Policy Privacy

Privacy Policy - Wellio: Heart Rate Monitor

Last Updated: October 03, 2025

1. INTRODUCTION AND SCOPE

This Privacy Policy ("Policy") is issued by TECHNIFY GROUP LIMITED ("Technify," "we," "us," or "our"), a corporation established under the laws of Hong Kong. This Policy governs the data practices for our portfolio of mobile applications (our "Applications") and all related services, websites, and communications that post or link to this Policy (collectively, the "Services").

This Policy applies to any of our Applications you use, including but not limited to iPulse: Heart Rate, BP Tracker and Wellio: Heart Rate Monitor. Our Applications are made available on various platforms, such as the Apple App Store and the Google Play Store, where Technify may operate under developer names including "TechSpire."

This Policy is a legally binding agreement and constitutes an integral part of our Terms of Use. By downloading, installing, creating an account, or otherwise accessing or using our Services, you acknowledge that you have read, understood, and agree to the data practices described herein. If you do not agree with any part of this Policy, you must not access or use the Services and are required to uninstall the application from all your devices.

For the purposes of this Policy, "Personal Data" shall mean any information that relates to an identified or identifiable individual. "Special Category Data" refers to sensitive Personal Data, such as data concerning health, which is subject to a higher standard of protection under applicable laws, including the General Data Protection Regulation ("GDPR").

This Policy is structured to provide a comprehensive and transparent overview of our data practices. For your convenience, the key sections are as follows:

1. Introduction and Scope

2. Core Principles of Our Privacy Commitment

3. Data We Collect and Process

4. Purposes and Legal Bases for Data Processing

5. Data Sharing and Disclosure

6. Third-Party Services and Partners

7. Application Permissions and their Purposes

8. Data Security and Retention

9. International Data Transfers

10. Your Privacy Rights and Choices

11. Jurisdiction-Specific Provisions

12. Children's Privacy

13. Changes and Updates to This Policy

14. Contact Information.

2. CORE PRINCIPLES OF OUR PRIVACY COMMITMENT

Our data processing architecture and privacy framework are founded upon the following unwavering principles:

A. Transparency

We are unreservedly committed to ensuring that our data processing activities are transparent, fair, and lawful. This Policy is designed to provide you, the user, with a clear, intelligible, and easily accessible understanding of our data practices. We explicitly declare that our business model, which enables the provision of the Services at no monetary cost to you, is sustained through in-app advertising. This Policy provides a granular account of the categories of Personal Data processed, the legal basis for such processing, and the distinct purposes served, including the necessary data utilization for core application functionality and for the facilitation of our advertising model.

B. Purpose Limitation

The principle of purpose limitation is strictly enforced. We shall only collect and process your Personal Data for specified, explicit, and legitimate purposes as articulated in Section 4 of this Policy. We provide an unequivocal guarantee that your Personal Data will not be further processed in a manner that is incompatible with those initial purposes. Should any new processing purpose arise, it will be subject to a separate legal basis, which may include obtaining your explicit and informed consent.

C. Data Minimization

We adhere to the principle of collecting only the Personal Data that is strictly necessary, adequate, and relevant to achieve the purposes for which it is processed. We have engineered our Services to avoid the collection of superfluous data.

D. Data Segregation

This is a cornerstone of our privacy commitment. We maintain a strict architectural and logical separation between Special Category Health Data and all other forms of technical or advertising data. Special Category Health Data is processed exclusively on your device and is never co-mingled with data used for advertising or analytics.

E. User Control and Autonomy

We design our Services to empower you with meaningful control over your Personal Data. This Policy details the tools and choices available to you to manage your data and privacy preferences, as further elaborated in Section 10.

F. Security by Design and by Default

We integrate robust technical and organizational security measures into every stage of our application's lifecycle, from design and development to deployment and maintenance, to protect the confidentiality, integrity, and availability of your Personal Data.

3. DATA WE COLLECT AND PROCESS

Pursuant to our unwavering commitment to transparency and in strict compliance with applicable data protection legislation, including but not limited to the General Data Protection Regulation (GDPR) where applicable, this section provides a detailed and exhaustive enumeration of the distinct categories of personal data we collect and process. The processing protocols, corresponding legal bases for processing, and data retention periods are contingent upon the specific category of data, as delineated herein.

