PRIVACY POLICY

Last updated: February 8, 2021.

This Privacy Policy outlines how Mobio Interactive Inc. (“MI,” “we,” “us”, or ”our”) may gather and use personally identifiable user information (“Personal Data”), and non-personally identifiable user information (“Anonymous Data”) when you access our websites, located at www.midigitaltherapeutics.com (the “Site”), or download and interact with MI iOS or Android applications, “Wildflowers Mindfulness, Am, Actify Mindfulness” (the“Apps”). Please read this policy carefully before accessing and using the Site or downloading and using the Apps.

Data collected by MI will not be shared or processed for any other reason than outlined in this policy. Should the purpose of data collection change, MI will inform all users of Am Mindfulness by email and re-obtain consent for change in data collection.

This Privacy Policy does not apply to third party websites which may be linked to Am Mindfulness or other MI products and services. Please consult the third party’s Privacy Policy in all cases.

What We Collect

Anonymous Data

Anonymous Data refers to data that by itself does not permit the identification of a specific individual. We collect such information only insofar as is necessary or appropriate to fulfill the purpose of your interaction with the Apps or the Site. We may collect the following types of Anonymous Data when you use the Apps or the Site.

Measurement data produced by the Apps. We may collect the Apps version, device hardware model, device operating system (OS) version, language and region settings, timestamp, self assessments of mood and stress, measurement mode (finger/face), heart rate, and waveforms related to your heart signal obtained from the processing of the camera input.

Geolocation information. We may collect the geolocation (e.g. GPS) of your mobile device at the time of a saved measurement only with your permission. We do not access or track your geolocation information in the background.

Apps crash reports. When the Apps crashes, we may collect information relating to the crash including device state, device hardware model, device OS version, and software processes that triggered the crash. This information is collected using Firebase and Unity Analytics. You can review Firebase privacy policy, and Unity privacy policy.

Apps usage and interactions. We may collect statistics about the behavior of users of the Apps to understand how they interact with the Apps and for error reporting. For instance, we may monitor which part of the Apps and its related features you are interested in and your usage patterns.

Website usage and interactions. Our website uses Google Analytics to help understand how visitors interact with our website so that the Site can be improved. You can read Google’s security and privacy policies for Google Analytics. You can choose not to have your data used by Google Analytics by downloading their opt-out browser add-on. By accessing or using the Site, you agree to the terms of this Privacy Policy.

Personal Data

Personal Data is data that can be used to identify or contact you. MI is strongly committed to protecting the privacy of its user community.

The Apps require access to the camera on your device in order to measure your heart rate. Images from the camera feed are processed locally on your device and cleared immediately afterwards. We do not collect any images obtained from the camera feed.

We do require registration to access MI Apps, allowing you to access and use the Apps by providing Personal Data. Depending on your use of the Services, that may include:

Information you provide by completing forms on MI Apps or Site — your name, email, age, gender, login, and password details. We may ask for this information if you register as a user of the Services, subscribe to our newsletters, or if you contact us;

Information about your activity on and interaction with MI Apps or Site (such as your IP address, the type of device or browser you use, and your actions on the Apps);

Information about the ways people visit and interact with our Apps or Site, in the form of traffic analytics. Communications you send to us (for example, when you ask for support, send us questions or comments, or report a problem);

Information that you submit on or to MI in the form of comments, contributions to discussions, or messages to other users; and

The email address associated with your Google account, if you choose to sign up using your Google credentials. MI will also request permission to access your name, profile picture, and friend list (these permissions are governed by Google’s privacy policies and can be managed through your Google privacy settings). We never post anything to your Facebook, Twitter, or other third-party accounts without your permission.

How We Use Your Data

Anonymous Data

The Anonymous Data you provide allows us to perform analysis and generate the appropriate statistics relevant to you. We use the Anonymous Data to better understand our users as well as to improve the content and functionality of the Apps. For example, collecting the waveforms related to the heart signal allows us to perform research and development, improve the Apps, and develop new features or services. If we do collect information regarding your GPS location with your permission, we will not share such information without your express consent.
We may conduct research on our end user's demographics, interests, and behavior based on the Anonymous Data. This research may be compiled and analyzed on an aggregated basis. MI may share with its affiliates, agents, and business partners this “aggregated” data compiled from the information that it collects from users. These aggregate data do not identify you personally. We may also disclose aggregated data in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

Personal Data

If you contact us by email, we may use the email address you provide to answer your question or resolve your problem. MI also may use that email address to tell you about new features, solicit your feedback, or just keep you up-to-date with MI and our products. You can always opt out of email marketing by clicking on the “Unsubscribe” link appended to the end of a promotional email from us.

