Hicy App • Privacy Policy

This privacy policy governs your use of the software applications for mobile devices that were created by Nikolay Fiantsev.

Important Privacy Information

In order to use some of our apps, we can automatically collect from your device: language settings, IP address, time zone, type and model of a device, device settings, operating system, Internet service provider, mobile carrier, hardware ID, Facebook ID, and some other unique identifiers (such as IDFA and AAID). We need this data to provide our services and analyze how our customers use the app.

For improving the app and attracting users, we use third party solutions. As a result, we may process data using solutions developed by Amplitude, Facebook, Firebase, Google, Apple, Crashlytics, Have I Been Pwned, Apphud. Therefore, some of the data is stored and processed on servers of such third parties. Consequently, we, in particular, better understand in what of our features and content you see the most value and are able to focus on them to enhance your experience and increase the quality of our products.

Please read our Privacy Policy below to know more about what we do with data (Section 2), and what data privacy rights are available to you (Section 5). If any questions will remain unanswered or you would like to exercise your privacy rights, please contact us at hicy.app@gmail.com.

Privacy Policy

This Privacy Policy explains what personal data is collected when you use the our mobile applications, websites and the services provided through them (together “App” or “Service”), how such personal data will be processed.

BY USING THE SERVICE, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 16 YEARS OF AGE (OR HAVE HAD YOUR PARENT OR GUARDIAN READ AND AGREE TO THIS PRIVACY POLICY FOR YOU). If you do not agree, or are unable to make this promise, you must not use the Service. In such case, you must (a) contact us and request deletion of your data; (b) cancel any subscriptions using the functionality provided by Apple (if you are using iOS) or Google (if you are using Android), and (c) delete the App from your devices.

Any translation from English version is provided for your convenience only. The original English text shall be the sole legally binding version.

“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

“EEA” includes all current member states to the European Union and the European Economic Area.

“Process”, in respect of personal data, includes to collect, store, and disclose to others.

Table of Contents

1. CATEGORIES OF PERSONAL DATA WE COLLECT
2. FOR WHAT PURPOSES WE PROCESS PERSONAL DATA
3. UNDER WHAT LEGAL BASES WE PROCESS YOUR PERSONAL DATA (Applies only to EEA-based users)
4. WITH WHOM WE SHARE YOUR PERSONAL DATA
5. HOW YOU CAN EXERCISE YOUR PRIVACY RIGHTS
6. AGE LIMITATION
7. INTERNATIONAL DATA TRANSFERS
8. CHANGES TO THIS PRIVACY POLICY
9. CALIFORNIA PRIVACY RIGHTS
10. DATA RETENTION
11. HOW “DO NOT TRACK” REQUESTS ARE HANDLED
12. CONTACT US
    
    

Categories of Personal Data We Collect

We collect data you give us voluntarily (for example, when you check your account or email for data leaks or send us an email). We also can collect data automatically (for example, your IP address).

Data you give us

You provide us information about your emails or accounts when you use the Service (for example, email address).

Device and Location data.

We collect data from your mobile device. Examples of such data include: language settings, IP address, time zone, type and model of a device, device settings, operating system, Internet service provider, mobile carrier, hardware ID, and Facebook ID.

Usage data

We record how you interact with our Service. For example, we log your taps on certain areas of the interface, the features, and content you interact with, how long you are in the app, and your subscription orders. 

Advertising IDs

We collect your Apple Identifier for Advertising (“IDFA”) or Google Advertising ID (“AAID”) (depending on the operating system of your device). You can typically reset these numbers through the settings of your device’s operating system (but we do not control this).

For What Purposes We Process Your Personal Data

We process your personal data:

To provide our Service

This includes enabling you to use the Service in a seamless manner and preventing or addressing Service errors or technical issues.

To host personal data and enable our App to operate and be distributed we use Amazon Web Services, which is a hosting and backend service provided by Amazon.

To monitor infrastructure and the App’s performance, we use Crashlytics, which is a monitoring service provided by Google.

We use Firebase Performance Monitoring and Firebase Crash Reporting, which are monitoring services provided by Google.

We use Have I Been Pwned to check if your personal data has been compromised by data breaches.

We use Apphud to manage and improve In-app Subscriptions into our apps.