To understand how we use, share, protect, and retain the following data, and to learn about your rights to manage it, please refer to the detailed provisions in Section 4 (Purposes and Legal Bases), Section 5 (Data Sharing and Disclosure), Section 8 (Data Security and Retention), and Section 10 (Your Privacy Rights and Choices).

A. Special Category Health Data (Processed Exclusively on Your Device)


This category encompasses highly sensitive personal information, as defined under the GDPR and other applicable data protection laws, which you may voluntarily and explicitly provide to use the core health-monitoring functionalities of the Services. The legal basis for processing this data is your explicit consent, in accordance with Article 9 of the GDPR or as required by relevant local laws, demonstrated by your direct entry of this information into the application. If you do not provide such consent, this data will not be processed. We implement appropriate safeguards to protect your rights and interests as required by the GDPR and other applicable regulations, and we comply with additional requirements based on your location. Critically, this data is never transmitted to, stored on, or otherwise accessed by Technify’s servers or any third-party entity.

• Health Metrics: Voluntarily entered health data, including blood sugar levels and blood pressure readings, specifically Systolic (SYS), Diastolic (DIA), Blood Pressure Level (BUL) and A1c goal metrics.

• Medication Details: Voluntarily entered medication names, prescribed dosages, administration frequency, and schedules for reminders.

• Contextual Health Notes: This includes any optional, unstructured, free-form text notes you choose to add to provide context to your health metric entries, such as moods, dietary information, sleep patterns, or recent physical activity. The content of these notes is determined entirely at your discretion.

B. Technical Data (Collected Automatically for Service Operation and Advertising)


To ensure the proper functioning, security, and continuous improvement of the Services, and to facilitate our advertising-based business model, we automatically collect certain categories of technical and usage data through the use of Software Development Kits (SDKs), Application Programming Interfaces (APIs), cookies, and other similar tracking technologies. This information, which is treated as Personal Data where it can be linked to an identifiable individual, includes the following:

• Device and Network Information: This data is essential for delivering and optimizing the Services for your specific device and for compliance purposes. It includes:

  • Identifiers and Attributes: Device manufacturer, model, and name; operating system and version; screen height and width; and CPU information.

  • Network and Connectivity: IP address (which may be used to derive approximate geographic location); time zone; network state (e.g., Wi-Fi, 5G); and app-specific network status.

  • Configuration: System language and location/country settings.

• Application and Advertising Identifiers: This data is fundamental for analytics, attribution, and enabling personalized advertising. It includes:

  • Platform-Specific Identifiers: The Google Advertising ID (GAID) on Android and Apple's Identifier for Advertisers (IDFA) on iOS. The collection of these identifiers is subject to your consent, where required by law, such as through Apple's App Tracking Transparency (ATT) framework.

  • Application-Specific Identifiers: The application's version number; the application identifier (e.g., package name); a unique device identifier; the application distribution channel (e.g., Apple App Store, Google Play); and the Firebase device ID (used for analytics and push notifications).

  • Technical Identifiers: The version of any integrated SDK, API, or JS code.

• Usage and Interaction Data: This data encompasses your interactions with the Services and advertisements, which allows us to analyze performance, improve user experience, and combat fraud. It includes:

  • User Engagement Metrics: Number of app openings; number of clicks; pages viewed and their order; time spent on particular pages; date and time of requests; and the first-open timestamp.

  • Advertising Metrics: Information about the advertisements shown to you, including the ad loading strategy, the ad platform and specific ad placement ID, and your interactions with those ads (e.g., views, clicks, conversions).

  • Fraud Prevention Data: Data used to detect and combat fraudulent activity, such as invalid click data.

  • Status Information: The status of permissions you have granted to the app within your device's operating system; the application's release status (e.g., in the Google Play); and other technical timestamps.

  • Cookies and Similar Technologies: Advertisers and analytics partners may store or read cookies or use similar technologies on your device to collect information.

C. Communications Data

When you voluntarily contact us for customer support, provide feedback, or respond to surveys, we collect your name, email address, and the content of your communications. This data is used exclusively to respond to your inquiries effectively, address any issues you may encounter, and leverage your feedback to enhance the quality and functionality of our Services.

