correct, modify or delete information about yourself. We will also notify third parties to whom we have shared your data if your data has been changed.
The right to be deleted (the right to be forgotten) You may request the erasure of your data that we store. However, the right to erasure is not absolute and can only be exercised if certain legal requirements are met. You can only request erasure if:
Your data is no longer necessary for the purposes for which it was collected; or
You withdraw your consent to the processing of your data and that consent was the only lawful basis for the processing; or
You object to the processing based on a balance of interests appropriate to your particular circumstances; or
If your data has been processed unlawfully; or
If we must delete your data to comply with a legal obligation.
If you are underage and misuse our products.
Your right to delete personal data is also limited. For example, you are not obliged or permitted to delete data that you are required to keep by statutory retention periods. Similarly, your right to erasure does not apply to data necessary to establish, exercise, or defend legal claims.
Suppose we transfer your data to a third party. In that case, we will initiate the deletion of your data from that third party or, if required by applicable law, notify the third party of the deletion.
To avoid unnecessary legal disputes and given the common usage of these terms, we will interpret all user requests to "delete my data" as requests to delete data by Article 17 of the GDPR.
The right to restrict processing Users have the right to request restriction of processing (i.e., marking to limit the further use of stored personal data) under certain conditions. The requirements for restriction of processing are as follows:
There is an objection to the accuracy of your data and we need to verify its accuracy; or
If the processing is unlawful, but you do not want your data erased and we must instead restrict the use of your data; or
When your data is no longer required for processing, but we need the data to establish, exercise, or defend a legal claim;
When you object to the processing, we determine whether our legitimate interests override yours.
The right to object You have the right to object to the full or partial processing of your data at any time and in any form if our processing is based on legitimate interests (balance of interests). For us to consider your objection, please let us know about your specific situation and why you believe your rights and freedoms are at risk (see Article 21 of the GDPR for more information). The right to object is not absolute, and we will only stop processing your data if we cannot demonstrate compelling legitimate grounds for processing your data.
If the processing that is the subject of the objection is for direct marketing purposes, we will stop the processing as soon as we receive your objection. A typical example of how you can object to a marketing communication is by clicking the "unsubscribe" button in an email.
The right to data portability In accordance with applicable law, you have the right to receive the data you provide to us in a commonly used and machine-readable format and transmit it to other controllers without our intervention.
We will allow you to export and use your data directly through the Product. You may also ask us to assist you in moving your data, if technically feasible. Please note that this option only applies to data processed based on the performance of a contract with you or your consent.
The right to withdraw consent If you have consented to processing your data, you may withdraw your consent at any time. Withdrawal of consent does not have a retroactive effect and does not affect any processing that took place before the withdrawal.
The right to file a complaint If you believe your data has been processed unlawfully, you may complain with the data protection authority at any time. Below are the contact details of the Data Protection Supervisory Authority in Cyprus:
Data Protection Commissioner, https://ico.org.uk/
7. California privacy rights
This section describes your privacy rights as a California resident as outlined in California law, including the California Consumer Privacy Act ("CCPA").
Please note that Section 7 describes rights specific to the State of California that differ significantly from those outlined in the GDPR. These rights are in addition to the rights of California residents described in Section 6 above under the GDPR.
These rights can be exercised (to the extent possible) through the Product or directly through the contact details.
Rights of access to certain information and data transfer In general, your rights to request access to your data and data portability are described in Section 6 above under the headings "Right to Access" and "Right to Rectification" respectively. The scope of these rights differs slightly in the CCPA.
You have the right to request that we disclose certain information about collecting and using your data for the last 12 months only. We will notify you as soon as we receive and verify your verifiable consumer claim:
Categories of personal data we collect.
Category of the source of the personal information we collect.
Our business or commercial purpose is to collect or sell this personal information.
Categories of third parties with whom we share this personal information.
Specific personal information we collect about you.
We will notify you separately if we have sold or disclosed your personal information for commercial purposes.
Please note that verifiable consumer requests for access or portability of data can only be made twice in 12 months. A verifiable consumer request must:
Provide us with sufficient information to reasonably verify that you are the person whose personal data we have collected or an authorized representative of that person.
Describe your request in sufficient detail so that we can properly understand, evaluate, and respond to it.
The right to request deletion Generally, your right to request deletion is outlined in Section 6, "Right to erasure (right to be forgotten)" above.