To manage your account and provide you with customer support

We process your personal data to respond to your requests for technical support, Service information or to any other communication you initiate. This includes accessing your account to address technical support requests. For this purpose, we may send you, for example, notifications or emails about the data breaches, performance of our Service, security, payment transactions, notices regarding our Terms and Conditions of Use or this Privacy Policy.

To communicate with you regarding your use of our Service

We communicate with you, for example, by push notifications. These may include reminders and data breaches alerts. As a result, you may, for example, receive a push notification every day, week or month. To opt out of receiving push notifications, you need to change the settings on your device.

The services that we use for these purposes may collect data concerning the date and time when the message was viewed by our App’s users, as well as when they interacted with it, such as by clicking on links included in the message.

To communicate with you we also use One Signal, which are message sending services. One Signal allows us to send messages and notifications to users of our App across platforms such as Android and iOS. We integrate One Signal to create analytics-based audiences and track opening and conversion events. As a result, we can, for example, send important messages to users whose account was hacked.

We use Apple Push Notification service (“APNs”), that is a notifications service provided by Apple. APNs allows us to send information to iOS devices.

To research and analyze your use of the Service

This helps us to better understand our business, analyze our operations, maintain, improve, innovate, plan, design, and develop the Service and our new products. We also use data for statistical analysis purposes, to test and improve our offers.

We use Facebook Analytics, which is a service is provided by Facebook that allows us to use different analytical tools. On Facebook Analytics we get, in particular, aggregated demographics and insights on how many people launch our app, how often users make purchases, and other interactions. 

We also use Amplitude that is an analytics service that we use to understand how customers use our Service. Amplitude collects various technical information, in particular, time zone, type of device (phone or tablet), unique identifiers (such as IDFA). Amplitude also allows us to track various interactions that occur in our App. As a result, Amplitude helps us to decide what features should we focus on (for example, if we see that most of the users focus on walking mediation workouts, we may develop more these). Amplitude is EU-US Privacy Shield certified.

To track and analyze behavior of our App’s users (in particular, how they react to changes of the App structure, text or any other component), we use Firebase Remote Config. Firebase Remote Config is an A/B testing and configuration service provided by Google, which also enables us to tailor the content that our App’s users see (for example, it allows us to show different onboarding screens to different users).

We also use Firebase Analytics, which is an analytics service provided by Google. In order to understand Google's use of data, consult Google's partner policy. 

To send you marketing communications

We process your personal data for our marketing campaigns. We may occasionally use your email address that you give us when you check it for data breaches, to send you personalized notices and reminders about important updates, promos and time-limited discounts for our products. Besides, once in a while, we may send some hand-picked deals, which we arrange with fellow iOS/Mac developers and that we have assessed will be beneficial to you as a customer.  If you do not want to receive marketing emails from us, you can unsubscribe following instructions in the footer of the marketing emails.

We may also send you push notifications for marketing purposes. To opt out of receiving push notifications, you need to change the settings on your device.

To comply with legal obligations

We may process, use, or share your data when the law requires it, in particular, if a law enforcement agency requests your data by available legal means.

Under What Legal Bases We Process Your Personal Data (Applies only to EEA-based users)

In this section, we are letting you know what legal basis we use for each particular purpose of processing. This section applies only to EEA-based users.

We process your personal data, in particular, under the following legal bases:

• your consent, to send you marketing communications;

• to perform our contract with you;

Under this legal basis we:

• provide our Service (in accordance with our Terms and Conditions of Use);

• manage your account and provide you with customer support;

• communicate with you regarding your use of our Service;

• for our (or others') legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data;

We rely on legitimate interests:

• to communicate with you regarding your use of our Service;

This includes, for example, sending you push notifications or emails about data breaches.

• to research and analyze your use of the Service;

Our legitimate interest for this purpose is our interest in improving our Service so that we understand users’ preferences and are able to provide you with a better experience.

• to send you marketing communications;

The legitimate interest we rely on for this processing is our interest to promote our Service in a measured and appropriate way.

• to enforce our Terms and Conditions of Use and to prevent and combat fraud;

Our legitimate interests for this purpose are enforcing our legal rights, preventing and addressing fraud and unauthorised use of the Service, non-compliance with our Terms and Conditions of Use.