D. Consumption and Refund Information:

If you request a refund for an in‑app purchase or subscription through Apple’s App Store, we may collect and share limited “consumption information” related to your use of the purchased content to help Apple review your refund request. This may include:

• Time since installation and total usage time of the app or purchased content

• Whether the purchased content/subscription was actively used or fully consumed (including trial status)

• Purchase details for the relevant transaction (e.g., total amount spent and refunded)

This information is used solely to assist with refund review and is not used for tracking or advertising.

4. PURPOSES AND LEGAL BASES FOR DATA PROCESSING

We are committed to processing your Personal Data lawfully, fairly, and transparently. We only collect and process your data for the specific, explicit, and legitimate purposes detailed below. For each purpose, we ensure we have a valid legal justification for processing under applicable data protection laws in the jurisdictions where we operate.

The following table outlines these purposes and explains the primary legal justifications and bases we rely upon, with specific reference to the high standards set by frameworks such as the General Data Protection Regulation (GDPR).

To Provide Core Service Functionality

• Purpose of Processing: To enable users to record, track, and visualize their health metrics; set and receive medication reminders; and utilize all on-device analytical features.

• Categories of Data Used: Special Category Health Data (Processed On-Device Only); Application Identifiers.

Primary Legal Basis and Justification: Explicit Consent. Your affirmative and voluntary action of providing this sensitive data constitutes your direct and explicit consent for its processing on your device for these specified purposes. This is the universally accepted basis for processing such data.

•  (For GDPR purposes, this corresponds to Explicit Consent under Article 9(2)(a)).

To Personalize, Maintain, and Improve the Services

• Purpose of Processing: To analyze usage trends, identify and resolve technical issues and bugs, optimize user interface and experience, and inform the development of new features.

• Categories of Data Used: Technical Data (Device, Network, Usage, and Identifier data).

Primary Legal Basis and Justification: Legitimate Interest. We process this data based on our legitimate interest in maintaining, analyzing, and improving the Services to ensure they function correctly and provide an optimal user experience. This processing is essential for the ongoing operation and development of our business.

•  (For GDPR purposes, this corresponds to Legitimate Interest under Article 6(1)(f)).

To Enable and Personalize Advertising

• Purpose of Processing: To display contextual and personalized advertisements that support our free service model, and to measure the effectiveness of such advertising.

• Categories of Data Used: Technical Data (Device, Network, Usage, and Identifier data).

Primary Legal Basis and Justification: Consent and/or Legitimate Business Interest. Where required by applicable law (e.g., under the EU’s ePrivacy Directive or through platform requirements like Apple’s App Tracking Transparency framework), we rely on your consent. In other jurisdictions, processing for contextual advertising and performance analytics is based on our legitimate interest in funding our Services.

•  (For GDPR purposes, consent corresponds to Article 6(1)(a)).

To Ensure Security and Prevent Fraud

• Purpose of Processing: To monitor for malicious activity, secure our systems and data, prevent fraudulent use of our Services, and enforce our Terms of Use.

• Categories of Data Used: Technical Data (Device, Network, Usage, and Identifier data).

• Primary Legal Basis and Justification: Legitimate Interest (Article 6(1)(f)). We process this data based on our legitimate interest in protecting the security and integrity of our Services, our intellectual property, and our user base from fraud, abuse, and other unlawful activity.

To Comply with Legal and Regulatory Obligations

• Purpose of Processing: To respond to lawful requests, court orders, or legal processes from government authorities, and to comply with applicable accounting and financial regulations.

• Categories of Data Used: All relevant categories of Personal Data as required by the specific legal obligation.

Primary Legal Basis and Justification: Legal Obligation. We process Personal Data when necessary to comply with a legal or regulatory obligation to which we are subject. This is a fundamental requirement for lawful operation in any jurisdiction.

•  (For GDPR purposes, this corresponds to Legal Obligation under Article 6(1)(c)).

5. DATA SHARING AND DISCLOSURE

Our policy on data sharing is founded on a principled approach of strict controls, transparency, and an unwavering commitment to protecting your sensitive information.

