Changing Shape ("we," "us," or "our") is committed to protecting your privacy and the sensitivity of your personal, particularly health-related, information. This Privacy Policy explains in detail how we collect, use, disclose, and safeguard your personal information when you use our Changing Shape mobile application (the "App"). By using the App, and especially by providing us with your sensitive health data, you are providing your explicit consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not use the App.

We collect several types of information from and about users of our App, adhering to the principle of data minimization - we will only collect and use personal information that is necessary for the purposes outlined in this Privacy Policy.

• Account Information: When you create an account, we collect information such as your name, email address, password, age, gender, and location (if you choose to share it).
• Profile Information: You may choose to provide additional information for your profile, such as your profile picture, fitness goals, dietary preferences, weight, height, activity level, and other sensitive health-related information.
• Diet and Fitness Data (Sensitive Health Data): When you use the App to track your diet and fitness activities, we collect information you input, such as food logs, calorie intake, exercise routines, workout data, steps, and other related sensitive health data. By providing this information, you explicitly consent to our processing of this sensitive data for the purposes outlined in this Privacy Policy.
• Communications: If you contact us directly, we may collect your name, email address, phone number, and the content of your communications.
• User Content: If the App includes community features, we collect User Content you post, such as forum posts, comments, recipes, and progress updates.
• Payment Information: For subscription services, we use third-party payment processors (e.g., Stripe, PayPal) and do not directly collect or store your full payment card details. We may receive limited payment information, such as transaction IDs and billing information, from these processors to manage subscriptions. Please refer to the privacy policies of our payment processors for details on their data handling practices.

• Usage Data: We collect information about your use of the App, such as features you use, content you view, time spent in the App, and frequency of use.
• Device Information: We collect information about your mobile device, including the device type, operating system version, device identifiers (such as IDFA or Android Advertising ID), mobile network information, and hardware settings.
• Log Data: Our servers automatically record information ("Log Data") created by your use of the App, which may include your IP address, browser type, referring/exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information.
• Cookies and Similar Technologies: We use cookies, pixel tags, and similar technologies, including services like Google Analytics and Firebase Analytics, to collect information about your activity on the App, analyze app usage, and personalize your experience. Cookies are small data files stored on your device. We use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them). You can manage your cookie preferences through your browser settings.

• Social Media Integration: If you choose to connect your social media accounts to the App, we may collect information from those accounts, such as your profile information and friends list, as permitted by your settings on those services.
• Health and Fitness Integrations: If you connect the App to other health and fitness apps or devices (e.g., Apple Health, Google Fit, Fitbit), we may collect data from those services, such as activity data, heart rate, sleep data, and other health metrics, based on your permissions and choices within those services.

We use the information we collect for various purposes, including to:

• Provide and Maintain the App: To operate, maintain, and improve the App and its features, and to provide you with the Services you request.
• Personalize Your Experience: To personalize your experience within the App, such as providing customized diet and fitness recommendations, content, and features tailored to your profile and preferences.
• Account Management: To manage your account, process subscriptions and payments, and provide customer support.
• Communicate with You: To communicate with you about your account, updates, new features, promotions, and other news and information we think will be of interest to you. We may communicate via email, in-app notifications, or other means.
• Improve the App: To analyze App usage trends and user behavior, conduct research and development, and improve the App's functionality and user experience.
• Marketing and Promotions: With your consent where required by applicable law, we may use your information for marketing and promotional purposes, such as sending you newsletters, special offers, and information about new products or services. You can opt-out of receiving marketing communications (see Section 7 below).
• Legal Compliance and Safety: To comply with applicable laws, regulations, legal processes, or governmental requests, and to protect the safety, rights, property, or security of Changing Shape, our users, or others.
• Aggregated and Anonymized Data: We may aggregate and anonymize your information with other users' information for statistical analysis, research, and other purposes. This aggregated and anonymized data does not identify you personally.

We may share your information in the following circumstances:

• With Service Providers: We may share your information with categories of third-party service providers who perform services on our behalf, such as:
  • Payment processors: (e.g., Stripe, PayPal)
  • Analytics providers: (e.g., Google Analytics, Firebase Analytics)
  • Cloud hosting providers: (e.g., AWS, Google Cloud)
  • Email delivery services
  • Customer support platforms
  • Marketing and advertising platforms
  These service providers are contractually obligated to protect your information and use it only for the purposes for which we disclose it to them, and in accordance with applicable data protection laws. Where our service providers use sub-processors (other companies assisting them in providing services), we require our service providers to ensure that these sub-processors are also bound by contractual obligations to protect your data. Where service providers or sub-processors are located outside of your jurisdiction, we ensure appropriate data transfer mechanisms are in place, such as Standard Contractual Clauses approved by the European Commission, or other legally recognized safeguards.
• With Business Partners: We may share aggregated and anonymized data with business partners for research, marketing, or other purposes. This data will not identify you personally.
• For Legal Reasons: We may disclose your information if we believe it is necessary to comply with a legal obligation, respond to a legal request, protect our rights or property, protect the safety of our users or the public, or detect, prevent, or address fraud or security issues.
• In Connection with a Business Transfer: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. The acquiring company will be required to honor the commitments made in this Privacy Policy.
• With Your Consent: We may share your information with third parties when we have your consent to do so.
• Publicly Visible Information: If you participate in community features of the App, any information you voluntarily disclose and post to public areas of the App (e.g., forums, profiles) will be publicly visible and accessible to other users.