MI deems Personal Data confidential and does not disclose such information without the express informed consent of the user. User consent shall be secured through an express action by the user such as clicking a check-box, providing an electronic signature, or other substantially similar method, after clear and conspicuous disclosure immediately above such check-box or electronic signature indicating that the user is agreeing to the disclosure of his or her information by MI. A pre-checked box will not be considered evidence of consent. MI will not release Personal Data to any person or organization not specifically authorized by the individual user, unless such disclosure is required pursuant to a lawful request from a federal, state, local, or foreign law and civil enforcement agencies. If MI discloses Personal Data pursuant to such a request, it shall notify users. We will not rent or sell Personal Data to anyone.

We may need to employ third-party service providers (“Contractors”) to help us provide and maintain our services and business (such as database hosting companies, email service providers, and other similar service providers). These Contractors may have limited access to Personal Data to perform services on our behalf or to comply with legal requirements, and are contractually obligated to safeguard any Personal Data received from us. Allowing Contractors access to Personal Data is not considered a disclosure of such information under this Privacy Policy. By consenting to this Privacy Policy, you agree to permit these Contractors to have access to your Personal Data.

The Apps may allow you to share content with third-party social networking Site (e.g. Facebook, Twitter) and apps (e.g. Apple Health, Google Fit). If you choose to do this, your interactions with these third parties are governed by the privacy policy of the company providing them, not by MI’s Privacy Policy. Personal health information collected and stored by MI, and subsequently shared by the user via the Apps, may not be protected under the Health Insurance Portability and Accountability Act (“HIPAA”), the Personal Information Protection and Electronic Documents Act (PIPEDA) or the General Data Protection Regulation (GDPR).

European Union Users

Am Mindfulness is compliant under the EU General Data Protection Regulation (EU GDPR).

Data protection law in Europe requires a “lawful basis” for collecting and retaining personal information from citizens or residents of the European Economic Area. Our lawful bases include:

Performing the contract we have with you: In certain circumstances, we need your personal data to comply with our contractual obligation to deliver the Services.

Legitimate interests: This is a technical term in data protection law which essentially means we have a good and fair reason to use your data and we do so in ways which do not hurt your interests and rights. We sometimes require your data to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and that does not materially impact your rights, freedom or interests.

For example, we use identity information to prevent fraud and abuse and to keep the Services secure. We may also send you promotional communications about our Services, subject to your right to control whether we do so.

We analyze how users interact with our app so we can understand better what elements of the design are working well and which are not working so well. This allows us to improve and develop the quality of the mobile experience we offer all our users.

For UK residents seeking independent advice about data protection, privacy, data sharing issues and your rights you can contact:
Information Commissioner’s Office
Wycliffe House, Water Lane Wilmslow Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Email: casework@ico.org.uk

Security Policy/Procedures and Standard of Care

The security of your personal data is of paramount importance to us. We take all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of Personal and Anonymous data.

While all data is encrypted in transit and in storage, no method of transmission over the Internet or electronic storage is completely secure, so MI cannot guarantee its absolute security. By using the Site or the Apps, you accept this risk.

Your account information is protected by a password, which you should choose carefully and keep secure.

All Personal and Anonymous data is stored on encrypted servers hosted by Amazon Web Services (AWS).

Data Retention

Personal information is collected inside of the Am app through forms and drop down menus where individuals actively consent to share their personal information. The information is immediately de-identified and securely stored until the user account with which it is associated is deleted. Accounts can be deleted upon written request to mi@mobiointeractive.com. Accounts are also deleted after 2 years of inactivity. Data associated with deleted all user accounts are anonymized and retained for an indefinite amount of time for research and development purposes. Anonymisation is the process of removing personal identifiers, both direct and indirect, that may lead to an individual being identified.