A. Absolute Prohibition on the Sharing of Special Category Health Data

As a foundational principle of our service, established through strict technical and architectural design, we affirm that under no circumstances will Technify sell, rent, monetize, share, or otherwise disclose your Special Category Health Data with any third party. This data remains stored exclusively on your local device, making it programmatically inaccessible to us or any external entity. This commitment is unconditional and applies in all scenarios, including any potential corporate transaction.

B. Controlled Sharing with Third-Party Data Processors

We share certain categories of your non-sensitive Personal Data—specifically Technical and Usage Data and Communications Data—with a limited number of trusted third-party partners who act as our "Data Processors" These disclosures are made solely for the legitimate purposes articulated in Section 4 of this Policy.

A full list of our key third-party partners and links to their privacy policies is available in the Section 6 of this Policy.

Analytics Service Providers

• Purpose of Sharing: To analyze aggregated service usage patterns, diagnose technical issues, and understand user interaction to continuously improve the Services' functionality and user experience.

• Categories of Data Shared: Pseudonymous and Aggregated Technical and Usage Data.

• Illustrative Examples: Google Firebase, AppsFlyer, Adjust.

Advertising Partners

• Purpose of Sharing: To facilitate the delivery of advertisements that support our free service model and to enable the measurement of advertisement performance (e.g., views, clicks).

• Categories of Data Shared: Limited Technical and Usage Data, primarily your device’s Advertising Identifier (e.g., IDFA/GAID), contingent upon your valid consent where required by law.

• Illustrative Examples: Google AdMob, Meta Audience Network, AppLovin.

Mobile Measure Partner (MMP)

• Purpose of Sharing: To consume information only to assist Apple in fairly reviewing refund requests for in-app purchases and subscriptions, and to prevent fraud or misuse related to refunds.

• Categories of Data Shared: Consumption and Refund Information.

• Illustrative Examples: Adapty.

C. Disclosures for Legal Compliance and Protection

We will disclose Personal Data where we have a good-faith belief that such action is necessary to:

• Comply with a legal obligation, a court order, a subpoena, or other valid legal process from a governmental or regulatory authority with proper jurisdiction;

• Establish, exercise, or defend our legal rights and property, including enforcing our Terms of Use;

• Prevent, detect, or otherwise address fraud, security vulnerabilities, or technical issues; or

• Protect the rights, property, or vital interests of our users, our employees, or the public, as required or permitted by applicable law.

Our policy is to narrowly tailor any such disclosure to what is legally required and to provide you with notice of such a request unless prohibited by law.

D. Disclosure in Connection with a Business Transaction

In the event of a merger, acquisition, divestiture, restructuring, bankruptcy, or sale of all or a substantial portion of our assets, certain non-sensitive Personal Data (limited to Technical and Usage Data and Communications Data) may be transferred to the successor or acquiring entity as a business asset. In such a scenario, we will ensure that the acquiring entity is contractually obligated to honor the commitments made in this Privacy Policy. Should the acquiring entity intend to use your Personal Data in a manner inconsistent with this Policy, we will provide you with prior notice and any choices required by applicable law, such as the opportunity to delete your account before the transfer occurs.

6. THIRD PARTY SERVICES AND PARTNERS

To provide and maintain the full functionality of the Services, particularly with respect to analytics and advertising, we integrate certain third-party software components known as Software Development Kits ("SDK"). These SDKs are blocks of code provided by our partners that are embedded within our application, enabling specific features and data processing activities as described in this Policy.

It is critical for you to understand that when you use our Services, these third-party SDKs may collect certain Technical Data directly from your device. For the data they collect through their SDKs, these partners typically act as independent "Data Controllers" This means their data collection, processing activities, and security measures are governed exclusively by their own respective privacy policies and terms of service.