• to comply with legal obligations;

With Whom We Share Your Personal Data

We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Service. We may share some sets of personal data, in particular, for purposes indicated in Section 2 of this Privacy Policy. The types of third parties we share information with include, in particular:

Service providers

We share personal data with third parties that we hire to provide services or perform business functions on our behalf, based on our instructions. We share your personal information with the following types of service providers:

• AWS (Amazon);

• data analytics providers (Facebook, Google, Firebase, Crashlytics, Amplitude, Apphud);

• marketing partners (in particular, social media networks, marketing agencies, email delivery services, Facebook, Google);

Law enforcement agencies and other public authorities

We may use and disclose personal data to enforce our Terms and Conditions of Use, to protect our rights, privacy, safety, or property, and/or that of our affiliates, you or others, and to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, or in other cases provided for by law.

How you Can Exercise Your Privacy Rights

To be in control of your personal data, you have the following rights:

Accessing / reviewing / updating / correcting your personal data. You have the right to review, edit, or change the personal data that you had previously provided to us in the profile section of the App. If you would like to receive a copy of data we process, please send us a data access request.

Deleting your personal data. You can request erasure of your personal data, as permitted by law..When you request deletion of your personal data, we will use reasonable efforts to honor your request. In some cases we may be legally required to keep some of the data for a certain time; in such event, we will fulfill your request after we have complied with our obligations.

Objecting to or restricting the use of your personal data. You can ask us to stop using all or some of your personal data or limit our use thereof.Additional information for EEA-based users. If you are based in the EEA, you have the following rights in addition to the above:

The right to lodge a complaint with supervisory authority. We would love you to contact us directly, so we could address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work or where the alleged infringement has taken place.

The right to data portability. If you wish to receive your personal data in a machine-readable format, you can do so by requesting a copy of your personal data as described above. The data will be made available to you in the .json file or other file format.

To exercise any of the available to you privacy rights, please send a request to hicy.app@gmail.com.

Age Limitation

We do not knowingly process personal data from persons under 16 years of age. If you learn that anyone younger than 16 has provided us with personal data, please contact us at hicy.app@gmail.com.

International Data Transfers

We may transfer personal data to countries other than the country in which the data was originally collected in order to provide the Service set forth in the Terms and Conditions of Use and for purposes indicated in this Privacy Policy. If these countries do not have the same data protection laws as the country in which you initially provided the information, we deploy special safeguards.

In particular, if we transfer personal data originating from the EEA to countries with not adequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission (details available here), or (ii) the EU-U.S. Privacy Shield Framework (details available here), or (iii) the European Commission adequacy decisions about certain countries (details available here).

Changes to This Privacy Policy

We may modify this Privacy Policy from time to time. If we decide to make material changes to this Privacy Policy, you will be notified through our Service or by other available means and will have an opportunity to review the revised Privacy Policy. By continuing to access or use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy.

California Privacy Rights

This section provides additional details about how we process personal data of California consumers and the rights available to them under the California Consumer Privacy Act (“CCPA”) and California’s Shine the Light law. Therefore, this section applies only to residents of California, United States.

For more details about the personal information we have collected, including the categories of sources, please see Section 1 above. We collect this information for purposes described in Section 2 of this Privacy Policy. We may also share your information with certain categories of third parties as indicated in Section 4.

Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt-out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at hicy.app@gmail.com. We will verify your request and inform you accordingly. You may also designate an authorized agent to exercise these rights on your behalf.

Access rights under California’s Shine the Light

California also provides its residents with additional access rights. Under Shine the Light law, the residents may ask companies once a year what personal information they share with third parties for those third parties' direct marketing purposes. Learn more about what is considered to be personal information under the statute.

To obtain this information from us, please send an email message to hicy.app@gmail.com, which includes “Request for California Shine the Light Privacy Information” on the subject line and your state of residence and email address in the body of your message. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.

Data Retention

We will store your personal data for as long as it is reasonably necessary for achieving the purposes set forth in this Privacy Policy (including providing the Service to you), which includes (but is not limited to) the period during which you have an account with the App. We will also retain and use your personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

How to "Do Not Track" Requests are Handled

Except as otherwise stipulated in this Privacy Policy, this App does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Contact Us

You may contact us at any time for details regarding this Privacy Policy and its previous versions. For any questions concerning your account or your personal data please contact us at hicy.app@gmail.com.