If you contacted us via email, your email will be retained for communication purposes for a reasonable time thereafter.
All data is encrypted in storage.

Data Transfers

While MI is a Singapore-based company, your information will be collected and processed in the country or geographical region in which it is registered by the user. Each country has its own laws governing data protection and government access to information. If you choose to use the Services, you need to agree to our Terms of Use, which set out the contract between MI and its users.

All data is encrypted in transit.

Data Breach

Upon discovery of a data breach, notice shall be made to all affected users of MI products no later than 72 hours after the discovery of the breach. Incidents will also be reported to relevant stakeholders and to the relevant authorities.

Your Rights

Users residing in certain countries, including the EU, are afforded certain rights regarding their personal information. Except where an exception or exemption applies, these rights include the ability to access, correct, and request deletion of your personal information. While these rights are not applicable globally, all MI users can manage their personal information.

Opting out: To opt out of any data processing activity conducted by MI or any third-party service providers employed by MI, email us with your request at the email address listed in the Contact Us section of this policy. You may opt out of all data processing activities with the exception of data processing that supports account creation and logging into you user account, in the event that you have created a user account for an MI product or service.

Data minimization: At all times, MI collects, processes and stores only the minimum amount of personal data needed to deliver specific, individual features of its products and services, as described in this Policy.

Right to restrict: You may restrict the processing of your personal data by emailing us at the address listed in the Contact Us section of this policy with an explanation for the the particular reason(s) for wanting the restriction.

Right to object: You may object to the processing of all or part of your personal data, or for specific purpose of data processing, at any time.

Withdrawal of consent: You may at anytime withdraw consent for the use of their personal data by MI.

Automated Processing: You have the right to request that your data is not subject to a decision based solely on automated processing, including profiling, which produces legal or any other significant effects concerning you.

To enforce your data rights, modify or delete the personal information you’ve provided to us, please contact us as described below (see "Contact Us"). We may retain certain information as required by law or as necessary for our legitimate business purposes.

MI strives to respond to all requests to exercise user rights as quickly as possible, and no longer that within 2 months of receiving the request.

Children

We do not knowingly collect Personal Data from children under the age of 13, unless consent is given or authorised by the parent or legal guardian. If you are under 13, you should not provide any data to us without the permission of your parent or legal guardian. If you have reason to believe that a child under the age of 13 has provided Personal Data to us without the consent of the parental or legal guardian, please contact us (mobio@mobiointeractive.com), and we will endeavor to delete that information from our databases.

Cookies

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We may use cookies to help us identify and track visitors, their usage of the Site, and their website access preferences. If you do not wish to have cookies placed on your computers, you should set your browsers to refuse cookies before using MI’s websites, with the drawback that certain features of MI’s websites may not function properly without the aid of cookies.

Google Analytics cookies. Google Analytics uses first-party cookies to track visitor interactions and collect information about how visitors use the Site. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. We then use the information to compile reports and to help us improve our site. You can opt out of Google Analytics – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page.

Business Transfers

All data generated by users of the Apps or created with the Apps shall be owned by MI. If MI, or substantially all of its assets, were acquired, or in the event that MI goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of MI may continue to use your Personal Data and Anonymous Data as set forth in this Privacy Policy.

Privacy Policy Changes

Although most changes are likely to be minor, MI may change its Privacy Policy from time to time and at our sole discretion. MI will present the revised Privacy Policy when you open the Apps and will secure your express consent that requires you to physically scroll through the entire policy and, before using the Apps, click on a button that states: “I have read and agree to the Privacy Policy for the Apps.” For visitors to the Site, your continued use of the Site after any change in this Privacy Policy will constitute your acceptance of such change. We recommend that you revisit this policy from time to time to ensure you are aware of any changes.

Contact Us

If you have any questions about this Privacy Policy, please email us at mi@mobiointeractive.com

To modify or delete the personal information you’ve provided to us in one of our Apps, please write to us using the Contact form available inside of the App in which you have registered an account.

Data Protection Officer

MI has a Data Protection Officer who ensures the laws protecting personal data are applied and adhered to. MI's DPO is:

Ms. Ramya Loganathan
Email: ramya@mobiointeractive.com

Complaints or questions

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring concerns to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.

Please contact us at mi@mobiointeractive.com.