We strongly advise and implore you to review the privacy policies of our key partners to understand how they collect, use, and protect your information. To ensure full transparency, below is a representative, non-exhaustive list of our primary third-party partners and links to their respective privacy policies:

• Google AdMob & Firebase — https://policies.google.com/privacy

• Vungle — https://vungle.com/privacy/

• Facebook Audience Network & Facebook Analytics — https://www.facebook.com/privacy/policy/

• InMobi — https://advertising.inmobi.com/privacy-policy

• Pangle — https://ad.oceanengine.com/union/media/privacy

• Mintegral — https://www.mintegral.com/en/privacy

• AppsFlyer — https://www.appsflyer.com/legal/privacy-policy/

• AppLovin — https://www.applovin.com/privacy/

• Unity — https://unity.com/legal/privacy-policy

• Adjust — https://www.adjust.com/terms/privacy-policy

• ironSource — https://developers.is.com/ironsource-mobile/air/ironsource-mobile-privacy-policy/

• RevenueCat — https://www.revenuecat.com/privacy/

• Meta Audience Network — https://developers.facebook.com/docs/audience-network/optimization/best-practices/an-policy/

• Bigo — https://bigoads.com/privacy

• Adapty — https://adapty.io/privacy/

7. APPLICATION PERMISSIONS AND THEIR PURPOSES

To enable the full functionality of our Services, the application requests certain permissions from your device's operating system (both iOS and Android). A permission is a mechanism that allows our application to access specific data or features on your device, such as the camera or the ability to send notifications. We only request permissions that are essential for a legitimate and specified purpose, as detailed below.

You maintain direct control over these permissions and can grant, deny, or revoke them at any time through your device's native settings menu. Please be aware that denying or revoking a necessary permission may result in certain features of the Services malfunctioning or becoming unavailable.

For complete transparency, the permissions we request are categorized by their primary purpose:

For iOS Devices

On iOS, permissions are requested contextually when a feature first requires them. You will see a system pop-up asking for your consent at that time.

App Tracking Transparency

• Purpose and Justification: Allowing tracking helps us deliver a personalized advertising experience, which funds our ability to offer the Services at no cost. If you decline, you will still see ads, but they may be less relevant to your interests. Your data is handled in accordance with our Privacy Policy.

Notifications

• Purpose and Justification: Enable reminders and notifications.

Camera Access

• Purpose and Justification: This permission is required to measure your heart rate. The app uses the camera to detect photoplethysmographic signals from your fingertips. No images or videos are stored or transmitted from your device.

8. DATA SECURITY AND RETENTION

A. Data Security

The security and integrity of the Services are a top priority for Technify. We have implemented and shall maintain a formalized, comprehensive, and risk-based information security program designed to protect your Personal Data from unauthorized access, loss, and misuse. This program incorporates a combination of administrative, technical, and physical safeguards that are aligned with industry best practices.

Despite our extensive efforts and adherence to industry standards, you acknowledge that no method of electronic transmission or storage is perfectly impregnable. Therefore, while we employ commercially reasonable security measures to protect your Personal Data, we cannot and do not guarantee its absolute security, nor can we ensure the security of any communication facilities provided by us.

B. Data Retention:

In accordance with the principles of data minimization and purpose limitation, we retain Personal Data only for the period necessary to fulfill the specific purposes for which it was collected, as detailed in this Policy, or as required to comply with our legal obligations.

1. Special Category Health Data

• Standard Retention Period: Until you uninstall the application or manually delete the data.

• Purpose and Secure Deletion/Anonymization Protocol: This data is stored exclusively on your device, placing its retention entirely under your direct control. It is permanently and irrecoverably expunged from your device upon uninstallation. Technify retains no copy.

2. Technical and Usage Data

• Standard Retention Period: Up to thirty-six (36) months from the date of collection.

• Purpose and Secure Deletion/Anonymization Protocol: This period is necessary for our legitimate interests in conducting longitudinal trend analysis, improving Service features, detecting fraud, and ensuring system security. Data is securely deleted or fully anonymized on a rolling basis upon expiration.

3. User Support and Communications Data

• Standard Retention Period: For the period necessary to resolve the inquiry, plus a subsequent period of up to two (2) years for business record-keeping.

• Purpose and Secure Deletion/Anonymization Protocol: Retained to maintain a record of support interactions, ensure quality control, and improve our customer service. Data is securely deleted or anonymized once it is no longer required for these legitimate business purposes.

9. INTERNATIONAL DATA TRANSFERS

A. Scope of International Processing

Our business operations and technical infrastructure are global in nature. As a necessary component of providing the Services to you, your Personal Data—specifically Technical Data and Communications Data—may be transferred to, stored in, and processed in jurisdictions outside of your country of residence. These jurisdictions, including the United States where our primary servers and those of our key third-party partners are located, may have data protection regimes that differ from, and may not be considered as protective as, the laws of your home jurisdiction.

