Privacy Policy

1. Introduction

SenseFit ("we," "us," "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, protect, and share your personal data when you use the SenseFit mobile application ("App") and our website at sensefit.co.uk ("Website") (collectively, the "Services").

Our Services involve using biometric data and machine learning to provide insights related to potential injury risks and general wellness recommendations. We process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our Services, you acknowledge you have read and understood this Privacy Policy.

2. Data Controller

For the purpose of the UK GDPR and the Data Protection Act 2018, the data controller is SenseFit.

3. What Personal Data We Collect

We collect the following types of personal data:

• Account Information: When you register, we collect your name, email address, and password (stored securely hashed). You may optionally provide details like age, gender, weight, and height for profile completion or specific features like BMI calculation.

• Biometric and Wellness Data: Data you provide for the core functionality of the App, either by:

  • Syncing with Fitbit (with your explicit consent): This may include heart rate variability (HRV), resting heart rate (RHR), sleep data (duration, stages, score), steps, activity levels (minutes, type), stress metrics, and readiness scores.

  • Manual Entry: Data you manually input into the App, covering similar metrics.

  • Symptoms: Optional information you log about pain or discomfort.

• Usage Data: Information about how you interact with our App and Website, such as features used, screens viewed, and engagement patterns. This data is typically collected in an aggregated or anonymized form using analytics tools to help us improve the Services.

• Device and Technical Information: Information about the device you use to access the Services, including device type, operating system version, IP address, and unique device identifiers (where applicable), primarily for functionality, security, and analytics.

• Communications: If you contact us (e.g., via email or the help form), we collect the information you provide in your communication, such as your name, email address, and the content of your message.

4. How We Use Your Personal Data (Purposes and Legal Basis)

We use your personal data for the following purposes, relying on specific legal bases under UK GDPR:

• To Provide and Operate the Services (Legal Basis: Performance of Contract):

  • To create and manage your account.

  • To process your biometric and wellness data using our machine learning models to generate injury risk predictions and personalized recommendations.

  • To display your data, risk assessments, and trends within the App dashboard.

  • To enable features like BMI calculation.

• To Improve and Develop the Services (Legal Basis: Legitimate Interests):

  • To analyze usage patterns and trends to understand how our Services are used, identify areas for improvement, and develop new features. We typically use aggregated or anonymized data for this purpose.

  • To troubleshoot issues and ensure the stability and security of the Services.

• To Communicate With You (Legal Basis: Legitimate Interests / Performance of Contract):

  • To respond to your inquiries and support requests.

  • To send you important service-related notifications (e.g., updates to Terms or Privacy Policy, security alerts).

• For Security and Fraud Prevention (Legal Basis: Legitimate Interests / Legal Obligation):

  • To protect the security and integrity of our Services and user data.

  • To detect and prevent fraudulent or unauthorized activity.

• To Comply with Legal Obligations (Legal Basis: Legal Obligation):

  • To comply with applicable laws, regulations, court orders, or governmental requests (e.g., responding to data subject requests under GDPR).

• With Your Consent (Legal Basis: Consent):

  • To sync data from your Fitbit account.

  • To collect email addresses via our waiting list form solely for providing launch updates (you can unsubscribe anytime).

  • For any other purpose for which we obtain your explicit consent.

5. How We Share Your Personal Data

We do not sell your personal data. We only share your personal data in the following limited circumstances:

• Fitbit: If you grant consent, we exchange data with Fitbit via their API to enable syncing. This sharing is governed by your consent and Fitbit's policies.

• Service Providers: We engage trusted third-party companies and individuals to perform services on our behalf, analytics providers. These providers only have access to the personal data necessary to perform their tasks and are obligated contractually not to disclose or use it for any other purpose.

• Legal Requirements: We may disclose your personal data if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing in connection with the Services; (d) protect the personal safety of users of the Services or the public; or (e) protect against legal liability.

• Business Transfers: If SenseFit is involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

• Encryption: Using encryption for data in transit (HTTPS) and considering encryption for sensitive data at rest.

• Password Hashing: Storing user passwords using strong hashing algorithms (e.g., Bcrypt).

• Secure Development Practices: Employing tools and techniques like Object-Relational Mappers (e.g., SQLAlchemy) to mitigate risks such as SQL injection, and performing input validation.

• Access Controls: Limiting access to personal data to authorized personnel who need it for their job responsibilities.

However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

7. Your Data Protection Rights (UK GDPR)

Under UK data protection law, you have the following rights regarding your personal data:

• Right to Access: You have the right to request copies of the personal data we hold about you.

• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

• Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions (e.g., upon account deletion).

• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.

• Right to Object to Processing: You have the right to object to our processing of your personal data based on legitimate interests, under certain conditions.

• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

• Right to Withdraw Consent: Where we rely on your consent to process personal data (e.g., for Fitbit syncing, waiting list emails), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at info@sensefit.co.uk. We will respond to your request within one month, as required by law.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Generally, we retain your account information and associated biometric/wellness data for as long as your account is active. If you delete your account, we will delete your personal data in accordance with our internal processes, typically within 30 days, unless retention is required for legal reasons or dispute resolution. We may also delete data associated with accounts that have been inactive for a prolonged period (e.g., 12 months), after providing notice where feasible.

Anonymized usage data may be retained for longer periods for analytical purposes.

9. Cookies and Similar Technologies (Website)

Our Website uses cookies (small text files placed on your device) and similar technologies for purposes such as analytics (understanding how the site is used) and ensuring basic functionality. You can manage your cookie preferences through your browser settings.

10. Third-Party Links and Services

Our Services may contain links to third-party websites or services (like Fitbit) that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

11. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18 without verification of parental consent, we take steps to remove that information from our servers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on the Website, through the App, or via email, and updating the date at the top. We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: info@sensefit.co.uk

We aim to respond to inquiries within 48 hours.