Please note that although the right to request erasure under the CCPA and the right to request erasure under the GDPR are essentially the same, under the CCPA we are not required to comply with your request if we need to retain your information for a specific reason. For your convenience, a summary of these exceptions is provided below. For more information, please read the full text of the CCPA or additional clarifications from the California Attorney General.
Under the CCPA, we may retain your personal information, among other things, in the following circumstances:
To complete a transaction for which personal information was collected, or to fulfill the terms of a written warranty or product recall.
To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activities, or prosecute those responsible.
Debugging to identify and fix bugs that jeopardize existing planned functionality.
Compliance with the California Electronic Communications Privacy Act.
Allow only internal use that reasonably meets consumer expectations based on the consumer's relationship with the business.
Fulfillment of legal obligations.
Otherwise, personal information for internal activities should be used lawfully following the context in which the consumer provided the information.
The right to non-discrimination Consumers in California are entitled to nondiscriminatory treatment in exercising their rights under the CCPA. In particular, we may not refuse to provide the Product, charge different prices for the Product, deny benefits or impose penalties, offer a different level or quality of Product than other consumers in California, or threaten consumers with any of the above. Right to request information about data transfer to third parties for direct marketing purposes
By the California Shine the Light Act (Civil Code Section 1798.83), users may request information about the transfer of their data to third parties for direct marketing purposes.
The right to prohibit the sale of information We do not sell personally identifiable information (as defined in the CCPA) that we collect, and we do not sell information without giving users the right to opt-out. However, as described in Section 5, we may share users' personal information for our business purposes.
8. Age restrictions.
We do not knowingly process personal data from anyone under 18. If you learn that someone under 18 has provided us with personal data, please contact us at support@fit4me-life.com.
9. International data transfer
We do business all over the world. We may transfer personal data to countries other than the country in which the data was originally collected to provide the Product outlined in the Terms of Use and for the purposes described in this Privacy Policy. If those countries do not have the same data protection laws as the country where you originally provided the information, we take special security measures.
Specifically, suppose we transfer personal data originating in the EEA to countries with inadequate data protection. In that case, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission (details available here), or (ii) country-specific adequacy decisions of the European Commission (details available here).
10. Changes to this privacy policy
We may change this Privacy Policy from time to time. Suppose we decide to make material changes to this Privacy Policy. In that case, we will notify you through our Product or other available means and provide you with the opportunity to review the revised Privacy Policy. By continuing to access or use the Product after these changes become effective, you agree to be bound by the new version of the Privacy Policy.
11. Storage of your data
We will retain your data for as long as necessary to fulfill the purposes set out in this Privacy Policy unless further retention is required by applicable law.
You can ask us to close your account and delete your data anytime. We will treat such requests as termination of your contract with us and withdrawal of your consent. Following such a request, we will stop processing the data by the relevant legal basis.
Please note that certain data may be retained after a deletion request. This applies when the processing is based on our legitimate interests. For example, we may maintain purchase information to protect our rights in court. Such retention is not indefinite and is limited to the usefulness of the data concerned and the fulfillment of our legitimate purposes. As described in Section 6, "Your Privacy Rights and How to Exercise Them", you may object to our legitimate interests. If you wish to do so, please indicate this when contacting us.
We may also retain data if it is technically impossible to delete (for example, if your data is stored in a backup archive). We will securely store your data and isolate it from further processing until deletion is possible.
The same applies if we are obliged to store your data by applicable laws (e.g., accounting and tax laws). In the event of such storage, we will ensure, through technical and organizational means, that the data will not be used for contradictory purposes, such as sending you advertising.
12. How do not track requests are processed
The service does not support Do Not Track requests. Please read their privacy policies to determine if the third-party services he uses honor Do Not Track requests.
13. How to delete the account
iOS:
Open the Fit4Me app and go to Plan → Profile at the top.
Select Personal Data Management.
Tap Delete personal data.
Android:
Open the Fit4Me app and go to Plan → Profile.
Select Personal Data Management.
Tap Request Data Deletion and follow the instructions.
If you need further assistance, please contact us at support@fit4me-life.com.
Please remember that this action cannot be undone. You will be logged out of your account, and your progress will be deleted.
14. Contact us
You can contact us anytime for more information about this Privacy Policy and previous versions. If you have any questions regarding your account or data, please email us at support@fit4me-life.com.