B. Commitment to Lawful and Secure Transfers

We are unequivocally committed to ensuring that all such international data transfers are conducted in strict compliance with all applicable data protection laws. We implement and maintain robust legal, technical, and organizational safeguards to ensure that your Personal Data is afforded a consistent and adequate level of protection, irrespective of its geographic location or the legal framework of the destination country.

C. Legal Frameworks Governing Data Transfers

The specific legal mechanisms we rely upon to legitimize cross-border data transfers depend on the jurisdictions from which the data is exported and to which it is imported. We use a variety of legally-recognized transfer solutions to ensure compliance.

For detailed information pertaining to data transfers originating from your specific region, including the precise legal safeguards we have put in place for your Personal Data, please refer to Section 11 of this Policy. That section provides granular detail on the mechanisms we rely upon.

By using our Services, you acknowledge that the international transfer of your Personal Data as described herein is essential for the provision of the Services and agree that such transfers will be governed by the protective measures detailed in this Policy and its relevant articles.

10. YOUR PRIVACY RIGHTS AND CHOICES

A. Your Fundamental Rights

In accordance with applicable data protection laws, and as part of our commitment to user autonomy, we recognize and uphold your rights concerning your Personal Data. You are entitled to exercise the following rights, subject to any exemptions or limitations provided by law. For residents of specific jurisdictions, these rights may be supplemented by those detailed in Section 11 of this Policy.

• The Right of Access: You have the right to request confirmation as to whether or not we process your Personal Data and, where we do, to request a copy of that data along with supplementary information about the processing.

• The Right to Rectification: You have the right to request the correction of any Personal Data we hold about you that you believe to be inaccurate. You also have the right to have incomplete Personal Data completed.

• The Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your Personal Data from our systems. This right is not absolute and is subject to certain exceptions, such as when we are required to retain the data to comply with a legal obligation or for the establishment, exercise, or defense of legal claims.

• The Right to Restrict Processing: You have the right to request that we temporarily or permanently cease processing all or some of your Personal Data under certain conditions, for example, while we verify the accuracy of data you believe to be incorrect.

• The Right to Data Portability: Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive the Personal Data you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another data controller without hindrance from us.

• The Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Data which is based on our legitimate interests. Furthermore, you have an absolute right to object to the processing of your Personal Data for direct marketing purposes.

• The Right to Withdraw Consent: Where our processing of your Personal Data is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

• Rights Related to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

B. Exercising Your Rights and Managing Your Choices

We provide you with accessible tools and clear processes to exercise these rights:

• Direct Data and Account Deletion:

  • Special Category Health Data: As this data is stored exclusively on your device, you can delete it at any time by uninstalling the application from your device. This action is irreversible and permanently removes the data.

  • Technical and Communications Data: In compliance with Apple App Store and Google Play Store policies, we provide a clear path for you to request the deletion of your account and all associated Technical and Communications Data. You may initiate this process directly through the "Account Deletion" feature within the application's settings menu.

• Managing Advertising and Tracking Preferences:

You maintain direct control over the use of your device's advertising identifier for personalized advertising. You can withdraw your consent or opt out at any time through your device's native settings:

• On iOS: Navigate to Settings > Privacy & Security > Tracking, and disable the "Allow Apps to Request to Track" permission for our application.

• On Android: Navigate to Settings > Privacy > Ads, and select "Delete advertising ID".

• Find out more about how to opt out of personalized advertising at Google Support or Apple Support .

• Learn more about disabling location data tracking. Google Support or Apple Support.

• Communication Preferences

  • Consent for Email Communication: By signing up for email communications or emailing us, you can opt out at any time by clicking the unsubscribe link in any of our commercial emails. Please note, choosing to unsubscribe from "All emails" means you will no longer receive emails except those that are necessary. Essential emails include those related to providing our Services, confirming or finalizing a transaction, account recovery, etc.

  • Mobile Push Notifications: You can manage your push notification preferences by adjusting the settings within the application. You can configure your mobile device settings to block push notifications from us.