We take reasonable and appropriate technical and organizational measures to protect your personal information from unauthorized access, use, or disclosure. These measures are regularly reviewed and updated to address evolving security threats and include:

• Encryption: We use Transport Layer Security (TLS) encryption to protect data in transit and Advanced Encryption Standard (AES-256) encryption for data at rest.
• Firewalls: We utilize firewalls to protect our systems from unauthorized access.
• Secure Server Facilities: We store your personal information in secure server facilities with strict access controls.
• Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis.

While we strive to use commercially acceptable means to protect your personal information and implement robust security measures aligned with industry best practices, please remember that no method of transmission over the internet or method of electronic storage is completely secure. Therefore, while we are committed to protecting your personal information, we cannot guarantee its absolute security.

We will retain your personal information for as long as your account is active or as needed to provide you services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. The retention period may vary depending on the type of data. Generally:

• Account Information: Retained while your account is active and for a period after account deletion as necessary for administrative and legal purposes.
• Diet and Fitness Data: Retained while your account is active. Following account deletion, we may anonymize and aggregate this data for statistical analysis and research purposes, potentially retaining the anonymized data indefinitely.
• Log Data: Retained for a limited period for security and analytical purposes, typically [e.g., 12 months], and then automatically deleted or anonymized.
• Payment Information (limited transaction data): Retained for as long as necessary for accounting and subscription management purposes and to comply with legal obligations (e.g., tax laws).

When we no longer need to retain your personal information, we will securely dispose of it in accordance with our data retention policies and applicable law.

You have certain rights regarding your personal information, subject to applicable law. To exercise any of these rights, please contact us using the contact information provided in Section 11 below, outlining your request and providing sufficient information to allow us to verify your identity. We will process your request within [e.g., 30 days] as required by applicable law. We may need to request additional information to verify your identity before processing your request to protect your information and privacy.

Your rights may include:

• Access and Correction: You have the right to access and review the personal information we hold about you and to request corrections of any inaccuracies. You can access and update some of your account information directly within the App's settings.
• Deletion: You have the right to request the deletion of your personal information, subject to certain legal exceptions. We may need to retain certain information for legal obligations, to resolve disputes, or enforce our agreements.
• Opt-Out of Marketing Communications: You have the right to opt-out of receiving marketing communications from us at any time. You can do this by following the unsubscribe instructions in our marketing emails or by adjusting your notification settings within the App.
• Data Portability: You may have the right to request to receive a copy of your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your jurisdiction if you believe our processing of your personal information violates applicable data protection laws.

The Changing Shape App is not intended for children under the age of 18, and we do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to delete that information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately using the details in Section 11.

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction, including to the United States where we are headquartered. If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Information, to the United States and process it there. By using the App and agreeing to this Privacy Policy, you freely and specifically consent to the transfer of your personal information to the United States. We will ensure that such transfers are conducted in compliance with applicable data protection laws and that appropriate safeguards are in place to protect your data. These safeguards may include [e.g., Standard Contractual Clauses approved by the European Commission]. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws.

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or for other reasons. We will post notice of any material changes within the App or on our website and update the "Last Updated" date at the top of this Privacy Policy. For significant changes, we may also provide more prominent notice or seek your consent, as required by applicable law. We encourage you to review this Privacy Policy periodically for any updates. Your continued use of the App after the posting of changes constitutes your acceptance of such changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team at:
Email: general@changingshape.com
Phone: 360.601.0482, Mon - Fri. 8 a.m. to 5 p.m. PST
Mail: Changing Shape, 6715 NE 63rd St, #103 Vancouver, WA 98661

BY USING THE CHANGING SHAPE APP, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS PRIVACY POLICY, UNDERSTAND IT, AND PROVIDE YOUR EXPLICIT CONSENT TO THE COLLECTION, USE, PROCESSING, AND DISCLOSURE OF YOUR PERSONAL INFORMATION, INCLUDING SENSITIVE HEALTH DATA, AS DESCRIBED HEREIN.