Last updated: January 1, 2020.
What We Collect
Anonymous Data refers to data that by itself does not permit the identification of a specific individual. We collect such information only insofar as is necessary or appropriate to fulfill the purpose of your interaction with the Apps or the Site. We may collect the following types of Anonymous Data when you use the Apps or the Site.
Personal Data is data that can be used to identify or contact you. MI is strongly committed to protecting the privacy of its user community.
The Apps require access to the camera on your device in order to measure your heart rate. Images from the camera feed are processed locally on your device and cleared immediately afterwards. We do not collect any images obtained from the camera feed.
We do require registration to access MI Apps, allowing you to access and use the Apps by providing Personal Data. Depending on your use of the Services, that may include:
How We Use Your Data
The Anonymous Data you provide allows us to perform analysis and generate the appropriate statistics relevant to you. We use the Anonymous Data to better understand our users as well as to improve the content and functionality of the Apps. For example, collecting the waveforms related to the heart signal allows us to perform research and development, improve the Apps, and develop new features or services. If we do collect information regarding your GPS location with your permission, we will not share such information without your express consent.
We may conduct research on our end user's demographics, interests, and behavior based on the Anonymous Data. This research may be compiled and analyzed on an aggregated basis. MI may share with its affiliates, agents, and business partners this “aggregated” data compiled from the information that it collects from users. These aggregate data do not identify you personally. We may also disclose aggregated data in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.
If you contact us by email, we may use the email address you provide to answer your question or resolve your problem. MI also may use that email address to tell you about new features, solicit your feedback, or just keep you up-to-date with MI and our products. You can always opt out of email marketing by clicking on the “Unsubscribe” link appended to the end of a promotional email from us.
MI deems Personal Data confidential and does not disclose such information without the express informed consent of the user. User consent shall be secured through an express action by the user such as clicking a check-box, providing an electronic signature, or other substantially similar method, after clear and conspicuous disclosure immediately above such check-box or electronic signature indicating that the user is agreeing to the disclosure of his or her information by MI. A pre-checked box will not be considered evidence of consent. MI will not release Personal Data to any person or organization not specifically authorized by the individual user, unless such disclosure is required pursuant to a lawful request from a federal, state, local, or foreign law and civil enforcement agencies. If MI discloses Personal Data pursuant to such a request, it shall notify users. We will not rent or sell Personal Data to anyone.
European Union Users
Am Mindfulness is compliant under the EU General Data Protection Regulation (EU GDPR).
Data protection law in Europe requires a “lawful basis” for collecting and retaining personal information from citizens or residents of the European Economic Area. Our lawful bases include:
For example, we use identity information to prevent fraud and abuse and to keep the Services secure. We may also send you promotional communications about our Services, subject to your right to control whether we do so.
We analyze how users interact with our app so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the mobile experience we offer all our users.
For UK residents seeking independent advice about data protection, privacy, data sharing issues and your rights you can contact:
Information Commissioner’s Office
Wycliffe House, Water Lane Wilmslow Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Security Policy/Procedures and Standard of Care
The security of your personal data is of paramount importance to us. We take all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of Personal and Anonymous data.
While all data is encrypted in transit and in storage, no method of transmission over the Internet or electronic storage is completely secure, so MI cannot guarantee its absolute security. By using the Site or the Apps, you accept this risk.
Your account information is protected by a password, which you should choose carefully and keep secure.
All Personal and Anonymous data is stored on encrypted servers hosted by Amazon Web Services (AWS).
Personal information is collected inside of the Am app through forms and drop down menus where individuals actively consent to share their personal information. The information is immediately de-identified and securely stored until the user account with which it is associated is deleted. Accounts can be deleted upon written request to firstname.lastname@example.org. Accounts are also deleted after 2 years of inactivity. Data associated with deleted all user accounts are anonymized and retained for an indefinite amount of time for research and development purposes. Anonymisation is the process of removing personal identifiers, both direct and indirect, that may lead to an individual being identified.
If you contacted us via email, your email will be retained for communication purposes for a reasonable time thereafter.
All data is encrypted in storage.
All data is encrypted in transit.
Upon discovery of a data breach, notice shall be made to all affected users of MI products no later than 72 hours after the discovery of the breach. Incidents will also be reported to relevant stakeholders and to the relevant authorities.
Users residing in certain countries, including the EU, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the ability to access, correct, and request deletion of your personal information.
While these rights are not applicable globally, all MI users can manage their personal information.
To modify or delete the personal information you’ve provided to us, please contact us as described below (see "Contact Us"). We may retain certain information as required by law or as necessary for our legitimate business purposes.
We do not knowingly collect Personal Data from children under the age of 13, unless consent is given or authorised by the parent or legal guardian. If you are under 13, you should not provide any data to us without the permission of your parent or legal guardian. If you have reason to believe that a child under the age of 13 has provided Personal Data to us without the consent of the parental or legal guardian, please contact us (email@example.com), and we will endeavor to delete that information from our databases.
Google Analytics cookies. Google Analytics uses first-party cookies to track visitor interactions and collect information about how visitors use the Site. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. We then use the information to compile reports and to help us improve our site. You can opt out of Google Analytics – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page.
To modify or delete the personal information you’ve provided to us in one of our Apps, please write to us using the Contact form available inside of the App in which you have registered an account.
Data Protection Officer
MI has a Data Protection Officer who ensures the laws protecting personal data are applied and adhered to. MI's DPO is:
Ms. Ramya Loganathan
Complaints or questions
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
Please contact us at firstname.lastname@example.org.