• Formal Rights Requests:

To exercise any of the rights enumerated above (such as access, rectification, or portability), please submit a formal request to the email address provided in Section 14. To protect your privacy and security, we will take reasonable steps to verify your identity before processing your request. We will respond to all legitimate requests in a timely manner and in accordance with the timelines prescribed by applicable law. Exercising your rights is free of charge, although we may charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive.

11. JURISDICTION SPECIFIC PROVISIONS

This Article provides supplementary information regarding the collection, processing, and transfer of Personal Data and enumerates specific rights applicable to residents of certain jurisdictions. These provisions are intended to supplement the information contained elsewhere in this Privacy Policy. To the extent that the information in this Article conflicts with any other provision of this Policy, the information in this Article shall govern for residents of the jurisdictions specified below.

A. For Residents of the European Economic Area (EEA), United Kingdom (UK), and Switzerland


This section applies to individuals whose data is processed under the General Data Protection Regulation (GDPR), the UK GDPR, or the Swiss Federal Act on Data Protection (FADP).

• Data Controller: The data controller for your Personal Data is TECHNIFY GROUP LIMITED. To exercise your rights, you may contact us as detailed in Section 14.

• Legal Bases for Processing: We process your Personal Data based on the following legal grounds:

Enabling Core Health Tracking Features

• Data Category Involved: Special Category Health Data

• Lawful Basis: Your Explicit Consent. This is manifested by your voluntary action of entering the data into the application for the exclusive purpose of on-device tracking.

Service Operation, Security, and Analytics

• Data Category Involved: Technical Data

• Lawful Basis: Our Legitimate Interests to operate, secure, and improve our Services, provided these interests are not overridden by your rights and freedoms.

Facilitating Personalized Advertising

• Data Category Involved: Technical Data (e.g., IDFA/GAID)

• Lawful Basis: Your Explicit Consent, obtained via the device's operating system consent framework (e.g., Apple’s ATT).

Responding to User Inquiries

• Data Category Involved: Communications Data

• Lawful Basis: Performance of a Contract (to fulfill your support request) and our Legitimate Interests (to improve our service).

• International Transfers: As stated in Section 9, when we transfer your Personal Data outside of the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of protection (such as the United States), we rely on the European Commission's approved Standard Contractual Clauses (SCCs) and/or the UK's International Data Transfer Agreement (IDTA) or Addendum. These legal instruments contractually obligate the data importer to protect your data to a standard equivalent to that of the GDPR.

• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that our processing of your Personal Data infringes applicable data protection law.

B. For Residents of California (under CCPA/CPRA)

This section applies to residents of California and supplements the information in this Policy in accordance with the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

• Our Data Practices:

  • We do not "sell" your Personal Data for monetary consideration.

  • Our use of third-party advertising SDKs may be considered a "sharing" of personal information (as defined by the CPRA) for the purpose of "cross-context behavioral advertising."

  • We do not collect, sell, or share your Special Category Health Data or any other Sensitive Personal Information (SPI). All such data remains on your device and is never transmitted to us or any third party. Consequently, the CPRA's "Right to Limit Use of Sensitive Personal Information" is not applicable to our server-side data processing, as we do not use SPI for any purpose that would trigger this right.

• Categories of Personal Information Collected and Shared:

Category of Personal Information: Identifiers

• Examples: Advertising ID (GAID/IDFA), IP Address, internal application-specific ID.

• Purpose for Collection: Service operation, analytics, security, fraud prevention, advertising.

• Categories of Third Parties With Whom We "Share": Advertising Partners, Analytics Providers.

Category of Personal Information: Internet or Other Electronic Network Activity

• Examples: Data on interactions with the app and ads (views, clicks, features used).

• Purpose for Collection: Service improvement, user experience optimization, ad performance measurement.

• Categories of Third Parties With Whom We "Share": Advertising Partners, Analytics Providers.

Category of Personal Information: Geolocation Data (Non-Precise)

• Examples: Approximate location derived from your IP address.

• Purpose for Collection: Region-specific compliance and content, analytics.

• Categories of Third Parties With Whom We "Share": Advertising Partners, Analytics Providers.

• Your California Privacy Rights: In addition to the rights listed in Section 10, California residents have the right to:

  • Know and Access the specific pieces of Personal Information we have collected.

  • Correct inaccurate Personal Information.

  • Opt-Out of the "Sharing" of your Personal Information for cross-context behavioral advertising. You can exercise this right at any time via your device's privacy settings (as detailed in Section 10.B).

  • Non-Discrimination for exercising your rights.

• Shine the Light: California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their "personal information" (as defined under the "Shine the Light" law) for their direct marketing purposes in the prior calendar year, as well as the type of "personal information" disclosed to those parties. We do not share Personal Information with third parties for their own direct marketing purposes.

C. For Residents of Canada

This section applies to individuals located in Canada, in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

• Consent: We rely on your consent to collect, use, and disclose your Personal Information, except where otherwise permitted by law.

• International Transfers: Your Personal Information is transferred, processed, and stored in the United States and is therefore subject to the laws of that jurisdiction, including laws that may permit access by U.S. governmental authorities.

• Access and Correction: You have the right to access the Personal Information we hold about you and to request the correction of any inaccuracies by contacting our Data Protection Officer.

D. For Residents of Brazil

This section applies to individuals in Brazil, in accordance with the Lei Geral de Proteção de Dados (LGPD).

• Legal Bases: We process your Personal Data based on the legal bases provided by the LGPD, primarily your consent (for advertising and on-device health data), our legitimate interests, and for the performance of a contract (user support).

• Your Rights: You have the right to confirmation of processing, access, correction, anonymization or erasure of unnecessary data, data portability, information about data sharing, and the right to withdraw consent. You may exercise these rights by contacting our Data Protection Officer.

• Complaints: You have the right to lodge a complaint with the Brazilian National Data Protection Authority (ANPD).

12. CHILDREN S PRIVACY

A. Strict Prohibition and Minimum Age Requirements

The Services are designed and intended exclusively for use by adults. We do not, under any circumstances, direct our Services to children or knowingly collect Personal Data from them. The protection of children's privacy is of paramount importance, and we have implemented strict policies and technical measures to enforce this prohibition.

Use of the Services is subject to the following minimum age requirements:

• For users in the United States: In compliance with the Children's Online Privacy Protection Act (COPPA), you must be 13 years of age or older.

• For users in the European Economic Area (EEA), United Kingdom (UK), and Switzerland: In compliance with the General Data Protection Regulation (GDPR), you must be 16 years of age or older, unless the law in your country of residence specifies a different age of consent for data processing (which shall not be lower than 13 years of age).

B. Proactive Prevention and Verification

We implement technical barriers, such as age-gating during the registration process, that are designed to prevent individuals who do not meet these minimum age requirements from creating an account and accessing the Services. You are prohibited from misrepresenting your age to circumvent these requirements.

C. Protocol upon Discovery of a Child's Data

If we obtain actual knowledge that we have inadvertently collected or received Personal Data from an individual under the applicable minimum age, we will take immediate and decisive action. Our protocol includes the following steps:

• Immediate suspension of the associated account.

• Secure and permanent deletion of all Personal Data associated with the account from our active systems and backend servers.

• Taking steps to prevent the user from re-registering until they meet the minimum age requirement.

D. A Notice to Parents and Guardians

If you are a parent or legal guardian and you believe that your child has violated this policy and created an account, thereby providing us with Personal Data, please contact us immediately at the email address provided in Section 14. We will work with you to promptly investigate the matter and delete your child's information from our systems.

13. CHANGES AND UPDATES TO THIS POLICY

We reserve the right to amend this Privacy Policy to reflect changes in our practices or applicable law. Should we make material modifications that substantively alter your rights or our obligations, we will provide prominent advance notice through the Services (e.g., an in-app notification) or by other means before the changes take effect. For non-material corrections or clarifications, we will update the "Last Updated" date at the top of this Policy. Your continued use of the Services after a revision becomes effective constitutes your acceptance of the updated terms. If you do not agree with the revised Policy, your sole remedy is to discontinue use of the Services and delete your account.

14. CONTACT INFORMATION

For any questions, concerns, or requests relating to this Privacy Policy or your Personal Data, please contact us through one of the following channels:

Legal Entity: TECHNIFY GROUP LIMITED


Address: 2/F, West Wing, 822 Lai Chi Kok Road, Cheung Sha Wan, Hong Kong

For General Privacy Inquiries and Exercising Your Rights:


privacy@technify.tech.

End.